def _change_password(self, user, password):
"""
Helper method to change password on user and record in the PasswordHistory
"""
user.set_password(password)
user.save()
history = PasswordHistory()
history.create(user)
def _change_password(self, user, password):
"""
Helper method to change password on user and record in the PasswordHistory
"""
user.set_password(password)
user.save()
history = PasswordHistory()
history.create(user)
def _update_password(self, email, new_password):
"""
Helper method to reset a password
"""
user = User.objects.get(email=email)
user.set_password(new_password)
user.save()
history = PasswordHistory()
history.create(user)
def _update_password(self, email, new_password):
"""
Helper method to reset a password
"""
user = User.objects.get(email=email)
user.set_password(new_password)
user.save()
history = PasswordHistory()
history.create(user)
def _user_factory_with_history(self, is_staff=False, set_initial_history=True):
"""
Helper method to generate either an Admin or a User
"""
if is_staff:
user = AdminFactory()
else:
user = UserFactory()
user.date_joined = timezone.now()
if set_initial_history:
history = PasswordHistory()
history.create(user)
return user
def _user_factory_with_history(self, is_staff=False, set_initial_history=True):
"""
Helper method to generate either an Admin or a User
"""
if is_staff:
user = AdminFactory()
else:
user = UserFactory()
user.date_joined = timezone.now()
if set_initial_history:
history = PasswordHistory()
history.create(user)
return user
def _create_user(self, data, errors, response):
"""Register user and add him to a company."""
user = data.get('user')
email = user.get('email')
company = data.get('company')
# Create the user and their profile.
try:
# User
user = User.objects.create(**user)
user.set_password(user.password)
user.save()
data['user_object'] = user
# Profile
UserProfile.objects.create(user=user,
name=u'{} {}'.format(
user.first_name, user.last_name))
# Notifications
if settings.FEATURES.get('ENABLE_DISCUSSION_EMAIL_DIGEST'):
enable_notifications(user)
# Password History
password_history_entry = PasswordHistory()
password_history_entry.create(user)
except Exception as exc:
self._add_error(errors, str(exc.message),
_('Registering Participant'), email)
else:
response['user_id'] = user.id
AUDIT_LOG.info(
u"API::New account created with user-id - {0}".format(user.id))
# Associate with company.
try:
company.users.add(user)
except Exception as exc:
self._add_error(errors, str(exc.message),
_('Enrolling Participant in Company'), email)
def password_reset_confirm_wrapper(request, uidb36=None, token=None):
"""
A wrapper around django.contrib.auth.views.password_reset_confirm.
Needed because we want to set the user as active at this step.
We also optionally do some additional password policy checks.
"""
# convert old-style base36-encoded user id to base64
uidb64 = uidb36_to_uidb64(uidb36)
platform_name = {
"platform_name":
configuration_helpers.get_value('platform_name',
settings.PLATFORM_NAME)
}
try:
uid_int = base36_to_int(uidb36)
user = User.objects.get(id=uid_int)
except (ValueError, User.DoesNotExist):
# if there's any error getting a user, just let django's
# password_reset_confirm function handle it.
return password_reset_confirm(request,
uidb64=uidb64,
token=token,
extra_context=platform_name)
if UserRetirementRequest.has_user_requested_retirement(user):
# Refuse to reset the password of any user that has requested retirement.
context = {
'validlink': True,
'form': None,
'title': _('Password reset unsuccessful'),
'err_msg': _('Error in resetting your password.'),
}
context.update(platform_name)
return TemplateResponse(request,
'registration/password_reset_confirm.html',
context)
if waffle().is_enabled(PREVENT_AUTH_USER_WRITES):
context = {
'validlink': False,
'form': None,
'title': _('Password reset unsuccessful'),
'err_msg': SYSTEM_MAINTENANCE_MSG,
}
context.update(platform_name)
return TemplateResponse(request,
'registration/password_reset_confirm.html',
context)
if request.method == 'POST':
password = request.POST['new_password1']
try:
validate_password(password, user=user)
except ValidationError as err:
