def get_old_account_ids(self):
""" Returns the ID of candidate accounts with old affiliations.
:return set:
A set with Account entity_ids.
"""
def _with_aff(affiliation=None, max_age=None):
old = set()
person = Utils.Factory.get("Person")(self.db)
aff_or_status = self.constants.human2constant(affiliation)
if not aff_or_status:
self.logger.error('Unknown affiliation "%s"', affiliation)
return old
lookup = {'status' if '/' in affiliation
else 'affiliation': aff_or_status}
for row in person.list_affiliations(**lookup):
person_id = row['person_id']
# if person_id in old_ids:
# continue
person.clear()
person.find(person_id)
# account_id = person.get_primary_account()
for account_row in person.get_accounts():
# consider all accounts belonging to this person
account_id = account_row['account_id']
if account_id:
history = [x['set_at'] for x in ph.get_history(
account_id)]
if history and (self.today - max(history) > max_age):
old.add(account_id)
else:
# The account does not have an expired password
# according to the special rules.
# Remove it from old_ids if it was put there
# by the default rules.
try:
old_ids.remove(account_id)
except KeyError:
pass
self.logger.info(
'Accounts with affiliation %s with old password: %s',
str(affiliation), len(old))
return old
ph = PasswordHistory(self.db)
self.logger.info('Fetching accounts with password older than %d days',
self.config.max_password_age)
old_ids = set(
[int(x['account_id']) for x in ph.find_old_password_accounts((
self.today - dt.DateTimeDelta(
self.config.max_password_age)).strftime(DATE_FORMAT))])
self.logger.info('Fetching accounts with no password history')
old_ids.update(
set([int(x['account_id']) for x in ph.find_no_history_accounts()]))
# Do we have special rules for certain person affiliations?
# We want to end with the smallest 'max_password_age'
aff_mappings = sorted(self.config.affiliation_mappings,
key=lambda k: k['max_password_age'],
reverse=True)
for aff_mapping in aff_mappings:
self.logger.info(
'Fetching accounts with affiliation %s '
'with password older than %d days',
str(aff_mapping['affiliation']),
aff_mapping['max_password_age'])
old_ids.update(_with_aff(
affiliation=aff_mapping['affiliation'],
max_age=dt.DateTimeDelta(aff_mapping['max_password_age'])))
self.logger.info('Fetching quarantines')
# TODO: Select only autopassword quarantines?
quarantined_ids = QuarantineHandler.get_locked_entities(
self.db,
entity_types=self.constants.entity_account,
entity_ids=old_ids)
old_ids = old_ids - quarantined_ids
return old_ids
def get_old_account_ids(self):
""" Returns the ID of candidate accounts with old affiliations.
:return set:
A set with Account entity_ids.
"""
def _with_aff(affiliation=None, max_age=None):
old = set()
person = Utils.Factory.get("Person")(self.db)
aff_or_status = self.constants.human2constant(affiliation)
if not aff_or_status:
self.logger.error('Unknown affiliation "%s"', affiliation)
return old
lookup = {
'status' if '/' in affiliation else 'affiliation':
aff_or_status
}
for row in person.list_affiliations(**lookup):
person_id = row['person_id']
# if person_id in old_ids:
# continue
person.clear()
person.find(person_id)
# account_id = person.get_primary_account()
for account_row in person.get_accounts():
# consider all accounts belonging to this person
account_id = account_row['account_id']
if account_id:
history = [
x['set_at'] for x in ph.get_history(account_id)
]
if history and (self.today - max(history) > max_age):
old.add(account_id)
else:
# The account does not have an expired password
# according to the special rules.
# Remove it from old_ids if it was put there
# by the default rules.
try:
old_ids.remove(account_id)
except KeyError:
pass
self.logger.info(
'Accounts with affiliation %s with old password: %s',
str(affiliation), len(old))
return old
ph = PasswordHistory(self.db)
self.logger.info('Fetching accounts with password older than %d days',
self.config.max_password_age)
old_ids = set([
int(x['account_id']) for x in ph.find_old_password_accounts((
self.today - dt.DateTimeDelta(self.config.max_password_age)
).strftime(DATE_FORMAT))
])
self.logger.info('Fetching accounts with no password history')
old_ids.update(
set([int(x['account_id']) for x in ph.find_no_history_accounts()]))
# Do we have special rules for certain person affiliations?
# We want to end with the smallest 'max_password_age'
aff_mappings = sorted(self.config.affiliation_mappings,
key=lambda k: k['max_password_age'],
reverse=True)
for aff_mapping in aff_mappings:
self.logger.info(
'Fetching accounts with affiliation %s '
'with password older than %d days',
str(aff_mapping['affiliation']),
aff_mapping['max_password_age'])
old_ids.update(
_with_aff(affiliation=aff_mapping['affiliation'],
max_age=dt.DateTimeDelta(
aff_mapping['max_password_age'])))
self.logger.info('Fetching quarantines')
# TODO: Select only autopassword quarantines?
quarantined_ids = QuarantineHandler.get_locked_entities(
self.db,
entity_types=self.constants.entity_account,
entity_ids=old_ids)
old_ids = old_ids - quarantined_ids
return old_ids
