def main():
logger = Factory.get_logger("cronjob")
db = Factory.get('Database')()
const = Factory.get("Constants")(db)
account = Factory.get('Account')(db)
auth_prefix, auth_method = "{crypt}", int(const.auth_type_md5_crypt)
ldif = LDIFWriter('SERVICES', None)
dn = ldif.getconf('dn')
ldif.write_container()
for username in ldif.getconf('users'):
account.clear()
try:
account.find_by_name(username)
except Errors.NotFoundError:
logger.error("User '%s' not found" % username)
sys.exit(1)
passwd = None
qh = QuarantineHandler.check_entity_quarantines(db, account.entity_id)
if not (qh.should_skip() or qh.is_locked()):
try:
passwd = account.get_account_authentication(auth_method)
except Errors.NotFoundError:
logger.warn("Password not found for user %s", username)
ldif.write_entry(
"cn=%s,%s" % (username, dn), {
'description': "Note: The password is maintained in Cerebrum.",
'objectClass': ('applicationProcess', 'simpleSecurityObject'),
'userPassword': auth_prefix + (passwd or "*locked")
})
ldif.close()
def get(self, id):
"""Get account quarantines."""
args = self.account_quarantines_filter.parse_args()
spreads = None
if args.context:
try:
spreads = [int(db.const.Spread(args.context))]
except Errors.NotFoundError:
abort(404, message=u'Unknown context {!r}'.format(
args.context))
ac = find_account(id)
qh = QuarantineHandler.check_entity_quarantines(
db=db.connection,
entity_id=ac.entity_id,
spreads=spreads)
locked = qh.is_locked()
quarantines = []
for q in ac.get_entity_quarantine(only_active=True):
quarantines.append({
'type': q['quarantine_type'],
# 'description': q['description'],
'end': q['end_date'],
'start': q['start_date'],
# 'disable_until': q['disable_until'],
})
return {
'locked': locked,
'quarantines': quarantines
}
def get(self, name):
"""Get account quarantines."""
args = self.account_quarantines_filter.parse_args()
spreads = None
if args.context:
try:
spreads = [int(db.const.Spread(args.context))]
except Errors.NotFoundError:
abort(404, message='Unknown context {!r}'.format(
args.context))
ac = find_account(name)
qh = QuarantineHandler.check_entity_quarantines(
db=db.connection,
entity_id=ac.entity_id,
spreads=spreads)
locked = qh.is_locked()
# TODO: Replace with list of hrefs to quarantines resource?
quarantines = []
for q in ac.get_entity_quarantine(only_active=True):
quarantines.append(_format_quarantine(q))
return {
'locked': locked,
'quarantines': quarantines
}
def get(self, name):
"""Get account quarantines."""
args = self.account_quarantines_filter.parse_args()
spreads = None
if args.context:
try:
spreads = [int(db.const.Spread(args.context))]
except Errors.NotFoundError:
abort(404, message='Unknown context {!r}'.format(
args.context))
ac = find_account(name)
qh = QuarantineHandler.check_entity_quarantines(
db=db.connection,
entity_id=ac.entity_id,
spreads=spreads)
locked = qh.is_locked()
