def get_accounts_for(calnet_uid): accounts = users_by_calnet_uid(calnet_uid) if calnet_uid in TESTER_CALNET_UIDS: # these test accounts don't have to exist in in LDAP accounts.extend(TEST_OCF_ACCOUNTS) return accounts
def get_accounts_for(calnet_uid: str) -> List[Any]: accounts = users_by_calnet_uid(calnet_uid) if calnet_uid in TESTER_CALNET_UIDS: # these test accounts don't have to exist in in LDAP accounts.extend(TEST_OCF_ACCOUNTS) return accounts
def get_authorized_accounts_for(calnet_uid): accounts = search.users_by_calnet_uid(calnet_uid) + \ _get_accounts_signatory_for(calnet_uid) if calnet_uid in settings.TESTER_CALNET_UIDS: # these test accounts don't have to exist in in LDAP accounts.extend(settings.TEST_OCF_ACCOUNTS) return accounts
def parse(student): uid = int(student.findtext('Username')) attrs = search.user_attrs_ucb(uid) name = None if attrs: name = attrs.get('displayName', [None])[0] users = search.users_by_calnet_uid(uid) return uid, {'name': name, 'accounts': users}
def validate_calnet_uid(uid): """Verifies whether a given CalNet UID is eligible for a new OCF account. Checks that: - User doesn't already have an OCF account - Affiliate type is eligible""" # check for existing OCF accounts existing_accounts = search.users_by_calnet_uid(uid) if existing_accounts: raise ValidationError( 'CalNet UID already has account: ' + str(existing_accounts)) attrs = search.user_attrs_ucb(uid) if not attrs: raise ValidationError("CalNet UID can't be found in university LDAP.")
def validate_calnet_uid(uid): """Verifies whether a given CalNet UID is eligible for a new OCF account. Checks that: - User doesn't already have an OCF account - Affiliate type is eligible""" # check for existing OCF accounts existing_accounts = search.users_by_calnet_uid(uid) if existing_accounts: raise ValidationError( 'CalNet UID already has account: ' + str(existing_accounts)) attrs = search.user_attrs_ucb(uid) if not attrs: raise ValidationError("CalNet UID can't be found in university LDAP.") # check if user is eligible for an account affiliations = attrs['berkeleyEduAffiliations'] if not eligible_for_account(affiliations): raise ValidationWarning( 'Affiliate type not eligible for account: ' + str(affiliations))
def test_users_by_calnet_uid(uid, users): assert users_by_calnet_uid(uid) == users
def request_account( request: HttpRequest) -> Union[HttpResponseRedirect, HttpResponse]: calnet_uid = request.session['calnet_uid'] status = 'new_request' existing_accounts = search.users_by_calnet_uid(calnet_uid) groups_for_user = groups_by_student_signat(calnet_uid) eligible_new_group_accounts, existing_group_accounts = {}, {} for group_oid in groups_for_user: if not group_by_oid(group_oid)['accounts'] or group_oid in [ group[0] for group in TEST_GROUP_ACCOUNTS ]: eligible_new_group_accounts[group_oid] = groups_for_user[group_oid] else: existing_group_accounts[group_oid] = groups_for_user[group_oid] if existing_accounts and not eligible_new_group_accounts and calnet_uid not in TESTER_CALNET_UIDS: return render( request, 'account/register/already-has-account.html', { 'account': ', '.join(existing_accounts), 'calnet_uid': calnet_uid, 'title': 'You already have an account', }, ) # ensure we can even find them in university LDAP # (alumni etc. might not be readable in LDAP but can still auth via CalNet) if not user_attrs_ucb(calnet_uid): return render( request, 'account/register/cant-find-in-ldap.html', { 'calnet_uid': calnet_uid, 'title': 'Unable to read account information', }, ) real_name = directory.name_by_calnet_uid(calnet_uid) association_choices = [] if not existing_accounts or calnet_uid in TESTER_CALNET_UIDS: association_choices.append((calnet_uid, real_name)) for group_oid, group in eligible_new_group_accounts.items(): association_choices.append((group_oid, group['name'])) if request.method == 'POST': form = ApproveForm(request.POST, association_choices=association_choices) if form.is_valid(): assoc_id = int(form.cleaned_data['account_association']) is_group_account = assoc_id != calnet_uid if