def create_retirement(cls, user):
"""
Creates a UserRetirementStatus for the given user, in the correct initial state. Will
fail if the user already has a UserRetirementStatus row or if states are not yet populated.
"""
try:
pending = RetirementState.objects.all().order_by('state_execution_order')[0]
except IndexError:
raise RetirementStateError('Default state does not exist! Populate retirement states to retire users.') # lint-amnesty, pylint: disable=raise-missing-from
if cls.objects.filter(user=user).exists():
raise RetirementStateError(u'User {} already has a retirement status row!'.format(user))
retired_username = get_retired_username_by_username(user.username)
retired_email = get_retired_email_by_email(user.email)
UserRetirementRequest.create_retirement_request(user)
return cls.objects.create(
user=user,
original_username=user.username,
original_email=user.email,
original_name=user.profile.name,
retired_username=retired_username,
retired_email=retired_email,
current_state=pending,
last_state=pending,
responses=u'Created in state {} by create_retirement'.format(pending)
)
def test_get_retired_email_status_exists(retirement_user, retirement_status): # pylint: disable=redefined-outer-name
"""
Checks that a retired email is gotten from a UserRetirementStatus
object when one already exists for a user.
"""
hashed_email = get_retired_email_by_email(retirement_user.email)
check_email_against_fmt(hashed_email)
assert retirement_status.retired_email == hashed_email
def _fake_logged_out_user(user, retire_username=False):
"""
Simulate the initial logout retirement endpoint.
"""
# By default, do not change the username to the retired hash version because
# that is not what happens upon actual retirement requests immediately after
# logout.
if retire_username:
user.username = get_retired_username_by_username(user.username)
user.email = get_retired_email_by_email(user.email)
user.set_unusable_password()
user.save()
def test_is_email_retired_is_retired(retirement_user):
"""
Check functionality of is_email_retired when email is retired
"""
original_email = retirement_user.email
retired_email = get_retired_email_by_email(retirement_user.email)
# Fake email retirement.
retirement_user.email = retired_email
retirement_user.save()
assert is_email_retired(original_email)
def test_is_email_retired_is_retired(retirement_user): # lint-amnesty, pylint: disable=redefined-outer-name
"""
Check functionality of is_email_retired when email is retired
"""
original_email = retirement_user.email
retired_email = get_retired_email_by_email(retirement_user.email)
# Fake email retirement.
retirement_user.email = retired_email
retirement_user.save()
assert is_email_retired(original_email)
def handle(self, *args, **options):
"""
Execute the command.
"""
username = options['username']
user_email = options['user_email']
try:
user = User.objects.get(username=username, email=user_email)
except:
error_message = (
'Could not find a user with specified username and email '
'address. Make sure you have everything correct before '
'trying again')
logger.error(error_message)
raise CommandError(error_message) # lint-amnesty, pylint: disable=raise-missing-from
user_model = get_user_model()
try:
with transaction.atomic():
# Add user to retirement queue.
UserRetirementStatus.create_retirement(user)
# Unlink LMS social auth accounts
UserSocialAuth.objects.filter(user_id=user.id).delete()
# Change LMS password & email
user.email = get_retired_email_by_email(user.email)
user.set_unusable_password()
user.save()
# TODO: Unlink social accounts & change password on each IDA.
# Remove the activation keys sent by email to the user for account activation.
Registration.objects.filter(user=user).delete()
# Delete OAuth tokens associated with the user.
retire_dot_oauth2_models(user)
AccountRecovery.retire_recovery_email(user.id)
except KeyError:
error_message = 'Username not specified {}'.format(user)
logger.error(error_message)
raise CommandError(error_message) # lint-amnesty, pylint: disable=raise-missing-from
except user_model.DoesNotExist:
error_message = 'The user "{}" does not exist.'.format(
user.username)
logger.error(error_message)
raise CommandError(error_message) # lint-amnesty, pylint: disable=raise-missing-from
except Exception as exc: # pylint: disable=broad-except
error_message = '500 error deactivating account {}'.format(exc)
logger.error(error_message)
raise CommandError(error_message) # lint-amnesty, pylint: disable=raise-missing-from
logger.info("User succesfully moved to the retirment pipeline")
def _assert_retirementstatus_is_user(retirement, user):
"""
Helper function to compare a newly created UserRetirementStatus object to expected values for
the given user.
