def test_name_by_calnet_uid(self, attrs, expected):
"""This tests that the 'displayName' fallback works without hitting
UCB LDAP, since we can't actually control entries there."""
with mock.patch(
'ocflib.account.search.user_attrs_ucb',
return_value=attrs
):
assert name_by_calnet_uid(0) == expected
def change_password(request):
calnet_uid = request.session['calnet_uid']
error = None
accounts = get_accounts_for(calnet_uid)
try:
accounts += get_accounts_signatory_for(calnet_uid)
except ConnectionError:
error = CALLINK_ERROR_MSG
if request.method == 'POST':
form = ChpassForm(accounts, calnet_uid, request.POST)
if form.is_valid():
account = form.cleaned_data['ocf_account']
password = form.cleaned_data['new_password']
try:
calnet_name = name_by_calnet_uid(calnet_uid)
task = change_password_task.delay(
account,
password,
comment='Your password was reset online by {}.'.format(
calnet_name),
)
result = task.wait(timeout=5)
if isinstance(result, Exception):
raise result
except ValueError as ex:
error = str(ex)
else:
# deleting this session variable will force the next
# change_password request to reauthenticate with CalNet
del request.session['calnet_uid']
return render(
request,
'account/chpass/success.html',
{
'account': account,
'title': 'Password Changed Successfully',
},
)
else:
form = ChpassForm(accounts, calnet_uid)
return render(
request,
'account/chpass/index.html',
{
'calnet_uid': calnet_uid,
'error': error,
'form': form,
'title': 'Reset Password',
},
)
def change_password(request):
calnet_uid = request.session['calnet_uid']
error = None
accounts = get_accounts_for(calnet_uid)
try:
accounts += get_accounts_signatory_for(calnet_uid)
except ConnectionError:
error = CALLINK_ERROR_MSG
if request.method == 'POST':
form = ChpassForm(accounts, calnet_uid, request.POST)
if form.is_valid():
account = form.cleaned_data['ocf_account']
password = form.cleaned_data['new_password']
try:
calnet_name = name_by_calnet_uid(calnet_uid)
task = change_password_task.delay(
account,
password,
comment='Your password was reset online by {}.'.format(calnet_name),
)
result = task.wait(timeout=5)
if isinstance(result, Exception):
raise result
except ValueError as ex:
error = str(ex)
else:
# deleting this session variable will force the next
# change_password request to reauthenticate with CalNet
del request.session['calnet_uid']
return render(
request,
'account/chpass/success.html',
{
'account': account,
'title': 'Password Changed Successfully',
},
)
else:
form = ChpassForm(accounts, calnet_uid)
return render(
request,
'account/chpass/index.html',
{
'calnet_uid': calnet_uid,
'error': error,
'form': form,
'title': 'Reset Password',
},
)
def test_name_by_calnet_uid_real_query(self, uid, expected):
assert (name_by_calnet_uid(uid) or '').lower() == (expected or '').lower()
def request_account(
request: HttpRequest) -> Union[HttpResponseRedirect, HttpResponse]:
calnet_uid = request.session['calnet_uid']
status = 'new_request'
existing_accounts = search.users_by_calnet_uid(calnet_uid)
groups_for_user = groups_by_student_signat(calnet_uid)
eligible_new_group_accounts, existing_group_accounts = {}, {}
for group_oid in groups_for_user:
if not group_by_oid(group_oid)['accounts'] or group_oid in [
group[0] for group in TEST_GROUP_ACCOUNTS
]:
eligible_new_group_accounts[group_oid] = groups_for_user[group_oid]
else:
existing_group_accounts[group_oid] = groups_for_user[group_oid]
if existing_accounts and not eligible_new_group_accounts and calnet_uid not in TESTER_CALNET_UIDS:
return render(
request,
'account/register/already-has-account.html',
{
'account': ', '.join(existing_accounts),
'calnet_uid': calnet_uid,
'title': 'You already have an account',
},
)
# ensure we can even find them in university LDAP
# (alumni etc. might not be readable in LDAP but can still auth via CalNet)
if not user_attrs_ucb(calnet_uid):
return render(
request,
'account/register/cant-find-in-ldap.html',
{
'calnet_uid': calnet_uid,
'title': 'Unable to read account information',
},
)
real_name = directory.name_by_calnet_uid(calnet_uid)
association_choices = []
if not existing_accounts or calnet_uid in TESTER_CALNET_UIDS:
association_choices.append((calnet_uid, real_name))
for group_oid, group in eligible_new_group_accounts.items():
association_choices.append((group_oid, group['name']))
if request.method == 'POST':
form = ApproveForm(request.POST,
association_choices=association_choices)
if form.is_valid():
assoc_id = int(form.cleaned_data['account_association'])
is_group_account = assoc_id != calnet_uid