is_group_account: req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=eligible_new_group_accounts[assoc_id]['name'], is_group=True, calnet_uid=None, callink_oid=assoc_id, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], RSA.importKey(CREATE_PUBLIC_KEY), ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) else: req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=real_name, is_group=False, calnet_uid=calnet_uid, callink_oid=None, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], RSA.importKey(CREATE_PUBLIC_KEY), ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) if 'warnings-submit' in request.POST: req = req._replace( handle_warnings=NewAccountRequest.WARNINGS_SUBMIT, ) task = validate_then_create_account.delay(req) task.wait(timeout=5) if isinstance(task.result, NewAccountResponse): if task.result.status == NewAccountResponse.REJECTED: status = 'has_errors' form.add_error(None, task.result.errors) elif task.result.status == NewAccountResponse.FLAGGED: status = 'has_warnings' form.add_error(None, task.result.errors) elif task.result.status == NewAccountResponse.PENDING: return HttpResponseRedirect(reverse('account_pending')) else: raise AssertionError('Unexpected state reached') else: # validation was successful, the account is being created now request.session['approve_task_id'] = task.result return HttpResponseRedirect(reverse('wait_for_account')) else: form = ApproveForm(association_choices=association_choices) return render( request, 'account/register/index.html', { 'calnet_uid': calnet_uid, 'existing_accounts': existing_accounts, 'existing_group_accounts': existing_group_accounts, 'form': form, 'real_name': real_name, 'status': status, 'title': 'Request an OCF account', }, )
def request_account(request): calnet_uid = request.session['calnet_uid'] status = 'new_request' existing_accounts = search.users_by_calnet_uid(calnet_uid) if existing_accounts and calnet_uid not in TESTER_CALNET_UIDS: return render( request, 'account/register/already-has-account.html', { 'account': ', '.join(existing_accounts), 'calnet_uid': calnet_uid, 'title': 'You already have an account', }, ) # ensure we can even find them in university LDAP # (alumni etc. might not be readable in LDAP but can still auth via CalNet) if not user_attrs_ucb(calnet_uid): return render( request, 'account/register/cant-find-in-ldap.html', { 'calnet_uid': calnet_uid, 'title': 'Unable to read account information', }, ) real_name = directory.name_by_calnet_uid(calnet_uid) if request.method == 'POST': form = ApproveForm(request.POST) if form.is_valid(): req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=real_name, is_group=False, calnet_uid=calnet_uid, callink_oid=None, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], RSA.importKey(CREATE_PUBLIC_KEY), ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) if 'warnings-submit' in request.POST: req = req._replace( handle_warnings=NewAccountRequest.WARNINGS_SUBMIT, ) task = validate_then_create_account.delay(req) task.wait(timeout=5) if isinstance(task.result, NewAccountResponse): if task.result.status == NewAccountResponse.REJECTED: status = 'has_errors' form._errors[NON_FIELD_ERRORS] = form.error_class( task.result.errors) elif task.result.status == NewAccountResponse.FLAGGED: status = 'has_warnings' form._errors[NON_FIELD_ERRORS] = form.error_class( task.result.errors) elif task.result.status == NewAccountResponse.PENDING: return HttpResponseRedirect(reverse('account_pending')) else: raise AssertionError('Unexpected state reached') else: # validation was successful, the account is being created now request.session['approve_task_id'] = task.result return HttpResponseRedirect(reverse('wait_for_account')) else: form = ApproveForm() return render( request, 'account/register/index.html', { 'form': form, 'real_name': real_name, 'status': status, 'title': 'Request an OCF account', }, )
