def setUp(cls):
cls.client_simple = AuthGroupeXClient.objects.create(
privkey='356a192b7913b04c54574d18c28d46e6395428ab', # SHA1("1")
name='Test AuthGroupeX Client',
data_fields='matricule_ax,nom,prenom,full_promo,forlife,sex',
return_urls=r'#https://example\.com/#',
allow_xnet=False,
)
vaneau = User.objects.create_user(
hrid='louis.vaneau.1829',
fullname='Louis Vaneau',
firstname='Louis',
lastname='Vaneau',
sex='male',
main_email='*****@*****.**',
password='******',
axid='18290001',
schoolid='18290042',
xorgdb_uid=1,
study_year='X1829',
grad_year=1832,
)
cls.role_x = Role.objects.create(hrid='x', display='X')
cls.role_xnet = Role.objects.create(hrid='xnet', display='External')
vaneau.roles.add(cls.role_x)
vaneau.save()
UserAlias(user=vaneau, email='*****@*****.**').save()
def setUp(self):
call_command('creatersakey')
client_public_noconsent = oidc_provider.models.Client(
name='Test Client',
client_id='123456789',
client_type='public',
client_secret='',
redirect_uris=['http://example.com/'],
require_consent=False)
client_public_noconsent.save()
response_type = oidc_provider.models.ResponseType.objects.get(value='id_token token')
client_public_noconsent.response_types.add(response_type)
self.vaneau = User.objects.create_user(
hrid='louis.vaneau.1829',
fullname='Louis Vaneau',
main_email='*****@*****.**',
password='******',
axid='18290001',
study_year='X1829',
grad_year=1829,
)
UserAlias(user=self.vaneau, email='*****@*****.**').save()
def test_auth_homonym_different_curriculum(self):
c = Client()
homonym = User.objects.create_user(
hrid=
'louis.vaneau.d1829', # same name, same year, different curriculum
main_email='*****@*****.**',
password='******')
UserAlias(user=homonym,
email="*****@*****.**").save()
UserAlias(user=homonym,
email="*****@*****.**").save()
UserAlias(user=homonym, email="*****@*****.**").save()
UserAlias(user=homonym, email="*****@*****.**").save()
UserAlias(user=homonym, email="*****@*****.**").save()
self.assertIsNone(User.objects.get_for_login('louis.vaneau', True))
self.assertFalse(
c.login(username='******', password='******'))
self.assertTrue(
c.login(username='******', password='******'))
self.assertTrue(
c.login(username='******',
password='******'))
def test_auth_homonym_same_curriculum(self):
c = Client()
homonym = User.objects.create_user(
hrid=
"louis.vaneau.1830", # same name, same curriculum, different year
main_email="*****@*****.**",
password="******")
UserAlias(user=homonym,
email="*****@*****.**").save()
UserAlias(user=homonym, email="*****@*****.**").save()
UserAlias(user=homonym, email="*****@*****.**").save()
UserAlias.objects.filter(user=self.vaneau,
email__startswith="louis.vaneau@").delete()
self.assertEqual(None,
User.objects.get_for_login("louis.vaneau", True))
self.assertFalse(
c.login(username='******', password='******'))
self.assertTrue(
c.login(username='******', password='******'))
self.assertTrue(
c.login(username='******',
password='******'))
def test_non_lowercase_alias_email(self):
"""Test using non-lowercase alias email addresses"""
user = User.objects.create_user(
hrid='louis.vaneau.1829',
fullname='Louis Vaneau',
preferred_name='Louis Vaneau',
main_email='*****@*****.**',
password='******')
alias = UserAlias(user=user, email='*****@*****.**')
alias.full_clean()
alias.email = '*****@*****.**'
with self.assertRaises(ValidationError):
alias.full_clean()
def test_auth_homonym_2_digits(self):
c = Client()
homonym = User.objects.create_user(
hrid=
'louis.vaneau.1929', # same name, same curriculum, different year but same "2 digits"
main_email='*****@*****.**',
password='******')
UserAlias(user=homonym, email="*****@*****.**").save()
UserAlias.objects.filter(user=self.vaneau,
email__startswith="louis.vaneau@").delete()
UserAlias.objects.filter(
user=self.vaneau, email__startswith="louis.vaneau.29@").delete()
self.assertEqual(None,
User.objects.get_for_login('louis.vaneau.29', True))
self.assertFalse(
c.login(username='******', password='******'))
