def on_user_updated(sender, instance, **kwargs): # pylint: disable=unused-argument
"""
Check for retired usernames.
"""
# Check only at User creation time and when not raw.
if not instance.id and not kwargs['raw']:
prefix_to_check = getattr(settings, 'RETIRED_USERNAME_PREFIX', None)
if prefix_to_check:
# Check for username that's too close to retired username format.
if instance.username.startswith(prefix_to_check):
raise AccountValidationError(
USERNAME_EXISTS_MSG_FMT.format(username=instance.username),
field="username"
)
# Check for a retired username.
if is_username_retired(instance.username):
raise AccountValidationError(
USERNAME_EXISTS_MSG_FMT.format(username=instance.username),
field="username"
)
# Check for a retired email.
if is_email_retired(instance.email):
raise AccountValidationError(
EMAIL_EXISTS_MSG_FMT.format(username=instance.email),
field="email"
)
def on_user_updated(sender, instance, **kwargs): # pylint: disable=unused-argument
"""
Check for retired usernames.
"""
# Check only at User creation time and when not raw.
if not instance.id and not kwargs['raw']:
prefix_to_check = getattr(settings, 'RETIRED_USERNAME_PREFIX', None)
if prefix_to_check:
# Check for username that's too close to retired username format.
if instance.username.startswith(prefix_to_check):
raise AccountValidationError(
USERNAME_EXISTS_MSG_FMT.format(username=instance.username),
field="username")
# Check for a retired username.
if is_username_retired(instance.username):
raise AccountValidationError(
USERNAME_EXISTS_MSG_FMT.format(username=instance.username),
field="username")
# Check for a retired email.
if is_email_retired(instance.email):
raise AccountValidationError(
EMAIL_EXISTS_MSG_FMT.format(username=instance.email),
field="email")
def test_is_email_retired_is_retired(retirement_user):
"""
Check functionality of is_email_retired when email is retired
"""
original_email = retirement_user.email
retired_email = get_retired_email_by_email(retirement_user.email)
# Fake email retirement.
retirement_user.email = retired_email
retirement_user.save()
assert is_email_retired(original_email)
def test_is_email_retired_is_retired(retirement_user):
"""
Check functionality of is_email_retired when email is retired
"""
original_email = retirement_user.email
retired_email = get_retired_email_by_email(retirement_user.email)
# Fake email retirement.
retirement_user.email = retired_email
retirement_user.save()
assert is_email_retired(original_email)
def enroll_email(course_id, student_email, auto_enroll=False, email_students=False, email_params=None, language=None):
"""
Enroll a student by email.
`student_email` is student's emails e.g. "*****@*****.**"
`auto_enroll` determines what is put in CourseEnrollmentAllowed.auto_enroll
if auto_enroll is set, then when the email registers, they will be
enrolled in the course automatically.
`email_students` determines if student should be notified of action by email.
`email_params` parameters used while parsing email templates (a `dict`).
`language` is the language used to render the email.
returns two EmailEnrollmentState's
representing state before and after the action.
"""
previous_state = EmailEnrollmentState(course_id, student_email)
enrollment_obj = None
if previous_state.user:
# if the student is currently unenrolled, don't enroll them in their
# previous mode
# for now, White Labels use 'shoppingcart' which is based on the
# "honor" course_mode. Given the change to use "audit" as the default
# course_mode in Open edX, we need to be backwards compatible with
# how White Labels approach enrollment modes.
if CourseMode.is_white_label(course_id):
course_mode = CourseMode.DEFAULT_SHOPPINGCART_MODE_SLUG
else:
course_mode = None
if previous_state.enrollment:
course_mode = previous_state.mode
enrollment_obj = CourseEnrollment.enroll_by_email(student_email, course_id, course_mode)
if email_students:
email_params['message_type'] = 'enrolled_enroll'
email_params['email_address'] = student_email
email_params['full_name'] = previous_state.full_name
send_mail_to_student(student_email, email_params, language=language)
elif not is_email_retired(student_email):
cea, _ = CourseEnrollmentAllowed.objects.get_or_create(course_id=course_id, email=student_email)
cea.auto_enroll = auto_enroll
cea.save()
if email_students:
email_params['message_type'] = 'allowed_enroll'
email_params['email_address'] = student_email
send_mail_to_student(student_email, email_params, language=language)
after_state = EmailEnrollmentState(course_id, student_email)
return previous_state, after_state, enrollment_obj
def enroll_email(course_id, student_email, auto_enroll=False, email_students=False, email_params=None, language=None):
"""
Enroll a student by email.
`student_email` is student's emails e.g. "*****@*****.**"
`auto_enroll` determines what is put in CourseEnrollmentAllowed.auto_enroll
if auto_enroll is set, then when the email registers, they will be
enrolled in the course automatically.
`email_students` determines if student should be notified of action by email.
`email_params` parameters used while parsing email templates (a `dict`).
`language` is the language used to render the email.
returns two EmailEnrollmentState's
representing state before and after the action.
