def web_user_sync(self, ilsgateway_webuser):
email = ilsgateway_webuser.email.lower()
if not email:
try:
validate_email(ilsgateway_webuser.username)
email = ilsgateway_webuser.username
except ValidationError:
return None
user = WebUser.get_by_username(email)
user_dict = {
'first_name': ilsgateway_webuser.first_name,
'last_name': ilsgateway_webuser.last_name,
'is_active': ilsgateway_webuser.is_active,
'password_hashed': True,
}
location_id = None
if ilsgateway_webuser.location:
try:
sql_location = SQLLocation.objects.get(domain=self.domain, external_id=ilsgateway_webuser.location)
location_id = sql_location.location_id
except SQLLocation.DoesNotExist:
location_id = None
if user is None:
try:
ils_sql_web_user = ILSGatewayWebUser.objects.get(external_id=ilsgateway_webuser.id)
except ILSGatewayWebUser.DoesNotExist:
ils_sql_web_user = None
if ils_sql_web_user:
# if user exists in db it means he was already migrated but he changed email in v1
old_email = ils_sql_web_user.email
user = WebUser.get_by_username(old_email)
if user:
user.delete_domain_membership(self.domain)
user.save()
user = self._create_web_user(email, ilsgateway_webuser, location_id, user_dict)
ils_sql_web_user.email = email
ils_sql_web_user.save()
return user
else:
user = self._create_web_user(email, ilsgateway_webuser, location_id, user_dict)
else:
self._edit_web_user(user, location_id)
ilsgateway_webuser, _ = ILSGatewayWebUser.objects.get_or_create(
external_id=ilsgateway_webuser.id,
)
ilsgateway_webuser.email = email
ilsgateway_webuser.save()
return user
def test_basic_workflow(self):
"""
This should execute a basic transferring of domains. user will transfer a
domain to muggle. user should be able to see status of transferred domain
and muggle will accept transfer request.
"""
# Get the transfer request page
resp = self.client.get(reverse(TransferDomainView.urlname, args=[self.domain.name]))
self.assertEqual(resp.status_code, 200)
self.assertEqual(type(resp.context['form']), TransferDomainForm,
"Should get TransferRequestForm")
form = resp.context['form']
form.data['domain'] = self.domain.name
form.data['to_username'] = self.muggle.username
# Post the form data
resp = self.client.post(reverse(TransferDomainView.urlname, args=[self.domain.name]),
form.data, follow=True)
self.assertEqual(resp.status_code, 200)
self.assertEqual(len(mail.outbox), 2,
"Should send an email to both requester and requestee")
transfer = TransferDomainRequest.objects.get(to_username=self.muggle.username,
from_username=self.user.username,
domain=self.domain.name)
self.assertIsNotNone(transfer)
self.assertIsNone(transfer.confirm_time)
self.assertTrue(transfer.active)
# Land on the activate transfer page
self.client.login(username=self.muggle.username, password=self.password)
resp = self.client.get(reverse('activate_transfer_domain', args=[transfer.transfer_guid]), follow=True)
self.assertEqual(resp.status_code, 200)
self.assertIsNotNone(resp.context['transfer'])
# Finally accept the transfer
mail.outbox = [] # Clear outbox
resp = self.client.post(reverse('activate_transfer_domain', args=[transfer.transfer_guid]), follow=True)
self.assertEqual(len(mail.outbox), 1, "Send an email to Dimagi to confirm")
# Reload from DB
user = WebUser.get_by_username(self.user.username)
muggle = WebUser.get_by_username(self.muggle.username)
transfer = TransferDomainRequest.objects.get(to_username=self.muggle.username,
from_username=self.user.username,
domain=self.domain.name)
self.assertFalse(user.is_member_of(self.domain.name))
self.assertTrue(muggle.is_member_of(self.domain.name))
self.assertTrue(muggle.get_domain_membership(self.domain.name).is_admin)
self.assertIsNotNone(transfer.confirm_time)
def activation_24hr_reminder_email():
"""
Reminds inactive users registered 24 hrs ago to activate their account.
"""
request_reminders = RegistrationRequest.get_requests_24hrs_ago()
DNS_name = get_site_domain()
for request in request_reminders:
user = WebUser.get_by_username(request.new_user_username)
registration_link = 'http://' + DNS_name + reverse(
'registration_confirm_domain') + request.activation_guid + '/'
email_context = {
"domain": request.domain,
"registration_link": registration_link,
"full_name": user.full_name,
"first_name": user.first_name,
'url_prefix': '' if settings.STATIC_CDN else 'http://' + DNS_name,
}
message_plaintext = render_to_string(
'registration/email/confirm_account_reminder.txt', email_context)
message_html = render_to_string(
'registration/email/confirm_account.html', email_context)
subject = ugettext('Reminder to Activate your CommCare project')
send_html_email_async.delay(
subject, request.new_user_username, message_html,
text_content=message_plaintext,
email_from=settings.DEFAULT_FROM_EMAIL
)
def sync_ilsgateway_webuser(domain, ilsgateway_webuser):
user = WebUser.get_by_username(ilsgateway_webuser.email.lower())
user_dict = {
'first_name': ilsgateway_webuser.first_name,
'last_name': ilsgateway_webuser.last_name,
'is_staff': ilsgateway_webuser.is_staff,
'is_active': ilsgateway_webuser.is_active,
'is_superuser': ilsgateway_webuser.is_superuser,
'last_login': force_to_datetime(ilsgateway_webuser.last_login),
'date_joined': force_to_datetime(ilsgateway_webuser.date_joined),
'password_hashed': True,
}
sp = SupplyPointCase.view('hqcase/by_domain_external_id',
key=[domain, str(ilsgateway_webuser.location)],
reduce=False,
include_docs=True,
limit=1).first()
role_id = ilsgateway_webuser.role_id if hasattr(ilsgateway_webuser, 'role_id') else None
location_id = sp.location_id if sp else None
if user is None:
try:
user = WebUser.create(domain=None, username=ilsgateway_webuser.email.lower(),
password=ilsgateway_webuser.password, email=ilsgateway_webuser.email, **user_dict)
user.add_domain_membership(domain, role_id=role_id, location_id=location_id)
user.save()
except Exception as e:
logging.error(e)
else:
if domain not in user.get_domains():
user.add_domain_membership(domain, role_id=role_id, location_id=location_id)
user.save()
return user
def rows(self):
rows = []
