def setUp(self):
super(TestUserGet, self).setUp()
User.remove()
self.user_1 = AuthUserFactory()
self.auth = Auth(user=self.user_1)
self.project = ProjectFactory(creator=self.user_1)
self.project.add_unregistered_contributor(email="*****@*****.**", fullname="Weezy F. Baby", auth=self.auth)
self.user_3 = AuthUserFactory()
self.user_3.date_confirmed = None
self.user_3.save()
self.user_4 = AuthUserFactory()
def setUp(self):
super(TestUserGet, self).setUp()
User.remove()
self.user_1 = AuthUserFactory()
self.auth = Auth(user=self.user_1)
self.project = ProjectFactory(creator=self.user_1)
self.project.add_unregistered_contributor(email='*****@*****.**',
fullname='Weezy F. Baby',
auth=self.auth)
self.user_3 = AuthUserFactory()
self.user_3.date_confirmed = None
self.user_3.save()
self.user_4 = AuthUserFactory()
def form_valid(self, form):
osf_id = form.cleaned_data.get('osf_id')
osf_user = User.load(osf_id)
try:
osf_user.system_tags.append(PREREG_ADMIN_TAG)
except AttributeError:
raise Http404(('OSF user with id "{}" not found.'
' Please double check.').format(osf_id))
new_user = MyUser.objects.create_user(
email=form.cleaned_data.get('email'),
password=form.cleaned_data.get('password1')
)
new_user.first_name = form.cleaned_data.get('first_name')
new_user.last_name = form.cleaned_data.get('last_name')
new_user.osf_id = osf_id
for group in form.cleaned_data.get('group_perms'):
new_user.groups.add(group)
new_user.save()
reset_form = PasswordRecoveryForm(
data={'username_or_email': new_user.email}
)
if reset_form.is_valid():
send = Recover()
send.request = self.request
send.form_valid(reset_form)
messages.success(self.request, 'Registration successful!')
return super(RegisterUser, self).form_valid(form)
def serialize_simple_user(user_info):
user = User.load(user_info[0])
return {
'id': user._id,
'name': user.fullname,
'permission': reduce_permissions(user_info[1]) if user_info[1] else None,
}
def revoke_oauth_access(self, external_account, auth, save=True):
"""Revoke all access to an ``ExternalAccount``.
TODO: This should accept node and metadata params in the future, to
allow fine-grained revocation of grants. That's not yet been needed,
so it's not yet been implemented.
"""
for node in self.get_nodes_with_oauth_grants(external_account):
try:
addon_settings = node.get_addon(external_account.provider,
deleted=True)
except AttributeError:
# No associated addon settings despite oauth grant
pass
else:
addon_settings.deauthorize(auth=auth)
if User.find(Q('external_accounts', 'eq',
external_account._id)).count() == 1:
# Only this user is using the account, so revoke remote access as well.
self.revoke_remote_oauth_access(external_account)
for key in self.oauth_grants:
self.oauth_grants[key].pop(external_account._id, None)
if save:
self.save()
def remove_2_factor(request, guid):
user = User.load(guid)
try:
user.delete_addon('twofactor')
except AttributeError:
page_not_found(request)
return redirect(reverse_user(guid))
def form_valid(self, form):
osf_id = form.cleaned_data.get('osf_id')
osf_user = User.load(osf_id)
try:
osf_user.system_tags.append(PREREG_ADMIN_TAG)
except AttributeError:
raise Http404(('OSF user with id "{}" not found.'
' Please double check.').format(osf_id))
new_user = MyUser.objects.create_user(
email=form.cleaned_data.get('email'),
password=form.cleaned_data.get('password1'))
new_user.first_name = form.cleaned_data.get('first_name')
new_user.last_name = form.cleaned_data.get('last_name')
new_user.osf_id = osf_id
for group in form.cleaned_data.get('group_perms'):
new_user.groups.add(group)
new_user.save()
reset_form = PasswordRecoveryForm(
data={'username_or_email': new_user.email})
if reset_form.is_valid():
send = Recover()
send.request = self.request
send.form_valid(reset_form)
messages.success(self.request, 'Registration successful!')