def setUp(self):
# Run tests in French in order to test translations
translation.activate('fr')
self.vaneau = User.objects.create_user(
hrid='louis.vaneau.1829',
main_email='*****@*****.**',
password='******')
UserAlias(user=self.vaneau, email='*****@*****.**').save()
# Add classic aliases
UserAlias(user=self.vaneau,
email='*****@*****.**').save()
UserAlias(user=self.vaneau,
email='*****@*****.**').save()
UserAlias(user=self.vaneau, email='*****@*****.**').save()
UserAlias(user=self.vaneau, email='*****@*****.**').save()
UserAlias(user=self.vaneau, email='*****@*****.**').save()
def handle(self, *args, **options):
is_verbose = int(options['verbosity']) >= 2
with open(options['jsonfile'][0], 'r') as jsonfd:
jsondata = json.load(jsonfd)
if 'accounts' not in jsondata:
raise CommandError("Unable to find account entries")
hasher = PBKDF2WrappedSHA1PasswordHasher()
admin_role = Role.get_admin()
role_displays = {
# Alumni
'x': 'X',
'master': 'Master',
'phd': 'PhD',
# Staff
'ax': 'AX',
'fx': 'FX',
'school': 'School',
# Other
'xnet': 'External',
}
type_roles = {}
for rolename, roledisplay in role_displays.items():
type_roles[rolename], created = Role.objects.get_or_create(hrid=rolename)
if created:
if is_verbose:
print("Creating role %r (%r)" % (rolename, roledisplay))
type_roles[rolename].display = roledisplay
type_roles[rolename].full_clean()
type_roles[rolename].save()
accounts_num = len(jsondata['accounts'])
for idx_account, account_data in enumerate(jsondata['accounts']):
# Do not import virtual accounts
if account_data['type'] == 'virtual':
continue
hrid = account_data['hruid']
try:
user = User.objects.get(hrid=hrid)
if is_verbose:
print("Updating user %s (%d/%d)" % (hrid, idx_account + 1, accounts_num))
except ObjectDoesNotExist:
user = User(hrid=hrid)
if is_verbose:
print("Creating user %s (%d/%d)" % (hrid, idx_account + 1, accounts_num))
user.fullname = account_data['full_name']
user.preferred_name = account_data['display_name']
user.main_email = account_data['email']
user.password = hasher.encode_sha1_hash(account_data['password'])
user.axid = account_data['ax_id']
user.schoolid = account_data['xorg_id']
user.xorgdb_uid = account_data['uid']
user.firstname = account_data['firstname']
user.lastname = account_data['lastname']
user.sex = account_data['sex']
user.study_year = account_data['promo']
user.grad_year = account_data['grad_year']
user.full_clean()
user.save()
if account_data['is_admin']:
user.roles.add(admin_role)
user.save()
# Import groups
for groupname, perms in account_data['groups'].items():
group = Group.objects.get_or_create(shortname=groupname)[0]
GroupMembership.objects.get_or_create(
group=group,
user=user,
perms=perms)
# Import email aliases
for email in account_data['email_source'].keys():
try:
alias = UserAlias.objects.get(email=email)
except ObjectDoesNotExist:
alias = UserAlias(user=user, email=email)
alias.full_clean()
alias.save()
else:
if alias.user != user:
raise CommandError("Duplicate email %r" % email)
# Import account type into role
user.roles.add(type_roles[account_data['type']])
user.full_clean()
user.save()
def handle(self, *args, **options):
is_verbose = int(options['verbosity']) >= 2
with open(options['jsonfile'][0], 'r') as jsonfd:
jsondata = json.load(jsonfd)
if 'accounts' not in jsondata:
raise CommandError("Unable to find account entries")
hasher = PBKDF2WrappedSHA1PasswordHasher()
admin_role = Role.get_admin()
role_displays = {
# Alumni
'x': 'X',
'master': 'Master',
'phd': 'PhD',
# Staff
'ax': 'AX',
'fx': 'FX',
'school': 'School',
# Other
'xnet': 'External',
}
type_roles = {}
for rolename, roledisplay in role_displays.items():
type_roles[rolename], created = Role.objects.get_or_create(hrid=rolename)
if created:
if is_verbose:
print("Creating role %r (%r)" % (rolename, roledisplay))
type_roles[rolename].display = roledisplay
type_roles[rolename].full_clean()
type_roles[rolename].save()
accounts_num = len(jsondata['accounts'])
for idx_account, account_data in enumerate(jsondata['accounts']):
