def test_change_password(self):
self.assertNotEqual(self.user.password, '')
self.assertEqual(self.user.get_changes('ldap'), {})
u = Users()
self.assertTrue('password' not in u.get_changes())
self.assertTrue('created' in u.get_changes())
u_values = u.get_changes('ldap').keys()
self.assertTrue(all(k in u.ldap_only_fields.keys() for k in u_values))
current_password = self.ldap_val('userPassword', self.user)
current_google_password = self.ldap_val('googlePassword', self.user)
current_samba_password = self.ldap_val('sambaNTPassword', self.user)
self.user.shadow_last_change = (now() - datetime.timedelta(days=5) - EPOCH).days
self.user.save()
shadow_last_change = copy.deepcopy(self.user.shadow_last_change)
password = random_ldap_password()
self.user.set_ldap_password(password)
self.assertEqual(self.user.get_changes('ldap'), {})
self.assertNotEqual(self.ldap_val('userPassword', self.user), current_password)
self.assertNotEqual(self.ldap_val('googlePassword', self.user), current_google_password)
self.assertNotEqual(self.ldap_val('sambaNTPassword', self.user), current_samba_password)
self.assertNotEqual(self.user.password, '')
self.assertNotEqual(self.user.shadow_last_change, shadow_last_change)
def test_change_password(self):
self.assertNotEqual(self.user.password, '')
self.assertEqual(self.user.get_changes('ldap'), {})
u = Users()
self.assertTrue('password' not in u.get_changes())
self.assertTrue('created' in u.get_changes())
u_values = u.get_changes('ldap').keys()
self.assertTrue(all(k in u.ldap_only_fields.keys() for k in u_values))
current_password = self.ldap_val('userPassword', self.user)
current_google_password = self.ldap_val('googlePassword', self.user)
current_samba_password = self.ldap_val('sambaNTPassword', self.user)
self.user.shadow_last_change = (now() - datetime.timedelta(days=5) -
EPOCH).days
self.user.save()
shadow_last_change = copy.deepcopy(self.user.shadow_last_change)
password = random_ldap_password()
self.user.set_ldap_password(password)
self.assertEqual(self.user.get_changes('ldap'), {})
self.assertNotEqual(self.ldap_val('userPassword', self.user),
current_password)
self.assertNotEqual(self.ldap_val('googlePassword', self.user),
current_google_password)
self.assertNotEqual(self.ldap_val('sambaNTPassword', self.user),
current_samba_password)
self.assertNotEqual(self.user.password, '')
self.assertNotEqual(self.user.shadow_last_change, shadow_last_change)
def set_disabled(self):
g,_ = Groups.objects.get_or_create(name=settings.DELETED_GROUP)
g.users.remove(self)
g,_ = Groups.objects.get_or_create(name=settings.DISABLED_GROUP)
g.users.add(self)
self.set_ldap_password(random_ldap_password())
self.expire_password()
self.save()
def set_disabled(self):
g, _ = Groups.objects.get_or_create(name=settings.DELETED_GROUP)
g.users.remove(self)
g, _ = Groups.objects.get_or_create(name=settings.DISABLED_GROUP)
g.users.add(self)
self.set_ldap_password(random_ldap_password())
self.expire_password()
self.save()
def test_badge_crop_permissions(self):
"""
Users can only change their own photo crop. Sudoers can chage others'.
