FIX: Do not deactivate admin accounts with recent posts or api keys (#8342)

This prevents 'bot' users being deactivated

app/jobs/scheduled/invalidate_inactive_admins.rb

@@ -8,10 +8,14 @@ module Jobs
     def execute(_)
       return if SiteSetting.invalidate_inactive_admin_email_after_days == 0
 
+      timestamp = SiteSetting.invalidate_inactive_admin_email_after_days.days.ago
+
       User.human_users
         .where(admin: true)
         .where(active: true)
-        .where('last_seen_at < ?', SiteSetting.invalidate_inactive_admin_email_after_days.days.ago)
+        .where('last_seen_at < ?', timestamp)
+        .where("NOT EXISTS ( SELECT 1 from api_keys WHERE api_keys.user_id = users.id AND COALESCE(last_used_at, updated_at) > ? )", timestamp)
+        .where("NOT EXISTS ( SELECT 1 from posts WHERE posts.user_id = users.id AND created_at > ?)", timestamp)
         .each do |user|
 
         User.transaction do

spec/jobs/invalidate_inactive_admins_spec.rb

@@ -46,6 +46,18 @@ describe Jobs::InvalidateInactiveAdmins do
           expect(UserAssociatedAccount.where(user_id: not_seen_admin.id).exists?).to eq(false)
         end
       end
+
+      it "doesn't deactivate admins with recent posts" do
+        Fabricate(:post, user: not_seen_admin)
+        subject
+        expect(not_seen_admin.reload.active).to eq(true)
+      end
+
+      it "doesn't deactivate admins with recently used api keys" do
+        Fabricate(:api_key, user: not_seen_admin, last_used_at: 1.day.ago)
+        subject
+        expect(not_seen_admin.reload.active).to eq(true)
+      end
     end
 
     context 'invalidate_inactive_admin_email_after_days = 0 to disable this feature' do