# TODO: Replace with list of hrefs to quarantines resource?
quarantines = []
for q in ac.get_entity_quarantine(only_active=True):
quarantines.append(_format_quarantine(q))
return {
'locked': locked,
'quarantines': quarantines
}
def main():
logger = Factory.get_logger("cronjob")
db = Factory.get('Database')()
const = Factory.get("Constants")(db)
account = Factory.get('Account')(db)
auth_prefix, auth_method = "{crypt}", int(const.auth_type_md5_crypt)
ldif = LDIFWriter('SERVICES', None)
dn = ldif.getconf('dn')
ldif.write_container()
for username in ldif.getconf('users'):
account.clear()
try:
account.find_by_name(username)
except Errors.NotFoundError:
logger.error("User '%s' not found" % username)
sys.exit(1)
passwd = None
qh = QuarantineHandler.check_entity_quarantines(db, account.entity_id)
if not (qh.should_skip() or qh.is_locked()):
try:
passwd = account.get_account_authentication(auth_method)
except Errors.NotFoundError:
logger.warn("Password not found for user %s", username)
ldif.write_entry("cn=%s,%s" % (username, dn), {
'description': "Note: The password is maintained in Cerebrum.",
'objectClass': ('applicationProcess', 'simpleSecurityObject'),
'userPassword': auth_prefix + (passwd or "*locked")})
ldif.close()
def set_password(self, uname, new_password, token, browser_token):
if not self.check_token(uname, token, browser_token):
return False
account = self.get_account(uname)
try:
check_password(new_password, account)
except PasswordNotGoodEnough as e:
m = text_type(e)
raise Errors.CerebrumRPCException('password_invalid', m)
# All data is good. Set password
account.set_password(new_password)
try:
account.write_db()
account._db.commit()
logger.info("Password for %r altered", uname)
except self.db.DatabaseError as m:
logger.error("Error when setting password for %r: %s", uname, m)
raise Errors.CerebrumRPCException('error_unknown')
# Remove "weak password" quarantine
for r in account.get_entity_quarantine():
for qua in (self.co.quarantine_autopassord,
self.co.quarantine_svakt_passord):
if int(r['quarantine_type']) == qua:
account.delete_entity_quarantine(qua)
account.write_db()
account._db.commit()
# TODO: move these checks up and raise exceptions? Wouldn't happen,
# since generate_token() checks this already, but might get other
# authentication methods later.
if account.is_deleted():
logger.warning("user %r is deleted", uname)
elif account.is_expired():
logger.warning("user %r is expired", uname)
elif QuarantineHandler.check_entity_quarantines(
self.db, account.entity_id).is_locked():
logger.info("user %r has an active quarantine", uname)
return True
def set_password(self, uname, new_password, token, browser_token):
if not self.check_token(uname, token, browser_token):
return False
account = self.get_account(uname)
try:
check_password(new_password, account)
except PasswordNotGoodEnough as e:
m = text_type(e)
raise Errors.CerebrumRPCException('password_invalid', m)
# All data is good. Set password
account.set_password(new_password)
try:
account.write_db()
account._db.commit()
logger.info("Password for %r altered", uname)
except self.db.DatabaseError as m:
logger.error("Error when setting password for %r: %s", uname, m)
raise Errors.CerebrumRPCException('error_unknown')
# Remove "weak password" quarantine
for r in account.get_entity_quarantine():
for qua in (self.co.quarantine_autopassord,
self.co.quarantine_svakt_passord):
if int(r['quarantine_type']) == qua:
account.delete_entity_quarantine(qua)
account.write_db()
account._db.commit()
# TODO: move these checks up and raise exceptions? Wouldn't happen,
# since generate_token() checks this already, but might get other
# authentication methods later.
if account.is_deleted():
logger.warning("user %r is deleted", uname)
elif account.is_expired():
logger.warning("user %r is expired", uname)
elif QuarantineHandler.check_entity_quarantines(
self.db, account.entity_id).is_locked():
logger.info("user %r has an active quarantine", uname)
return True
# Remove "weak password" quarantine
for r in account.get_entity_quarantine():
for qua in (self.co.quarantine_autopassord,
self.co.quarantine_svakt_passord):
if int(r['quarantine_type']) == qua:
account.delete_entity_quarantine(qua)
account.write_db()
account._db.commit()
