def check_content_start_date_for_masquerade_user(course_key, user, request, course_start, chapter_start=None, section_start=None): """ Add a warning message if the masquerade user would not have access to this content due to the content start date being in the future. """ now = datetime.now(utc) most_future_date = course_start if chapter_start and section_start: most_future_date = max(course_start, chapter_start, section_start) _is_masquerading = get_course_masquerade(user, course_key) if now < most_future_date and _is_masquerading: group_masquerade = is_masquerading_as_student(user, course_key) specific_student_masquerade = is_masquerading_as_specific_student( user, course_key) is_staff = has_staff_roles(user, course_key) if group_masquerade or (specific_student_masquerade and not is_staff): PageLevelMessages.register_warning_message( request, HTML( _('This user does not have access to this content because \ the content start date is in the future')), once_only=True)
def register_course_expired_message(request, course): """ Add a banner notifying the user of the user course expiration date if it exists. """ if not CourseDurationLimitConfig.enabled_for_enrollment(user=request.user, course_key=course.id): return expiration_date = get_user_course_expiration_date(request.user, course) if not expiration_date: return if is_masquerading_as_student(request.user, course.id) and timezone.now() > expiration_date: upgrade_message = _('This learner does not have access to this course. ' 'Their access expired on {expiration_date}.') PageLevelMessages.register_warning_message( request, HTML(upgrade_message).format( expiration_date=expiration_date.strftime('%b %-d') ) ) else: enrollment = CourseEnrollment.get_enrollment(request.user, course.id) if enrollment is None: return upgrade_deadline = enrollment.upgrade_deadline if upgrade_deadline is None: return now = timezone.now() course_upgrade_deadline = enrollment.course_upgrade_deadline if now > upgrade_deadline: upgrade_deadline = course_upgrade_deadline expiration_message = _('{strong_open}Audit Access Expires {expiration_date}{strong_close}' '{line_break}You lose all access to this course, including your progress, on ' '{expiration_date}.') upgrade_deadline_message = _('{line_break}Upgrade by {upgrade_deadline} to get unlimited access to the course ' 'as long as it exists on the site. {a_open}Upgrade now{sronly_span_open} to ' 'retain access past {expiration_date}{span_close}{a_close}') full_message = expiration_message if now < course_upgrade_deadline: full_message += upgrade_deadline_message PageLevelMessages.register_info_message( request, Text(full_message).format( a_open=HTML('<a href="{upgrade_link}">').format( upgrade_link=verified_upgrade_deadline_link(user=request.user, course=course) ), sronly_span_open=HTML('<span class="sr-only">'), sighted_only_span_open=HTML('<span aria-hidden="true">'), span_close=HTML('</span>'), a_close=HTML('</a>'), expiration_date=expiration_date.strftime('%b. %-d, %Y'), strong_open=HTML('<strong>'), strong_close=HTML('</strong>'), line_break=HTML('<br>'), upgrade_deadline=upgrade_deadline.strftime('%b. %-d, %Y') ) )
def _decorated(request, *args, **kwargs): # pylint: disable=missing-docstring if waffle().is_enabled(DISPLAY_MAINTENANCE_WARNING): if hasattr(settings, 'MAINTENANCE_BANNER_TEXT') and settings.MAINTENANCE_BANNER_TEXT: # The waffle switch is enabled and the banner text is defined # and non-empty. We can now register the message: PageLevelMessages.register_warning_message(request, settings.MAINTENANCE_BANNER_TEXT) return func(request, *args, **kwargs)
def _enforce_password_policy_compliance(request, user): try: password_policy_compliance.enforce_compliance_on_login(user, request.POST.get('password')) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. PageLevelMessages.register_warning_message(request, e.message) except password_policy_compliance.NonCompliantPasswordException as e: # Prevent the login attempt. raise AuthFailedError(e.message)
def _enforce_password_policy_compliance(request, user): # lint-amnesty, pylint: disable=missing-function-docstring try: password_policy_compliance.enforce_compliance_on_login(user, request.POST.get('password')) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. PageLevelMessages.register_warning_message(request, str(e)) except password_policy_compliance.NonCompliantPasswordException as e: AUDIT_LOG.info("Password reset initiated for email %s.", user.email) send_password_reset_email_for_user(user, request) # Prevent the login attempt. raise AuthFailedError(HTML(str(e)), error_code=e.__class__.__name__) # lint-amnesty, pylint: disable=raise-missing-from