# We have a password reset attempt which violates some security
# policy, or any other validation. Use the existing Django template to communicate that
# back to the user.
context = {
'validlink': True,
'form': None,
'title': _('Password reset unsuccessful'),
'err_msg': err.message,
}
context.update(platform_name)
return TemplateResponse(
request, 'registration/password_reset_confirm.html', context)
# remember what the old password hash is before we call down
old_password_hash = user.password
response = password_reset_confirm(request,
uidb64=uidb64,
token=token,
extra_context=platform_name)
# If password reset was unsuccessful a template response is returned (status_code 200).
# Check if form is invalid then show an error to the user.
# Note if password reset was successful we get response redirect (status_code 302).
if response.status_code == 200:
form_valid = response.context_data['form'].is_valid(
) if response.context_data['form'] else False
if not form_valid:
log.warning(
u'Unable to reset password for user [%s] because form is not valid. '
u'A possible cause is that the user had an invalid reset token',
user.username,
)
response.context_data['err_msg'] = _(
'Error in resetting your password. Please try again.')
return response
# get the updated user
updated_user = User.objects.get(id=uid_int)
# did the password hash change, if so record it in the PasswordHistory
if updated_user.password != old_password_hash:
entry = PasswordHistory()
entry.create(updated_user)
else:
response = password_reset_confirm(request,
uidb64=uidb64,
token=token,
extra_context=platform_name)
response_was_successful = response.context_data.get('validlink')
if response_was_successful and not user.is_active:
user.is_active = True
user.save()
return response
def do_create_account(form, custom_form=None):
"""
Given cleaned post variables, create the User and UserProfile objects, as well as the
registration for this user.
Returns a tuple (User, UserProfile, Registration).
Note: this function is also used for creating test users.
"""
# Check if ALLOW_PUBLIC_ACCOUNT_CREATION flag turned off to restrict user account creation
if not configuration_helpers.get_value(
'ALLOW_PUBLIC_ACCOUNT_CREATION',
settings.FEATURES.get('ALLOW_PUBLIC_ACCOUNT_CREATION', True)):
raise PermissionDenied()
errors = {}
errors.update(form.errors)
if custom_form:
errors.update(custom_form.errors)
if errors:
raise ValidationError(errors)
user = User(username=form.cleaned_data["username"],
email=form.cleaned_data["email"],
is_active=False)
user.set_password(form.cleaned_data["password"])
registration = Registration()
# TODO: Rearrange so that if part of the process fails, the whole process fails.
# Right now, we can have e.g. no registration e-mail sent out and a zombie account
try:
with transaction.atomic():
user.save()
if custom_form:
custom_model = custom_form.save(commit=False)
custom_model.user = user
custom_model.save()
except IntegrityError:
# Figure out the cause of the integrity error
# TODO duplicate email is already handled by form.errors above as a ValidationError.
# The checks for duplicate email/username should occur in the same place with an
# AccountValidationError and a consistent user message returned (i.e. both should
# return "It looks like {username} belongs to an existing account. Try again with a
# different username.")
if len(User.objects.filter(username=user.username)) > 0:
raise AccountValidationError(_(
"An account with the Public Username '{username}' already exists."
).format(username=user.username),
field="username")
elif len(User.objects.filter(email=user.email)) > 0:
raise AccountValidationError(_(
"An account with the Email '{email}' already exists.").format(
email=user.email),
field="email")
else:
raise
# add this account creation to password history
# NOTE, this will be a NOP unless the feature has been turned on in configuration
password_history_entry = PasswordHistory()
password_history_entry.create(user)
registration.register(user)
profile_fields = [
"name", "level_of_education", "gender", "mailing_address", "city",
"country", "goals", "year_of_birth"
]
profile = UserProfile(
user=user,
**{key: form.cleaned_data.get(key)
for key in profile_fields})
extended_profile = form.cleaned_extended_profile
if extended_profile:
profile.meta = json.dumps(extended_profile)
try:
profile.save()
except Exception: # pylint: disable=broad-except
log.exception(
"UserProfile creation failed for user {id}.".format(id=user.id))
raise
return user, profile, registration
def do_create_account(form, custom_form=None):
"""
Given cleaned post variables, create the User and UserProfile objects, as well as the
registration for this user.
