def post(self, request, username_or_email):
"""Allows support staff to disable a user's account."""
user = get_user_model().objects.get(
Q(username=username_or_email) | Q(email=username_or_email))
comment = request.data.get("comment")
if user.has_usable_password():
user.set_unusable_password()
UserPasswordToggleHistory.objects.create(user=user,
comment=comment,
created_by=request.user,
disabled=True)
retire_dot_oauth2_models(request.user)
else:
user.set_password(generate_password(length=25))
UserPasswordToggleHistory.objects.create(user=user,
comment=comment,
created_by=request.user,
disabled=False)
user.save()
if user.has_usable_password():
password_status = _('Usable')
msg = _('User Enabled Successfully')
else:
password_status = _('Unusable')
msg = _('User Disabled Successfully')
return JsonResponse({'success_msg': msg, 'status': password_status})
def post(self, request):
"""
POST /api/user/v1/accounts/deactivate_logout/
Marks the user as having no password set for deactivation purposes,
and logs the user out.
"""
user_model = get_user_model()
try:
# Get the username from the request and check that it exists
verify_user_password_response = self._verify_user_password(request)
if verify_user_password_response.status_code != status.HTTP_204_NO_CONTENT:
return verify_user_password_response
with transaction.atomic():
UserRetirementStatus.create_retirement(request.user)
# Unlink LMS social auth accounts
UserSocialAuth.objects.filter(user_id=request.user.id).delete()
# Change LMS password & email
user_email = request.user.email
request.user.email = get_retired_email_by_email(request.user.email)
request.user.save()
_set_unusable_password(request.user)
# TODO: Unlink social accounts & change password on each IDA.
# Remove the activation keys sent by email to the user for account activation.
Registration.objects.filter(user=request.user).delete()
# Add user to retirement queue.
# Delete OAuth tokens associated with the user.
retire_dop_oauth2_models(request.user)
retire_dot_oauth2_models(request.user)
try:
# Send notification email to user
site = Site.objects.get_current()
notification_context = get_base_template_context(site)
notification_context.update({'full_name': request.user.profile.name})
notification = DeletionNotificationMessage().personalize(
recipient=Recipient(username='', email_address=user_email),
language=request.user.profile.language,
user_context=notification_context,
)
ace.send(notification)
except Exception as exc:
log.exception('Error sending out deletion notification email')
raise
# Log the user out.
logout(request)
return Response(status=status.HTTP_204_NO_CONTENT)
except KeyError:
return Response(u'Username not specified.', status=status.HTTP_404_NOT_FOUND)
except user_model.DoesNotExist:
return Response(
u'The user "{}" does not exist.'.format(request.user.username), status=status.HTTP_404_NOT_FOUND
)
except Exception as exc: # pylint: disable=broad-except
return Response(text_type(exc), status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def deactivate_user(user):
"""
Deactivate and retire the given user
"""
user_model = get_user_model()
try:
with transaction.atomic():
UserRetirementStatus.create_retirement(user)
# Unlink LMS social auth accounts
UserSocialAuth.objects.filter(user_id=user.id).delete()
# Change LMS password & email
user_email = user.email
user.email = get_retired_email_by_email(user.email)
user.save()
_set_unusable_password(user)
# TODO: Unlink social accounts & change password on each IDA.
# Remove the activation keys sent by email to the user for account activation.
Registration.objects.filter(user=user).delete()