def render(self, request): """ Render the index page. """ self._redirect_if_needed_to_pay_for_course() self._prefetch_and_bind_course(request) if self.course.has_children_at_depth(CONTENT_DEPTH): self._reset_section_to_exam_if_required() self.chapter = self._find_chapter() self.section = self._find_section() if self.chapter and self.section: self._redirect_if_not_requested_section() self._save_positions() self._prefetch_and_bind_section() self._redirect_to_learning_mfe() check_content_start_date_for_masquerade_user( self.course_key, self.effective_user, request, self.course.start, self.chapter.start, self.section.start) if not request.user.is_authenticated: qs = six.moves.urllib.parse.urlencode({ 'course_id': self.course_key, 'enrollment_action': 'enroll', 'email_opt_in': False, }) allow_anonymous = check_public_access(self.course, [COURSE_VISIBILITY_PUBLIC]) if not allow_anonymous: PageLevelMessages.register_warning_message( request, Text( _(u"You are not signed in. To see additional course content, {sign_in_link} or " u"{register_link}, and enroll in this course.")). format( sign_in_link=HTML( u'<a href="{url}">{sign_in_label}</a>').format( sign_in_label=_('sign in'), url='{}?{}'.format(reverse('signin_user'), qs), ), register_link=HTML( u'<a href="/{url}">{register_label}</a>').format( register_label=_('register'), url=u'{}?{}'.format(reverse('register_user'), qs), ), )) return render_to_response('courseware/courseware.html', self._create_courseware_context(request))
def show_reference_template(request, template): """ Shows the specified template as an HTML page. This is used only in debug mode to allow the UX team to produce and work with static reference templates. e.g. http://localhost:8000/template/ux/reference/index.html shows the template from ux/reference/index.html Note: dynamic parameters can also be passed to the page. e.g. /template/ux/reference/index.html?name=Foo """ try: uses_pattern_library = u'/pattern-library/' in request.path is_v1 = u'/v1/' in request.path uses_bootstrap = not uses_pattern_library and not is_v1 context = { 'request': request, 'disable_courseware_js': not is_v1, 'uses_pattern_library': uses_pattern_library, 'uses_bootstrap': uses_bootstrap, } context.update(request.GET.dict()) # Support dynamic rendering of messages if request.GET.get('alert'): PageLevelMessages.register_info_message(request, request.GET.get('alert')) if request.GET.get('success'): PageLevelMessages.register_success_message( request, request.GET.get('success')) if request.GET.get('warning'): PageLevelMessages.register_warning_message( request, request.GET.get('warning')) if request.GET.get('error'): PageLevelMessages.register_error_message(request, request.GET.get('error')) # Add some messages to the course skeleton pages if u'course-skeleton.html' in request.path: PageLevelMessages.register_info_message( request, _('This is a test message')) PageLevelMessages.register_success_message( request, _('This is a success message')) PageLevelMessages.register_warning_message( request, _('This is a test warning')) PageLevelMessages.register_error_message(request, _('This is a test error')) return render_to_response(template, context) except TopLevelLookupException: return HttpResponseNotFound( 'Missing template {template}'.format(template=template))
def _enforce_password_policy_compliance(request, user): try: password_policy_compliance.enforce_compliance_on_login( user, request.POST.get('password')) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. PageLevelMessages.register_warning_message(request, six.text_type(e)) except password_policy_compliance.NonCompliantPasswordException as e: send_password_reset_email_for_user(user, request) # Prevent the login attempt. raise AuthFailedError(HTML(six.text_type(e)), error_code=e.__class__.__name__)
def show_reference_template(request, template): """ Shows the specified template as an HTML page. This is used only in debug mode to allow the UX team to produce and work with static reference templates. e.g. http://localhost:8000/template/ux/reference/index.html shows the template from ux/reference/index.html Note: dynamic parameters can also be passed to the page. e.g. /template/ux/reference/index.html?name=Foo """ try: is_v1 = '/v1/' in request.path uses_bootstrap = not is_v1 context = { 'request': request, 'uses_bootstrap': uses_bootstrap, } context.update(request.GET.dict()) # Support dynamic rendering of messages if request.GET.get('alert'): PageLevelMessages.register_info_message(request, request.GET.get('alert')) if request.GET.get('success'): PageLevelMessages.register_success_message( request, request.GET.get('success')) if