def test_change_password(self):
        self.assertNotEqual(self.user.password, '')
        self.assertEqual(self.user.get_changes('ldap'), {})
        u = Users()
        self.assertTrue('password' not in u.get_changes())
        self.assertTrue('created' in u.get_changes())
        u_values = u.get_changes('ldap').keys()
        self.assertTrue(all(k in u.ldap_only_fields.keys() for k in u_values))

        current_password = self.ldap_val('userPassword', self.user)
        current_google_password = self.ldap_val('googlePassword', self.user)
        current_samba_password = self.ldap_val('sambaNTPassword', self.user)


        self.user.shadow_last_change = (now() - datetime.timedelta(days=5) - EPOCH).days
        self.user.save()
        shadow_last_change = copy.deepcopy(self.user.shadow_last_change)

        password = random_ldap_password()
        self.user.set_ldap_password(password)
        self.assertEqual(self.user.get_changes('ldap'), {})
        self.assertNotEqual(self.ldap_val('userPassword', self.user), current_password)
        self.assertNotEqual(self.ldap_val('googlePassword', self.user), current_google_password)
        self.assertNotEqual(self.ldap_val('sambaNTPassword', self.user), current_samba_password)
        self.assertNotEqual(self.user.password, '')
        self.assertNotEqual(self.user.shadow_last_change, shadow_last_change)
    def test_change_password(self):
        self.assertNotEqual(self.user.password, '')
        self.assertEqual(self.user.get_changes('ldap'), {})
        u = Users()
        self.assertTrue('password' not in u.get_changes())
        self.assertTrue('created' in u.get_changes())
        u_values = u.get_changes('ldap').keys()
        self.assertTrue(all(k in u.ldap_only_fields.keys() for k in u_values))

        current_password = self.ldap_val('userPassword', self.user)
        current_google_password = self.ldap_val('googlePassword', self.user)
        current_samba_password = self.ldap_val('sambaNTPassword', self.user)

        self.user.shadow_last_change = (now() - datetime.timedelta(days=5) -
                                        EPOCH).days
        self.user.save()
        shadow_last_change = copy.deepcopy(self.user.shadow_last_change)

        password = random_ldap_password()
        self.user.set_ldap_password(password)
        self.assertEqual(self.user.get_changes('ldap'), {})
        self.assertNotEqual(self.ldap_val('userPassword', self.user),
                            current_password)
        self.assertNotEqual(self.ldap_val('googlePassword', self.user),
                            current_google_password)
        self.assertNotEqual(self.ldap_val('sambaNTPassword', self.user),
                            current_samba_password)
        self.assertNotEqual(self.user.password, '')
        self.assertNotEqual(self.user.shadow_last_change, shadow_last_change)
    def set_disabled(self):
        g,_ = Groups.objects.get_or_create(name=settings.DELETED_GROUP)
        g.users.remove(self)
        g,_ = Groups.objects.get_or_create(name=settings.DISABLED_GROUP)
        g.users.add(self)

        self.set_ldap_password(random_ldap_password())
        self.expire_password()
        self.save()
Example #4
0
    def set_disabled(self):
        g, _ = Groups.objects.get_or_create(name=settings.DELETED_GROUP)
        g.users.remove(self)
        g, _ = Groups.objects.get_or_create(name=settings.DISABLED_GROUP)
        g.users.add(self)

        self.set_ldap_password(random_ldap_password())
        self.expire_password()
        self.save()
    def test_badge_crop_permissions(self):
        """
        Users can only change their own photo crop. Sudoers can chage others'.
        """
        # upload a portrait first, to be able to crop it for the badge
        with open('%s/fum/users/sample/futucare.png' %
                  settings.PROJECT_ROOT) as fp:
            portrait = 'data:image/png;base64,' + base64.b64encode(fp.read())
            response = self.client.post("/api/users/%s/portrait/" %
                                        self.user.username,
                                        data={
                                            "portrait": portrait,
                                            "left": 444,
                                            "top": 0,
                                            "right": 570,
                                            "bottom": 189,
                                        })
            rs = json.loads(json.loads(response.content))
            self.assertTrue(rs['full'])
        # end portrait upload: copied from test_upload_portrait()

        def get_url(user=None):
            user = user or self.user
            return reverse('users-badgecrop', args=[user.username])

        url = get_url()
        payload = {'top': 0, 'left': 0, 'right': 20, 'bottom': 20}

        resp = self.client.post(url, payload, format='json')
        self.assertEqual(resp.status_code, status.HTTP_200_OK)

        pw = random_ldap_password()
        other_dj_user, other_user = self.create_user('test_perm_user',
                                                     password=pw)
        self.assertTrue(
            self.client.login(username=other_user.username, password=pw))