"""
previous_state = EmailEnrollmentState(course_id, student_email)
enrollment_obj = None
if previous_state.user:
# if the student is currently unenrolled, don't enroll them in their
# previous mode
# for now, White Labels use 'shoppingcart' which is based on the
# "honor" course_mode. Given the change to use "audit" as the default
# course_mode in Open edX, we need to be backwards compatible with
# how White Labels approach enrollment modes.
if CourseMode.is_white_label(course_id):
course_mode = CourseMode.DEFAULT_SHOPPINGCART_MODE_SLUG
else:
course_mode = None
if previous_state.enrollment:
course_mode = previous_state.mode
enrollment_obj = CourseEnrollment.enroll_by_email(student_email, course_id, course_mode)
if email_students:
email_params['message_type'] = 'enrolled_enroll'
email_params['email_address'] = student_email
email_params['full_name'] = previous_state.full_name
send_mail_to_student(student_email, email_params, language=language)
elif not is_email_retired(student_email):
cea, _ = CourseEnrollmentAllowed.objects.get_or_create(course_id=course_id, email=student_email)
cea.auto_enroll = auto_enroll
cea.save()
if email_students:
email_params['message_type'] = 'allowed_enroll'
email_params['email_address'] = student_email
send_mail_to_student(student_email, email_params, language=language)
after_state = EmailEnrollmentState(course_id, student_email)
return previous_state, after_state, enrollment_obj
def test_is_email_retired_is_retired():
"""
Check functionality of is_email_retired when email is retired
"""
user = UserFactory()
original_email = user.email
retired_email = get_retired_email_by_email(user.email)
# Fake email retirement.
user.email = retired_email
user.save()
assert is_email_retired(original_email)
def test_is_email_retired_is_retired():
"""
Check functionality of is_email_retired when email is retired
"""
user = UserFactory()
original_email = user.email
retired_email = get_retired_email_by_email(user.email)
# Fake email retirement.
user.email = retired_email
user.save()
assert is_email_retired(original_email)
def clean_email(self):
"""
This is a literal copy from Django 1.4.5's django.contrib.auth.forms.PasswordResetForm
Except removing the requirement of active users
Validates that a user exists with the given email address.
"""
email = self.cleaned_data["email"]
#The line below contains the only change, removing is_active=True
self.users_cache = User.objects.filter(email__iexact=email)
########### Edraak Specific #############
# Allow retired users to get reset my password email
retirement_status = None
if is_email_retired(email):
retirement_status = UserRetirementStatus.objects.filter(
original_email=email,
current_state__state_name='PENDING').first()
if retirement_status:
retirement_status.user.email = retirement_status.original_email
retirement_status.user.username = retirement_status.original_username
retirement_status.user.name = retirement_status.original_name
self.users_cache = [retirement_status.user]
if not len(self.users_cache):
raise forms.ValidationError(self.error_messages['unknown'])
if (retirement_status is None) and any(
(user.password.startswith(UNUSABLE_PASSWORD_PREFIX))
for user in self.users_cache):
raise forms.ValidationError(self.error_messages['unusable'])
# if not len(self.users_cache):
# raise forms.ValidationError(self.error_messages['unknown'])
# if any((user.password.startswith(UNUSABLE_PASSWORD_PREFIX))
# for user in self.users_cache):
# raise forms.ValidationError(self.error_messages['unusable'])
########### End of Edraak Specific ##########
return email
def test_is_email_retired_not_retired(retirement_user):
"""
Check functionality of is_email_retired when email is not retired
"""
assert not is_email_retired(retirement_user.email)
def test_is_email_retired_not_retired(retirement_user):
"""
Check functionality of is_email_retired when email is not retired
"""
assert not is_email_retired(retirement_user.email)
def password_change_request_handler(request):
"""Handle password change requests originating from the account page.
Uses the Account API to email the user a link to the password reset page.
Note:
The next step in the password reset process (confirmation) is currently handled
by student.views.password_reset_confirm_wrapper, a custom wrapper around Django's
password reset confirmation view.
Args:
request (HttpRequest)
Returns:
HttpResponse: 200 if the email was sent successfully
HttpResponse: 400 if there is no 'email' POST parameter
HttpResponse: 403 if the client has been rate limited
HttpResponse: 405 if using an unsupported HTTP method
Example usage:
POST /account/password
"""
limiter = BadRequestRateLimiter()
if limiter.is_rate_limit_exceeded(request):
AUDIT_LOG.warning("Password reset rate limit exceeded")
return HttpResponseForbidden()
user = request.user
# Prefer logged-in user's email
email = user.email if user.is_authenticated else request.POST.get('email')
if email:
try:
request_password_change(email, request.is_secure())
if is_email_retired(email):
email = get_retired_email_by_email(email)
user = user if user.is_authenticated else User.objects.get(
email=email)
destroy_oauth_tokens(user)
except UserNotFound:
AUDIT_LOG.info("Invalid password reset attempt")
# Increment the rate limit counter
limiter.tick_bad_request_counter(request)
# If enabled, send an email saying that a password reset was attempted, but that there is
# no user associated with the email
if configuration_helpers.get_value(
'ENABLE_PASSWORD_RESET_FAILURE_EMAIL',
settings.FEATURES['ENABLE_PASSWORD_RESET_FAILURE_EMAIL']):
site = get_current_site()
message_context = get_base_template_context(site)
message_context.update({
'failed': True,
'request':
request, # Used by google_analytics_tracking_pixel
'email_address': email,
})
msg = PasswordReset().personalize(
recipient=Recipient(username='', email_address=email),
language=settings.LANGUAGE_CODE,
user_context=message_context,
)
ace.send(msg)
except UserAPIInternalError as err:
log.exception(
'Error occured during password change for user {email}: {error}'
.format(email=email, error=err))
return HttpResponse(_(
"Some error occured during password change. Please try again"),
status=500)
return HttpResponse(status=200)
else:
return HttpResponseBadRequest(_("No email address provided."))
def test_is_email_retired_not_retired():
"""
Check functionality of is_email_retired when email is not retired
"""
user = UserFactory()
assert not is_email_retired(user.email)
def test_is_email_retired_not_retired():
"""
Check functionality of is_email_retired when email is not retired
"""
user = UserFactory()
assert not is_email_retired(user.email)
