def test_name_by_calnet_uid(self, attrs, expected): """This tests that the 'displayName' fallback works without hitting UCB LDAP, since we can't actually control entries there.""" with mock.patch( 'ocflib.account.search.user_attrs_ucb', return_value=attrs ): assert name_by_calnet_uid(0) == expected
def change_password(request): calnet_uid = request.session['calnet_uid'] error = None accounts = get_accounts_for(calnet_uid) try: accounts += get_accounts_signatory_for(calnet_uid) except ConnectionError: error = CALLINK_ERROR_MSG if request.method == 'POST': form = ChpassForm(accounts, calnet_uid, request.POST) if form.is_valid(): account = form.cleaned_data['ocf_account'] password = form.cleaned_data['new_password'] try: calnet_name = name_by_calnet_uid(calnet_uid) task = change_password_task.delay( account, password, comment='Your password was reset online by {}.'.format( calnet_name), ) result = task.wait(timeout=5) if isinstance(result, Exception): raise result except ValueError as ex: error = str(ex) else: # deleting this session variable will force the next # change_password request to reauthenticate with CalNet del request.session['calnet_uid'] return render( request, 'account/chpass/success.html', { 'account': account, 'title': 'Password Changed Successfully', }, ) else: form = ChpassForm(accounts, calnet_uid) return render( request, 'account/chpass/index.html', { 'calnet_uid': calnet_uid, 'error': error, 'form': form, 'title': 'Reset Password', }, )
def change_password(request): calnet_uid = request.session['calnet_uid'] error = None accounts = get_accounts_for(calnet_uid) try: accounts += get_accounts_signatory_for(calnet_uid) except ConnectionError: error = CALLINK_ERROR_MSG if request.method == 'POST': form = ChpassForm(accounts, calnet_uid, request.POST) if form.is_valid(): account = form.cleaned_data['ocf_account'] password = form.cleaned_data['new_password'] try: calnet_name = name_by_calnet_uid(calnet_uid) task = change_password_task.delay( account, password, comment='Your password was reset online by {}.'.format(calnet_name), ) result = task.wait(timeout=5) if isinstance(result, Exception): raise result except ValueError as ex: error = str(ex) else: # deleting this session variable will force the next # change_password request to reauthenticate with CalNet del request.session['calnet_uid'] return render( request, 'account/chpass/success.html', { 'account': account, 'title': 'Password Changed Successfully', }, ) else: form = ChpassForm(accounts, calnet_uid) return render( request, 'account/chpass/index.html', { 'calnet_uid': calnet_uid, 'error': error, 'form': form, 'title': 'Reset Password', }, )
def test_name_by_calnet_uid_real_query(self, uid, expected): assert (name_by_calnet_uid(uid) or '').lower() == (expected or '').lower()
def request_account( request: HttpRequest) -> Union[HttpResponseRedirect, HttpResponse]: calnet_uid = request.session['calnet_uid'] status = 'new_request' existing_accounts = search.users_by_calnet_uid(calnet_uid) groups_for_user = groups_by_student_signat(calnet_uid) eligible_new_group_accounts, existing_group_accounts = {}, {} for group_oid in groups_for_user: if not group_by_oid(group_oid)['accounts'] or group_oid in [ group[0] for group in TEST_GROUP_ACCOUNTS ]: eligible_new_group_accounts[group_oid] = groups_for_user[group_oid] else: existing_group_accounts[group_oid] = groups_for_user[group_oid] if existing_accounts and not eligible_new_group_accounts and calnet_uid not in TESTER_CALNET_UIDS: return render( request, 'account/register/already-has-account.html', { 'account': ', '.join(existing_accounts), 'calnet_uid': calnet_uid, 'title': 'You already have an account', }, ) # ensure we can even find them in university LDAP # (alumni etc. might not be readable in LDAP but can still auth via CalNet) if not user_attrs_ucb(calnet_uid): return render( request, 'account/register/cant-find-in-ldap.html', { 'calnet_uid': calnet_uid, 'title': 'Unable to read account information', }, ) real_name = directory.name_by_calnet_uid(calnet_uid) association_choices = [] if not existing_accounts or calnet_uid in TESTER_CALNET_UIDS: association_choices.append((calnet_uid, real_name)) for group_oid, group in eligible_new_group_accounts.items(): association_choices.append((group_oid, group['name'])) if