# Do not import virtual accounts
if account_data['type'] == 'virtual':
continue
hrid = account_data['hruid']
try:
user = User.objects.get(hrid=hrid)
is_creating_user = False
if is_verbose:
print("Updating user %s (%d/%d)" % (hrid, idx_account + 1, accounts_num))
except ObjectDoesNotExist:
user = User(hrid=hrid)
is_creating_user = True
if is_verbose:
print("Creating user %s (%d/%d)" % (hrid, idx_account + 1, accounts_num))
# Sometimes, display_name is empty. Use the first name or a name
# from the email address
if not account_data['display_name']:
if account_data['firstname']:
if is_verbose:
print("... using first name (%r) as display name" % account_data['firstname'])
account_data['display_name'] = account_data['firstname']
else:
# This should only happen for external accounts
if account_data['type'] != 'xnet':
raise CommandError(
"No display_name nor firstname for a non-external account: %r" % account_data)
display_name = account_data['email'].split('@')[0]
if not display_name:
raise CommandError(
"No display_name nor firstname nor email in account data: %r" % account_data)
if is_verbose:
print("... using email user (%r) as display name" % display_name)
account_data['display_name'] = display_name
# If full name is empty too, use the same display name
if not account_data['full_name']:
account_data['full_name'] = display_name
# Update the fields of user, if needed
user_fields = {
'fullname': account_data['full_name'],
'preferred_name': account_data['display_name'],
'main_email': account_data['email'],
'axid': account_data['ax_id'],
'schoolid': str(account_data['xorg_id']) if account_data['xorg_id'] else None,
'xorgdb_uid': account_data['uid'],
'firstname': account_data['firstname'],
'lastname': account_data['lastname'],
'sex': account_data['sex'],
'study_year': account_data['promo'],
'grad_year': account_data['grad_year'],
}
is_user_modified = is_creating_user
for field_name, new_value in user_fields.items():
if getattr(user, field_name) != new_value:
if not is_creating_user and is_verbose:
print("... updating %r because %r is %r, not %r" % (
user,
field_name,
getattr(user, field_name),
new_value))
is_user_modified = True
setattr(user, field_name, new_value)
if is_creating_user:
# Do not override the password when updating an existing account
if account_data['password']:
user.password = hasher.encode_sha1_hash(account_data['password'])
else:
user.set_unusable_password()
# Validate and save the user only if it has been modified
if is_user_modified:
user.full_clean()
user.save()
# Add new administrators
if account_data['is_admin'] and not user.roles.filter(pk=admin_role.pk).exists():
user.roles.add(admin_role)
user.save()
# Import groups
for groupname, perms in account_data['groups'].items():
group = Group.objects.get_or_create(shortname=groupname)[0]
# Perform an "update_or_create" on the membership, calling full_clean() also
membership, created = GroupMembership.objects.get_or_create(
group=group,
user=user,
defaults={'perms': perms})
if not created and membership.perms != perms:
membership.perms = perms
membership.full_clean()
membership.save()
else:
# check values, to ensure a sane database
membership.full_clean()
# Import email aliases
current_user_aliases = set(a.email for a in user.aliases.all())
for email in account_data['email_source'].keys():
if email in current_user_aliases:
continue
try:
alias = UserAlias.objects.get(email=email)
except ObjectDoesNotExist:
alias = UserAlias(user=user, email=email)
alias.full_clean()
alias.save()
else:
if alias.user != user:
raise CommandError("Duplicate email %r" % email)
# Import account type into role
user_type_role = type_roles[account_data['type']]
if not user.roles.filter(pk=user_type_role.pk).exists():
user.roles.add(user_type_role)
user.full_clean()
user.save()
def setUp(cls):
vaneau = User.objects.create_user(
hrid='louis.vaneau.1829',
main_email='*****@*****.**',
password='******')
UserAlias(user=vaneau, email='*****@*****.**').save()