# TODO: move these checks up and raise exceptions? Wouldn't happen,
# since generate_token() checks this already, but might get other
# authentication methods later.
if account.is_deleted():
log.warning("user %s is deleted" % uname)
elif account.is_expired():
log.warning("user %s is expired" % uname)
elif QuarantineHandler.check_entity_quarantines(
self.db, account.entity_id).is_locked():
log.info("user %s has an active quarantine" % uname)
return True
def get_person(self, id_type, ext_id):
person = Factory.get('Person')(self.db)
person.clear()
if not hasattr(self.co, id_type):
log.error("Wrong id_type: '%s'" % id_type)
raise Errors.CerebrumRPCException('person_notfound')
try:
person.find_by_external_id(getattr(self.co, id_type), ext_id)
return person
except Errors.NotFoundError:
log.debug("Couldn't find person with %s='%s'" % (id_type, ext_id))
def process(check_trait, set_trait, days, phone_types, message, only_aff):
logger.info("SMS-reminder started")
if commit:
logger.info("In commit, will send out SMS")
else:
logger.info("In dryrun, will not send SMS")
limit_date = now() - days
logger.debug('Matching only traits newer than: %s', limit_date)
ac = Factory.get('Account')(db)
pe = Factory.get('Person')(db)
target_traits = set(t['entity_id'] for t in ac.list_traits(code=check_trait)
if (t['date'] >= limit_date and # Filter out old traits.
t['date'] < (now() - 1))) # Filter out traits from
# the last 24 hours.
logger.debug('Found %d traits of type %s from last %d days to check',
len(target_traits), check_trait, days)
set_traits = set(t['entity_id'] for t in ac.list_traits(code=set_trait)
if t['date'] >= limit_date)
logger.debug('Found %d already set traits of type %s from last %d days',
len(set_traits), set_trait, days)
target_traits.difference_update(set_traits)
logger.debug('Then %d traits of type %s remains to be checked',
len(target_traits), check_trait)
pe_affs = set()
if only_aff:
for a in only_aff:
pe_affs.update(r['person_id'] for r in
pe.list_affiliations(affiliation=a))
logger.debug('Found %d person affiliations to filter by', len(pe_affs))
else:
logger.debug('No only_aff specified, so no filtering on affiliation')
processed = 0
for account_id in target_traits:
ac.clear()
try:
ac.find(account_id)
except Errors.NotFoundError:
logger.error("Could not find user with entity_id: %s, skipping",
account_id)
continue
if ac.is_expired():
logger.info("Account %s is expired, skipping", ac.account_name)
continue
if QuarantineHandler.check_entity_quarantines(
db, ac.entity_id).is_locked():
logger.info("Account %s is quarantined, skipping", ac.account_name)
continue
if pe_affs and ac.owner_id not in pe_affs:
logger.info('Account %s without given person affiliation, skipping',
ac.account_name)
continue
# Check password changes for the user
if have_changed_password(ac):
logger.info("Account %s already changed password, skipping",
ac.account_name)
continue
# Everything ready, should send the SMS
if send_sms(ac, pe, phone_types, message=message):
ac.populate_trait(code=set_trait, date=now())
ac.write_db()
if commit:
db.commit()
else:
db.rollback()
logger.debug("Trait set for %s", ac.account_name)
processed += 1
else:
logger.warn('Failed to send SMS to %s', ac.account_name)
logger.info("SMS-reminder done, %d accounts processed" % processed)
raise Errors.CerebrumRPCException('error_unknown')
# Remove "weak password" quarantine
for r in account.get_entity_quarantine():
for qua in (self.co.quarantine_autopassord, self.co.quarantine_svakt_passord):
if int(r['quarantine_type']) == qua:
account.delete_entity_quarantine(qua)
account.write_db()
account._db.commit()
# TODO: move these checks up and raise exceptions? Wouldn't happen,
# since generate_token() checks this already, but might get other
# authentication methods later.
if account.is_deleted():
log.warning("user %s is deleted" % uname)
elif account.is_expired():
log.warning("user %s is expired" % uname)
elif QuarantineHandler.check_entity_quarantines(
self.db, account.entity_id).is_locked():
log.info("user %s has an active quarantine" % uname)
return True
def get_person(self, id_type, ext_id):
person = Factory.get('Person')(self.db)
person.clear()
if not hasattr(self.co, id_type):
log.error("Wrong id_type: '%s'" % id_type)
raise Errors.CerebrumRPCException('person_notfound')
try:
person.find_by_external_id(getattr(self.co, id_type), ext_id)
return person
except Errors.NotFoundError:
log.debug("Couldn't find person with %s='%s'" % (id_type, ext_id))
