def get_calnet_names(uid): """Returns CalNet LDAP entries relating to names""" attrs = search.user_attrs_ucb(uid) if attrs: return {key: attrs[key] for key in ('givenName', 'sn', 'displayname') if attrs[key]}
def test_existing_user(self, test_uid=1034192): """These are a little flaky because alumni eventually get kicked out of the university's "People" OU. So you'll need to update these every few years.""" user = user_attrs_ucb(test_uid) assert user['uid'] == [str(test_uid)] assert 'person' in user['objectClass']
def test_existing_user(self, test_uid=1101587): """These are a little flaky because alumni eventually get kicked out of the university's "People" OU. So you'll need to update these every few years.""" user = user_attrs_ucb(test_uid) assert user['uid'] == [str(test_uid)] assert 'person' in user['objectClass']
def get_calnet_names(uid): """Returns CalNet LDAP entries relating to names""" attrs = search.user_attrs_ucb(uid) if attrs: return { key: attrs[key] for key in ('givenName', 'sn', 'displayname') if attrs[key] }
def parse(student): uid = int(student.findtext('Username')) attrs = search.user_attrs_ucb(uid) name = None if attrs: name = attrs.get('displayName', [None])[0] users = search.users_by_calnet_uid(uid) return uid, {'name': name, 'accounts': users}
def eligible_for_vhost(user): """Returns whether a user account is eligible for virtual hosting. Currently, group accounts, faculty, and staff are eligible for virtual hosting. """ attrs = user_attrs(user) if 'callinkOid' in attrs: return True elif 'calnetUid' in attrs: attrs_ucb = user_attrs_ucb(attrs['calnetUid']) if 'EMPLOYEE-TYPE-ACADEMIC' in attrs_ucb['berkeleyEduAffiliations']: return True return False
def validate_calnet_uid(uid): """Verifies whether a given CalNet UID is eligible for a new OCF account. Checks that: - User doesn't already have an OCF account - Affiliate type is eligible""" # check for existing OCF accounts existing_accounts = search.users_by_calnet_uid(uid) if existing_accounts: raise ValidationError( 'CalNet UID already has account: ' + str(existing_accounts)) attrs = search.user_attrs_ucb(uid) if not attrs: raise ValidationError("CalNet UID can't be found in university LDAP.")
def validate_calnet_uid(uid): """Verifies whether a given CalNet UID is eligible for a new OCF account. Checks that: - User doesn't already have an OCF account - Affiliate type is eligible""" # check for existing OCF accounts existing_accounts = search.users_by_calnet_uid(uid) if existing_accounts: raise ValidationError( 'CalNet UID already has account: ' + str(existing_accounts)) attrs = search.user_attrs_ucb(uid) if not attrs: raise ValidationError("CalNet UID can't be found in university LDAP.") # check if user is eligible for an account affiliations = attrs['berkeleyEduAffiliations'] if not eligible_for_account(affiliations): raise ValidationWarning( 'Affiliate type not eligible for account: ' + str(affiliations))
def request_account( request: HttpRequest) -> Union[HttpResponseRedirect, HttpResponse]: calnet_uid = request.session['calnet_uid'] status = 'new_request' existing_accounts = search.users_by_calnet_uid(calnet_uid) groups_for_user = groups_by_student_signat(calnet_uid) eligible_new_group_accounts, existing_group_accounts = {}, {} for group_oid in groups_for_user: if not group_by_oid(group_oid)['accounts'] or group_oid in [ group[0] for group in TEST_GROUP_ACCOUNTS ]: eligible_new_group_accounts[group_oid] = groups_for_user[group_oid] else: existing_group_accounts[group_oid] = groups_for_user[group_oid] if existing_accounts and not eligible_new_group_accounts and calnet_uid not in TESTER_CALNET_UIDS: return render( request, 'account/register/already-has-account.html', { 'account': ', '.join(existing_accounts), 'calnet_uid': calnet_uid, 'title': 'You already have an account', }, ) # ensure we can even find them in university LDAP # (alumni etc. might not be readable in LDAP but can still auth via CalNet) if not user_attrs_ucb(calnet_uid): return render( request, 'account/register/cant-find-in-ldap.html', { 'calnet_uid': calnet_uid, 'title': 'Unable to read account information', }, ) real_name = directory.name_by_calnet_uid(calnet_uid) association_choices = [] if not existing_accounts or calnet_uid in TESTER_CALNET_UIDS: association_choices.append((calnet_uid, real_name)) for group_oid, group in eligible_new_group_accounts.items(): association_choices.append((group_oid, group['name'])) if request.method == 'POST': form = ApproveForm(request.POST, association_choices=association_choices) if form.is_valid(): assoc_id = int(form.cleaned_data['account_association']) is_group_account = assoc_id != calnet_uid if is_group_account: req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=eligible_new_group_accounts[assoc_id]['name'], is_group=True, calnet_uid=None, callink_oid=assoc_id, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], RSA.importKey(CREATE_PUBLIC_KEY), ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) else: req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=real_name, is_group=False, calnet_uid=calnet_uid, callink_oid=None, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], RSA.importKey(CREATE_PUBLIC_KEY), ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) if 'warnings-submit' in request.POST: req = req._replace( handle_warnings=NewAccountRequest.WARNINGS_SUBMIT, ) task = validate_then_create_account.delay(req) task.wait(timeout=5) if isinstance(task.result, NewAccountResponse): if task.result.status == NewAccountResponse.REJECTED: status = 'has_errors' form.add_error(None, task.result.errors) elif task.result.status == NewAccountResponse.FLAGGED: status = 'has_warnings' form.add_error(None, task.result.errors) elif task.result.status == NewAccountResponse.PENDING: return HttpResponseRedirect(reverse('account_pending')) else: raise AssertionError('Unexpected state reached') else: # validation was successful, the account is being created now request.session['approve_task_id'] = task.result return HttpResponseRedirect(reverse('wait_for_account')) else: form = ApproveForm(association_choices=association_choices) return render( request, 'account/register/index.html', { 'calnet_uid': calnet_uid, 'existing_accounts': existing_accounts, 'existing_group_accounts': existing_group_accounts, 'form': form, 'real_name': real_name, 'status': status, 'title': 'Request an OCF account', }, )
