def get_or_build_user(self, username: str, ldap_user: _LDAPUser) -> Tuple[UserProfile, bool]: """This is used only in non-authentication contexts such as: ./manage.py sync_ldap_user_data In authentication contexts, this is overriden in ZulipLDAPAuthBackend. """ (user, built) = super().get_or_build_user(username, ldap_user) if 'userAccountControl' in settings.AUTH_LDAP_USER_ATTR_MAP: user_disabled_in_ldap = self.is_account_control_disabled_user(ldap_user) if user_disabled_in_ldap: if user.is_active: logging.info("Deactivating user %s because they are disabled in LDAP." % (user.email,)) do_deactivate_user(user) # Do an early return to avoid trying to sync additional data. return (user, built) elif not user.is_active: logging.info("Reactivating user %s because they are not disabled in LDAP." % (user.email,)) do_reactivate_user(user) self.sync_avatar_from_ldap(user, ldap_user) self.sync_full_name_from_ldap(user, ldap_user) self.sync_custom_profile_fields_from_ldap(user, ldap_user) return (user, built)
def test_login_required(self): # type: () -> None """ Verifies the zulip_login_required decorator blocks deactivated users. """ user_profile = self.example_user('hamlet') email = user_profile.email # Verify fails if logged-out result = self.client_get('/accounts/accept_terms/') self.assertEqual(result.status_code, 302) # Verify succeeds once logged-in self.login(email) result = self.client_get('/accounts/accept_terms/') self.assert_in_response("I agree to the", result) # Verify fails if user deactivated (with session still valid) user_profile.is_active = False user_profile.save() result = self.client_get('/accounts/accept_terms/') self.assertEqual(result.status_code, 302) # Verify succeeds if user reactivated do_reactivate_user(user_profile) self.login(email) result = self.client_get('/accounts/accept_terms/') self.assert_in_response("I agree to the", result) # Verify fails if realm deactivated user_profile.realm.deactivated = True user_profile.realm.save() result = self.client_get('/accounts/accept_terms/') self.assertEqual(result.status_code, 302)
def test_send_deactivated_user(self): # type: () -> None """ rest_dispatch rejects requests from deactivated users, both /json and api """ user_profile = self.example_user('hamlet') email = user_profile.email self.login(email) do_deactivate_user(user_profile) result = self.client_post("/json/messages", {"type": "private", "content": "Test message", "client": "test suite", "to": self.example_email("othello")}) self.assert_json_error_contains(result, "Not logged in", status_code=401) # Even if a logged-in session was leaked, it still wouldn't work do_reactivate_user(user_profile) self.login(email) user_profile.is_active = False user_profile.save() result = self.client_post("/json/messages", {"type": "private", "content": "Test message", "client": "test suite", "to": self.example_email("othello")}) self.assert_json_error_contains(result, "Account not active", status_code=400) result = self.client_post("/api/v1/messages", {"type": "private", "content": "Test message", "client": "test suite", "to": self.example_email("othello")}, **self.api_auth(self.example_email("hamlet"))) self.assert_json_error_contains(result, "Account not active", status_code=401)
def test_login_required(self): """ Verifies the zulip_login_required decorator blocks deactivated users. """ email = "*****@*****.**" user_profile = get_user_profile_by_email(email) # Verify fails if logged-out result = self.client_get('/accounts/accept_terms/') self.assertEqual(result.status_code, 302) # Verify succeeds once logged-in self.login(email) result = self.client_get('/accounts/accept_terms/') self.assert_in_response("I agree to the", result) # Verify fails if user deactivated (with session still valid) user_profile.is_active = False user_profile.save() result = self.client_get('/accounts/accept_terms/') self.assertEqual(result.status_code, 302) # Verify succeeds if user reactivated do_reactivate_user(user_profile) self.login(email) result = self.client_get('/accounts/accept_terms/') self.assert_in_response("I agree to the", result) # Verify fails if realm deactivated user_profile.realm.deactivated = True user_profile.realm.save() result = self.client_get('/accounts/accept_terms/') self.assertEqual(result.status_code, 302)