web_users = []
offset = 1000
meta, chunk = self.endpoint.get_webusers(limit=1000)
web_users.extend(chunk)
while meta.get('next', False):
meta, chunk = self.endpoint.get_webusers(offset=offset, limit=1000)
offset += 1000
web_users.extend(chunk)
for web_user in web_users:
try:
if not web_user.is_superuser and web_user.groups and web_user.groups[0].name == 'facility_manager':
User.objects.get(username="******" % (web_user.username.lower(),
self.domain))
else:
user = User.objects.get(username__in=[web_user.username, web_user.email.lower()])
webuser = WebUser.get_by_username(user.username)
if webuser:
if self.domain not in webuser.get_domains():
raise User.DoesNotExist
except User.DoesNotExist:
rows.append([web_user.username, web_user.email,
web_user.date_joined, web_user.is_active, False])
except User.MultipleObjectsReturned:
pass
return rows
def clean_to_username(self):
username = self.cleaned_data['to_username']
if not WebUser.get_by_username(username):
raise forms.ValidationError(TransferDomainFormErrors.USER_DNE)
return username
def handle(self, username, **options):
from corehq.apps.users.models import WebUser
try:
validate_email(username)
except EmailSyntaxError:
raise CommandError('Your username must be an email address')
couch_user = WebUser.get_by_username(username)
if couch_user:
if not isinstance(couch_user, WebUser):
raise CommandError('Username already in use by a non-web user')
print("✓ User {} exists".format(couch_user.username))
else:
password = self.get_password_from_user()
couch_user = WebUser.create(None, username, password)
print("→ User {} created".format(couch_user.username))
is_superuser_changed = not couch_user.is_superuser
is_staff_changed = not couch_user.is_staff
couch_user.is_superuser = True
couch_user.is_staff = True
if is_superuser_changed or is_staff_changed:
couch_user.save()
if is_superuser_changed:
print("→ User {} is now a superuser".format(couch_user.username))
else:
print("✓ User {} is a superuser".format(couch_user.username))
if is_staff_changed:
print("→ User {} can now access django admin".format(couch_user.username))
else:
print("✓ User {} can access django admin".format(couch_user.username))
def handle(self, *args, **options):
from corehq.apps.users.models import WebUser
if len(args) != 3:
raise CommandError('Usage: manage.py bootstrap <domain> <email> <password>')
domain_name, username, passwd = args
domain = Domain.get_or_create_with_name(domain_name, is_active=True)
couch_user = WebUser.get_by_username(username)
membership = None
if couch_user:
if not isinstance(couch_user, WebUser):
raise CommandError('Username already in use by a non-web user')
membership = couch_user.get_domain_membership(domain_name)
else:
couch_user = WebUser.create(domain_name, username, passwd)
if not membership:
couch_user.add_domain_membership(domain_name, is_admin=True)
couch_user.is_superuser = True
couch_user.is_staff = True
couch_user.save()
print "user %s created and added to domain %s" % (couch_user.username, domain)
if not getattr(settings, 'BASE_ADDRESS', None):
print ("Warning: You must set BASE_ADDRESS setting "
"in your localsettings.py file in order for commcare-hq "
"to be able to generate absolute urls. "
"This is necessary for a number of features.")
def send_autopay_failed(invoice, payment_method):
subscription = invoice.subscription
auto_payer = subscription.account.auto_pay_user
payment_method = StripePaymentMethod.objects.get(web_user=auto_payer)
autopay_card = payment_method.get_autopay_card(subscription.account)
try:
recipient = WebUser.get_by_username(auto_payer).get_email()
except ResourceNotFound:
recipient = auto_payer
domain = invoice.get_domain()
context = {
'domain': domain,
'subscription_plan': subscription.plan_version.plan.name,
'billing_date': datetime.date.today(),
'invoice_number': invoice.invoice_number,
'autopay_card': autopay_card,
'domain_url': absolute_reverse('dashboard_default', args=[domain]),
'billing_info_url': absolute_reverse('domain_update_billing_info', args=[domain]),
'support_email': settings.INVOICING_CONTACT_EMAIL,
}
template_html = 'accounting/autopay_failed_email.html'
template_plaintext = 'accounting/autopay_failed_email.txt'
send_HTML_email(
subject="Subscription Payment for CommCare Invoice %s was declined" % invoice.invoice_number,
recipient=recipient,
html_content=render_to_string(template_html, context),
text_content=render_to_string(template_plaintext, context),
email_from=get_dimagi_from_email_by_product(subscription.plan_version.product_rate.product.product_type),
)
def send_purchase_receipt(payment_record, domain,
template_html, template_plaintext,
additional_context):
username = payment_record.payment_method.web_user
try:
web_user = WebUser.get_by_username(username)
email = web_user.get_email()
name = web_user.first_name
except ResourceNotFound:
log_accounting_error(
"Strange. A payment attempt was made by a user that "
"we can't seem to find! %s" % username,
show_stack_trace=True,
)
name = email = username
context = {
'name': name,
'amount': fmt_dollar_amount(payment_record.amount),
'project': domain,
'date_paid': payment_record.date_created.strftime(USER_DATE_FORMAT),
'transaction_id': payment_record.public_transaction_id,
}
context.update(additional_context)
email_html = render_to_string(template_html, context)
email_plaintext = render_to_string(template_plaintext, context)
send_HTML_email(
ugettext("Payment Received - Thank You!"), email, email_html,
text_content=email_plaintext,
email_from=get_dimagi_from_email(),
)
def obj_get_list(self, bundle, **kwargs):
domain = kwargs['domain']
username = bundle.request.GET.get('username')
if username:
user = WebUser.get_by_username(username)
return [user] if user else []
return list(WebUser.by_domain(domain))
def _get_custom_context(self):
api_root = reverse('api_dispatch_list', kwargs={'domain': self.domain,
'resource_name': 'location',
'api_name': 'v0.3'})
selected_loc_id = self.request.GET.get('location_id')
user = WebUser.get_by_username(str(self.request.user))