if is_group_account:
req = NewAccountRequest(
user_name=form.cleaned_data['ocf_login_name'],
real_name=eligible_new_group_accounts[assoc_id]['name'],
is_group=True,
calnet_uid=None,
callink_oid=assoc_id,
email=form.cleaned_data['contact_email'],
encrypted_password=encrypt_password(
form.cleaned_data['password'],
RSA.importKey(CREATE_PUBLIC_KEY),
),
handle_warnings=NewAccountRequest.WARNINGS_WARN,
)
else:
req = NewAccountRequest(
user_name=form.cleaned_data['ocf_login_name'],
real_name=real_name,
is_group=False,
calnet_uid=calnet_uid,
callink_oid=None,
email=form.cleaned_data['contact_email'],
encrypted_password=encrypt_password(
form.cleaned_data['password'],
RSA.importKey(CREATE_PUBLIC_KEY),
),
handle_warnings=NewAccountRequest.WARNINGS_WARN,
)
if 'warnings-submit' in request.POST:
req = req._replace(
handle_warnings=NewAccountRequest.WARNINGS_SUBMIT, )
task = validate_then_create_account.delay(req)
task.wait(timeout=5)
if isinstance(task.result, NewAccountResponse):
if task.result.status == NewAccountResponse.REJECTED:
status = 'has_errors'
form.add_error(None, task.result.errors)
elif task.result.status == NewAccountResponse.FLAGGED:
status = 'has_warnings'
form.add_error(None, task.result.errors)
elif task.result.status == NewAccountResponse.PENDING:
return HttpResponseRedirect(reverse('account_pending'))
else:
raise AssertionError('Unexpected state reached')
else:
# validation was successful, the account is being created now
request.session['approve_task_id'] = task.result
return HttpResponseRedirect(reverse('wait_for_account'))
else:
form = ApproveForm(association_choices=association_choices)
return render(
request,
'account/register/index.html',
{
'calnet_uid': calnet_uid,
'existing_accounts': existing_accounts,
'existing_group_accounts': existing_group_accounts,
'form': form,
'real_name': real_name,
'status': status,
'title': 'Request an OCF account',
},
)
def request_account(request):
calnet_uid = request.session['calnet_uid']
status = 'new_request'
existing_accounts = search.users_by_calnet_uid(calnet_uid)
if existing_accounts and calnet_uid not in TESTER_CALNET_UIDS:
return render(
request,
'account/register/already-has-account.html',
{
'account': ', '.join(existing_accounts),
'calnet_uid': calnet_uid,
'title': 'You already have an account',
},
)
# ensure we can even find them in university LDAP
# (alumni etc. might not be readable in LDAP but can still auth via CalNet)
if not user_attrs_ucb(calnet_uid):
return render(
request,
'account/register/cant-find-in-ldap.html',
{
'calnet_uid': calnet_uid,
'title': 'Unable to read account information',
},
)
real_name = directory.name_by_calnet_uid(calnet_uid)
if request.method == 'POST':
form = ApproveForm(request.POST)
if form.is_valid():
req = NewAccountRequest(
user_name=form.cleaned_data['ocf_login_name'],
real_name=real_name,
is_group=False,
calnet_uid=calnet_uid,
callink_oid=None,
email=form.cleaned_data['contact_email'],
encrypted_password=encrypt_password(
form.cleaned_data['password'],
RSA.importKey(CREATE_PUBLIC_KEY),
),
handle_warnings=NewAccountRequest.WARNINGS_WARN,
)
if 'warnings-submit' in request.POST:
req = req._replace(
handle_warnings=NewAccountRequest.WARNINGS_SUBMIT, )
task = validate_then_create_account.delay(req)
task.wait(timeout=5)
if isinstance(task.result, NewAccountResponse):
if task.result.status == NewAccountResponse.REJECTED:
status = 'has_errors'
form._errors[NON_FIELD_ERRORS] = form.error_class(
task.result.errors)
elif task.result.status == NewAccountResponse.FLAGGED:
status = 'has_warnings'
form._errors[NON_FIELD_ERRORS] = form.error_class(
task.result.errors)
elif task.result.status == NewAccountResponse.PENDING:
return HttpResponseRedirect(reverse('account_pending'))
else:
raise AssertionError('Unexpected state reached')
else:
# validation was successful, the account is being created now
request.session['approve_task_id'] = task.result
return HttpResponseRedirect(reverse('wait_for_account'))
else:
form = ApproveForm()
return render(
request,
'account/register/index.html',
{
'form': form,
'real_name': real_name,
'status': status,
'title': 'Request an OCF account',
},
)
def request_account(request):
calnet_uid = request.session['calnet_uid']
status = 'new_request'
existing_accounts = search.users_by_calnet_uid(calnet_uid)
real_name = directory.name_by_calnet_uid(calnet_uid)
if calnet_uid not in settings.TESTER_CALNET_UIDS and existing_accounts:
return render_to_response('request-account/already-has-account.html', {
'calnet_uid': calnet_uid,
