def activate_secondary_email(request, key):
"""
This is called when the activation link is clicked. We activate the secondary email
for the requested user.
"""
try:
pending_secondary_email_change = PendingSecondaryEmailChange.objects.get(activation_key=key)
except PendingSecondaryEmailChange.DoesNotExist:
return render_to_response("invalid_email_key.html", {})
try:
account_recovery = pending_secondary_email_change.user.account_recovery
except AccountRecovery.DoesNotExist:
account_recovery = AccountRecovery(user=pending_secondary_email_change.user)
try:
account_recovery.update_recovery_email(pending_secondary_email_change.new_secondary_email)
except ValidationError:
return render_to_response("secondary_email_change_failed.html", {
'secondary_email': pending_secondary_email_change.new_secondary_email
})
pending_secondary_email_change.delete()
return render_to_response("secondary_email_change_successful.html")
def test_retire_recovery_email(self):
"""
Assert that Account Record for a given user is deleted when `retire_recovery_email` is called
"""
# Create user and associated recovery email record
user = UserFactory()
AccountRecoveryFactory(user=user)
assert len(AccountRecovery.objects.filter(user_id=user.id)) == 1
# Retire recovery email
AccountRecovery.retire_recovery_email(user_id=user.id)
# Assert that there is no longer an AccountRecovery record for this user
assert len(AccountRecovery.objects.filter(user_id=user.id)) == 0
def test_retire_recovery_email(self):
"""
Assert that Account Record for a given user is deleted when `retire_recovery_email` is called
"""
# Create user and associated recovery email record
user = UserFactory()
AccountRecoveryFactory(user=user)
assert len(AccountRecovery.objects.filter(user_id=user.id)) == 1
# Retire recovery email
AccountRecovery.retire_recovery_email(user_id=user.id)
# Assert that there is no longer an AccountRecovery record for this user
assert len(AccountRecovery.objects.filter(user_id=user.id)) == 0
def _get_account_recovery(user):
"""
helper method to return the account recovery object based on user.
"""
try:
account_recovery = user.account_recovery
except ObjectDoesNotExist:
account_recovery = AccountRecovery(user=user)
return account_recovery
def post(self, request):
"""
POST /api/user/v1/accounts/deactivate_logout/
Marks the user as having no password set for deactivation purposes,
and logs the user out.
"""
user_model = get_user_model()
try:
# Get the username from the request and check that it exists
verify_user_password_response = self._verify_user_password(request)
if verify_user_password_response.status_code != status.HTTP_204_NO_CONTENT:
return verify_user_password_response
with transaction.atomic():
UserRetirementStatus.create_retirement(request.user)
# Unlink LMS social auth accounts
UserSocialAuth.objects.filter(user_id=request.user.id).delete()
# Change LMS password & email
user_email = request.user.email
request.user.email = get_retired_email_by_email(
request.user.email)
request.user.save()
_set_unusable_password(request.user)
# TODO: Unlink social accounts & change password on each IDA.
# Remove the activation keys sent by email to the user for account activation.
Registration.objects.filter(user=request.user).delete()
# Add user to retirement queue.
# Delete OAuth tokens associated with the user.
retire_dop_oauth2_models(request.user)
retire_dot_oauth2_models(request.user)
AccountRecovery.retire_recovery_email(request.user.id)
try:
# Send notification email to user
site = Site.objects.get_current()
notification_context = get_base_template_context(site)
notification_context.update(
{'full_name': request.user.profile.name})
language_code = request.user.preferences.model.get_value(
request.user,
LANGUAGE_KEY,
default=settings.LANGUAGE_CODE)
notification = DeletionNotificationMessage().personalize(
recipient=Recipient(username='',
email_address=user_email),
language=language_code,
user_context=notification_context,
)
ace.send(notification)
except Exception as exc:
log.exception(
'Error sending out deletion notification email')
raise
# Log the user out.
logout(request)
return Response(status=status.HTTP_204_NO_CONTENT)
except KeyError:
return Response(u'Username not specified.',
status=status.HTTP_404_NOT_FOUND)
except user_model.DoesNotExist:
return Response(u'The user "{}" does not exist.'.format(
request.user.username),
status=status.HTTP_404_NOT_FOUND)
except Exception as exc: # pylint: disable=broad-except
return Response(text_type(exc),
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def post(self, request):
"""
POST /api/user/v1/accounts/deactivate_logout/
Marks the user as having no password set for deactivation purposes,
and logs the user out.
"""
user_model = get_user_model()
try:
# Get the username from the request and check that it exists
verify_user_password_response = self._verify_user_password(request)
if verify_user_password_response.status_code != status.HTTP_204_NO_CONTENT:
return verify_user_password_response
with transaction.atomic():
# Add user to retirement queue.
UserRetirementStatus.create_retirement(request.user)
# Unlink LMS social auth accounts
UserSocialAuth.objects.filter(user_id=request.user.id).delete()
# Change LMS password & email
user_email = request.user.email
request.user.email = get_retired_email_by_email(request.user.email)
request.user.save()
_set_unusable_password(request.user)
# TODO: Unlink social accounts & change password on each IDA.
# Remove the activation keys sent by email to the user for account activation.
Registration.objects.filter(user=request.user).delete()
# Delete OAuth tokens associated with the user.
retire_dop_oauth2_models(request.user)
retire_dot_oauth2_models(request.user)
AccountRecovery.retire_recovery_email(request.user.id)
try:
# Send notification email to user
site = Site.objects.get_current()
notification_context = get_base_template_context(site)
notification_context.update({'full_name': request.user.profile.name})
language_code = request.user.preferences.model.get_value(
request.user,
LANGUAGE_KEY,
default=settings.LANGUAGE_CODE
)
notification = DeletionNotificationMessage().personalize(
recipient=Recipient(username='', email_address=user_email),
language=language_code,
user_context=notification_context,
)
ace.send(notification)
except Exception as exc:
log.exception('Error sending out deletion notification email')
raise
# Log the user out.
logout(request)
return Response(status=status.HTTP_204_NO_CONTENT)
except KeyError:
return Response(u'Username not specified.', status=status.HTTP_404_NOT_FOUND)
except user_model.DoesNotExist:
return Response(
u'The user "{}" does not exist.'.format(request.user.username), status=status.HTTP_404_NOT_FOUND
)
except Exception as exc: # pylint: disable=broad-except
return Response(text_type(exc), status=status.HTTP_500_INTERNAL_SERVER_ERROR)