fix: prevent ghost memberships from soft-deleted users

gatehouse_app/api/v1/users/admin.py

@@ -306,10 +306,10 @@ def admin_delete_user(user_id):
     from gatehouse_app.models.user.user import User as _User
     from gatehouse_app.models.ssh_ca.ssh_key import SSHKey
     from gatehouse_app.models.ssh_ca.ssh_certificate import SSHCertificate
-    from gatehouse_app.models.auth.authentication_method import OAuthState
     from gatehouse_app.extensions import db as _db
     from gatehouse_app.utils.constants import AuditAction, OrganizationRole
     from gatehouse_app.services.audit_service import AuditService
+    from gatehouse_app.services.user_service import UserService
 
     caller = g.current_user
     data = request.get_json() or {}
@@ -372,20 +372,10 @@ def admin_delete_user(user_id):
 
     target_email = target.email
     target_id_str = str(target.id)
-    now = datetime.now(timezone.utc)
 
     try:
-        # Soft delete the user — set deleted_at timestamp.
-        target.deleted_at = now
-
-        # Soft delete associated OAuthState records.
-        OAuthState.query.filter_by(user_id=target_id_str).filter(OAuthState.deleted_at == None).update(
-            {"deleted_at": now}, synchronize_session=False
-        )
-
-        _db.session.flush()
+        UserService.delete_user(target, soft=True)
     except Exception as exc:
-        _db.session.rollback()
         _logger.error(f"Soft delete failed for {target_id_str}: {exc}")
         return api_response(success=False, message="Failed to delete user account. Please try again.", status=500, error_type="SERVER_ERROR")