def test_suspend_account(self):
user = users_factories.UserFactory(isAdmin=True)
users_factories.UserSessionFactory(user=user)
reason = users_constants.SuspensionReason.FRAUD
actor = users_factories.UserFactory(isAdmin=True)
users_api.suspend_account(user, reason, actor)
assert user.suspensionReason == str(reason)
assert not user.isActive
assert not user.isAdmin
assert not UserSession.query.filter_by(userId=user.id).first()
assert actor.isActive
def suspend_fraudulent_beneficiary_users(fraudulent_users: list[User],
admin_user: User,
dry_run: bool = True) -> dict:
offers = find_offers_booked_by_beneficiaries(fraudulent_users)
if not dry_run:
n_bookings = 0
for fraudulent_user in fraudulent_users:
result = suspend_account(fraudulent_user, SuspensionReason.FRAUD,
admin_user)
n_bookings += result["cancelled_bookings"]
logger.info(
"Fraudulent beneficiaries accounts suspended",
extra={
"beneficiaries_suspended_count": len(fraudulent_users),
"bookings_cancelled_count": n_bookings,
},
)
else:
n_bookings = -1 # unknown
logger.info(
"Dry run results",
extra={
"beneficiaries_concerned_count": len(fraudulent_users),
},
)
if len(offers) > 0:
print(
f"Suspended users booked following distinct offers {[offer.id for offer in offers]}"
)
return {
"fraudulent_users": fraudulent_users,
"nb_cancelled_bookings": n_bookings
}
def suspend_user_view(self):
if not _allow_suspension_and_unsuspension(current_user):
return Forbidden()
user_id = request.args["user_id"]
user = User.query.get(user_id)
if request.method == "POST":
form = SuspensionForm(request.form)
if form.validate():
flash(f"Le compte de l'utilisateur {user.email} ({user.id}) a été suspendu.")
users_api.suspend_account(user, form.data["reason"], current_user)
return redirect(self.user_list_url)
else:
form = SuspensionForm()
context = {
"cancel_link_url": self.user_list_url,
"user": user,
"form": form,
}
return self.render("admin/confirm_suspension.html", **context)
def _suspend_users(user_ids: set, admin_email_used: str) -> None:
admin = User.query.filter_by(email=admin_email_used, isAdmin=True).one()
for user_id in user_ids:
user = User.query.get(user_id)
suspend_account(user, constants.SuspensionReason.UPON_USER_REQUEST,
admin)
def suspend_account(user: User) -> None:
api.suspend_account(user,
constants.SuspensionReason.UPON_USER_REQUEST,
actor=user)
def _suspend_fraudulent_pro_users(users: list[User], admin_user: User) -> None:
for fraudulent_user in users:
suspend_account(fraudulent_user, SuspensionReason.FRAUD, admin_user)