domain = Domain.get_by_name(self.domain)
context = {}
from corehq.apps.commtrack.util import is_commtrack_location
if is_commtrack_location(user, domain):
selected_loc_id = user.location_id
if domain.location_restriction_for_users:
context.update({'restriction': domain.location_restriction_for_users})
context.update({
'api_root': api_root,
'control_name': self.name,
'control_slug': self.slug,
'loc_id': selected_loc_id,
'locations': json.dumps(load_locs_json(self.domain, selected_loc_id)),
'hierarchy': location_hierarchy_config(self.domain),
})
return context
def send_purchase_receipt(payment_record, core_product,
template_html, template_plaintext,
additional_context):
email = payment_record.payment_method.billing_admin.web_user
try:
web_user = WebUser.get_by_username(email)
name = web_user.first_name
except ResourceNotFound:
logger.error(
"[BILLING] Strange. A payment attempt was made by a user that "
"we can't seem to find! %s" % email
)
name = email
context = {
'name': name,
'amount': fmt_dollar_amount(payment_record.amount),
'project': payment_record.payment_method.billing_admin.domain,
'date_paid': payment_record.date_created.strftime('%d %B %Y'),
'product': core_product,
'transaction_id': payment_record.public_transaction_id,
}
context.update(additional_context)
email_html = render_to_string(template_html, context)
email_plaintext = render_to_string(template_plaintext, context)
send_HTML_email(
ugettext("Payment Received - Thank You!"), email, email_html,
text_content=email_plaintext,
email_from=get_dimagi_from_email_by_product(core_product),
)
def test_create(self):
self.client.login(username=self.username, password=self.password)
user_json = {
"username":"******",
"password":"******",
"email":"*****@*****.**",
"first_name":"Joe",
"is_admin": True,
"last_name":"Admin",
"permissions":{
"edit_apps":True,
"edit_commcare_users":True,
"edit_data":True,
"edit_web_users":True,
"view_reports":True
},
"phone_numbers":[
],
"role":"admin"
}
response = self.client.post(self.list_endpoint,
simplejson.dumps(user_json),
content_type='application/json')
self.assertEqual(response.status_code, 201)
user_back = WebUser.get_by_username("test_1234")
self.assertEqual(user_back.username, "test_1234")
self.assertEqual(user_back.first_name, "Joe")
self.assertEqual(user_back.last_name, "Admin")
self.assertEqual(user_back.email, "*****@*****.**")
user_back.delete()
def _check_report(self, report, reports, day, interval):
if report.report not in EmailSettingsSync.REPORT_MAP or not report.users:
return False
username = report.users[0].lower()
location_code = report.view_args.split()[1][1:-2]
desc = "Report not migrated; "
report_tuple = (username, day, report.hours, location_code,
EmailSettingsSync.REPORT_MAP[report.report], interval)
external_id = '{}-{}-{}-{}-{}-{}'.format(*report_tuple)
if report_tuple not in reports:
web_user = WebUser.get_by_username(username)
if not web_user or self.domain not in web_user.domains:
desc += 'User {} is not active; '.format(username)
try:
sql_location = SQLLocation.objects.get(domain=self.domain, site_code=location_code)
if sql_location.is_archived:
desc += 'Location {} is not active; '.format(location_code)
except SQLLocation.DoesNotExist:
desc += 'Location {} does not exist; '.format(location_code)
migration_problem, _ = EWSMigrationProblem.objects.get_or_create(
domain=self.domain,
object_id=username,
object_type='email_report',
external_id=external_id
)
migration_problem.description = desc
migration_problem.save()
return True
def web_user_sync(self, ews_webuser):
username = ews_webuser.email.lower()
if not username:
try:
validate_email(ews_webuser.username)
username = ews_webuser.username
except ValidationError:
return None
user = WebUser.get_by_username(username)
user_dict = {
'first_name': ews_webuser.first_name,
'last_name': ews_webuser.last_name,
'is_active': ews_webuser.is_active,
'last_login': force_to_datetime(ews_webuser.last_login),
'date_joined': force_to_datetime(ews_webuser.date_joined),
'password_hashed': True,
}
location_id = None
if ews_webuser.location:
try:
location = SQLLocation.objects.get(domain=self.domain, external_id=ews_webuser.location)
location_id = location.location_id
except SQLLocation.DoesNotExist:
pass
if user is None:
try:
user = WebUser.create(domain=None, username=username,
password=ews_webuser.password, email=ews_webuser.email,
**user_dict)
user.add_domain_membership(self.domain, location_id=location_id)
except Exception as e:
logging.error(e)
else:
if self.domain not in user.get_domains():
user.add_domain_membership(self.domain, location_id=location_id)
ews_webuser_extension(user, ews_webuser)
dm = user.get_domain_membership(self.domain)
if dm.location_id != location_id:
dm.location_id = location_id
if ews_webuser.is_superuser:
dm.role_id = UserRole.by_domain_and_name(self.domain, 'Administrator')[0].get_id
elif ews_webuser.groups and ews_webuser.groups[0].name == 'facility_manager':
dm.role_id = UserRole.by_domain_and_name(self.domain, 'Facility manager')[0].get_id
else:
if ews_webuser.supply_point:
supply_point = get_supply_point_case_by_domain_external_id(self.domain, ews_webuser.supply_point)
if supply_point:
dm.location_id = supply_point.location_id
dm.role_id = UserRole.by_domain_and_name(self.domain, 'Web Reporter')[0].get_id
else:
dm.role_id = UserRole.get_read_only_role_by_domain(self.domain).get_id
else:
dm.role_id = UserRole.get_read_only_role_by_domain(self.domain).get_id
user.save()
return user
def update_params(self):
self.selected = self.request.GET.get('program')
user = WebUser.get_by_username(str(self.request.user))
if not self.selected and self.selected != '':
self.selected = user.program_id
self.programs = Program.by_domain(self.domain)
opts = [dict(val=program.get_id, text=program.name) for program in self.programs]
self.options = opts
def tearDown(self):
user = WebUser.get_by_username(self.username)
if user:
user.delete()
domain_obj = Domain.get_by_name(self.domain)
if domain_obj:
domain_obj.delete()
def confirm_domain(request, guid=None):