def test_send_deactivated_user(self): """ rest_dispatch rejects requests from deactivated users, both /json and api """ email = "*****@*****.**" user_profile = get_user_profile_by_email(email) self.login(email) do_deactivate_user(user_profile) result = self.client_post("/json/messages", {"type": "private", "content": "Test message", "client": "test suite", "to": "*****@*****.**"}) self.assert_json_error_contains(result, "Not logged in", status_code=401) # Even if a logged-in session was leaked, it still wouldn't work do_reactivate_user(user_profile) self.login(email) user_profile.is_active = False user_profile.save() result = self.client_post("/json/messages", {"type": "private", "content": "Test message", "client": "test suite", "to": "*****@*****.**"}) self.assert_json_error_contains(result, "Account not active", status_code=400) result = self.client_post("/api/v1/messages", {"type": "private", "content": "Test message", "client": "test suite", "to": "*****@*****.**"}, **self.api_auth("*****@*****.**")) self.assert_json_error_contains(result, "Account not active", status_code=401)
def test_user_activation(self) -> None: realm = get_realm('zulip') now = timezone_now() user = do_create_user('email', 'password', realm, 'full_name', 'short_name') do_deactivate_user(user) do_activate_user(user) do_deactivate_user(user) do_reactivate_user(user) self.assertEqual( RealmAuditLog.objects.filter(event_time__gte=now).count(), 5) event_types = list( RealmAuditLog.objects.filter( realm=realm, acting_user=None, modified_user=user, modified_stream=None, event_time__gte=now, event_time__lte=now + timedelta(minutes=60)).order_by('event_time').values_list( 'event_type', flat=True)) self.assertEqual(event_types, [ RealmAuditLog.USER_CREATED, RealmAuditLog.USER_DEACTIVATED, RealmAuditLog.USER_ACTIVATED, RealmAuditLog.USER_DEACTIVATED, RealmAuditLog.USER_REACTIVATED ])
def test_active_users_log_by_is_bot(self): # type: () -> None property = 'active_users_log:is_bot:day' user = do_create_user('email', 'password', self.default_realm, 'full_name', 'short_name') self.assertEqual( 1, RealmCount.objects.filter(property=property, subgroup=False).aggregate( Sum('value'))['value__sum']) do_deactivate_user(user) self.assertEqual( 0, RealmCount.objects.filter(property=property, subgroup=False).aggregate( Sum('value'))['value__sum']) do_activate_user(user) self.assertEqual( 1, RealmCount.objects.filter(property=property, subgroup=False).aggregate( Sum('value'))['value__sum']) do_deactivate_user(user) self.assertEqual( 0, RealmCount.objects.filter(property=property, subgroup=False).aggregate( Sum('value'))['value__sum']) do_reactivate_user(user) self.assertEqual( 1, RealmCount.objects.filter(property=property, subgroup=False).aggregate( Sum('value'))['value__sum'])
def test_basics(self): # type: () -> None user = self.example_user('hamlet') do_deactivate_user(user) self.assertFalse(user.is_active) do_reactivate_user(user) self.assertTrue(user.is_active)
def reactivate_user_backend(request: HttpRequest, user_profile: UserProfile, user_id: int) -> HttpResponse: target = access_user_by_id(user_profile, user_id, allow_deactivated=True, allow_bots=True) if target.is_bot: assert target.bot_type is not None check_bot_creation_policy(user_profile, target.bot_type) do_reactivate_user(target, acting_user=user_profile) return json_success()
def reactivate_user_backend(request: HttpRequest, user_profile: UserProfile, user_id: int) -> HttpResponse: target = access_user_by_id(user_profile, user_id, allow_deactivated=True, allow_bots=True) if target.is_bot: assert target.bot_type is not None check_bot_creation_policy(user_profile, target.bot_type) do_reactivate_user(target, acting_user=user_profile) return json_success()