Returns a tuple (User, UserProfile, Registration).
Note: this function is also used for creating test users.
"""
# Check if ALLOW_PUBLIC_ACCOUNT_CREATION flag turned off to restrict user account creation
if not configuration_helpers.get_value(
'ALLOW_PUBLIC_ACCOUNT_CREATION',
settings.FEATURES.get('ALLOW_PUBLIC_ACCOUNT_CREATION', True)
):
raise PermissionDenied()
errors = {}
errors.update(form.errors)
if custom_form:
errors.update(custom_form.errors)
if errors:
raise ValidationError(errors)
proposed_username = form.cleaned_data["username"]
user = User(
username=proposed_username,
email=form.cleaned_data["email"],
is_active=False
)
user.set_password(form.cleaned_data["password"])
registration = Registration()
# TODO: Rearrange so that if part of the process fails, the whole process fails.
# Right now, we can have e.g. no registration e-mail sent out and a zombie account
try:
with transaction.atomic():
user.save()
if custom_form:
custom_model = custom_form.save(commit=False)
custom_model.user = user
custom_model.save()
except IntegrityError:
# Figure out the cause of the integrity error
# TODO duplicate email is already handled by form.errors above as a ValidationError.
# The checks for duplicate email/username should occur in the same place with an
# AccountValidationError and a consistent user message returned (i.e. both should
# return "It looks like {username} belongs to an existing account. Try again with a
# different username.")
if User.objects.filter(username=user.username):
raise AccountValidationError(
USERNAME_EXISTS_MSG_FMT.format(username=proposed_username),
field="username"
)
elif email_exists_or_retired(user.email):
raise AccountValidationError(
_("An account with the Email '{email}' already exists.").format(email=user.email),
field="email"
)
else:
raise
# add this account creation to password history
# NOTE, this will be a NOP unless the feature has been turned on in configuration
password_history_entry = PasswordHistory()
password_history_entry.create(user)
registration.register(user)
profile_fields = [
"name", "level_of_education", "gender", "mailing_address", "city", "country", "goals",
"year_of_birth"
]
profile = UserProfile(
user=user,
**{key: form.cleaned_data.get(key) for key in profile_fields}
)
extended_profile = form.cleaned_extended_profile
if extended_profile:
profile.meta = json.dumps(extended_profile)
try:
profile.save()
except Exception:
log.exception("UserProfile creation failed for user {id}.".format(id=user.id))
raise
return user, profile, registration
def _do_create_account_custom(form, custom_form=None):
"""
Given cleaned post variables, create the User and UserProfile objects, as well as the
registration for this user.
Returns a tuple (User, UserProfile, Registration).
Note: this function is also used for creating test users.
"""
errors = {}
errors.update(form.errors)
if custom_form:
errors.update(custom_form.errors)
if errors:
raise ValidationError(errors)
user = User(username=form.cleaned_data["username"],
email=form.cleaned_data["email"],
is_active=False)
user.set_password(form.cleaned_data["password"])
registration = Registration()
# TODO: Rearrange so that if part of the process fails, the whole process fails.
# Right now, we can have e.g. no registration e-mail sent out and a zombie account
try:
with transaction.atomic():
user.save()
custom_model = custom_form.save(user=user, commit=True)
# Fix: recall user.save to avoid transaction management related exception, if we call user.save under atomic block
# (in custom_from.save )a random transaction exception generated
if custom_model.organization:
custom_model.organization.save()
user.save()
except IntegrityError:
# Figure out the cause of the integrity error
if len(User.objects.filter(username=user.username)) > 0:
raise AccountValidationError(_(
"An account with the Public Username '{username}' already exists."