request.method == 'POST': form = ApproveForm(request.POST, association_choices=association_choices) if form.is_valid(): assoc_id = int(form.cleaned_data['account_association']) is_group_account = assoc_id != calnet_uid if is_group_account: req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=eligible_new_group_accounts[assoc_id]['name'], is_group=True, calnet_uid=None, callink_oid=assoc_id, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], RSA.importKey(CREATE_PUBLIC_KEY), ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) else: req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=real_name, is_group=False, calnet_uid=calnet_uid, callink_oid=None, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], RSA.importKey(CREATE_PUBLIC_KEY), ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) if 'warnings-submit' in request.POST: req = req._replace( handle_warnings=NewAccountRequest.WARNINGS_SUBMIT, ) task = validate_then_create_account.delay(req) task.wait(timeout=5) if isinstance(task.result, NewAccountResponse): if task.result.status == NewAccountResponse.REJECTED: status = 'has_errors' form.add_error(None, task.result.errors) elif task.result.status == NewAccountResponse.FLAGGED: status = 'has_warnings' form.add_error(None, task.result.errors) elif task.result.status == NewAccountResponse.PENDING: return HttpResponseRedirect(reverse('account_pending')) else: raise AssertionError('Unexpected state reached') else: # validation was successful, the account is being created now request.session['approve_task_id'] = task.result return HttpResponseRedirect(reverse('wait_for_account')) else: form = ApproveForm(association_choices=association_choices) return render( request, 'account/register/index.html', { 'calnet_uid': calnet_uid, 'existing_accounts': existing_accounts, 'existing_group_accounts': existing_group_accounts, 'form': form, 'real_name': real_name, 'status': status, 'title': 'Request an OCF account', }, )
def request_account(request): calnet_uid = request.session['calnet_uid'] status = 'new_request' existing_accounts = search.users_by_calnet_uid(calnet_uid) if existing_accounts and calnet_uid not in TESTER_CALNET_UIDS: return render( request, 'account/register/already-has-account.html', { 'account': ', '.join(existing_accounts), 'calnet_uid': calnet_uid, 'title': 'You already have an account', }, ) # ensure we can even find them in university LDAP # (alumni etc. might not be readable in LDAP but can still auth via CalNet) if not user_attrs_ucb(calnet_uid): return render( request, 'account/register/cant-find-in-ldap.html', { 'calnet_uid': calnet_uid, 'title': 'Unable to read account information', }, ) real_name = directory.name_by_calnet_uid(calnet_uid) if request.method == 'POST': form = ApproveForm(request.POST) if form.is_valid(): req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=real_name, is_group=False, calnet_uid=calnet_uid, callink_oid=None, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], RSA.importKey(CREATE_PUBLIC_KEY), ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) if 'warnings-submit' in request.POST: req = req._replace( handle_warnings=NewAccountRequest.WARNINGS_SUBMIT, ) task = validate_then_create_account.delay(req) task.wait(timeout=5) if isinstance(task.result, NewAccountResponse): if task.result.status == NewAccountResponse.REJECTED: status = 'has_errors' form._errors[NON_FIELD_ERRORS] = form.error_class( task.result.errors) elif task.result.status == NewAccountResponse.FLAGGED: status = 'has_warnings' form._errors[NON_FIELD_ERRORS] = form.error_class( task.result.errors) elif task.result.status == NewAccountResponse.PENDING: return HttpResponseRedirect(reverse('account_pending')) else: raise AssertionError('Unexpected state reached') else: # validation was successful, the account is being created now request.session['approve_task_id'] = task.result return HttpResponseRedirect(reverse('wait_for_account')) else: form = ApproveForm() return render( request, 'account/register/index.html', { 'form': form, 'real_name': real_name, 'status': status, 'title': 'Request an OCF account', }, )