def reactivate_user_backend(request: HttpRequest, user_profile: UserProfile, user_id: int) -> HttpResponse: target = access_user_by_id(user_profile, user_id, allow_deactivated=True, allow_bots=True) do_reactivate_user(target, acting_user=user_profile) return json_success()
def test_authenticated_json_post_view_if_user_is_not_active(self): user_email = '*****@*****.**' user_profile = get_user_profile_by_email(user_email) self._login(user_email, password="******") # we deactivate user manually because do_deactivate_user removes user session user_profile.is_active = False user_profile.save() self.assert_json_error_contains(self._do_test(user_email), "Account not active") do_reactivate_user(user_profile)
def reactivate_user_backend(request, user_profile, email): try: target = get_user_profile_by_email(email) except UserProfile.DoesNotExist: return json_error('No such user') if not user_profile.can_admin_user(target): return json_error('Insufficient permission') do_reactivate_user(target) return json_success({})
def reactivate_user_backend(request, user_profile, email): try: target = get_user_profile_by_email(email) except UserProfile.DoesNotExist: return json_error('No such user') if not user_profile.can_admin_user(target): return json_error('Insufficient permission') do_reactivate_user(target) return json_success({})
def reactivate_user_backend(request: HttpRequest, user_profile: UserProfile, email: Text) -> HttpResponse: try: target = get_user(email, user_profile.realm) except UserProfile.DoesNotExist: return json_error(_('No such user')) if not user_profile.can_admin_user(target): return json_error(_('Insufficient permission')) do_reactivate_user(target, acting_user=user_profile) return json_success()
def test_authenticated_json_post_view_if_user_is_not_active(self): # type: () -> None user_email = self.example_email('hamlet') user_realm = get_realm('zulip') self._login(user_email, user_realm, password="******") # Get user_profile after _login so that we have the latest data. user_profile = get_user(user_email, user_realm) # we deactivate user manually because do_deactivate_user removes user session user_profile.is_active = False user_profile.save() self.assert_json_error_contains(self._do_test(user_email), "Account not active") do_reactivate_user(user_profile)
def test_authenticated_json_post_view_if_user_is_not_active(self): # type: () -> None user_email = self.example_email('hamlet') user_realm = get_realm('zulip') self._login(user_email, user_realm, password="******") # Get user_profile after _login so that we have the latest data. user_profile = get_user(user_email, user_realm) # we deactivate user manually because do_deactivate_user removes user session user_profile.is_active = False user_profile.save() self.assert_json_error_contains(self._do_test(user_email), "Account not active") do_reactivate_user(user_profile)
def reactivate_user_backend(request, user_profile, email): # type: (HttpRequest, UserProfile, text_type) -> HttpResponse try: target = get_user_profile_by_email(email) except UserProfile.DoesNotExist: return json_error(_('No such user')) if not user_profile.can_admin_user(target): return json_error(_('Insufficient permission')) do_reactivate_user(target) return json_success()
def reactivate_user_backend(request, user_profile, email): # type: (HttpRequest, UserProfile, Text) -> HttpResponse try: target = get_user_profile_by_email(email) except UserProfile.DoesNotExist: return json_error(_('No such user')) if not user_profile.can_admin_user(target): return json_error(_('Insufficient permission')) do_reactivate_user(target) return json_success()
def reactivate_user_backend(request: HttpRequest, user_profile: UserProfile, email: Text) -> HttpResponse: try: target = get_user(email, user_profile.realm) except UserProfile.DoesNotExist: return json_error(_('No such user')) if not user_profile.can_admin_user(target): return json_error(_('Insufficient permission')) do_reactivate_user(target, acting_user=user_profile) return json_success()