"""
pending = RetirementState.objects.all().order_by(
'state_execution_order')[0]
retired_username = get_retired_username_by_username(user.username)
retired_email = get_retired_email_by_email(user.email)
assert retirement.user == user
assert retirement.original_username == user.username
assert retirement.original_email == user.email
assert retirement.original_name == user.profile.name
assert retirement.retired_username == retired_username
assert retirement.retired_email == retired_email
assert retirement.current_state == pending
assert retirement.last_state == pending
assert pending.state_name in retirement.responses
def create_retirement_request_and_deactivate_account(user):
"""
Adds user to retirement queue, unlinks social auth accounts, changes user passwords
and delete tokens and activation keys
"""
# Add user to retirement queue.
UserRetirementStatus.create_retirement(user)
# Unlink LMS social auth accounts
UserSocialAuth.objects.filter(user_id=user.id).delete()
# Change LMS password & email
user.email = get_retired_email_by_email(user.email)
user.set_unusable_password()
user.save()
# TODO: Unlink social accounts & change password on each IDA.
# Remove the activation keys sent by email to the user for account activation.
Registration.objects.filter(user=user).delete()
# Delete OAuth tokens associated with the user.
retire_dot_oauth2_models(user)
AccountRecovery.retire_recovery_email(user.id)
def test_get_retired_email(retirement_user):
"""
Basic testing of retired emails.
"""
hashed_email = get_retired_email_by_email(retirement_user.email)
check_email_against_fmt(hashed_email)
def delete_edxapp_user(*args, **kwargs):
"""
Deletes a user from the platform.
"""
msg = None
user = kwargs.get("user")
case_id = kwargs.get("case_id")
site = kwargs.get("site")
is_support_user = kwargs.get("is_support_user")
user_response = "The user {username} <{email}> ".format(
username=user.username, email=user.email)
signup_sources = user.usersignupsource_set.all()
sources = [signup_source.site for signup_source in signup_sources]
if site and site.name.upper() in (source.upper() for source in sources):
if len(sources) == 1:
with transaction.atomic():
support_label = "_support" if is_support_user else ""
user.email = "{email}{case}.ednx{support}_retired".format(
email=user.email,
case=case_id,
support=support_label,
)
user.save()
# Add user to retirement queue.
UserRetirementStatus.create_retirement(user)
# Unlink LMS social auth accounts
UserSocialAuth.objects.filter(user_id=user.id).delete()
# Change LMS password & email
user.email = get_retired_email_by_email(user.email)
user.save()
_set_unusable_password(user)
# Remove the activation keys sent by email to the user for account activation.
Registration.objects.filter(user=user).delete()
# Delete OAuth tokens associated with the user.
retire_dot_oauth2_models(user)
# Delete user signup source object
signup_sources[0].delete()
msg = "{user} has been removed".format(user=user_response)
else:
for signup_source in signup_sources:
if signup_source.site.upper() == site.name.upper():
signup_source.delete()
msg = "{user} has more than one signup source. The signup source from the site {site} has been deleted".format(
user=user_response,
site=site,
)
return msg, status.HTTP_200_OK
raise NotFound(
"{user} does not have a signup source on the site {site}".format(
user=user_response, site=site))
def test_get_retired_email(retirement_user): # lint-amnesty, pylint: disable=redefined-outer-name
"""
Basic testing of retired emails.
"""
hashed_email = get_retired_email_by_email(retirement_user.email)
check_email_against_fmt(hashed_email)