request.GET.get('warning'): PageLevelMessages.register_warning_message( request, request.GET.get('warning')) if request.GET.get('error'): PageLevelMessages.register_error_message(request, request.GET.get('error')) # Add some messages to the course skeleton pages if 'course-skeleton.html' in request.path: PageLevelMessages.register_info_message( request, _('This is a test message')) PageLevelMessages.register_success_message( request, _('This is a success message')) PageLevelMessages.register_warning_message( request, _('This is a test warning')) PageLevelMessages.register_error_message(request, _('This is a test error')) return render_to_response(template, context) except TemplateDoesNotExist: return HttpResponseNotFound( f'Missing template {bleach.clean(template, strip=True)}')
def render(self, request): """ Render the index page. """ self._redirect_if_needed_to_pay_for_course() self._prefetch_and_bind_course(request) if self.course.has_children_at_depth(CONTENT_DEPTH): self._reset_section_to_exam_if_required() self.chapter = self._find_chapter() self.section = self._find_section() if self.chapter and self.section: self._redirect_if_not_requested_section() self._save_positions() self._prefetch_and_bind_section() check_content_start_date_for_masquerade_user(self.course_key, self.effective_user, request, self.course.start, self.chapter.start, self.section.start) if not request.user.is_authenticated: qs = urllib.urlencode({ 'course_id': self.course_key, 'enrollment_action': 'enroll', 'email_opt_in': False, }) allow_anonymous = allow_public_access(self.course, [COURSE_VISIBILITY_PUBLIC]) if not allow_anonymous: PageLevelMessages.register_warning_message( request, Text(_(u"You are not signed in. To see additional course content, {sign_in_link} or " u"{register_link}, and enroll in this course.")).format( sign_in_link=HTML(u'<a href="{url}">{sign_in_label}</a>').format( sign_in_label=_('sign in'), url='{}?{}'.format(reverse('signin_user'), qs), ), register_link=HTML(u'<a href="/{url}">{register_label}</a>').format( register_label=_('register'), url=u'{}?{}'.format(reverse('register_user'), qs), ), ) ) return render_to_response('courseware/courseware.html', self._create_courseware_context(request))
def render(self, request): """ Render the index page. """ self._redirect_if_needed_to_enter_university_id() self._redirect_if_needed_to_pay_for_course() self._prefetch_and_bind_course(request) if self.course.has_children_at_depth(CONTENT_DEPTH): self._reset_section_to_exam_if_required() self.chapter = self._find_chapter() self.section = self._find_section() if self.chapter and self.section: self._redirect_if_not_requested_section() self._save_positions() self._prefetch_and_bind_section() if not request.user.is_authenticated: qs = urllib.urlencode({ 'course_id': self.course_key, 'enrollment_action': 'enroll', 'email_opt_in': False, }) PageLevelMessages.register_warning_message( request, Text( _("You are not signed in. To see additional course content, {sign_in_link} or " "{register_link}, and enroll in this course.")).format( sign_in_link=HTML( '<a href="{url}">{sign_in_label}</a>').format( sign_in_label=_('sign in'), url='{}?{}'.format(reverse('signin_user'), qs), ), register_link=HTML( '<a href="/{url}">{register_label}</a>').format( register_label=_('register'), url='{}?{}'.format(reverse('register_user'), qs), ), )) return render_to_response('courseware/courseware.html', self._create_courseware_context(request))
def _enforce_password_policy_compliance(request, user): # lint-amnesty, pylint: disable=missing-function-docstring try: password_policy_compliance.enforce_compliance_on_login( user, request.POST.get('password')) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. PageLevelMessages.register_warning_message(request, HTML(str(e))) except password_policy_compliance.NonCompliantPasswordException as e: # Increment the lockout counter to safguard from further brute force requests # if user's password has been compromised. if LoginFailures.is_feature_enabled(): LoginFailures.increment_lockout_counter(user) AUDIT_LOG.info("Password reset initiated for email %s.", user.email) send_password_reset_email_for_user(user, request) # Prevent the login attempt. raise AuthFailedError(HTML(str(e)), error_code=e.__class__.__name__) # lint-amnesty, pylint: disable=raise-missing-from