def test_user_activation(self) -> None: realm = get_realm('zulip') now = timezone_now() user = do_create_user('email', 'password', realm, 'full_name', 'short_name') do_deactivate_user(user) do_activate_user(user) do_deactivate_user(user) do_reactivate_user(user) self.assertEqual(RealmAuditLog.objects.filter(event_time__gte=now).count(), 5) event_types = list(RealmAuditLog.objects.filter( realm=realm, acting_user=None, modified_user=user, modified_stream=None, event_time__gte=now, event_time__lte=now+timedelta(minutes=60)) .order_by('event_time').values_list('event_type', flat=True)) self.assertEqual(event_types, [RealmAuditLog.USER_CREATED, RealmAuditLog.USER_DEACTIVATED, RealmAuditLog.USER_ACTIVATED, RealmAuditLog.USER_DEACTIVATED, RealmAuditLog.USER_REACTIVATED])
def get_or_build_user(self, username: str, ldap_user: _LDAPUser) -> Tuple[UserProfile, bool]: # nocoverage (user, built) = super().get_or_build_user(username, ldap_user) self.sync_avatar_from_ldap(user, ldap_user) if 'userAccountControl' in settings.AUTH_LDAP_USER_ATTR_MAP: user_disabled_in_ldap = self.is_account_control_disabled_user(ldap_user) if user_disabled_in_ldap and user.is_active: logging.info("Deactivating user %s because they are disabled in LDAP." % (user.email,)) do_deactivate_user(user) return (user, built) if not user_disabled_in_ldap and not user.is_active: logging.info("Reactivating user %s because they are not disabled in LDAP." % (user.email,)) do_reactivate_user(user) return (user, built)
def get_or_build_user(self, username: str, ldap_user: _LDAPUser) -> Tuple[UserProfile, bool]: (user, built) = super().get_or_build_user(username, ldap_user) self.sync_avatar_from_ldap(user, ldap_user) self.sync_full_name_from_ldap(user, ldap_user) if 'userAccountControl' in settings.AUTH_LDAP_USER_ATTR_MAP: user_disabled_in_ldap = self.is_account_control_disabled_user(ldap_user) if user_disabled_in_ldap and user.is_active: logging.info("Deactivating user %s because they are disabled in LDAP." % (user.email,)) do_deactivate_user(user) return (user, built) if not user_disabled_in_ldap and not user.is_active: logging.info("Reactivating user %s because they are not disabled in LDAP." % (user.email,)) do_reactivate_user(user) return (user, built)
def test_requires_billing_update_for_is_active_changes(self) -> None: count = RealmAuditLog.objects.count() user1 = do_create_user('*****@*****.**', 'password', self.realm, 'full name', 'short name') do_deactivate_user(user1) do_reactivate_user(user1) # Not a proper use of do_activate_user, but it's fine to call it like this for this test do_activate_user(user1) self.assertEqual(count + 4, RealmAuditLog.objects.filter(requires_billing_update=False).count()) self.realm.has_seat_based_plan = True self.realm.save(update_fields=['has_seat_based_plan']) user2 = do_create_user('*****@*****.**', 'password', self.realm, 'full name', 'short name') do_deactivate_user(user2) do_reactivate_user(user2) do_activate_user(user2) self.assertEqual(4, RealmAuditLog.objects.filter(requires_billing_update=True).count())
def test_requires_billing_update_for_is_active_changes(self) -> None: count = RealmAuditLog.objects.count() realm = get_realm("zulip") user1 = do_create_user('*****@*****.**', 'password', realm, 'full name', 'short name') do_deactivate_user(user1) do_reactivate_user(user1) # Not a proper use of do_activate_user, but it's fine to call it like this for this test do_activate_user(user1) self.assertEqual(count + 4, RealmAuditLog.objects.filter(requires_billing_update=False).count()) realm.has_seat_based_plan = True realm.save(update_fields=['has_seat_based_plan']) user2 = do_create_user('*****@*****.**', 'password', realm, 'full name', 'short name') do_deactivate_user(user2) do_reactivate_user(user2) do_activate_user(user2) self.assertEqual(4, RealmAuditLog.objects.filter(requires_billing_update=True).count())