"""
# upload a portrait first, to be able to crop it for the badge
with open('%s/fum/users/sample/futucare.png' %
settings.PROJECT_ROOT) as fp:
portrait = 'data:image/png;base64,' + base64.b64encode(fp.read())
response = self.client.post("/api/users/%s/portrait/" %
self.user.username,
data={
"portrait": portrait,
"left": 444,
"top": 0,
"right": 570,
"bottom": 189,
})
rs = json.loads(json.loads(response.content))
self.assertTrue(rs['full'])
# end portrait upload: copied from test_upload_portrait()
def get_url(user=None):
user = user or self.user
return reverse('users-badgecrop', args=[user.username])
url = get_url()
payload = {'top': 0, 'left': 0, 'right': 20, 'bottom': 20}
resp = self.client.post(url, payload, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
pw = random_ldap_password()
other_dj_user, other_user = self.create_user('test_perm_user',
password=pw)
self.assertTrue(
self.client.login(username=other_user.username, password=pw))
# normal users can't change other users' badge crop
resp = self.client.post(url, payload, format='json')
self.assertEqual(resp.status_code, status.HTTP_403_FORBIDDEN)
# superusers can change others' badge crop
# add to TeamIT
g = self.save_safe(Groups,
kw=dict(name=settings.IT_TEAM),
lookup=dict(name=settings.IT_TEAM))
try:
g.users.add(other_user)
except ldap.TYPE_OR_VALUE_EXISTS, e: # live LDAP not cleaned
pass
def changepassword(self, request, username=None):
user = self.get_object()
if not user.is_sudo_user(request):
return Response({}, status=403)
password = random_ldap_password()
user.set_ldap_password(password)
sms = SMS()
message = "Your new {0} password: {1}".format(settings.COMPANY_NAME, password)
response = sms.send(user.phone1 or user.phone2, message)
if response.status_code in [200,201,202]:
return Response('Password generated and sent', status=200)
else:
return Response('Password generated, but SMS failed', status=200)
def changepassword(self, request, username=None):
user = self.get_object()
if not user.is_sudo_user(request):
return Response({}, status=403)
password = random_ldap_password()
user.set_ldap_password(password)
sms = SMS()
message = "Your new {0} password: {1}".format(settings.COMPANY_NAME,
password)
response = sms.send(user.phone1 or user.phone2, message)
if response.status_code in [200, 201, 202]:
return Response('Password generated and sent', status=200)
else:
return Response('Password generated, but SMS failed', status=200)
def test_badge_crop_permissions(self):
"""
Users can only change their own photo crop. Sudoers can chage others'.
"""
# upload a portrait first, to be able to crop it for the badge
with open('%s/fum/users/sample/futucare.png'%settings.PROJECT_ROOT) as fp:
portrait = 'data:image/png;base64,'+base64.b64encode(fp.read())
response = self.client.post("/api/users/%s/portrait/"%self.user.username, data={
"portrait":portrait,
"left":444,
"top":0,
"right":570,
"bottom":189,
})
rs = json.loads(json.loads(response.content))
self.assertTrue(rs['full'])
# end portrait upload: copied from test_upload_portrait()
def get_url(user=None):
user = user or self.user
return reverse('users-badgecrop', args=[user.username])
url = get_url()
payload = {'top': 0, 'left': 0, 'right': 20, 'bottom': 20}
resp = self.client.post(url, payload, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
pw = random_ldap_password()
other_dj_user, other_user = self.create_user('test_perm_user',
password=pw)
self.assertTrue(self.client.login(username=other_user.username,
password=pw))
# normal users can't change other users' badge crop
resp = self.client.post(url, payload, format='json')
self.assertEqual(resp.status_code, status.HTTP_403_FORBIDDEN)
# superusers can change others' badge crop
# add to TeamIT
g = self.save_safe(Groups,
kw=dict(name=settings.IT_TEAM),
lookup=dict(name=settings.IT_TEAM))
try:
g.users.add(other_user)
except ldap.TYPE_OR_VALUE_EXISTS, e: # live LDAP not cleaned
pass
def set_deleted(self):
for g in self.fum_groups.all():
g.users.remove(self)
for g in self.fum_projects.all():
g.users.remove(self)
for g in self.fum_servers.all():
g.sudoers.remove(self)
g.users.remove(self)
g,_ = Groups.objects.get_or_create(name=settings.DELETED_GROUP)
g.users.add(self)
self.set_ldap_password(random_ldap_password())
self.google_status = self.DELETED
self.expire_password()
self.save()
def set_deleted(self):
for g in self.fum_groups.all():
g.users.remove(self)
for g in self.fum_projects.all():
g.users.remove(self)
for g in self.fum_servers.all():
g.sudoers.remove(self)
g.users.remove(self)
g, _ = Groups.objects.get_or_create(name=settings.DELETED_GROUP)
g.users.add(self)
self.set_ldap_password(random_ldap_password())
self.google_status = self.DELETED
self.expire_password()
self.save()
def handle(self, *args, **options):
self.emailed = []
dry = options['dry']
force = options['force']
command = ''
if dry:
log.info("Dry-run. I'm not really sending any emails.")