return super(RegisterUser, self).form_valid(form)
def remove_2_factor(request, guid):
user = User.load(guid)
try:
user.delete_addon('twofactor')
except AttributeError:
page_not_found(request)
return redirect(reverse_user(guid))
def get_context_data(self, **kwargs):
user = User.load(self.kwargs.get('guid'))
try:
self.initial.setdefault('emails', [(r, r) for r in user.emails])
except AttributeError:
raise
kwargs.setdefault('guid', user.pk)
return super(ResetPasswordView, self).get_context_data(**kwargs)
def get_object(self, queryset=None):
customer_id = self.kwargs.get('user_id', None)
customer = User.load(customer_id)
email = customer.emails[0]
desk = DeskClient(self.request.user)
params = {'email': email}
customer = desk.find_customer(params)
return customer
def serialize_simple_user(user_info):
user = User.load(user_info[0])
return {
'id': user._id,
'name': user.fullname,
'permission':
reduce_permissions(user_info[1]) if user_info[1] else None,
}
def get_context_data(self, **kwargs):
user = User.load(self.kwargs.get('guid'))
try:
self.initial.setdefault('emails', [(r, r) for r in user.emails])
except AttributeError:
raise Http404('{} with id "{}" not found.'.format(
self.context_object_name.title(), self.kwargs.get('guid')))
kwargs.setdefault('guid', user.pk)
return super(ResetPasswordView, self).get_context_data(**kwargs)
def get_queryset(self):
customer_id = self.kwargs.get('user_id', None)
customer = User.load(customer_id)
email = customer.emails[0]
desk = DeskClient(self.request.user)
params = {
'email': email,
}
queryset = desk.cases(params)
return queryset
def get_context_data(self, **kwargs):
self.guid = self.kwargs.get('guid', None)
try:
user = User.load(self.guid)
except AttributeError:
raise
self.initial.setdefault('emails', [(r, r) for r in user.emails])
kwargs.setdefault('guid', self.guid)
kwargs.setdefault('form', self.get_form()) # TODO: 1.9 xx
return super(ResetPasswordView, self).get_context_data(**kwargs)
def get_context_data(self, **kwargs):
self.guid = self.kwargs.get('guid', None)
try:
user = User.load(self.guid)
except AttributeError:
raise
self.initial.setdefault('emails', [(r, r) for r in user.emails])
kwargs.setdefault('guid', self.guid)
kwargs.setdefault('form', self.get_form()) # TODO: 1.9 xx
return super(ResetPasswordView, self).get_context_data(**kwargs)
def get_active_user_count(time):
query = (
Q('date_registered', 'lt', time) &
Q('is_registered', 'eq', True) &
Q('password', 'ne', None) &
Q('merged_by', 'eq', None) &
Q('date_confirmed', 'ne', None) &
Q('date_disabled', ' eq', None)
)
return User.find(query).count()
def _validate_reports(value, *args, **kwargs):
for key, val in value.iteritems():
if not User.load(key):
raise ValidationValueError('Keys must be user IDs')
if not isinstance(val, dict):
raise ValidationTypeError('Values must be dictionaries')
if ('category' not in val or 'text' not in val or 'date' not in val or 'retracted' not in val):
raise ValidationValueError(
('Values must include `date`, `category`, ',
'`text`, `retracted` keys')
)
def _validate_reports(value, *args, **kwargs):
for key, val in value.iteritems():
if not User.load(key):
raise ValidationValueError('Keys must be user IDs')
if not isinstance(val, dict):
raise ValidationTypeError('Values must be dictionaries')
if ('category' not in val or 'text' not in val or 'date' not in val
or 'retracted' not in val):
raise ValidationValueError(
('Values must include `date`, `category`, ',
'`text`, `retracted` keys'))
def get_context_data(self, **kwargs):
user = User.load(self.kwargs.get('guid'))
try:
self.initial.setdefault('emails', [(r, r) for r in user.emails])
except AttributeError:
raise Http404(
'{} with id "{}" not found.'.format(
self.context_object_name.title(),
self.kwargs.get('guid')
))
kwargs.setdefault('guid', user.pk)
return super(ResetPasswordView, self).get_context_data(**kwargs)
def delete(self, request, *args, **kwargs):
user_ids = [
uid for uid in request.POST.keys() if uid != 'csrfmiddlewaretoken'
]
for uid in user_ids:
user = User.load(uid)
if 'spam_flagged' in user.system_tags:
user.system_tags.remove('spam_flagged')
user.system_tags.append('spam_confirmed')
user.save()
update_admin_log(user_id=self.request.user.id,
object_id=uid,
object_repr='User',
message='Confirmed SPAM: {}'.format(uid),
action_flag=CONFIRM_SPAM)
return redirect('users:flagged-spam')
def delete(self, request, *args, **kwargs):
user_ids = [
uid for uid in request.POST.keys()
if uid != 'csrfmiddlewaretoken'
]
for uid in user_ids:
user = User.load(uid)
if 'spam_flagged' in user.system_tags:
user.system_tags.remove('spam_flagged')
user.system_tags.append('spam_confirmed')
user.save()
update_admin_log(
user_id=self.request.user.id,
object_id=uid,
object_repr='User',
message='Confirmed SPAM: {}'.format(uid),
action_flag=CONFIRM_SPAM
)
return redirect('users:flagged-spam')
def serialize_comment(comment, full=False):
reports = serialize_reports(comment.reports)
author_abs_url = furl(OSF_DOMAIN)
author_abs_url.path.add(comment.user.url)
return {
'id': comment._id,
'author': User.load(comment.user._id),
'author_path': author_abs_url.url,
'date_created': comment.date_created,
'date_modified': comment.date_modified,
'content': comment.content,
'has_children': bool(getattr(comment, 'commented', [])),
'modified': comment.modified,
'is_deleted': comment.is_deleted,
'reports': reports,
'node': comment.node,
'category': reports[0]['category'],
}
def revoke_oauth_access(self, external_account, auth, save=True):
"""Revoke all access to an ``ExternalAccount``.