def test_active_users_log_by_is_bot(self): # type: () -> None property = 'active_users_log:is_bot:day' user = do_create_user('email', 'password', self.default_realm, 'full_name', 'short_name') self.assertEqual(1, RealmCount.objects.filter(property=property, subgroup=False) .aggregate(Sum('value'))['value__sum']) do_deactivate_user(user) self.assertEqual(0, RealmCount.objects.filter(property=property, subgroup=False) .aggregate(Sum('value'))['value__sum']) do_activate_user(user) self.assertEqual(1, RealmCount.objects.filter(property=property, subgroup=False) .aggregate(Sum('value'))['value__sum']) do_deactivate_user(user) self.assertEqual(0, RealmCount.objects.filter(property=property, subgroup=False) .aggregate(Sum('value'))['value__sum']) do_reactivate_user(user) self.assertEqual(1, RealmCount.objects.filter(property=property, subgroup=False) .aggregate(Sum('value'))['value__sum'])
def test_billing_quantity_changes_end_to_end( self, mock_customer_with_subscription: Mock, mock_create_subscription: Mock, mock_create_customer: Mock) -> None: self.login(self.example_email("hamlet")) processor = BillingProcessor.objects.create( log_row=RealmAuditLog.objects.order_by('id').first(), state=BillingProcessor.DONE) def check_billing_processor_update(event_type: str, quantity: int) -> None: def check_subscription_save(subscription: stripe.Subscription, idempotency_key: str) -> None: self.assertEqual(subscription.quantity, quantity) log_row = RealmAuditLog.objects.filter( event_type=event_type, requires_billing_update=True).order_by('-id').first() self.assertEqual(idempotency_key, 'process_billing_log_entry:%s' % (log_row.id,)) self.assertEqual(subscription.proration_date, datetime_to_timestamp(log_row.event_time)) with patch.object(stripe.Subscription, 'save', autospec=True, side_effect=check_subscription_save): run_billing_processor_one_step(processor) # Test STRIPE_PLAN_QUANTITY_RESET new_seat_count = 123 # change the seat count while the user is going through the upgrade flow with patch('corporate.lib.stripe.get_seat_count', return_value=new_seat_count): self.client_post("/upgrade/", {'stripeToken': self.token, 'signed_seat_count': self.signed_seat_count, 'salt': self.salt, 'plan': Plan.CLOUD_ANNUAL}) check_billing_processor_update(RealmAuditLog.STRIPE_PLAN_QUANTITY_RESET, new_seat_count) # Test USER_CREATED user = do_create_user('*****@*****.**', 'password', get_realm('zulip'), 'full name', 'short name') check_billing_processor_update(RealmAuditLog.USER_CREATED, self.quantity + 1) # Test USER_DEACTIVATED do_deactivate_user(user) check_billing_processor_update(RealmAuditLog.USER_DEACTIVATED, self.quantity - 1) # Test USER_REACTIVATED do_reactivate_user(user) check_billing_processor_update(RealmAuditLog.USER_REACTIVATED, self.quantity + 1) # Test USER_ACTIVATED # Not a proper use of do_activate_user, but it's fine to call it like this for this test do_activate_user(user) check_billing_processor_update(RealmAuditLog.USER_ACTIVATED, self.quantity + 1)
def test_user_activation(self) -> None: realm = get_realm("zulip") now = timezone_now() user = do_create_user("email", "password", realm, "full_name", acting_user=None) do_deactivate_user(user, acting_user=user) do_activate_user(user, acting_user=user) do_deactivate_user(user, acting_user=user) do_reactivate_user(user, acting_user=user) self.assertEqual( RealmAuditLog.objects.filter(event_time__gte=now).count(), 5) event_types = list( RealmAuditLog.objects.filter( realm=realm, acting_user=user, modified_user=user, modified_stream=None, event_time__gte=now, event_time__lte=now + timedelta(minutes=60), ).order_by("event_time").values_list("event_type", flat=True)) self.assertEqual( event_types, [ RealmAuditLog.USER_CREATED, RealmAuditLog.USER_DEACTIVATED, RealmAuditLog.USER_ACTIVATED, RealmAuditLog.USER_DEACTIVATED, RealmAuditLog.USER_REACTIVATED, ], ) for event in RealmAuditLog.objects.filter( realm=realm, acting_user=user, modified_user=user, modified_stream=None, event_time__gte=now, event_time__lte=now + timedelta(minutes=60), ): extra_data = orjson.loads(event.extra_data) self.check_role_count_schema(extra_data[RealmAuditLog.ROLE_COUNT]) self.assertNotIn(RealmAuditLog.OLD_VALUE, extra_data)
