def post(self, request): """ POST /api/user/v1/accounts/retire_misc/ { 'username': '******' } Retires the user with the given username in the LMS. """ username = request.data['username'] try: retirement = UserRetirementStatus.get_retirement_for_retirement_action( username) RevisionPluginRevision.retire_user(retirement.user) ArticleRevision.retire_user(retirement.user) PendingNameChange.delete_by_user_value(retirement.user, field='user') PasswordHistory.retire_user(retirement.user.id) course_enrollments = CourseEnrollment.objects.filter( user=retirement.user) ManualEnrollmentAudit.retire_manual_enrollments( course_enrollments, retirement.retired_email) CreditRequest.retire_user(retirement) ApiAccessRequest.retire_user(retirement.user) CreditRequirementStatus.retire_user(retirement) # This signal allows code in higher points of LMS to retire the user as necessary USER_RETIRE_LMS_MISC.send(sender=self.__class__, user=retirement.user) # This signal allows code in higher points of LMS to unsubscribe the user # from various types of mailings. USER_RETIRE_MAILINGS.send(sender=self.__class__, email=retirement.original_email, new_email=retirement.retired_email, user=retirement.user) except UserRetirementStatus.DoesNotExist: return Response(status=status.HTTP_404_NOT_FOUND) except RetirementStateError as exc: return Response(text_type(exc), status=status.HTTP_400_BAD_REQUEST) except Exception as exc: # pylint: disable=broad-except return Response(text_type(exc), status=status.HTTP_500_INTERNAL_SERVER_ERROR) return Response(status=status.HTTP_204_NO_CONTENT)
def test_retirement(self): """ Verify that the user's password history contains no actual passwords after retirement is called. """ user = self._user_factory_with_history() # create multiple rows in the password history table self._change_password(user, "different") self._change_password(user, "differentagain") for row in PasswordHistory.objects.filter(user_id=user.id): self.assertFalse(row.password == "") PasswordHistory.retire_user(user.id) for row in PasswordHistory.objects.filter(user_id=user.id): self.assertEqual(row.password, "")
def post(self, request): """ POST /api/user/v1/accounts/retire_misc/ { 'username': '******' } Retires the user with the given username in the LMS. """ username = request.data['username'] try: retirement = UserRetirementStatus.get_retirement_for_retirement_action(username) RevisionPluginRevision.retire_user(retirement.user) ArticleRevision.retire_user(retirement.user) PendingNameChange.delete_by_user_value(retirement.user, field='user') PasswordHistory.retire_user(retirement.user.id) course_enrollments = CourseEnrollment.objects.filter(user=retirement.user) ManualEnrollmentAudit.retire_manual_enrollments(course_enrollments, retirement.retired_email) CreditRequest.retire_user(retirement.original_username, retirement.retired_username) ApiAccessRequest.retire_user(retirement.user) CreditRequirementStatus.retire_user(retirement.user.username) # This signal allows code in higher points of LMS to retire the user as necessary USER_RETIRE_LMS_MISC.send(sender=self.__class__, user=retirement.user) # This signal allows code in higher points of LMS to unsubscribe the user # from various types of mailings. USER_RETIRE_MAILINGS.send( sender=self.__class__, email=retirement.original_email, new_email=retirement.retired_email, user=retirement.user ) except UserRetirementStatus.DoesNotExist: return Response(status=status.HTTP_404_NOT_FOUND) except RetirementStateError as exc: return Response(text_type(exc), status=status.HTTP_400_BAD_REQUEST) except Exception as exc: # pylint: disable=broad-except return Response(text_type(exc), status=status.HTTP_500_INTERNAL_SERVER_ERROR) return Response(status=status.HTTP_204_NO_CONTENT)
def post(self, request): """ POST /api/user/v1/accounts/retire_misc/ { 'username': '******' } Retires the user with the given username in the LMS. """ username = request.data['username'] if is_username_retired(username): return Response(status=status.HTTP_404_NOT_FOUND) try: retirement = UserRetirementStatus.get_retirement_for_retirement_action( username) RevisionPluginRevision.retire_user(retirement.user) ArticleRevision.retire_user(retirement.user) PendingNameChange.delete_by_user_value(retirement.user, field='user') PasswordHistory.retire_user(retirement.user.id) course_enrollments = CourseEnrollment.objects.filter( user=retirement.user) ManualEnrollmentAudit.retire_manual_enrollments( course_enrollments, retirement.retired_email) CreditRequest.retire_user(retirement.original_username, retirement.retired_username) ApiAccessRequest.retire_user(retirement.user) CreditRequirementStatus.retire_user(retirement.user.username) SurveyAnswer.retire_user(retirement.user.id) except UserRetirementStatus.DoesNotExist: return Response(status=status.HTTP_404_NOT_FOUND) except RetirementStateError as exc: return Response(text_type(exc), status=status.HTTP_400_BAD_REQUEST) except Exception as exc: # pylint: disable=broad-except return Response(text_type(exc), status=status.HTTP_500_INTERNAL_SERVER_ERROR) return Response(status=status.HTTP_204_NO_CONTENT)
def test_retirement(self): """ Verify that the user's password history contains no actual passwords after retirement is called. """ user = self._user_factory_with_history() # create multiple rows in the password history table self._change_password(user, "different") self._change_password(user, "differentagain") # ensure the rows were actually created and stored the passwords self.assertTrue(PasswordHistory.objects.filter(user_id=user.id).exists()) for row in PasswordHistory.objects.filter(user_id=user.id): self.assertFalse(row.password == "") # retire the user and ensure that the rows are still present, but with no passwords PasswordHistory.retire_user(user.id) self.assertTrue(PasswordHistory.objects.filter(user_id=user.id).exists()) for row in PasswordHistory.objects.filter(user_id=user.id): self.assertEqual(row.password, "")
def test_retirement(self): """ Verify that the user's password history contains no actual passwords after retirement is called. """ user = self._user_factory_with_history() # create multiple rows in the password history table self._change_password(user, "different") self._change_password(user, "differentagain") # ensure the rows were actually created and stored the passwords self.assertTrue( PasswordHistory.objects.filter(user_id=user.id).exists()) for row in PasswordHistory.objects.filter(user_id=user.id): self.assertFalse(row.password == "") # retire the user and ensure that the rows are still present, but with no passwords PasswordHistory.retire_user(user.id) self.assertTrue( PasswordHistory.objects.filter(user_id=user.id).exists()) for row in PasswordHistory.objects.filter(user_id=user.id): self.assertEqual(row.password, "")