error = None
# Did we get a guid?
if guid is None:
error = _('An account activation key was not provided. If you think this '
'is an error, please contact the system administrator.')
# Does guid exist in the system?
else:
req = RegistrationRequest.get_by_guid(guid)
if not req:
error = _('The account activation key "%s" provided is invalid. If you '
'think this is an error, please contact the system '
'administrator.') % guid
if error is not None:
context = {
'message_body': error,
'current_page': {'page_name': 'Account Not Activated'},
}
return render(request, 'registration/confirmation_error.html', context)
requested_domain = Domain.get_by_name(req.domain)
# Has guid already been confirmed?
if requested_domain.is_active:
assert(req.confirm_time is not None and req.confirm_ip is not None)
messages.success(request, 'Your account %s has already been activated. '
'No further validation is required.' % req.new_user_username)
return HttpResponseRedirect(reverse("dashboard_default", args=[requested_domain]))
# Set confirm time and IP; activate domain and new user who is in the
req.confirm_time = datetime.utcnow()
req.confirm_ip = get_ip(request)
req.save()
requested_domain.is_active = True
requested_domain.save()
requesting_user = WebUser.get_by_username(req.new_user_username)
send_new_request_update_email(requesting_user, get_ip(request), requested_domain.name, is_confirming=True)
messages.success(request,
'Your account has been successfully activated. Thank you for taking '
'the time to confirm your email address: %s.'
% (requesting_user.username))
track_workflow(requesting_user.email, "Confirmed new project")
track_confirmed_account_on_hubspot.delay(requesting_user)
url = reverse("dashboard_default", args=[requested_domain])
# If user already created an app (via prelogin demo), send them there
apps = get_apps_in_domain(requested_domain.name, include_remote=False)
if len(apps) == 1:
app = apps[0]
if len(app.modules) == 1 and len(app.modules[0].forms) == 1:
url = reverse('form_source', args=[requested_domain.name, app.id, 0, 0])
return HttpResponseRedirect(url)
def delete_web_user():
if settings.SERVER_ENVIRONMENT == 'production':
for username in [
'create_growth' + '@' + 'outlook.com',
'growth-analytics' + '@' + 'outlook.com',
]:
web_user = WebUser.get_by_username(username)
if web_user:
web_user.delete()
def join_team(request, org, team_id):
username = request.POST.get("username", None)
if not username:
messages.error(request, "You must specify a member's email address")
else:
user = WebUser.get_by_username(username)
user.add_to_team(org, team_id)
user.save()
return HttpResponseRedirect(reverse(request.POST.get('redirect_url', 'orgs_team_members'), args=(org, team_id)))
def clean_billing_account_admins(self):
billing_account_admins = self.cleaned_data['billing_account_admins']
if billing_account_admins != '':
invalid_emails = []
for email in billing_account_admins.split(','):
email_no_whitespace = email.strip()
if WebUser.get_by_username(email_no_whitespace) is None:
invalid_emails.append("'%s'" % email_no_whitespace)
if len(invalid_emails) != 0:
raise ValidationError("Invalid emails: %s" % ', '.join(invalid_emails))
return billing_account_admins
def arbitrary_web_user(save=True, is_dimagi=False):
domain = data_gen.arbitrary_unique_name().lower()[:25]
username = "******" % (data_gen.arbitrary_username(), 'dimagi' if is_dimagi else 'gmail')
try:
web_user = WebUser.create(domain, username, 'test123')
except Exception:
web_user = WebUser.get_by_username(username)
web_user.is_active = True
if save:
web_user.save()
return web_user
def leave_team(request, org, team_id):
username = request.POST.get("username", None)
if not username:
messages.error(request, "You must specify a member's email address")
else:
user = WebUser.get_by_username(username)
user.remove_from_team(org, team_id)
user.save()
messages.success(request, render_to_string('orgs/partials/undo_leave_team.html',
{"team_id": team_id, "org": org, "user": user}), extra_tags="html")
return HttpResponseRedirect(reverse(request.POST.get('redirect_url', 'orgs_team_members'), args=(org, team_id)))
def test_create_with_preset_role(self):
user_json = deepcopy(self.default_user_json)
user_json["role"] = "Field Implementer"
user_json["is_admin"] = False
response = self._assert_auth_post_resource(self.list_endpoint,
json.dumps(user_json),
content_type='application/json')
self.assertEqual(response.status_code, 201)
user_back = WebUser.get_by_username("test_1234")
self.assertEqual(user_back.role, 'Field Implementer')
user_back.delete()
def test_upload_edit_web_user(self):
username = '******'
web_user = WebUser.create(self.domain.name, username, 'password', None, None)
import_users_and_groups(
self.domain.name,
[self._get_spec(web_user='******', role=self.role.name)],
[],
self.uploading_user,
mock.MagicMock()
)