# Add user to retirement queue.
# Delete OAuth tokens associated with the user.
retire_dop_oauth2_models(user)
retire_dot_oauth2_models(user)
try:
# Send notification email to user
site = Site.objects.get_current()
notification_context = get_base_template_context(site)
notification_context.update({'full_name': user.profile.name})
notification_context.update({
'reset_password_link':
urlparse.urljoin(
settings.PROGS_URLS.get("ROOT"),
settings.PROGS_URLS.get("PROG_RESET_PASSWORD",
"reset_password"))
})
notification = DeletionNotificationMessage().personalize(
recipient=Recipient(username='', email_address=user_email),
language=user.profile.language,
user_context=notification_context,
)
ace.send(notification)
except Exception as exc:
log.exception('Error sending out deletion notification email')
raise
return Response(status=status.HTTP_204_NO_CONTENT)
except KeyError:
return Response(u'Username not specified.',
status=status.HTTP_404_NOT_FOUND)
except user_model.DoesNotExist:
return Response(u'The user "{}" does not exist.'.format(user.username),
status=status.HTTP_404_NOT_FOUND)
except Exception as exc: # pylint: disable=broad-except
return Response(text_type(exc),
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def handle(self, *args, **options):
"""
Execute the command.
"""
username = options['username']
user_email = options['user_email']
try:
user = User.objects.get(username=username, email=user_email)
except:
error_message = (
'Could not find a user with specified username and email '
'address. Make sure you have everything correct before '
'trying again')
logger.error(error_message)
raise CommandError(error_message) # lint-amnesty, pylint: disable=raise-missing-from
user_model = get_user_model()
try:
with transaction.atomic():
# Add user to retirement queue.
UserRetirementStatus.create_retirement(user)
# Unlink LMS social auth accounts
UserSocialAuth.objects.filter(user_id=user.id).delete()
# Change LMS password & email
user.email = get_retired_email_by_email(user.email)
user.set_unusable_password()
user.save()
# TODO: Unlink social accounts & change password on each IDA.
# Remove the activation keys sent by email to the user for account activation.
Registration.objects.filter(user=user).delete()
# Delete OAuth tokens associated with the user.
retire_dot_oauth2_models(user)
AccountRecovery.retire_recovery_email(user.id)
except KeyError:
error_message = 'Username not specified {}'.format(user)
logger.error(error_message)
raise CommandError(error_message) # lint-amnesty, pylint: disable=raise-missing-from
except user_model.DoesNotExist:
error_message = 'The user "{}" does not exist.'.format(
user.username)
logger.error(error_message)
raise CommandError(error_message) # lint-amnesty, pylint: disable=raise-missing-from
except Exception as exc: # pylint: disable=broad-except
error_message = '500 error deactivating account {}'.format(exc)
logger.error(error_message)
raise CommandError(error_message) # lint-amnesty, pylint: disable=raise-missing-from
logger.info("User succesfully moved to the retirment pipeline")
def post(self, request):
"""
POST /api/user/v1/accounts/deactivate_logout/
Marks the user as having no password set for deactivation purposes,
and logs the user out.
"""
user_model = get_user_model()
try:
# Get the username from the request and check that it exists
verify_user_password_response = self._verify_user_password(request)
if verify_user_password_response.status_code != status.HTTP_204_NO_CONTENT:
return verify_user_password_response
with transaction.atomic():
UserRetirementStatus.create_retirement(request.user)
# Unlink LMS social auth accounts
UserSocialAuth.objects.filter(user_id=request.user.id).delete()
# Change LMS password & email
request.user.email = get_retired_email_by_email(
request.user.email)
request.user.save()
_set_unusable_password(request.user)
# TODO: Unlink social accounts & change password on each IDA.
# Remove the activation keys sent by email to the user for account activation.
Registration.objects.filter(user=request.user).delete()
# Add user to retirement queue.
# Delete OAuth tokens associated with the user.
retire_dop_oauth2_models(request.user)
retire_dot_oauth2_models(request.user)
# Log the user out.
logout(request)
return Response(status=status.HTTP_204_NO_CONTENT)
except KeyError:
return Response(u'Username not specified.',
status=status.HTTP_404_NOT_FOUND)
except user_model.DoesNotExist:
return Response(u'The user "{}" does not exist.'.format(
request.user.username),
status=status.HTTP_404_NOT_FOUND)
except Exception as exc: # pylint: disable=broad-except
return Response(text_type(exc),
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def post(self, request):
"""
POST /api/user/v1/accounts/deactivate_logout/
Marks the user as having no password set for deactivation purposes,
and logs the user out.