        # normal users can't change other users' badge crop

        resp = self.client.post(url, payload, format='json')
        self.assertEqual(resp.status_code, status.HTTP_403_FORBIDDEN)

        # superusers can change others' badge crop

        # add to TeamIT
        g = self.save_safe(Groups,
                           kw=dict(name=settings.IT_TEAM),
                           lookup=dict(name=settings.IT_TEAM))
        try:
            g.users.add(other_user)
        except ldap.TYPE_OR_VALUE_EXISTS, e:  # live LDAP not cleaned
            pass
 def changepassword(self, request, username=None):
     user = self.get_object()
     if not user.is_sudo_user(request):
         return Response({}, status=403)
     password = random_ldap_password()
     user.set_ldap_password(password)
     sms = SMS()
     message = "Your new {0} password: {1}".format(settings.COMPANY_NAME, password)
     response = sms.send(user.phone1 or user.phone2, message)
     if response.status_code in [200,201,202]:
         return Response('Password generated and sent', status=200)
     else:
         return Response('Password generated, but SMS failed', status=200)
Example #7
0
 def changepassword(self, request, username=None):
     user = self.get_object()
     if not user.is_sudo_user(request):
         return Response({}, status=403)
     password = random_ldap_password()
     user.set_ldap_password(password)
     sms = SMS()
     message = "Your new {0} password: {1}".format(settings.COMPANY_NAME,
                                                   password)
     response = sms.send(user.phone1 or user.phone2, message)
     if response.status_code in [200, 201, 202]:
         return Response('Password generated and sent', status=200)
     else:
         return Response('Password generated, but SMS failed', status=200)
    def test_badge_crop_permissions(self):
        """
        Users can only change their own photo crop. Sudoers can chage others'.
        """
        # upload a portrait first, to be able to crop it for the badge
        with open('%s/fum/users/sample/futucare.png'%settings.PROJECT_ROOT) as fp:
            portrait = 'data:image/png;base64,'+base64.b64encode(fp.read())
            response = self.client.post("/api/users/%s/portrait/"%self.user.username, data={
                "portrait":portrait,
                "left":444,
                "top":0,
                "right":570,
                "bottom":189,
                })
            rs = json.loads(json.loads(response.content))
            self.assertTrue(rs['full'])
        # end portrait upload: copied from test_upload_portrait()

        def get_url(user=None):
            user = user or self.user
            return reverse('users-badgecrop', args=[user.username])

        url = get_url()
        payload = {'top': 0, 'left': 0, 'right': 20, 'bottom': 20}

        resp = self.client.post(url, payload, format='json')
        self.assertEqual(resp.status_code, status.HTTP_200_OK)

        pw = random_ldap_password()
        other_dj_user, other_user = self.create_user('test_perm_user',
                password=pw)
        self.assertTrue(self.client.login(username=other_user.username,
            password=pw))

        # normal users can't change other users' badge crop

        resp = self.client.post(url, payload, format='json')
        self.assertEqual(resp.status_code, status.HTTP_403_FORBIDDEN)

        # superusers can change others' badge crop

        # add to TeamIT
        g = self.save_safe(Groups,
                kw=dict(name=settings.IT_TEAM),
                lookup=dict(name=settings.IT_TEAM))
        try:
            g.users.add(other_user)
        except ldap.TYPE_OR_VALUE_EXISTS, e: # live LDAP not cleaned
            pass
    def set_deleted(self):
        for g in self.fum_groups.all():
            g.users.remove(self)

        for g in self.fum_projects.all():
            g.users.remove(self)

        for g in self.fum_servers.all():
            g.sudoers.remove(self)
            g.users.remove(self)

        g,_ = Groups.objects.get_or_create(name=settings.DELETED_GROUP)
        g.users.add(self)

        self.set_ldap_password(random_ldap_password())
        self.google_status = self.DELETED
        self.expire_password()
        self.save()
Example #10
0
    def set_deleted(self):
        for g in self.fum_groups.all():
            g.users.remove(self)

        for g in self.fum_projects.all():
            g.users.remove(self)

        for g in self.fum_servers.all():
            g.sudoers.remove(self)
            g.users.remove(self)

        g, _ = Groups.objects.get_or_create(name=settings.DELETED_GROUP)
        g.users.add(self)

        self.set_ldap_password(random_ldap_password())
        self.google_status = self.DELETED
        self.expire_password()
        self.save()
Example #11
0
    def handle(self, *args, **options):
        self.emailed = []
        dry = options['dry']
        force = options['force']
        command = ''

        if dry:
            log.info("Dry-run. I'm not really sending any emails.")
        dtnow = now()

        if 'password' in args:
            log.info("Reminding users of expiring passwords.")
            command = 'password'

        if 'password' not in args and 'suspend' not in args:
            log.info(
                'Use "password" and/or "suspend" as keywords to specify what to remind of. e.g. ... remind password'
            )
            return

