Exemplo n.º 1
0
def unlink_enterprise_user_from_idp(request, user, idp_backend_name):
    """
    Un-links learner from their enterprise identity provider
    Args:
        request (wsgi request): request object
        user (User): user who initiated disconnect request
        idp_backend_name (str): Name of identity provider's backend

    Returns: None

    """
    enterprise_customer = enterprise_customer_for_request(request)
    if user and enterprise_customer:
        enabled_providers = Registry.get_enabled_by_backend_name(
            idp_backend_name)
        provider_ids = [
            enabled_provider.provider_id
            for enabled_provider in enabled_providers
        ]
        enterprise_customer_idps = EnterpriseCustomerIdentityProvider.objects.filter(
            enterprise_customer__uuid=enterprise_customer['uuid'],
            provider_id__in=provider_ids)

        if enterprise_customer_idps:
            try:
                # Unlink user email from each Enterprise Customer.
                for enterprise_customer_idp in enterprise_customer_idps:
                    EnterpriseCustomerUser.objects.unlink_user(
                        enterprise_customer=enterprise_customer_idp.
                        enterprise_customer,
                        user_email=user.email)
            except (EnterpriseCustomerUser.DoesNotExist,
                    PendingEnterpriseCustomerUser.DoesNotExist):
                pass
Exemplo n.º 2
0
    def get_queryset(self):
        provider_id = self.kwargs.get('provider_id')

        # provider existence checking
        self.provider = Registry.get(provider_id)
        if not self.provider:
            raise Http404

        query_set = filter_user_social_auth_queryset_by_provider(
            UserSocialAuth.objects.select_related('user'),
            self.provider,
        )
        query = Q()

        usernames = self.request.query_params.getlist('username', None)
        remote_ids = self.request.query_params.getlist('remote_id', None)

        if usernames:
            usernames = ','.join(usernames)
            usernames = set(usernames.split(',')) if usernames else set()
            if usernames:
                query = query | Q(user__username__in=usernames)

        if remote_ids:
            remote_ids = ','.join(remote_ids)
            remote_ids = set(remote_ids.split(',')) if remote_ids else set()
            if remote_ids:
                query = query | Q(uid__in=[
                    self.provider.get_social_auth_uid(remote_id)
                    for remote_id in remote_ids
                ])

        return query_set.filter(query)
Exemplo n.º 3
0
def enterprise_customer_uuid_for_request(request):
    """
    Check all the context clues of the request to gather a particular EnterpriseCustomer's UUID.
    """
    sso_provider_id = request.GET.get('tpa_hint')
    running_pipeline = get_partial_pipeline(request)
    if running_pipeline:
        # Determine if the user is in the middle of a third-party auth pipeline,
        # and set the sso_provider_id parameter to match if so.
        sso_provider_id = Registry.get_from_pipeline(
            running_pipeline).provider_id

    if sso_provider_id:
        # If we have a third-party auth provider, get the linked enterprise customer.
        try:
            # FIXME: Implement an Enterprise API endpoint where we can get the EC
            # directly via the linked SSO provider
            # Check if there's an Enterprise Customer such that the linked SSO provider
            # has an ID equal to the ID we got from the running pipeline or from the
            # request tpa_hint URL parameter.
            enterprise_customer_uuid = EnterpriseCustomer.objects.get(
                enterprise_customer_identity_providers__provider_id=
                sso_provider_id).uuid
        except EnterpriseCustomer.DoesNotExist:
            LOGGER.info(
                '[ENTERPRISE DSC] Customer not found using SSO Provider ID. User: [%s], SSOProviderID: [%s]',
                request.user.username, sso_provider_id)
            enterprise_customer_uuid = None
    else:
        enterprise_customer_uuid = _customer_uuid_from_query_param_cookies_or_session(
            request)

    if enterprise_customer_uuid is _CACHE_MISS or enterprise_customer_uuid is None:
        if not request.user.is_authenticated:
            return None

        # If there's no way to get an Enterprise UUID for the request, check to see
        # if there's already an Enterprise attached to the requesting user on the backend.
        enterprise_customer = None
        learner_data = get_enterprise_learner_data_from_db(request.user)
        if learner_data:
            enterprise_customer = learner_data[0]['enterprise_customer']
            enterprise_customer_uuid = enterprise_customer['uuid']
            cache_enterprise(enterprise_customer)
        else:
            enterprise_customer_uuid = None

        # Now that we've asked the database for this users's enterprise customer data,
        # add it to their session (even if it's null/empty, which indicates the user
        # has no associated enterprise customer).
        LOGGER.info(
            '[ENTERPRISE DSC] Updating Session. User: [%s], UserAuthenticated: [%s], EnterpriseCustomer: [%s]',
            request.user.username, request.user.is_authenticated,
            enterprise_customer)
        add_enterprise_customer_to_session(request, enterprise_customer)

    return enterprise_customer_uuid
Exemplo n.º 4
0
    def handle(self, *args, **options):
        provider_slug = options.get('provider_slug', None)

        try:
            provider = Registry.get(provider_slug)
        except ValueError as e:  # lint-amnesty, pylint: disable=unused-variable
            raise CommandError(f'provider slug {provider_slug} does not exist')  # lint-amnesty, pylint: disable=raise-missing-from

        query_set = UserSocialAuth.objects.select_related('user__profile')
        query_set = filter_user_social_auth_queryset_by_provider(
            query_set, provider)
        query_set = self.filter_user_social_auth_queryset_by_ssoverification_existence(
            query_set)
        for user_social_auth in query_set:
            verification = SSOVerification.objects.create(
                user=user_social_auth.user,
                status="approved",
                name=user_social_auth.user.profile.name,
                identity_provider_type=provider.full_class_name,
                identity_provider_slug=provider.slug,
            )
            # Send a signal so users who have already passed their courses receive credit
            verification.send_approval_signal(provider.slug)