"""
user_model = get_user_model()
try:
# Get the username from the request and check that it exists
verify_user_password_response = self._verify_user_password(request)
if verify_user_password_response.status_code != status.HTTP_204_NO_CONTENT:
return verify_user_password_response
with transaction.atomic():
UserRetirementStatus.create_retirement(request.user)
# Unlink LMS social auth accounts
UserSocialAuth.objects.filter(user_id=request.user.id).delete()
# Change LMS password & email
request.user.email = get_retired_email_by_email(request.user.email)
request.user.save()
_set_unusable_password(request.user)
# TODO: Unlink social accounts & change password on each IDA.
# Remove the activation keys sent by email to the user for account activation.
Registration.objects.filter(user=request.user).delete()
# Add user to retirement queue.
# Delete OAuth tokens associated with the user.
retire_dop_oauth2_models(request.user)
retire_dot_oauth2_models(request.user)
# Log the user out.
logout(request)
return Response(status=status.HTTP_204_NO_CONTENT)
except KeyError:
return Response(u'Username not specified.', status=status.HTTP_404_NOT_FOUND)
except user_model.DoesNotExist:
return Response(
u'The user "{}" does not exist.'.format(request.user.username), status=status.HTTP_404_NOT_FOUND
)
except Exception as exc: # pylint: disable=broad-except
return Response(text_type(exc), status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def create_retirement_request_and_deactivate_account(user):
"""
Adds user to retirement queue, unlinks social auth accounts, changes user passwords
and delete tokens and activation keys
"""
# Add user to retirement queue.
UserRetirementStatus.create_retirement(user)
# Unlink LMS social auth accounts
UserSocialAuth.objects.filter(user_id=user.id).delete()
# Change LMS password & email
user.email = get_retired_email_by_email(user.email)
user.set_unusable_password()
user.save()
# TODO: Unlink social accounts & change password on each IDA.
# Remove the activation keys sent by email to the user for account activation.
Registration.objects.filter(user=user).delete()
# Delete OAuth tokens associated with the user.
retire_dot_oauth2_models(user)
AccountRecovery.retire_recovery_email(user.id)
def delete_edxapp_user(*args, **kwargs):
"""
Deletes a user from the platform.
"""
msg = None
user = kwargs.get("user")
case_id = kwargs.get("case_id")
site = kwargs.get("site")
is_support_user = kwargs.get("is_support_user")
user_response = "The user {username} <{email}> ".format(
username=user.username, email=user.email)
signup_sources = user.usersignupsource_set.all()
sources = [signup_source.site for signup_source in signup_sources]
if site and site.name.upper() in (source.upper() for source in sources):
if len(sources) == 1:
with transaction.atomic():
support_label = "_support" if is_support_user else ""
user.email = "{email}{case}.ednx{support}_retired".format(
email=user.email,
case=case_id,
support=support_label,
)
user.save()
# Add user to retirement queue.
UserRetirementStatus.create_retirement(user)
# Unlink LMS social auth accounts
UserSocialAuth.objects.filter(user_id=user.id).delete()
# Change LMS password & email
user.email = get_retired_email_by_email(user.email)
user.save()
_set_unusable_password(user)
# Remove the activation keys sent by email to the user for account activation.
Registration.objects.filter(user=user).delete()
# Delete OAuth tokens associated with the user.
retire_dot_oauth2_models(user)
# Delete user signup source object
signup_sources[0].delete()
msg = "{user} has been removed".format(user=user_response)
else:
for signup_source in signup_sources:
if signup_source.site.upper() == site.name.upper():
signup_source.delete()
msg = "{user} has more than one signup source. The signup source from the site {site} has been deleted".format(
user=user_response,
site=site,
)
return msg, status.HTTP_200_OK
raise NotFound(
"{user} does not have a signup source on the site {site}".format(
user=user_response, site=site))