def request_account(request): calnet_uid = request.session['calnet_uid'] status = 'new_request' existing_accounts = search.users_by_calnet_uid(calnet_uid) real_name = directory.name_by_calnet_uid(calnet_uid) if calnet_uid not in settings.TESTER_CALNET_UIDS and existing_accounts: return render_to_response('request-account/already-has-account.html', { 'calnet_uid': calnet_uid, 'calnet_url': settings.LOGOUT_URL }) if request.method == 'POST': form = ApproveForm(request.POST) if form.is_valid(): req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=real_name, is_group=False, calnet_uid=calnet_uid, callink_oid=None, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], settings.PASSWORD_ENCRYPTION_PUBKEY, ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) if 'warnings-submit' in request.POST: req = req._replace( handle_warnings=NewAccountRequest.WARNINGS_SUBMIT, ) task = validate_then_create_account.delay(req) task.wait(timeout=5) if isinstance(task.result, NewAccountResponse): if task.result.status == NewAccountResponse.REJECTED: status = 'has_errors' form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors) elif task.result.status == NewAccountResponse.FLAGGED: status = 'has_warnings' form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors) elif task.result.status == NewAccountResponse.PENDING: return HttpResponseRedirect(reverse('account_pending')) else: raise AssertionError('Unexpected state reached') else: # validation was successful, the account is being created now request.session['approve_task_id'] = task.result return HttpResponseRedirect(reverse('wait_for_account')) else: form = ApproveForm() return render_to_response('request-account/form.html', { 'form': form, 'real_name': real_name, 'status': status, }, context_instance=RequestContext(request))
def parse(student): uid = int(student.findtext('Username')) name = name_by_calnet_uid(uid) users = search.users_by_calnet_uid(uid) return uid, {'name': name, 'accounts': users}
def request_account(request): calnet_uid = request.session['calnet_uid'] status = 'new_request' existing_accounts = search.users_by_calnet_uid(calnet_uid) if existing_accounts and calnet_uid not in TESTER_CALNET_UIDS: return render( request, 'account/register/already-has-account.html', { 'account': ', '.join(existing_accounts), 'calnet_uid': calnet_uid, 'title': 'You already have an account', }, ) # ensure we can even find them in university LDAP # (alumni etc. might not be readable in LDAP but can still auth via CalNet) if not user_attrs_ucb(calnet_uid): return render( request, 'account/register/cant-find-in-ldap.html', { 'calnet_uid': calnet_uid, 'title': 'Unable to read account information', }, ) real_name = directory.name_by_calnet_uid(calnet_uid) if request.method == 'POST': form = ApproveForm(request.POST) if form.is_valid(): req = NewAccountRequest( user_name=form.cleaned_data['ocf_login_name'], real_name=real_name, is_group=False, calnet_uid=calnet_uid, callink_oid=None, email=form.cleaned_data['contact_email'], encrypted_password=encrypt_password( form.cleaned_data['password'], RSA.importKey(CREATE_PUBLIC_KEY), ), handle_warnings=NewAccountRequest.WARNINGS_WARN, ) if 'warnings-submit' in request.POST: req = req._replace( handle_warnings=NewAccountRequest.WARNINGS_SUBMIT, ) task = validate_then_create_account.delay(req) task.wait(timeout=5) if isinstance(task.result, NewAccountResponse): if task.result.status == NewAccountResponse.REJECTED: status = 'has_errors' form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors) elif task.result.status == NewAccountResponse.FLAGGED: status = 'has_warnings' form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors) elif task.result.status == NewAccountResponse.PENDING: return HttpResponseRedirect(reverse('account_pending')) else: raise AssertionError('Unexpected state reached') else: # validation was successful, the account is being created now request.session['approve_task_id'] = task.result return HttpResponseRedirect(reverse('wait_for_account')) else: form = ApproveForm() return render( request, 'account/register/index.html', { 'form': form, 'real_name': real_name, 'status': status, 'title': 'Request an OCF account', }, )