fix(api): use raw FK ids in membership post_delete signal to avoid cascade lookup failures (#10497)

Author: josema-xyz

api/CHANGELOG.md

@@ -22,6 +22,7 @@ All notable changes to the **Prowler API** are documented in this file.
 - `MANAGE_ACCOUNT` permission no longer required for listing and creating tenants [(#10468)](https://github.com/prowler-cloud/prowler/pull/10468)
 - Finding groups muted filter, counters, metadata extraction and mute reaggregation [(#10477)](https://github.com/prowler-cloud/prowler/pull/10477)
 - Finding groups `check_title__icontains` resolution, `name__icontains` resource filter and `resource_group` field in `/resources` response [(#10486)](https://github.com/prowler-cloud/prowler/pull/10486)
+- Membership `post_delete` signal using raw FK ids to avoid `DoesNotExist` during cascade deletions [(#10497)](https://github.com/prowler-cloud/prowler/pull/10497)
 
 ### 🔐 Security
 

api/src/backend/api/signals.py

@@ -61,7 +61,7 @@ def revoke_membership_api_keys(sender, instance, **kwargs):  # noqa: F841
     in that tenant should be revoked to prevent further access.
     """
     TenantAPIKey.objects.filter(
-        entity=instance.user, tenant_id=instance.tenant.id
+        entity_id=instance.user_id, tenant_id=instance.tenant_id
     ).update(revoked=True)
 
 

api/src/backend/conftest.py

@@ -111,8 +111,9 @@ def disable_logging():
     logging.disable(logging.CRITICAL)
 
 
-@pytest.fixture(scope="session", autouse=True)
-def create_test_user(django_db_setup, django_db_blocker):
+@pytest.fixture(scope="session")
+def _session_test_user(django_db_setup, django_db_blocker):
+    """Create the test user once per session. Internal; use create_test_user instead."""
     with django_db_blocker.unblock():
         user = User.objects.create_user(
             name="testing",
@@ -122,6 +123,21 @@ def create_test_user(django_db_setup, django_db_blocker):
     return user
 
 
+@pytest.fixture(autouse=True)
+def create_test_user(_session_test_user, django_db_blocker):
+    """Re-create the session-scoped test user when a TransactionTestCase
+    has truncated the users table."""
+    with django_db_blocker.unblock():
+        if not User.objects.filter(pk=_session_test_user.pk).exists():
+            User.objects.create_user(
+                id=_session_test_user.pk,
+                name="testing",
+                email=TEST_USER,
+                password=TEST_PASSWORD,
+            )
+    return _session_test_user
+
+
 @pytest.fixture(scope="function")
 def create_test_user_rbac(django_db_setup, django_db_blocker, tenants_fixture):
     with django_db_blocker.unblock():