web_user = WebUser.get_by_username(username)
self.assertEqual(web_user.get_role(self.domain.name).name, self.role.name)
def test_remove_web_user(self):
username = '******'
web_user = WebUser.create(self.domain.name, username, 'password', None, None)
import_users_and_groups(
self.domain.name,
[self._get_spec(web_user='******', remove_web_user='******')],
[],
self.uploading_user,
mock.MagicMock()
)
web_user = WebUser.get_by_username(username)
self.assertFalse(web_user.is_member_of(self.domain.name))
def arbitrary_web_user(save=True, is_dimagi=False):
domain = data_gen.arbitrary_unique_name().lower()[:25]
username = "******" % (data_gen.arbitrary_username(),
'dimagi' if is_dimagi else 'gmail')
try:
web_user = WebUser.create(domain, username, 'test123')
except Exception:
web_user = WebUser.get_by_username(username)
web_user.is_active = True
if save:
web_user.save()
return web_user
def arbitrary_web_user(save=True, is_dimagi=False):
domain = Domain(name=unique_name()[:25])
domain.save()
username = "******" % (unique_name(), "dimagi" if is_dimagi else "gmail")
try:
web_user = WebUser.create(domain.name, username, "test123")
except Exception:
web_user = WebUser.get_by_username(username)
web_user.is_active = True
if save:
web_user.save()
return web_user
def _create_new_account(self, reg_form):
activate_new_user(reg_form, ip=get_ip(self.request))
new_user = authenticate(username=reg_form.cleaned_data['email'],
password=reg_form.cleaned_data['password'])
if 'phone_number' in reg_form.cleaned_data and reg_form.cleaned_data[
'phone_number']:
web_user = WebUser.get_by_username(new_user.username)
web_user.phone_numbers.append(
reg_form.cleaned_data['phone_number'])
web_user.save()
track_workflow(new_user.email, "Requested new account")
login(self.request, new_user)
def confirm_domain(request, guid=''):
with CriticalSection(['confirm_domain_' + guid]):
error = None
# Did we get a guid?
if not guid:
error = _('An account activation key was not provided. If you think this '
'is an error, please contact the system administrator.')
# Does guid exist in the system?
else:
req = RegistrationRequest.get_by_guid(guid)
if not req:
error = _('The account activation key "%s" provided is invalid. If you '
'think this is an error, please contact the system '
'administrator.') % guid
if error is not None:
context = {
'message_body': error,
'current_page': {'page_name': 'Account Not Activated'},
}
return render(request, 'registration/confirmation_error.html', context)
requested_domain = Domain.get_by_name(req.domain)
view_name = "dashboard_default"
view_args = [requested_domain.name]
# Has guid already been confirmed?
if requested_domain.is_active:
assert(req.confirm_time is not None and req.confirm_ip is not None)
messages.success(request, 'Your account %s has already been activated. '
'No further validation is required.' % req.new_user_username)
return HttpResponseRedirect(reverse(view_name, args=view_args))
# Set confirm time and IP; activate domain and new user who is in the
req.confirm_time = datetime.utcnow()
req.confirm_ip = get_ip(request)
req.save()
requested_domain.is_active = True
requested_domain.save()
requesting_user = WebUser.get_by_username(req.new_user_username)
send_new_request_update_email(requesting_user, get_ip(request), requested_domain.name, is_confirming=True)
messages.success(request,
'Your account has been successfully activated. Thank you for taking '
'the time to confirm your email address: %s.'
% (requesting_user.username))
track_workflow(requesting_user.email, "Confirmed new project")
track_confirmed_account_on_hubspot.delay(requesting_user)
request.session['CONFIRM'] = True
return HttpResponseRedirect(reverse(view_name, args=view_args))
def authenticate(self, request, username, idp_slug, is_handshake_successful):
if not (request and username and idp_slug and is_handshake_successful):
return None
try:
identity_provider = IdentityProvider.objects.get(slug=idp_slug)
except IdentityProvider.DoesNotExist:
# not sure how we would even get here, but just in case
request.sso_login_error = f"Identity Provider {idp_slug} does not exist."
return None
if not identity_provider.is_active:
request.sso_login_error = f"This Identity Provider {idp_slug} is not active."
return None
email_domain = get_email_domain_from_username(username)
if not email_domain:
# not a valid username
request.sso_login_error = f"Username {username} is not valid."
return None
if not AuthenticatedEmailDomain.objects.filter(
email_domain=email_domain, identity_provider=identity_provider
).exists():
# if this user's email domain is not authorized by this identity
# do not continue with authentication
request.sso_login_error = (
f"The Email Domain {email_domain} is not allowed to "
f"authenticate with this Identity Provider ({idp_slug})."
)
return None
async_signup = AsyncSignupRequest.get_by_username(username)
