def create_retirement(cls, user): """ Creates a UserRetirementStatus for the given user, in the correct initial state. Will fail if the user already has a UserRetirementStatus row or if states are not yet populated. """ try: pending = RetirementState.objects.all().order_by('state_execution_order')[0] except IndexError: raise RetirementStateError('Default state does not exist! Populate retirement states to retire users.') # lint-amnesty, pylint: disable=raise-missing-from if cls.objects.filter(user=user).exists(): raise RetirementStateError(u'User {} already has a retirement status row!'.format(user)) retired_username = get_retired_username_by_username(user.username) retired_email = get_retired_email_by_email(user.email) UserRetirementRequest.create_retirement_request(user) return cls.objects.create( user=user, original_username=user.username, original_email=user.email, original_name=user.profile.name, retired_username=retired_username, retired_email=retired_email, current_state=pending, last_state=pending, responses=u'Created in state {} by create_retirement'.format(pending) )
def test_get_retired_email_status_exists(retirement_user, retirement_status): # pylint: disable=redefined-outer-name """ Checks that a retired email is gotten from a UserRetirementStatus object when one already exists for a user. """ hashed_email = get_retired_email_by_email(retirement_user.email) check_email_against_fmt(hashed_email) assert retirement_status.retired_email == hashed_email
def _fake_logged_out_user(user, retire_username=False): """ Simulate the initial logout retirement endpoint. """ # By default, do not change the username to the retired hash version because # that is not what happens upon actual retirement requests immediately after # logout. if retire_username: user.username = get_retired_username_by_username(user.username) user.email = get_retired_email_by_email(user.email) user.set_unusable_password() user.save()
def test_is_email_retired_is_retired(retirement_user): """ Check functionality of is_email_retired when email is retired """ original_email = retirement_user.email retired_email = get_retired_email_by_email(retirement_user.email) # Fake email retirement. retirement_user.email = retired_email retirement_user.save() assert is_email_retired(original_email)
def test_is_email_retired_is_retired(retirement_user): # lint-amnesty, pylint: disable=redefined-outer-name """ Check functionality of is_email_retired when email is retired """ original_email = retirement_user.email retired_email = get_retired_email_by_email(retirement_user.email) # Fake email retirement. retirement_user.email = retired_email retirement_user.save() assert is_email_retired(original_email)
def handle(self, *args, **options): """ Execute the command. """ username = options['username'] user_email = options['user_email'] try: user = User.objects.get(username=username, email=user_email) except: error_message = ( 'Could not find a user with specified username and email ' 'address. Make sure you have everything correct before ' 'trying again') logger.error(error_message) raise CommandError(error_message) # lint-amnesty, pylint: disable=raise-missing-from user_model = get_user_model() try: with transaction.atomic(): # Add user to retirement queue. UserRetirementStatus.create_retirement(user) # Unlink LMS social auth accounts UserSocialAuth.objects.filter(user_id=user.id).delete() # Change LMS password & email user.email = get_retired_email_by_email(user.email) user.set_unusable_password() user.save() # TODO: Unlink social accounts & change password on each IDA. # Remove the activation keys sent by email to the user for account activation. Registration.objects.filter(user=user).delete() # Delete OAuth tokens associated with the user. retire_dot_oauth2_models(user) AccountRecovery.retire_recovery_email(user.id) except KeyError: error_message = 'Username not specified {}'.format(user) logger.error(error_message) raise CommandError(error_message) # lint-amnesty, pylint: disable=raise-missing-from except user_model.DoesNotExist: error_message = 'The user "{}" does not exist.'.format( user.username) logger.error(error_message) raise CommandError(error_message) # lint-amnesty, pylint: disable=raise-missing-from except Exception as exc: # pylint: disable=broad-except error_message = '500 error deactivating account {}'.format(exc) logger.error(error_message) raise CommandError(error_message) # lint-amnesty, pylint: disable=raise-missing-from logger.info("User succesfully moved to the retirment pipeline")
def _assert_retirementstatus_is_user(retirement, user): """ Helper function to compare a newly created UserRetirementStatus object to expected values for the given user. """ pending = RetirementState.objects.all().order_by( 'state_execution_order')[0] retired_username = get_retired_username_by_username(user.username) retired_email = get_retired_email_by_email(user.email) assert retirement.user == user assert retirement.original_username == user.username assert retirement.original_email == user.email assert retirement.original_name == user.profile.name assert retirement.retired_username == retired_username assert retirement.retired_email == retired_email assert retirement.current_state == pending assert retirement.last_state == pending assert pending.state_name in retirement.responses
def create_retirement_request_and_deactivate_account(user): """ Adds user to retirement queue, unlinks social auth accounts, changes user passwords and delete tokens and activation keys """ # Add user to retirement queue. UserRetirementStatus.create_retirement(user) # Unlink LMS social auth accounts UserSocialAuth.objects.filter(user_id=user.id).delete() # Change LMS password & email user.email = get_retired_email_by_email(user.email) user.set_unusable_password() user.save() # TODO: Unlink social accounts & change password on each IDA. # Remove the activation keys sent by email to the user for account activation. Registration.objects.filter(user=user).delete() # Delete OAuth tokens associated with the user. retire_dot_oauth2_models(user) AccountRecovery.retire_recovery_email(user.id)
def test_get_retired_email(retirement_user): """ Basic testing of retired emails. """ hashed_email = get_retired_email_by_email(retirement_user.email) check_email_against_fmt(hashed_email)
def delete_edxapp_user(*args, **kwargs): """ Deletes a user from the platform. """ msg = None user = kwargs.get("user") case_id = kwargs.get("case_id") site = kwargs.get("site") is_support_user = kwargs.get("is_support_user") user_response = "The user {username} <{email}> ".format( username=user.username, email=user.email) signup_sources = user.usersignupsource_set.all() sources = [signup_source.site for signup_source in signup_sources] if site and site.name.upper() in (source.upper() for source in sources): if len(sources) == 1: with transaction.atomic(): support_label = "_support" if is_support_user else "" user.email = "{email}{case}.ednx{support}_retired".format( email=user.email, case=case_id, support=support_label, ) user.save() # Add user to retirement queue. UserRetirementStatus.create_retirement(user) # Unlink LMS social auth accounts UserSocialAuth.objects.filter(user_id=user.id).delete() # Change LMS password & email user.email = get_retired_email_by_email(user.email) user.save() _set_unusable_password(user) # Remove the activation keys sent by email to the user for account activation. Registration.objects.filter(user=user).delete() # Delete OAuth tokens associated with the user. retire_dot_oauth2_models(user) # Delete user signup source object signup_sources[0].delete() msg = "{user} has been removed".format(user=user_response) else: for signup_source in signup_sources: if signup_source.site.upper() == site.name.upper(): signup_source.delete() msg = "{user} has more than one signup source. The signup source from the site {site} has been deleted".format( user=user_response, site=site, ) return msg, status.HTTP_200_OK raise NotFound( "{user} does not have a signup source on the site {site}".format( user=user_response, site=site))
def test_get_retired_email(retirement_user): # lint-amnesty, pylint: disable=redefined-outer-name """ Basic testing of retired emails. """ hashed_email = get_retired_email_by_email(retirement_user.email) check_email_against_fmt(hashed_email)