def show_reference_template(request, template): """ Shows the specified template as an HTML page. This is used only in debug mode to allow the UX team to produce and work with static reference templates. e.g. http://localhost:8000/template/ux/reference/index.html shows the template from ux/reference/index.html Note: dynamic parameters can also be passed to the page. e.g. /template/ux/reference/index.html?name=Foo """ try: uses_pattern_library = u'/pattern-library/' in request.path is_v1 = u'/v1/' in request.path uses_bootstrap = not uses_pattern_library and not is_v1 context = { 'request': request, 'uses_pattern_library': uses_pattern_library, 'uses_bootstrap': uses_bootstrap, } context.update(request.GET.dict()) # Support dynamic rendering of messages if request.GET.get('alert'): PageLevelMessages.register_info_message(request, request.GET.get('alert')) if request.GET.get('success'): PageLevelMessages.register_success_message(request, request.GET.get('success')) if request.GET.get('warning'): PageLevelMessages.register_warning_message(request, request.GET.get('warning')) if request.GET.get('error'): PageLevelMessages.register_error_message(request, request.GET.get('error')) # Add some messages to the course skeleton pages if u'course-skeleton.html' in request.path: PageLevelMessages.register_info_message(request, _('This is a test message')) PageLevelMessages.register_success_message(request, _('This is a success message')) PageLevelMessages.register_warning_message(request, _('This is a test warning')) PageLevelMessages.register_error_message(request, _('This is a test error')) return render_to_response(template, context) except TopLevelLookupException: return HttpResponseNotFound('Missing template {template}'.format(template=template))
def check_start_date(user, days_early_for_beta, start, course_key): """ Verifies whether the given user is allowed access given the start date and the Beta offset for the given course. Returns: AccessResponse: Either ACCESS_GRANTED or StartDateError. """ start_dates_disabled = settings.FEATURES['DISABLE_START_DATES'] masquerading_as_student = is_masquerading_as_student(user, course_key) masquerading_as_specific_student = is_masquerading_as_specific_student( user, course_key) if start_dates_disabled and not masquerading_as_student: return ACCESS_GRANTED else: now = datetime.now(UTC) if start is None or in_preview_mode(): return ACCESS_GRANTED effective_start = adjust_start_date(user, days_early_for_beta, start, course_key) if now > effective_start: return ACCESS_GRANTED if get_course_masquerade(user, course_key): if masquerading_as_student or ( masquerading_as_specific_student and not has_staff_roles(user, course_key)): request = get_current_request() PageLevelMessages.register_warning_message( request, HTML( _('This user does not have access to this content due to the content start date' )), once_only=True) return ACCESS_GRANTED return StartDateError(start)
def check_content_start_date_for_masquerade_user(course_key, user, request, course_start, chapter_start=None, section_start=None): """ Add a warning message if the masquerade user would not have access to this content due to the content start date being in the future. """ now = datetime.now(utc) most_future_date = course_start if chapter_start and section_start: most_future_date = max(course_start, chapter_start, section_start) is_masquerading = get_course_masquerade(user, course_key) if now < most_future_date and is_masquerading: group_masquerade = is_masquerading_as_student(user, course_key) specific_student_masquerade = is_masquerading_as_specific_student(user, course_key) is_staff = has_staff_roles(user, course_key) if group_masquerade or (specific_student_masquerade and not is_staff): PageLevelMessages.register_warning_message( request, HTML(_('This user does not have access to this content because \ the content start date is in the future')), once_only=True )
def register_course_expired_message(request, course): """ Add a banner notifying the user of the user course expiration date if it exists. """ if not CourseDurationLimitConfig.enabled_for_enrollment( user=request.user, course_key=course.id): return expiration_date = get_user_course_expiration_date(request.user, course) if not expiration_date: return if is_masquerading_as_student( request.user, course.id) and timezone.now() > expiration_date: upgrade_message = _( 'This learner would not have access to this course. ' 'Their access expired on {expiration_date}.') PageLevelMessages.register_warning_message( request, HTML(upgrade_message).format( expiration_date=expiration_date.strftime('%b %-d'))) else: upgrade_message = _( 'Your access to this course expires on {expiration_date}. \ {a_open}Upgrade now {sronly_span_open}to retain access past {expiration_date}.\ {span_close}{a_close}{sighted_only_span_open}for unlimited access.{span_close}' ) PageLevelMessages.register_info_message( request, Text(upgrade_message).format( a_open=HTML('<a href="{upgrade_link}">').format( upgrade_link=verified_upgrade_deadline_link( user=request.user, course=course)), sronly_span_open=HTML('<span class="sr-only">'), sighted_only_span_open=HTML('<span aria-hidden="true">'), span_close=HTML('</span>'), a_close=HTML('</a>'), expiration_date=expiration_date.strftime('%b %-d'), ))