# because the django messages middleware is not yet available...
request.sso_new_user_messages = {
'success': [],
'error': [],
}
try:
user = User.objects.get(username=username)
is_new_user = False
web_user = WebUser.get_by_username(username)
except User.DoesNotExist:
user, web_user = self._create_new_user(request, username, async_signup)
is_new_user = True
if async_signup and async_signup.invitation:
self._process_invitation(request, async_signup.invitation, web_user, is_new_user)
request.sso_login_error = None
return user
def test_create_with_preset_role(self):
user_json = deepcopy(self.default_user_json)
user_json["role"] = "Field Implementer"
user_json["is_admin"] = False
response = self._assert_auth_post_resource(
self.list_endpoint,
json.dumps(user_json),
content_type='application/json')
self.assertEqual(response.status_code, 201)
user_back = WebUser.get_by_username("test_1234")
self.assertEqual(user_back.role, 'Field Implementer')
user_back.delete(deleted_by=None)
def web_user_sync(self, ilsgateway_webuser):
username = ilsgateway_webuser.email.lower()
if not username:
try:
validate_email(ilsgateway_webuser.username)
username = ilsgateway_webuser.username
except ValidationError:
return None
user = WebUser.get_by_username(username)
user_dict = {
'first_name': ilsgateway_webuser.first_name,
'last_name': ilsgateway_webuser.last_name,
'is_active': ilsgateway_webuser.is_active,
# I don't know why sample_webusers.json has these in a number o
# different formats, w/ and w/o 'T', with timezone offset, etc
# I do not know how timezones are meant to be handled, so I am
# conservatively keeping the behavior the same by explicitly
# stripping the timezone with no conversion
# todo: this is almost certainly not what was intended
'last_login': force_to_datetime(ilsgateway_webuser.last_login).replace(tzinfo=None),
'date_joined': force_to_datetime(ilsgateway_webuser.date_joined).replace(tzinfo=None),
'password_hashed': True,
}
location_id = None
if ilsgateway_webuser.location:
try:
sql_location = SQLLocation.objects.get(domain=self.domain, external_id=ilsgateway_webuser.location)
location_id = sql_location.location_id
except SQLLocation.DoesNotExist:
location_id = None
if user is None:
try:
user = WebUser.create(domain=None, username=username,
password=ilsgateway_webuser.password, email=ilsgateway_webuser.email.lower(),
**user_dict)
user.add_domain_membership(self.domain, location_id=location_id)
user.save()
except Exception as e:
if settings.UNIT_TESTING:
raise
logging.error(e)
else:
if self.domain not in user.get_domains():
user.add_domain_membership(self.domain, location_id=location_id)
user.save()
else:
dm = user.get_domain_membership(self.domain)
if dm.location_id != location_id:
dm.location_id = location_id
user.save()
return user
def _create_new_account(self, reg_form, additional_hubspot_data=None):
activate_new_user_via_reg_form(reg_form,
created_by=None,
created_via=USER_CHANGE_VIA_WEB,
ip=get_ip(self.request))
new_user = authenticate(username=reg_form.cleaned_data['email'],
password=reg_form.cleaned_data['password'],
request=self.request)
web_user = WebUser.get_by_username(new_user.username, strict=True)
if 'phone_number' in reg_form.cleaned_data and reg_form.cleaned_data[
'phone_number']:
web_user.phone_numbers.append(
reg_form.cleaned_data['phone_number'])
web_user.save()
if settings.IS_SAAS_ENVIRONMENT:
email = new_user.email
# registration analytics
# only do anything with this in a SAAS environment
persona = reg_form.cleaned_data['persona']
persona_other = reg_form.cleaned_data['persona_other']
track_workflow(email, "Requested New Account", {
'environment': settings.SERVER_ENVIRONMENT,
})
track_workflow(email, "Persona Field Filled Out", {
'personachoice': persona,
'personaother': persona_other,
})
if not additional_hubspot_data:
additional_hubspot_data = {}
additional_hubspot_data.update({
'buyer_persona':
persona,
'buyer_persona_other':
persona_other,
})
track_web_user_registration_hubspot(self.request, web_user,
additional_hubspot_data)
if not persona or (persona == 'Other' and not persona_other):
# There shouldn't be many instances of this.
_assert = soft_assert('@'.join(['bbuczyk', 'dimagi.com']),
exponential_backoff=False)
_assert(
False, "[BAD PERSONA DATA] Persona fields during "
"login submitted empty. User: {}".format(email))
login(self.request, new_user)
def test_create_with_custom_role(self):
new_user_role = UserRole.get_or_create_with_permissions(
self.domain.name, Permissions(edit_apps=True, view_reports=True), 'awesomeness')
user_json = deepcopy(self.default_user_json)
user_json["role"] = new_user_role.name
user_json["is_admin"] = False
response = self._assert_auth_post_resource(self.list_endpoint,
json.dumps(user_json),
content_type='application/json')
self.assertEqual(response.status_code, 201)
user_back = WebUser.get_by_username("test_1234")
self.assertEqual(user_back.role, new_user_role.name)
user_back.delete(deleted_by=None)
def test_create_with_custom_role(self):
new_user_role = UserRole.get_or_create_with_permissions(
self.domain.name, Permissions(edit_apps=True, view_reports=True), 'awesomeness')
user_json = deepcopy(self.default_user_json)
user_json["role"] = new_user_role.name
user_json["is_admin"] = False
response = self._assert_auth_post_resource(self.list_endpoint,
json.dumps(user_json),
content_type='application/json')
self.assertEqual(response.status_code, 201)
user_back = WebUser.get_by_username("test_1234")
self.assertEqual(user_back.role, new_user_role.name)
user_back.delete()
def test_create(self):
user_json = deepcopy(self.default_user_json)
response = self._assert_auth_post_resource(self.list_endpoint,
json.dumps(user_json),
content_type='application/json')
self.assertEqual(response.status_code, 201)
user_back = WebUser.get_by_username("test_1234")
self.assertEqual(user_back.username, "test_1234")
self.assertEqual(user_back.first_name, "Joe")
self.assertEqual(user_back.last_name, "Admin")
self.assertEqual(user_back.email, "*****@*****.**")
self.assertTrue(user_back.is_domain_admin(self.domain.name))
user_back.delete(deleted_by=None)
def _get_api_key_auth_headers(self, headers=None, username=None):
if headers and 'HTTP_AUTHORIZATION' in headers:
return {}
username = username or self.username
api_key = self.api_key.key
if username != self.username:
web_user = WebUser.get_by_username(username)
api_key, _ = HQApiKey.objects.get_or_create(
user=WebUser.get_django_user(web_user))
api_key = api_key.key
return {'HTTP_AUTHORIZATION': f'apikey {username}:{api_key}'}
def test_remove_user(self):
self.setup_users()
username = '******'
WebUser.create(self.domain.name, username, 'password', None, None)
import_users_and_groups(
self.domain.name,
[self._get_spec(username='******', remove='True')], [],
self.uploading_user, mock.MagicMock(), True)
web_user = WebUser.get_by_username(username)
self.assertFalse(web_user.is_member_of(self.domain.name))
self.assertIsNone(
Invitation.objects.filter(domain=self.domain_name,
email=username).first())
def update_params(self):
self.selected = self.request.GET.get('program')
user = WebUser.get_by_username(str(self.request.user))
if not self.selected and \
self.selected != '' and \
user.get_domain_membership(self.domain):
self.selected = user.get_domain_membership(self.domain).program_id
self.programs = Program.by_domain(self.domain)
opts = [
dict(val=program.get_id, text=program.name)
for program in self.programs
]
self.options = opts
def test_upload_add_web_user(self, mock_invitation_class):
username = '******'
web_user = WebUser.create(self.other_domain.name, username, 'password',
None, None)
mock_invite = mock_invitation_class.return_value
import_users_and_groups(self.domain.name, [
self._get_spec(web_user='******',
is_account_confirmed='True',
role=self.role.name)
], [], self.uploading_user, mock.MagicMock())
web_user = WebUser.get_by_username(username)
self.assertFalse(mock_invite.send_activation_email.called)
self.assertTrue(web_user.is_member_of(self.domain.name))
def web_user_lookup(request):
template = "hqadmin/web_user_lookup.html"
web_user_email = request.GET.get("q")
if not web_user_email:
return render(request, template, {})
web_user = WebUser.get_by_username(web_user_email)
if web_user is None:
messages.error(
request,
"Sorry, no user found with email {}. Did you enter it correctly?".
