def create_user(username, password, firstname, lastname, email, phone, email_to_file=None):
if not validate_username(username):
return [None, "Wrong user name format (are allowed a-Z|0-9|.|-|_)"]
if not validate_email(email):
return [None, "Wrong email format"]
if Users.objects.filter(username=username):
logging.warning("Cannot create account: username {} already exists".format(email))
return [None, "This username already exists"]
if Users.objects.filter(email=email):
logging.warning("Cannot create account: email {} already exists".format(email))
return [None, "This email already exists"]
person = People.objects.create(firstname=firstname, lastname=lastname, phone=phone, is_laboratory=0)
role = Roles.objects.get(name=DEFAULT_ROLE)
salt = crypt.mksalt(method=crypt.METHOD_SHA256)
newuser = Users(username=username, password=crypt.crypt(password, salt),
salt=salt, email=email, person=person, role=role,
is_active=0, is_password_reset=0, code=utils.random_string())
newuser.save()
allow_access_to_demo(newuser)
text = "Your account '{}' has been created. ".format(username) + \
"It will be validated by an admin shortly. You will receive an email at this " + \
"address when your account has been activated."
html = text
send_email(email, "New varapp account", text=text, html=html, tofile=email_to_file)
send_email(settings.EMAIL_ADMIN, "Account for user {} awaits validation".format(username),
text='', html='', tofile=email_to_file)
return [newuser, '']
def test_diff_disk_VariantsDb(self):
"""Add a new empty sqlite artificially. It should be added to settings and VariantsDb."""
filename = 'tmp' + random_string(10) + '.db'
with TempSqliteContext(filename, TEST_DB_PATH):
diff_disk_VariantsDb(path=TEST_DB_PATH)
dbs = VariantsDb.objects.values_list('filename', flat=True)
self.assertIn(filename, dbs)
def create_dummy_db(filename, path, overwrite=False):
"""Create a minimal testing sqlite with a random table name.
It is not easy to have a tempfile that has the structure of an sqlite.
:param filename: the name of the sqlite.
:param path: the directory where to put the sqlite file.
:param overwrite: whether to overwrite an existing file with the same name.
"""
path = os.path.join(path, filename)
if overwrite:
if os.path.exists(path):
os.remove(path)
conn = sqlite3.connect(path)
c = conn.cursor()
tablename = random_string(10)
c.execute("CREATE TABLE '{}' (id INT)".format(tablename))
return path
def create_dummy_db(filename, path, overwrite=False):
"""Create a minimal testing sqlite with a random table name.
It is not easy to have a tempfile that has the structure of an sqlite.
:param filename: the name of the sqlite.
:param path: the directory where to put the sqlite file.
:param overwrite: whether to overwrite an existing file with the same name.
"""
path = os.path.join(path, filename)
if overwrite:
if os.path.exists(path):
os.remove(path)
conn = sqlite3.connect(path)
c = conn.cursor()
tablename = random_string(10)
c.execute("CREATE TABLE '{}' (id INT)".format(tablename))
return path
def test_diff_disk_VariantsDb_update(self):
"""Add two sqlites with the same filename successively. The second one should
be recognized as an update, deactivate the first one an redirect accesses."""
filename = 'tmp' + random_string(10) + '.db'
# Create a first new db
with TempSqliteContext(filename, TEST_DB_PATH):
diff_disk_VariantsDb(path=TEST_DB_PATH)
# There exists one and only one
old_vdbs = VariantsDb.objects.filter(filename=filename)
self.assertEqual(old_vdbs.count(), 1)
old_vdb = old_vdbs[0]
# Hash is calculated
self.assertIsNot(old_vdb.hash, None)
old_sha = old_vdb.hash
old_pk = old_vdb.id
# Set access to test user
DbAccess.objects.create(variants_db=old_vdb, user_id=1)
with TempSqliteContext(filename, TEST_DB_PATH):
# Create a second one with the same name but different content
diff_disk_VariantsDb(path=TEST_DB_PATH, check_time=False)
vdbs = VariantsDb.objects.filter(filename=filename)
self.assertEqual(vdbs.count(), 2)
# The older one is still here but inactive
vdbs = VariantsDb.objects.filter(filename=filename)
self.assertEqual(vdbs.count(), 2)
vdbs = VariantsDb.objects.filter(filename=filename,
is_active=1)
self.assertEqual(vdbs.count(), 1)
# Only the new one is active, and it has a new hash
vdb = vdbs[0]
self.assertNotEqual(vdb.pk, old_pk)
self.assertNotEqual(vdb.hash, old_sha)
# Accesses have changed hands
old_accesses = DbAccess.objects.filter(variants_db=old_vdb)
self.assertEqual(old_accesses.count(), 1)
old_accesses = DbAccess.objects.filter(variants_db=old_vdb,
is_active=1)
self.assertEqual(old_accesses.count(), 0)
accesses = DbAccess.objects.filter(variants_db=vdb,
is_active=1)
self.assertEqual(accesses.count(), 1)
def change_password(request, new_password=None, email_to_file=None):
"""Change a user's password and sends him an email with the new login.
Also to validate password reset, in which case it replaces the user's password
by a random one (if *password* is not set).
Not @protected because the user is unidentified at this point,
but the activation code is the protection.
"""
logger.info("Reset password validation")
username = request.POST['username']
email = request.POST['email']
activation_code = request.POST['activation_code']
if new_password is None:
new_password = utils.random_string(10)
user,msg = auth.change_password(username, email, activation_code, new_password, email_to_file)
if user is None:
return HttpResponseForbidden(msg)
return JWT_user(user, TOKEN_DURATION)
def reset_password_request(username, email, host, email_to_file=None):
if not find_user2(username=username, email=email):
return [None, USER_NOT_FOUND_WITH_EMAIL_MSG]
user = Users.objects.get(username=username, email=email, is_active=1)
activation_code = utils.random_string(10)
user.activation_code = activation_code
user.save()
reset_url = host + '/#/passwordHasBeenReset' + \
'?username={}&email={}&activation_code={}'.format(username, email, activation_code)
text = "A new password has been demanded for user {}. Please click on the link below ".format(username) + \
"to verify that you are the author of this request. " \
"Shortly after verification, your new login information will be sent at this address. " + \
"\n\n{}\n\n".format(reset_url)
html = "<p>A new password has been demanded for user '{}'. Please click on the link below ".format(username) + \
"to verify that you are the author of this request. " \
"Shortly after verification, your new login information will be sent at this address.</p>" + \
"<p><a href={}>I want to reset my password</a></p>".format(reset_url)
send_email(email, "New password request", text=text, html=html, tofile=email_to_file)
return [user, '']