def test_billing_quantity_changes_end_to_end( self, mock_customer_with_subscription: Mock, mock_create_subscription: Mock, mock_create_customer: Mock) -> None: self.login(self.example_email("hamlet")) processor = BillingProcessor.objects.create( log_row=RealmAuditLog.objects.order_by('id').first(), state=BillingProcessor.DONE) def check_billing_processor_update(event_type: str, quantity: int) -> None: def check_subscription_save(subscription: stripe.Subscription, idempotency_key: str) -> None: self.assertEqual(subscription.quantity, quantity) log_row = RealmAuditLog.objects.filter( event_type=event_type, requires_billing_update=True).order_by('-id').first() self.assertEqual(idempotency_key, 'process_billing_log_entry:%s' % (log_row.id,)) self.assertEqual(subscription.proration_date, datetime_to_timestamp(log_row.event_time)) with patch.object(stripe.Subscription, 'save', autospec=True, side_effect=check_subscription_save): run_billing_processor_one_step(processor) # Test STRIPE_PLAN_QUANTITY_RESET new_seat_count = 123 # change the seat count while the user is going through the upgrade flow with patch('corporate.lib.stripe.get_seat_count', return_value=new_seat_count): self.client_post("/upgrade/", {'stripeToken': self.token, 'signed_seat_count': self.signed_seat_count, 'salt': self.salt, 'plan': Plan.CLOUD_ANNUAL}) check_billing_processor_update(RealmAuditLog.STRIPE_PLAN_QUANTITY_RESET, new_seat_count) # Test USER_CREATED user = do_create_user('*****@*****.**', 'password', get_realm('zulip'), 'full name', 'short name') check_billing_processor_update(RealmAuditLog.USER_CREATED, self.quantity + 1) # Test USER_DEACTIVATED do_deactivate_user(user) check_billing_processor_update(RealmAuditLog.USER_DEACTIVATED, self.quantity - 1) # Test USER_REACTIVATED do_reactivate_user(user) check_billing_processor_update(RealmAuditLog.USER_REACTIVATED, self.quantity + 1) # Test USER_ACTIVATED # Not a proper use of do_activate_user, but it's fine to call it like this for this test do_activate_user(user) check_billing_processor_update(RealmAuditLog.USER_ACTIVATED, self.quantity + 1)
def get_or_build_user( self, username: str, ldap_user: _LDAPUser) -> Tuple[UserProfile, bool]: # nocoverage (user, built) = super().get_or_build_user(username, ldap_user) self.sync_avatar_from_ldap(user, ldap_user) user_disabled_in_ldap = self.is_account_control_disabled_user( ldap_user) if user_disabled_in_ldap and user.is_active: logging.info( "Deactivating user %s because they are disabled in LDAP." % (user.email, )) do_deactivate_user(user) return (user, built) if not user_disabled_in_ldap and not user.is_active: logging.info( "Reactivating user %s because they are not disabled in LDAP." % (user.email, )) do_reactivate_user(user) return (user, built)
def verify_backend(self, backend, good_args=None, good_kwargs=None, bad_kwargs=None, email_to_username=None): # type: (Any, List[Any], Dict[str, Any], Dict[str, Any], Callable[[text_type], text_type]) -> None if good_args is None: good_args = [] if good_kwargs is None: good_kwargs = {} email = u"*****@*****.**" user_profile = get_user_profile_by_email(email) username = email if email_to_username is not None: username = email_to_username(email) # If bad_kwargs was specified, verify auth fails in that case if bad_kwargs is not None: self.assertIsNone(backend.authenticate(username, **bad_kwargs)) # Verify auth works result = backend.authenticate(username, *good_args, **good_kwargs) self.assertEqual(user_profile, result) # Verify auth fails with a deactivated user do_deactivate_user(user_profile) self.assertIsNone(backend.authenticate(username, *good_args, **good_kwargs)) # Reactivate the user and verify auth works again do_reactivate_user(user_profile) result = backend.authenticate(username, *good_args, **good_kwargs) self.assertEqual(user_profile, result) # Verify auth fails with a deactivated realm do_deactivate_realm(user_profile.realm) self.assertIsNone(backend.authenticate(username, *good_args, **good_kwargs)) # Verify auth works again after reactivating the realm do_reactivate_realm(user_profile.realm) result = backend.authenticate(username, *good_args, **good_kwargs) self.assertEqual(user_profile, result)