def request_account(request): calnet_uid = request.session['calnet_uid'] status = 'new_request' existing_accounts = search.users_by_calnet_uid(calnet_uid) if existing_accounts and calnet_uid not in TESTER_CALNET_UIDS: return render( request, 'account/register/already-has-account.html', { 'account': ', '.join(existing_accounts), 'calnet_uid': calnet_uid, 'title': 'You already have an account', }, ) # ensure we can even find them in university LDAP # (alumni etc. might not be readable in LDAP but can still auth via CalNet) if not user_attrs_ucb(calnet_uid): return render( request, 'account/register/cant-find-in-ldap.html', { 'calnet_uid': calnet_uid, 'title': 'Unable to read account information', }, ) real_name = directory.name_by_calnet_uid(calnet_uid) if request.method == 'POST': form = ApproveForm(request.POST) if form.is_valid(): req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=real_name, is_group=False, calnet_uid=calnet_uid, callink_oid=None, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], RSA.importKey(CREATE_PUBLIC_KEY), ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) if 'warnings-submit' in request.POST: req = req._replace( handle_warnings=NewAccountRequest.WARNINGS_SUBMIT, ) task = validate_then_create_account.delay(req) task.wait(timeout=5) if isinstance(task.result, NewAccountResponse): if task.result.status == NewAccountResponse.REJECTED: status = 'has_errors' form._errors[NON_FIELD_ERRORS] = form.error_class( task.result.errors) elif task.result.status == NewAccountResponse.FLAGGED: status = 'has_warnings' form._errors[NON_FIELD_ERRORS] = form.error_class( task.result.errors) elif task.result.status == NewAccountResponse.PENDING: return HttpResponseRedirect(reverse('account_pending')) else: raise AssertionError('Unexpected state reached') else: # validation was successful, the account is being created now request.session['approve_task_id'] = task.result return HttpResponseRedirect(reverse('wait_for_account')) else: form = ApproveForm() return render( request, 'account/register/index.html', { 'form': form, 'real_name': real_name, 'status': status, 'title': 'Request an OCF account', }, )
def test_nonexistent_user(self): assert user_attrs_ucb(9999999999) is None
def request_account(request): calnet_uid = request.session['calnet_uid'] status = 'new_request' existing_accounts = search.users_by_calnet_uid(calnet_uid) if existing_accounts and calnet_uid not in TESTER_CALNET_UIDS: return render( request, 'account/register/already-has-account.html', { 'account': ', '.join(existing_accounts), 'calnet_uid': calnet_uid, 'title': 'You already have an account', }, ) # ensure we can even find them in university LDAP # (alumni etc. might not be readable in LDAP but can still auth via CalNet) if not user_attrs_ucb(calnet_uid): return render( request, 'account/register/cant-find-in-ldap.html', { 'calnet_uid': calnet_uid, 'title': 'Unable to read account information', }, ) real_name = directory.name_by_calnet_uid(calnet_uid) if request.method == 'POST': form = ApproveForm(request.POST) if form.is_valid(): req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=real_name, is_group=False, calnet_uid=calnet_uid, callink_oid=None, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], RSA.importKey(CREATE_PUBLIC_KEY), ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) if 'warnings-submit' in request.POST: req = req._replace( handle_warnings=NewAccountRequest.WARNINGS_SUBMIT, ) task = validate_then_create_account.delay(req) task.wait(timeout=5) if isinstance(task.result, NewAccountResponse): if task.result.status == NewAccountResponse.REJECTED: status = 'has_errors' form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors) elif task.result.status == NewAccountResponse.FLAGGED: status = 'has_warnings' form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors) elif task.result.status == NewAccountResponse.PENDING: return HttpResponseRedirect(reverse('account_pending')) else: raise AssertionError('Unexpected state reached') else: # validation was successful, the account is being created now request.session['approve_task_id'] = task.result return HttpResponseRedirect(reverse('wait_for_account')) else: form = ApproveForm() return render( request, 'account/register/index.html', { 'form': form, 'real_name': real_name, 'status': status, 'title': 'Request an OCF account', }, )
def test_existing_user(self, test_uid=TEST_PERSON_CALNET_UID): user = user_attrs_ucb(test_uid) assert user['uid'] == [str(test_uid)] assert 'person' in user['objectClass']
def get_calnet_names(uid): """Returns CalNet LDAP entries relating to names""" attrs = search.user_attrs_ucb(uid) if attrs: return {key: attrs[key] for key in ("givenName", "sn", "displayName") if key in attrs}