TODO: This should accept node and metadata params in the future, to
allow fine-grained revocation of grants. That's not yet been needed,
so it's not yet been implemented.
"""
for node in self.get_nodes_with_oauth_grants(external_account):
try:
node.get_addon(external_account.provider, deleted=True).deauthorize(auth=auth)
except AttributeError:
# No associated addon settings despite oauth grant
# Remove grant in `for` loop below
pass
if User.find(Q('external_accounts', 'eq', external_account._id)).count() == 1:
# Only this user is using the account, so revoke remote access as well.
self.revoke_remote_oauth_access(external_account)
for key in self.oauth_grants:
self.oauth_grants[key].pop(external_account._id, None)
if save:
self.save()
def serialize_comment(comment):
reports = [
serialize_report(user, report)
for user, report in comment.reports.iteritems()
]
author_abs_url = furl(OSF_DOMAIN)
author_abs_url.path.add(comment.user.url)
return {
'id': comment._id,
'author': User.load(comment.user._id),
'author_id': comment.user._id,
'author_path': author_abs_url.url,
'date_created': comment.date_created,
'date_modified': comment.date_modified,
'content': comment.content,
'has_children': bool(getattr(comment, 'commented', [])),
'modified': comment.modified,
'is_deleted': comment.is_deleted,
'spam_status': comment.spam_status,
'reports': reports,
'node': comment.node,
'category': reports[0]['category'],
}
def get_object(self, queryset=None):
return serialize_user(User.load(self.kwargs.get('guid')))
def find_user_by_family_name(family_name):
user_list = User.find(Q('family_name', 'eq', family_name))
return user_list[0] if user_list.count() == 1 else None
def get_unregistered_users():
query = (Q('is_registered', 'eq', False))
return User.find(query).count()
def get_active_user_count(time):
query = (Q('date_registered', 'lt', time) & Q('is_registered', 'eq', True)
& Q('password', 'ne', None) & Q('merged_by', 'eq', None)
& Q('date_confirmed', 'ne', None)
& Q('date_disabled', ' eq', None))
return User.find(query).count()
def serialize_report(user, report):
return {
'reporter': User.load(user),
'category': report.get('category', None),
'reason': report.get('text', None),
}
def find_user_by_family_name(family_name):
user_list = User.find(Q('family_name', 'eq', family_name))
return user_list[0] if user_list.count() == 1 else None
def reactivate_user(request, guid):
user = User.load(guid)
user.date_disabled = None
subscribe_on_confirm(user)
user.save()
return redirect(reverse_user(guid))
def get_object(self, queryset=None):
return serialize_user(User.load(self.kwargs.get('guid')))
def get_all_user_count(time):
query = Q('date_registered', 'lt', time)
return User.find(query).count()
def get_queryset(self):
query = (
Q('system_tags', 'eq', self.SPAM_TAG)
)
return User.find(query).sort(self.ordering)
def get_all_user_count(time):
query = Q('date_registered', 'lt', time)
return User.find(query).count()
def reactivate_user(request, guid):
user = User.load(guid)
user.date_disabled = None
subscribe_on_confirm(user)
user.save()
return redirect(reverse_user(guid))
def disable_user(request, guid):
user = User.load(guid)
user.disable_account()
user.save()
return redirect(reverse_user(guid))
def find_user_by_email(email):
user_list = User.find_by_email(email=email)
return user_list[0] if user_list else None
def get_object(self, queryset=None):
return User.load(self.kwargs.get('guid'))
def get_queryset(self):
query = (Q('system_tags', 'eq', self.SPAM_TAG))
return User.find(query).sort(self.ordering)
def disable_user(request, guid):
user = User.load(guid)
user.disable_account()
user.save()
return redirect(reverse_user(guid))
def find_user_by_email(email):
user_list = User.find_by_email(email=email)
return user_list[0] if user_list else None
def get_unregistered_users():
query = (
Q('is_registered', 'eq', False)
)
return User.find(query).count()
def get_object(self, queryset=None):
return User.load(self.kwargs.get('guid'))