        LOG_DIR = u'%s/logs/' % settings.DEPLOYMENT_ROOT
        LOG_FILE = u'%sremind_lastrun_%s' % (LOG_DIR, command)
        if not os.path.exists(LOG_DIR):
            os.makedirs(LOG_DIR)

        try:
            with open(LOG_FILE, 'r') as f:
                text = f.read()
            filedate = datetime.strptime(text, "%Y-%m-%d").date()
            if not force and dtnow.date() == filedate:
                log.info(
                    'Reminders have already been sent today. Use --force to send again.'
                )
                return
        except ValueError:
            log.info(
                'No "lastrun" file with valid datetime found. Assuming first run.'
            )
        except IOError:
            log.info('No "lastrun" file found. Assuming first run.')

        log.info("Started...")
        for user in Users.objects.all():
            if user.google_status == user.ACTIVEPERSON:
                if 'password' in args:
                    body = get_template('emails/password_reminder.txt')
                    days_left = (user.password_expires_date - dtnow).days
                    subject = "%s password will expire in %d day%s." % (
                        settings.COMPANY_NAME, days_left,
                        "s" if days_left != 1 else "")

                    if days_left < 0:
                        user.set_ldap_password(random_ldap_password())
                        user.expire_password()
                        user.save()
                        self.send(
                            user, "%s password has expired." %
                            (settings.COMPANY_NAME),
                            get_template('emails/password_expired.txt'), dry)
                    elif days_left <= 7:
                        self.send(user, subject, body, dry)
                    elif days_left == 14:
                        self.send(user, subject, body, dry)
                    elif days_left == 30:
                        self.send(user, subject, body, dry)

        with open(LOG_FILE, 'w') as f:
            text = dtnow.date().strftime("%Y-%m-%d")
            f.write(text)
        os.chmod(LOG_FILE, 0777)

        log.info("Done!")
    def handle(self, *args, **options):
        self.emailed = []
        dry = options['dry']
        force = options['force']
        command = ''

        if dry:
            log.info("Dry-run. I'm not really sending any emails.")
        dtnow = now()

        if 'password' in args:
            log.info("Reminding users of expiring passwords.")
            command = 'password'

        if 'password' not in args and 'suspend' not in args:
            log.info('Use "password" and/or "suspend" as keywords to specify what to remind of. e.g. ... remind password')
            return 

        LOG_DIR = u'%s/logs/'%settings.DEPLOYMENT_ROOT
        LOG_FILE = u'%sremind_lastrun_%s'%(LOG_DIR, command)
        if not os.path.exists(LOG_DIR):
            os.makedirs(LOG_DIR)

        try:
            with open(LOG_FILE, 'r') as f:
                text = f.read()
            filedate = datetime.strptime(text, "%Y-%m-%d").date()
            if not force and dtnow.date() == filedate:
                log.info('Reminders have already been sent today. Use --force to send again.')
                return
        except ValueError:
            log.info('No "lastrun" file with valid datetime found. Assuming first run.')
        except IOError:
            log.info('No "lastrun" file found. Assuming first run.')


        log.info("Started...")
        for user in Users.objects.all():
            if user.google_status == user.ACTIVEPERSON:
                if 'password' in args:
                    body = get_template('emails/password_reminder.txt')
                    days_left = (user.password_expires_date - dtnow).days
                    subject = "%s password will expire in %d day%s."%(settings.COMPANY_NAME, days_left, "s" if days_left!=1 else "")
                
                    if days_left < 0:
                        user.set_ldap_password(random_ldap_password())
                        user.expire_password()
                        user.save()
                        self.send(user, "%s password has expired."%(settings.COMPANY_NAME), get_template('emails/password_expired.txt'), dry)
                    elif days_left <= 7:
                        self.send(user, subject, body, dry)
                    elif days_left == 14:
                        self.send(user, subject, body, dry)
                    elif days_left == 30:
                        self.send(user, subject, body, dry)

        with open(LOG_FILE, 'w') as f:
            text = dtnow.date().strftime("%Y-%m-%d")
            f.write(text)
        os.chmod(LOG_FILE, 0777)

        log.info("Done!")