format(web_user_email))
return render(request, template, {'web_user': web_user})
def test_create(self):
user_json = deepcopy(self.default_user_json)
response = self._assert_auth_post_resource(self.list_endpoint,
json.dumps(user_json),
content_type='application/json')
self.assertEqual(response.status_code, 201)
user_back = WebUser.get_by_username("test_1234")
self.assertEqual(user_back.username, "test_1234")
self.assertEqual(user_back.first_name, "Joe")
self.assertEqual(user_back.last_name, "Admin")
self.assertEqual(user_back.email, "*****@*****.**")
self.assertTrue(user_back.is_domain_admin(self.domain.name))
user_back.delete()
def was_user_created_after(username, checkpoint):
"""
Return true if user was created after checkpoint
:param username: Web User username (string).
:param checkpoint: datetime object.
"""
from corehq.apps.users.models import WebUser
user = WebUser.get_by_username(username)
return (
user is not None and
user.created_on is not None and
user.created_on > checkpoint
)
def _create_new_account(self, reg_form, additional_hubspot_data=None):
activate_new_user(reg_form, ip=get_ip(self.request))
new_user = authenticate(
username=reg_form.cleaned_data['email'],
password=reg_form.cleaned_data['password']
)
web_user = WebUser.get_by_username(new_user.username, strict=True)
if 'phone_number' in reg_form.cleaned_data and reg_form.cleaned_data['phone_number']:
web_user.phone_numbers.append(reg_form.cleaned_data['phone_number'])
web_user.save()
if settings.IS_SAAS_ENVIRONMENT:
email = new_user.email
# registration analytics
# only do anything with this in a SAAS environment
persona = reg_form.cleaned_data['persona']
persona_other = reg_form.cleaned_data['persona_other']
track_workflow(email, "Requested New Account", {
'environment': settings.SERVER_ENVIRONMENT,
})
track_workflow(email, "Persona Field Filled Out", {
'personachoice': persona,
'personaother': persona_other,
})
if not additional_hubspot_data:
additional_hubspot_data = {}
additional_hubspot_data.update({
'buyer_persona': persona,
'buyer_persona_other': persona_other,
})
track_web_user_registration_hubspot(
self.request,
web_user,
additional_hubspot_data
)
if not persona or (persona == 'Other' and not persona_other):
# There shouldn't be many instances of this.
_assert = soft_assert('@'.join(['bbuczyk', 'dimagi.com']), exponential_backoff=False)
_assert(
False,
"[BAD PERSONA DATA] Persona fields during "
"login submitted empty. User: {}".format(email)
)
login(self.request, new_user)
def setUp(self):
self.factory = RequestFactory()
domain = Domain.get_or_create_with_name('test-pna')
domain.is_active = True
domain.save()
self.domain = domain
user = WebUser.get_by_username('test')
if not user:
user = WebUser.create(domain.name, 'test', 'passwordtest')
user.is_authenticated = True
user.is_superuser = True
user.is_authenticated = True
user.is_active = True
self.user = user
def register_new_user(self, data):
reg_form = RegisterWebUserForm(
data['data'],
show_number=(
self.ab.version == ab_tests.NEW_USER_NUMBER_OPTION_SHOW_NUM))
if reg_form.is_valid():
self._create_new_account(reg_form)
try:
requested_domain = request_new_domain(self.request,
reg_form,
is_new_user=True)
# If user created a form via prelogin demo, create an app for them
if reg_form.cleaned_data['xform']:
lang = 'en'
app = Application.new_app(requested_domain,
"Untitled Application")
module = Module.new_module(_("Untitled Module"), lang)
app.add_module(module)
save_xform(app, app.new_form(0, "Untitled Form", lang),
reg_form.cleaned_data['xform'])
app.save()
web_user = WebUser.get_by_username(
reg_form.cleaned_data['email'])
if web_user:
update_hubspot_properties(web_user, {
'signup_via_demo': 'yes',
})
except NameUnavailableException:
# technically, the form should never reach this as names are
# auto-generated now. But, just in case...
logging.error(
"There as an issue generating a unique domain name "
"for a user during new registration.")
return {
'errors': {
'project name unavailable': [],
}
}
return {
'success': True,
}
logging.error(
"There was an error processing a new user registration form."