'calnet_url': settings.LOGOUT_URL
})
if request.method == 'POST':
form = ApproveForm(request.POST)
if form.is_valid():
req = NewAccountRequest(
user_name=form.cleaned_data['ocf_login_name'],
real_name=real_name,
is_group=False,
calnet_uid=calnet_uid,
callink_oid=None,
email=form.cleaned_data['contact_email'],
encrypted_password=encrypt_password(
form.cleaned_data['password'],
settings.PASSWORD_ENCRYPTION_PUBKEY,
),
handle_warnings=NewAccountRequest.WARNINGS_WARN,
)
if 'warnings-submit' in request.POST:
req = req._replace(
handle_warnings=NewAccountRequest.WARNINGS_SUBMIT,
)
task = validate_then_create_account.delay(req)
task.wait(timeout=5)
if isinstance(task.result, NewAccountResponse):
if task.result.status == NewAccountResponse.REJECTED:
status = 'has_errors'
form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors)
elif task.result.status == NewAccountResponse.FLAGGED:
status = 'has_warnings'
form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors)
elif task.result.status == NewAccountResponse.PENDING:
return HttpResponseRedirect(reverse('account_pending'))
else:
raise AssertionError('Unexpected state reached')
else:
# validation was successful, the account is being created now
request.session['approve_task_id'] = task.result
return HttpResponseRedirect(reverse('wait_for_account'))
else:
form = ApproveForm()
return render_to_response('request-account/form.html',
{
'form': form,
'real_name': real_name,
'status': status,
}, context_instance=RequestContext(request))
def parse(student):
uid = int(student.findtext('Username'))
name = name_by_calnet_uid(uid)
users = search.users_by_calnet_uid(uid)
return uid, {'name': name, 'accounts': users}
def test_name_by_calnet_uid_real_query(self, uid, expected):
assert (name_by_calnet_uid(uid) or '').lower() == (expected
or '').lower()
def test_name_by_calnet_uid(self, attrs, expected):
"""This tests that the 'displayName' fallback works without hitting
UCB LDAP, since we can't actually control entries there."""
with mock.patch('ocflib.account.search.user_attrs_ucb',
return_value=attrs):
assert name_by_calnet_uid(0) == expected
def request_account(request):
calnet_uid = request.session['calnet_uid']
status = 'new_request'
existing_accounts = search.users_by_calnet_uid(calnet_uid)
if existing_accounts and calnet_uid not in TESTER_CALNET_UIDS:
return render(
request,
'account/register/already-has-account.html',
{
'account': ', '.join(existing_accounts),
'calnet_uid': calnet_uid,
'title': 'You already have an account',
},
)
# ensure we can even find them in university LDAP
# (alumni etc. might not be readable in LDAP but can still auth via CalNet)
if not user_attrs_ucb(calnet_uid):
return render(
request,
'account/register/cant-find-in-ldap.html',
{
'calnet_uid': calnet_uid,
'title': 'Unable to read account information',
},
)
real_name = directory.name_by_calnet_uid(calnet_uid)
if request.method == 'POST':
form = ApproveForm(request.POST)
if form.is_valid():
req = NewAccountRequest(
user_name=form.cleaned_data['ocf_login_name'],
real_name=real_name,
is_group=False,
calnet_uid=calnet_uid,
callink_oid=None,
email=form.cleaned_data['contact_email'],
encrypted_password=encrypt_password(
form.cleaned_data['password'],
RSA.importKey(CREATE_PUBLIC_KEY),
),
handle_warnings=NewAccountRequest.WARNINGS_WARN,
)
if 'warnings-submit' in request.POST:
req = req._replace(
handle_warnings=NewAccountRequest.WARNINGS_SUBMIT,
)
task = validate_then_create_account.delay(req)
task.wait(timeout=5)
if isinstance(task.result, NewAccountResponse):
if task.result.status == NewAccountResponse.REJECTED:
status = 'has_errors'
form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors)
elif task.result.status == NewAccountResponse.FLAGGED:
status = 'has_warnings'
form._errors[NON_FIELD_ERRORS] = form.error_class(task.result.errors)
elif task.result.status == NewAccountResponse.PENDING:
return HttpResponseRedirect(reverse('account_pending'))
else:
raise AssertionError('Unexpected state reached')
else:
# validation was successful, the account is being created now
request.session['approve_task_id'] = task.result
return HttpResponseRedirect(reverse('wait_for_account'))
else:
form = ApproveForm()
return render(
request,
'account/register/index.html',
{
'form': form,
'real_name': real_name,
'status': status,
'title': 'Request an OCF account',
},
)
def parse(student):
uid = int(student.findtext('Username'))
name = name_by_calnet_uid(uid)
users = search.users_by_calnet_uid(uid)
return uid, {'name': name, 'accounts': users}