def auto_auth(request): # pylint: disable=too-many-statements """ Create or configure a user account, then log in as that user. Enabled only when settings.FEATURES['AUTOMATIC_AUTH_FOR_TESTING'] is true. Accepts the following querystring parameters: * `username`, `email`, and `password` for the user account * `full_name` for the user profile (the user's full name; defaults to the username) * `staff`: Set to "true" to make the user global staff. * `course_id`: Enroll the student in the course with `course_id` * `roles`: Comma-separated list of roles to grant the student in the course with `course_id` * `no_login`: Define this to create the user but not login * `redirect`: Set to "true" will redirect to the `redirect_to` value if set, or course home page if course_id is defined, otherwise it will redirect to dashboard * `redirect_to`: will redirect to to this url * `is_active` : make/update account with status provided as 'is_active' * `should_manually_verify`: Whether the created user should have their identification verified If username, email, or password are not provided, use randomly generated credentials. """ # Generate a unique name to use if none provided generated_username = uuid.uuid4().hex[0:30] generated_password = generate_password() # Use the params from the request, otherwise use these defaults username = request.GET.get('username', generated_username) password = request.GET.get('password', generated_password) email = request.GET.get('email', username + "@example.com") full_name = request.GET.get('full_name', username) is_staff = _str2bool(request.GET.get('staff', False)) is_superuser = _str2bool(request.GET.get('superuser', False)) course_id = request.GET.get('course_id') redirect_to = request.GET.get('redirect_to') is_active = _str2bool(request.GET.get('is_active', True)) # Valid modes: audit, credit, honor, no-id-professional, professional, verified enrollment_mode = request.GET.get('enrollment_mode', 'honor') # Whether to add a manual ID verification record for the user (can # be helpful for bypassing certain gated features) should_manually_verify = _str2bool( request.GET.get('should_manually_verify', False)) # Parse roles, stripping whitespace, and filtering out empty strings roles = _clean_roles(request.GET.get('roles', '').split(',')) course_access_roles = _clean_roles( request.GET.get('course_access_roles', '').split(',')) redirect_when_done = _str2bool(request.GET.get('redirect', '')) or redirect_to login_when_done = 'no_login' not in request.GET restricted = settings.FEATURES.get('RESTRICT_AUTOMATIC_AUTH', True) if is_superuser and restricted: return HttpResponseForbidden(_('Superuser creation not allowed')) form = AccountCreationForm(data={ 'username': username, 'email': email, 'password': password, 'name': full_name, }, tos_required=False) # Attempt to create the account. # If successful, this will return a tuple containing # the new user object. try: user, profile, reg = do_create_account(form) except (AccountValidationError, ValidationError): if restricted: return HttpResponseForbidden( _('Account modification not allowed.')) # Attempt to retrieve the existing user. user = User.objects.get(username=username) user.email = email user.set_password(password) user.is_active = is_active user.save() profile = UserProfile.objects.get(user=user) reg = Registration.objects.get(user=user) except PermissionDenied: return HttpResponseForbidden(_('Account creation not allowed.')) user.is_staff = is_staff user.is_superuser = is_superuser user.save() if is_active: reg.activate() reg.save() if should_manually_verify: ManualVerification.objects.get_or_create(user=user, status="approved") # ensure parental consent threshold is met year = datetime.date.today().year age_limit = settings.PARENTAL_CONSENT_AGE_LIMIT profile.year_of_birth = (year - age_limit) - 1 profile.save() create_or_set_user_attribute_created_on_site(user, request.site) # Enroll the user in a course course_key = None if course_id: course_key = CourseLocator.from_string(course_id) CourseEnrollment.enroll(user, course_key, mode=enrollment_mode) # Apply the roles for role in roles: assign_role(course_key, user, role) for role in course_access_roles: CourseAccessRole.objects.update_or_create(user=user, course_id=course_key, org=course_key.org, role=role) # Log in as the user if login_when_done: user = authenticate_new_user(request, username, password) django_login(request, user) create_comments_service_user(user) if redirect_when_done: if redirect_to: # Redirect to page specified by the client redirect_url = redirect_to elif course_id: # Redirect to the course homepage (in LMS) or outline page (in Studio) try: redirect_url = reverse(course_home_url_name(course_key), kwargs={'course_id': course_id}) except NoReverseMatch: redirect_url = reverse('course_handler', kwargs={'course_key_string': course_id}) else: # Redirect to the learner dashboard (in LMS) or homepage (in Studio) try: redirect_url = reverse('dashboard') except NoReverseMatch: redirect_url = reverse('home') return redirect(redirect_url) else: response = JsonResponse({ 'created_status': 'Logged in' if login_when_done else 'Created', 'username': username, 'email': email, 'password': password, 'user_id': user.id, 'anonymous_id': anonymous_id_for_user(user, None), }) response.set_cookie('csrftoken', csrf(request)['csrf_token'], secure=request.is_secure()) return response