def request_account(request): calnet_uid = request.session['calnet_uid'] status = 'new_request' existing_accounts = search.users_by_calnet_uid(calnet_uid) real_name = directory.name_by_calnet_uid(calnet_uid) if calnet_uid not in settings.TESTER_CALNET_UIDS and existing_accounts: return render_to_response('request-account/already-has-account.html', { 'calnet_uid': calnet_uid, 'calnet_url': settings.LOGOUT_URL }) if request.method == 'POST': form = ApproveForm(request.POST) if form.is_valid(): req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=real_name, is_group=False, calnet_uid=calnet_uid, callink_oid=None, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], settings.PASSWORD_ENCRYPTION_PUBKEY, ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) if 'warnings-submit' in request.POST: req = req._replace( handle_warnings=NewAccountRequest.WARNINGS_SUBMIT, ) task = validate_then_create_account.delay(req) task.wait(timeout=5) if isinstance(task.result, NewAccountResponse): if task.result.status == NewAccountResponse.REJECTED: status = 'has_errors' form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors) elif task.result.status == NewAccountResponse.FLAGGED: status = 'has_warnings' form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors) elif task.result.status == NewAccountResponse.PENDING: return HttpResponseRedirect(reverse('account_pending')) else: raise AssertionError('Unexpected state reached') else: # validation was successful, the account is being created now request.session['approve_task_id'] = task.result return HttpResponseRedirect(reverse('wait_for_account')) else: form = ApproveForm() return render_to_response('request-account/form.html', { 'form': form, 'real_name': real_name, 'status': status, }, context_instance=RequestContext(request))
def parse(student): uid = int(student.findtext('Username')) name = name_by_calnet_uid(uid) users = search.users_by_calnet_uid(uid) return uid, {'name': name, 'accounts': users}
def test_name_by_calnet_uid(self, attrs, expected): """This tests that the 'displayName' fallback works without hitting UCB LDAP, since we can't actually control entries there.""" with mock.patch('ocflib.account.search.user_attrs_ucb', return_value=attrs): assert name_by_calnet_uid(0) == expected
def request_account(request): calnet_uid = request.session['calnet_uid'] status = 'new_request' existing_accounts = search.users_by_calnet_uid(calnet_uid) if existing_accounts and calnet_uid not in TESTER_CALNET_UIDS: return render( request, 'account/register/already-has-account.html', { 'account': ', '.join(existing_accounts), 'calnet_uid': calnet_uid, 'title': 'You already have an account', }, ) # ensure we can even find them in university LDAP # (alumni etc. might not be readable in LDAP but can still auth via CalNet) if not user_attrs_ucb(calnet_uid): return render( request, 'account/register/cant-find-in-ldap.html', { 'calnet_uid': calnet_uid, 'title': 'Unable to read account information', }, ) real_name = directory.name_by_calnet_uid(calnet_uid) if request.method == 'POST': form = ApproveForm(request.POST) if form.is_valid(): req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=real_name, is_group=False, calnet_uid=calnet_uid, callink_oid=None, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], RSA.importKey(CREATE_PUBLIC_KEY), ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) if 'warnings-submit' in request.POST: req = req._replace( handle_warnings=NewAccountRequest.WARNINGS_SUBMIT, ) task = validate_then_create_account.delay(req) task.wait(timeout=5) if isinstance(task.result, NewAccountResponse): if task.result.status == NewAccountResponse.REJECTED: status = 'has_errors' form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors) elif task.result.status == NewAccountResponse.FLAGGED: status = 'has_warnings' form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors) elif task.result.status == NewAccountResponse.PENDING: return HttpResponseRedirect(reverse('account_pending')) else: raise AssertionError('Unexpected state reached') else: # validation was successful, the account is being created now request.session['approve_task_id'] = task.result return HttpResponseRedirect(reverse('wait_for_account')) else: form = ApproveForm() return render( request, 'account/register/index.html', { 'form': form, 'real_name': real_name, 'status': status, 'title': 'Request an OCF account', }, )