dtnow = now()
if 'password' in args:
log.info("Reminding users of expiring passwords.")
command = 'password'
if 'password' not in args and 'suspend' not in args:
log.info(
'Use "password" and/or "suspend" as keywords to specify what to remind of. e.g. ... remind password'
)
return
LOG_DIR = u'%s/logs/' % settings.DEPLOYMENT_ROOT
LOG_FILE = u'%sremind_lastrun_%s' % (LOG_DIR, command)
if not os.path.exists(LOG_DIR):
os.makedirs(LOG_DIR)
try:
with open(LOG_FILE, 'r') as f:
text = f.read()
filedate = datetime.strptime(text, "%Y-%m-%d").date()
if not force and dtnow.date() == filedate:
log.info(
'Reminders have already been sent today. Use --force to send again.'
)
return
except ValueError:
log.info(
'No "lastrun" file with valid datetime found. Assuming first run.'
)
except IOError:
log.info('No "lastrun" file found. Assuming first run.')
log.info("Started...")
for user in Users.objects.all():
if user.google_status == user.ACTIVEPERSON:
if 'password' in args:
body = get_template('emails/password_reminder.txt')
days_left = (user.password_expires_date - dtnow).days
subject = "%s password will expire in %d day%s." % (
settings.COMPANY_NAME, days_left,
"s" if days_left != 1 else "")
if days_left < 0:
user.set_ldap_password(random_ldap_password())
user.expire_password()
user.save()
self.send(
user, "%s password has expired." %
(settings.COMPANY_NAME),
get_template('emails/password_expired.txt'), dry)
elif days_left <= 7:
self.send(user, subject, body, dry)
elif days_left == 14:
self.send(user, subject, body, dry)
elif days_left == 30:
self.send(user, subject, body, dry)
with open(LOG_FILE, 'w') as f:
text = dtnow.date().strftime("%Y-%m-%d")
f.write(text)
os.chmod(LOG_FILE, 0777)
log.info("Done!")
def handle(self, *args, **options):
self.emailed = []
dry = options['dry']
force = options['force']
command = ''
if dry:
log.info("Dry-run. I'm not really sending any emails.")
dtnow = now()
if 'password' in args:
log.info("Reminding users of expiring passwords.")
command = 'password'
if 'password' not in args and 'suspend' not in args:
log.info('Use "password" and/or "suspend" as keywords to specify what to remind of. e.g. ... remind password')
return
LOG_DIR = u'%s/logs/'%settings.DEPLOYMENT_ROOT
LOG_FILE = u'%sremind_lastrun_%s'%(LOG_DIR, command)
if not os.path.exists(LOG_DIR):
os.makedirs(LOG_DIR)
try:
with open(LOG_FILE, 'r') as f:
text = f.read()
filedate = datetime.strptime(text, "%Y-%m-%d").date()
if not force and dtnow.date() == filedate:
log.info('Reminders have already been sent today. Use --force to send again.')
return
except ValueError:
log.info('No "lastrun" file with valid datetime found. Assuming first run.')
except IOError:
log.info('No "lastrun" file found. Assuming first run.')
log.info("Started...")
for user in Users.objects.all():
if user.google_status == user.ACTIVEPERSON:
if 'password' in args:
body = get_template('emails/password_reminder.txt')
days_left = (user.password_expires_date - dtnow).days
subject = "%s password will expire in %d day%s."%(settings.COMPANY_NAME, days_left, "s" if days_left!=1 else "")
if days_left < 0:
user.set_ldap_password(random_ldap_password())
user.expire_password()
user.save()
self.send(user, "%s password has expired."%(settings.COMPANY_NAME), get_template('emails/password_expired.txt'), dry)
elif days_left <= 7:
self.send(user, subject, body, dry)
elif days_left == 14:
self.send(user, subject, body, dry)
elif days_left == 30:
self.send(user, subject, body, dry)
with open(LOG_FILE, 'w') as f:
text = dtnow.date().strftime("%Y-%m-%d")
f.write(text)
os.chmod(LOG_FILE, 0777)
log.info("Done!")