def get_or_build_user(self, username: str, ldap_user: _LDAPUser) -> Tuple[UserProfile, bool]: """This is used only in non-authentication contexts such as: ./manage.py sync_ldap_user_data In authentication contexts, this is overriden in ZulipLDAPAuthBackend. """ (user, built) = super().get_or_build_user(username, ldap_user) self.sync_avatar_from_ldap(user, ldap_user) self.sync_full_name_from_ldap(user, ldap_user) self.sync_custom_profile_fields_from_ldap(user, ldap_user) if 'userAccountControl' in settings.AUTH_LDAP_USER_ATTR_MAP: user_disabled_in_ldap = self.is_account_control_disabled_user(ldap_user) if user_disabled_in_ldap and user.is_active: logging.info("Deactivating user %s because they are disabled in LDAP." % (user.email,)) do_deactivate_user(user) return (user, built) if not user_disabled_in_ldap and not user.is_active: logging.info("Reactivating user %s because they are not disabled in LDAP." % (user.email,)) do_reactivate_user(user) return (user, built)
def test_basics(self) -> None: user = self.example_user('hamlet') do_deactivate_user(user) self.assertFalse(user.is_active) do_reactivate_user(user) self.assertTrue(user.is_active)
def reactivate_user_backend(request: HttpRequest, user_profile: UserProfile, user_id: int) -> HttpResponse: target = access_user_by_id(user_profile, user_id, allow_deactivated=True, allow_bots=True) do_reactivate_user(target, acting_user=user_profile) return json_success()
def save(self) -> None: """ This method is called at the end of operations modifying a user, and is responsible for actually applying the requested changes, writing them to the database. """ realm = RequestNotes.get_notes(self._request).realm assert realm is not None email_new_value = getattr(self, "_email_new_value", None) is_active_new_value = getattr(self, "_is_active_new_value", None) full_name_new_value = getattr(self, "_full_name_new_value", None) password = getattr(self, "_password_set_to", None) # Clean up the internal "pending change" state, now that we've # fetched the values: self._email_new_value = None self._is_active_new_value = None self._full_name_new_value = None self._password_set_to = None if email_new_value: try: # Note that the validate_email check that usually # appears adjacent to email_allowed_for_realm is # present in save(). email_allowed_for_realm(email_new_value, realm) except DomainNotAllowedForRealmError: raise scim_exceptions.BadRequestError( "This email domain isn't allowed in this organization." ) except DisposableEmailError: # nocoverage raise scim_exceptions.BadRequestError( "Disposable email domains are not allowed for this realm." ) except EmailContainsPlusError: # nocoverage raise scim_exceptions.BadRequestError("Email address can't contain + characters.") try: validate_email_not_already_in_realm(realm, email_new_value) except ValidationError as e: raise ConflictError("Email address already in use: " + str(e)) if self.is_new_user(): assert full_name_new_value is not None self.obj = do_create_user( email_new_value, password, realm, full_name_new_value, acting_user=None, ) return with transaction.atomic(): # We process full_name first here, since it's the only one that can fail. if full_name_new_value: check_change_full_name(self.obj, full_name_new_value, acting_user=None) if email_new_value: do_change_user_delivery_email(self.obj, email_new_value) if is_active_new_value is not None and is_active_new_value: do_reactivate_user(self.obj, acting_user=None) elif is_active_new_value is not None and not is_active_new_value: do_deactivate_user(self.obj, acting_user=None)