def obj_create(self, bundle, request=None, **kwargs): try: bundle.obj = CommCareUser.create( domain=kwargs['domain'], username=bundle.data['username'].lower(), password=bundle.data['password'], created_by=bundle.request.user, created_via=USER_CHANGE_VIA_API, email=bundle.data.get('email', '').lower(), ) del bundle.data['password'] self._update(bundle) bundle.obj.save() except Exception: if bundle.obj._id: bundle.obj.retire(deleted_by=request.user, deleted_via=USER_CHANGE_VIA_API) try: django_user = bundle.obj.get_django_user() except User.DoesNotExist: pass else: django_user.delete() log_model_change(request.user, django_user, message=f"deleted_via: {USER_CHANGE_VIA_API}", action=ModelAction.DELETE) return bundle
def form_valid(self, form): from django_otp import devices_for_user username = form.cleaned_data['username'] user = User.objects.get(username__iexact=username) for device in devices_for_user(user): device.delete() disable_for_days = form.cleaned_data['disable_for_days'] if disable_for_days: couch_user = CouchUser.from_django_user(user) disable_until = datetime.utcnow() + timedelta( days=disable_for_days) couch_user.two_factor_auth_disabled_until = disable_until couch_user.save() verification = form.cleaned_data['verification_mode'] verified_by = form.cleaned_data['via_who'] or self.request.user.username log_model_change( self.request.user, user, f'Two factor disabled. Verified by: {verified_by}, verification mode: "{verification}"' ) mail_admins( "Two-Factor account reset", "Two-Factor auth was reset. Details: \n" " Account reset: {username}\n" " Reset by: {reset_by}\n" " Request Verificatoin Mode: {verification}\n" " Verified by: {verified_by}\n" " Two-Factor disabled for {days} days.".format( username=username, reset_by=self.request.user.username, verification=verification, verified_by=verified_by, days=disable_for_days), ) send_HTML_email( "%sTwo-Factor authentication reset" % settings.EMAIL_SUBJECT_PREFIX, username, render_to_string( 'hqadmin/email/two_factor_reset_email.html', context={ 'until': disable_until.strftime('%Y-%m-%d %H:%M:%S UTC') if disable_for_days else None, 'support_email': settings.SUPPORT_EMAIL, 'email_subject': "[URGENT] Possible Account Breach", 'email_body': "Two Factor Auth on my CommCare account " "was disabled without my request. My username is: %s" % username, }), ) messages.success(self.request, _('Two-Factor Auth successfully disabled.')) return redirect('{}?q={}'.format(reverse('web_user_lookup'), username))
def post(self, request, *args, **kwargs): can_toggle_is_staff = request.user.is_staff form = SuperuserManagementForm(can_toggle_is_staff, self.request.POST) if form.is_valid(): users = form.cleaned_data['users'] is_superuser = '******' in form.cleaned_data['privileges'] is_staff = 'is_staff' in form.cleaned_data['privileges'] changed_fields = [] for user in users: # save user object only if needed and just once if user.is_superuser is not is_superuser: user.is_superuser = is_superuser changed_fields.append('is_superuser') if can_toggle_is_staff and user.is_staff is not is_staff: user.is_staff = is_staff changed_fields.append('is_staff') if changed_fields: user.save() log_model_change(self.request.user, user, fields_changed=changed_fields) messages.success(request, _("Successfully updated superuser permissions")) return self.get(request, *args, **kwargs)
def log_user_role_update(domain, user, by_user, updated_via): """ :param domain: domain name :param user: couch user that got updated :param by_user: django/couch user that made the update :param updated_via: web/bulk_importer """ user_role = user.get_role(domain) message = "role: None" if user_role: if user_role.get_qualified_id() == 'admin': message = f"role: {user_role.name}" else: message = f"role: {user_role.name}[{user_role.get_id}]" message += f", updated_via: {updated_via}" log_model_change(by_user, user.get_django_user(), message=message)
def form_valid(self, form): if not self.user: return self.redirect_response(self.request) reset_password = form.cleaned_data['reset_password'] if reset_password: self.user.set_password(uuid.uuid4().hex) # toggle active state self.user.is_active = not self.user.is_active self.user.save() verb = 're-enabled' if self.user.is_active else 'disabled' reason = form.cleaned_data['reason'] log_model_change(self.request.user, self.user, f'User {verb}. Reason: "{reason}"') mail_admins( "User account {}".format(verb), "The following user account has been {verb}: \n" " Account: {username}\n" " Reset by: {reset_by}\n" " Password reset: {password_reset}\n" " Reason: {reason}".format( verb=verb, username=self.username, reset_by=self.request.user.username, password_reset=str(reset_password), reason=reason, )) send_HTML_email( "%sYour account has been %s" % (settings.EMAIL_SUBJECT_PREFIX, verb), self.username, render_to_string('hqadmin/email/account_disabled_email.html', context={ 'support_email': settings.SUPPORT_EMAIL, 'password_reset': reset_password, 'user': self.user, 'verb': verb, 'reason': form.cleaned_data['reason'], }), ) messages.success(self.request, _('Account successfully %(verb)s.' % {'verb': verb})) return redirect('{}?q={}'.format(reverse('web_user_lookup'), self.username))