).format(username=user.username),
field="username")
elif len(User.objects.filter(email=user.email)) > 0:
raise AccountValidationError(_(
"An account with the Email '{email}' already exists.").format(
email=user.email),
field="email")
else:
raise
# add this account creation to password history
# NOTE, this will be a NOP unless the feature has been turned on in configuration
password_history_entry = PasswordHistory()
password_history_entry.create(user)
registration.register(user)
profile_fields = [
"name", "level_of_education", "gender", "mailing_address", "city",
"country", "goals", "year_of_birth"
]
profile = UserProfile(
user=user,
**{key: form.cleaned_data.get(key)
for key in profile_fields})
extended_profile = form.cleaned_extended_profile
if extended_profile:
profile.meta = json.dumps(extended_profile)
try:
profile.save()
except Exception: # pylint: disable=broad-except
log.exception(
"UserProfile creation failed for user {id}.".format(id=user.id))
raise
return (user, profile, registration)
def password_reset_confirm_wrapper(request, uidb36=None, token=None):
"""
A wrapper around django.contrib.auth.views.password_reset_confirm.
Needed because we want to set the user as active at this step.
We also optionally do some additional password policy checks.
"""
# convert old-style base36-encoded user id to base64
uidb64 = uidb36_to_uidb64(uidb36)
platform_name = {
"platform_name": configuration_helpers.get_value('platform_name', settings.PLATFORM_NAME)
}
try:
uid_int = base36_to_int(uidb36)
user = User.objects.get(id=uid_int)
except (ValueError, User.DoesNotExist):
# if there's any error getting a user, just let django's
# password_reset_confirm function handle it.
return password_reset_confirm(
request, uidb64=uidb64, token=token, extra_context=platform_name
)
if UserRetirementRequest.has_user_requested_retirement(user):
# Refuse to reset the password of any user that has requested retirement.
context = {
'validlink': True,
'form': None,
'title': _('Password reset unsuccessful'),
'err_msg': _('Error in resetting your password.'),
}
context.update(platform_name)
return TemplateResponse(
request, 'registration/password_reset_confirm.html', context
)
if waffle().is_enabled(PREVENT_AUTH_USER_WRITES):
context = {
'validlink': False,
'form': None,
'title': _('Password reset unsuccessful'),
'err_msg': SYSTEM_MAINTENANCE_MSG,
}
context.update(platform_name)
return TemplateResponse(
request, 'registration/password_reset_confirm.html', context
)
if request.method == 'POST':
password = request.POST['new_password1']
try:
validate_password(password, user=user)
except ValidationError as err:
# We have a password reset attempt which violates some security
# policy, or any other validation. Use the existing Django template to communicate that
# back to the user.
context = {
'validlink': True,
'form': None,
'title': _('Password reset unsuccessful'),
'err_msg': err.message,
}
context.update(platform_name)
return TemplateResponse(
request, 'registration/password_reset_confirm.html', context
)
# remember what the old password hash is before we call down
old_password_hash = user.password
response = password_reset_confirm(
request, uidb64=uidb64, token=token, extra_context=platform_name
)
# If password reset was unsuccessful a template response is returned (status_code 200).
# Check if form is invalid then show an error to the user.
# Note if password reset was successful we get response redirect (status_code 302).
if response.status_code == 200:
form_valid = response.context_data['form'].is_valid() if response.context_data['form'] else False
if not form_valid:
log.warning(
u'Unable to reset password for user [%s] because form is not valid. '
u'A possible cause is that the user had an invalid reset token',
user.username,
)
response.context_data['err_msg'] = _('Error in resetting your password. Please try again.')
return response
# get the updated user
updated_user = User.objects.get(id=uid_int)
# did the password hash change, if so record it in the PasswordHistory
if updated_user.password != old_password_hash:
entry = PasswordHistory()
entry.create(updated_user)
else:
response = password_reset_confirm(
request, uidb64=uidb64, token=token, extra_context=platform_name
)
response_was_successful = response.context_data.get('validlink')
if response_was_successful and not user.is_active:
user.is_active = True
user.save()
return response