def register_course_expired_message(request, course): """ Add a banner notifying the user of the user course expiration date if it exists. """ if not CourseDurationLimitConfig.enabled_for_enrollment(user=request.user, course_key=course.id): return expiration_date = get_user_course_expiration_date(request.user, course) if not expiration_date: return if is_masquerading_as_student(request.user, course.id) and timezone.now() > expiration_date: upgrade_message = _('This learner would not have access to this course. ' 'Their access expired on {expiration_date}.') PageLevelMessages.register_warning_message( request, HTML(upgrade_message).format( expiration_date=expiration_date.strftime('%b %-d') ) ) else: upgrade_message = _('Your access to this course expires on {expiration_date}. \ {a_open}Upgrade now {sronly_span_open}to retain access past {expiration_date}.\ {span_close}{a_close}{sighted_only_span_open}for unlimited access.{span_close}') PageLevelMessages.register_info_message( request, Text(upgrade_message).format( a_open=HTML('<a href="{upgrade_link}">').format( upgrade_link=verified_upgrade_deadline_link(user=request.user, course=course) ), sronly_span_open=HTML('<span class="sr-only">'), sighted_only_span_open=HTML('<span aria-hidden="true">'), span_close=HTML('</span>'), a_close=HTML('</a>'), expiration_date=expiration_date.strftime('%b %-d'), ) )
def register_course_expired_message(request, course): """ Add a banner notifying the user of the user course expiration date if it exists. """ if not CourseDurationLimitConfig.enabled_for_enrollment( user=request.user, course_key=course.id): return expiration_date = get_user_course_expiration_date(request.user, course) if not expiration_date: return if is_masquerading_as_specific_student( request.user, course.id) and timezone.now() > expiration_date: upgrade_message = _( 'This learner does not have access to this course. ' 'Their access expired on {expiration_date}.') PageLevelMessages.register_warning_message( request, HTML(upgrade_message).format(expiration_date=strftime_localized( expiration_date, '%b. %-d, %Y'))) else: enrollment = CourseEnrollment.get_enrollment(request.user, course.id) if enrollment is None: return upgrade_deadline = enrollment.upgrade_deadline now = timezone.now() course_upgrade_deadline = enrollment.course_upgrade_deadline if (not upgrade_deadline) or (upgrade_deadline < now): upgrade_deadline = course_upgrade_deadline expiration_message = _( '{strong_open}Audit Access Expires {expiration_date}{strong_close}' '{line_break}You lose all access to this course, including your progress, on ' '{expiration_date}.') upgrade_deadline_message = _( '{line_break}Upgrade by {upgrade_deadline} to get unlimited access to the course ' 'as long as it exists on the site. {a_open}Upgrade now{sronly_span_open} to ' 'retain access past {expiration_date}{span_close}{a_close}') full_message = expiration_message if upgrade_deadline and now < upgrade_deadline: full_message += upgrade_deadline_message using_upgrade_messaging = True else: using_upgrade_messaging = False language = get_language() language_is_es = language and language.split('-')[0].lower() == 'es' if language_is_es: formatted_expiration_date = strftime_localized( expiration_date, '%-d de %b. de %Y').lower() else: formatted_expiration_date = strftime_localized( expiration_date, '%b. %-d, %Y') if using_upgrade_messaging: if language_is_es: formatted_upgrade_deadline = strftime_localized( upgrade_deadline, '%-d de %b. de %Y').lower() else: formatted_upgrade_deadline = strftime_localized( upgrade_deadline, '%b. %-d, %Y') PageLevelMessages.register_info_message( request, Text(full_message).format( a_open=HTML('<a href="{upgrade_link}">').format( upgrade_link=verified_upgrade_deadline_link( user=request.user, course=course)), sronly_span_open=HTML('<span class="sr-only">'), span_close=HTML('</span>'), a_close=HTML('</a>'), expiration_date=formatted_expiration_date, strong_open=HTML('<strong>'), strong_close=HTML('</strong>'), line_break=HTML('<br>'), upgrade_deadline=formatted_upgrade_deadline)) else: PageLevelMessages.register_info_message( request, Text(full_message).format( span_close=HTML('</span>'), expiration_date=formatted_expiration_date, strong_open=HTML('<strong>'), strong_close=HTML('</strong>'), line_break=HTML('<br>'), ))