"This shouldn't happen as validation should be top-notch "
"client-side. Here is what the errors are: {}".format(
reg_form.errors))
return {
'errors': reg_form.errors,
}
def tearDownClass(cls):
AuthenticatedEmailDomain.objects.all().delete()
IdentityProvider.objects.all().delete()
cls.user.delete(None)
# cleanup "new" users
for username in [
'*****@*****.**', '*****@*****.**', '*****@*****.**'
]:
web_user = WebUser.get_by_username(username)
if web_user:
web_user.delete(None)
cls.domain.delete()
cls.account.delete()
super().tearDownClass()
def setUpClass(cls):
super().setUpClass()
cls.factory = RequestFactory()
# gets created + removed in package level setup / teardown
domain = Domain.get_or_create_with_name('test-pna')
domain.is_active = True
domain.save()
cls.domain = domain
user = WebUser.get_by_username('test')
if not user:
user = WebUser.create(domain.name, 'test', 'passwordtest', None, None)
user.is_authenticated = True
user.is_superuser = True
user.is_authenticated = True
user.is_active = True
cls.user = user
def handle(self, username, **options):
if not settings.ALLOW_MAKE_SUPERUSER_COMMAND:
from dimagi.utils.web import get_site_domain
raise CommandError(
f"""You cannot run this command in SaaS Enviornments.
Use https://{get_site_domain()}/hq/admin/superuser_management/ for granting superuser permissions"""
)
from corehq.apps.users.models import WebUser
try:
validate_email(username)
except EmailSyntaxError:
raise CommandError('Your username must be an email address')
couch_user = WebUser.get_by_username(username)
if couch_user:
if not isinstance(couch_user, WebUser):
raise CommandError('Username already in use by a non-web user')
logger.info("✓ User {} exists".format(couch_user.username))
else:
password = self.get_password_from_user()
couch_user = WebUser.create(None,
username,
password,
created_by=None,
created_via=__name__,
by_domain_required_for_log=False)
logger.info("→ User {} created".format(couch_user.username))
is_superuser_changed = not couch_user.is_superuser
is_staff_changed = not couch_user.is_staff
couch_user.is_superuser = True
couch_user.is_staff = True
if is_superuser_changed or is_staff_changed:
couch_user.save()
if is_superuser_changed:
logger.info("→ User {} is now a superuser".format(
couch_user.username))
else:
logger.info("✓ User {} is a superuser".format(couch_user.username))
if is_staff_changed:
logger.info("→ User {} can now access django admin".format(
couch_user.username))
else:
logger.info("✓ User {} can access django admin".format(
couch_user.username))
def is_permitted_to_restore(domain, couch_user, as_user,
has_data_cleanup_privelege):
"""
This function determines if the couch_user is permitted to restore
for the domain and/or as_user
:param domain: Domain of restore
:param couch_user: The couch user attempting authentication
:param as_user: a string <user>@<domain> that the couch_user is attempting to get
a restore for. If None will get restore of the couch_user.
:param has_data_cleanup_privelege: Whether the user has permissions to do DATA_CLEANUP
:returns: a tuple - first a boolean if the user is permitted,
secondly a message explaining why a user was rejected if not permitted
"""
message = None
if couch_user.is_commcare_user() and domain != couch_user.domain:
message = u"{} was not in the domain {}".format(
couch_user.username, domain)
elif couch_user.is_web_user(
) and domain not in couch_user.domains and not couch_user.is_superuser:
message = u"{} was not in the domain {}".format(
couch_user.username, domain)
elif (couch_user.is_web_user() and couch_user.is_member_of(domain)
and as_user is not None):
if not has_data_cleanup_privelege and not couch_user.is_superuser:
message = u"{} does not have permissions to restore as {}".format(
couch_user.username,
as_user,
)
try:
username = as_user.split('@')[0]
user_domain = as_user.split('@')[1]
except IndexError:
message = u"Invalid to restore user {}. Format is <user>@<domain>".format(
as_user)
else:
if user_domain != domain:
# In this case we may be dealing with a WebUser
user = WebUser.get_by_username(as_user)
if user and user.is_member_of(domain):
message = None
else:
message = u"{} was not in the domain {}".format(
username, domain)
return message is None, message
def handle(self, export_file, config_file, domain, user_id, **options):
start = datetime.utcnow()
if '@' in user_id:
user = WebUser.get_by_username(user_id)
else:
user = WebUser.get(user_id)
if not user.is_member_of(domain):
raise CommandError("%s can't access %s" % (user, domain))
with open(config_file, 'r', encoding='utf-8') as f:
config = ImporterConfig.from_json(f.read())
config.couch_user_id = user._id
with get_spreadsheet(export_file) as spreadsheet:
print(json.dumps(do_import(spreadsheet, config, domain),
default=json_handler))
print('finished in %s seconds' % (datetime.utcnow() - start).seconds)
def setUp(self):
self.domain = 'mockdomain'
all_logs = SMSLog.by_domain_asc(self.domain).all()
for log in all_logs:
log.delete()
self.user = '******'
self.password = '******'
self.number = 5555551234
try:
self.couch_user = WebUser.create(self.domain, self.user,
self.password)
except WebUser.Inconsistent:
self.couch_user = WebUser.get_by_username(self.user)
self.couch_user.add_phone_number(self.number)
self.couch_user.save()
self.dcs = '8'
self.message_ascii = 'It Works'
self.message_utf_hex = '0939093F0928094D092609400020091509300924093E00200939094800200907093800200938092E092F00200915093E092E002009390948003F'
def setUp(self):
self.database = FakeCouchDb()
self.user_orig_db = CommCareUser.get_db()
CommCareUser.set_db(self.database)
self.factory = RequestFactory()
domain = Domain.get_or_create_with_name(DOMAIN)
domain.is_active = True
domain.save()
self.domain = domain
user = WebUser.get_by_username('test')
if not user:
user = WebUser.create(domain.name, 'test', 'passwordtest', None,
None)
user.is_authenticated = True
user.is_superuser = True
user.is_authenticated = True
user.is_active = True
self.user = user
def _api_url(self, url, username=None):
if 'api_key' in url:
return url
username = username or self.username
api_key = self.api_key.key
if username != self.username:
web_user = WebUser.get_by_username(username)
api_key, _ = ApiKey.objects.get_or_create(user=WebUser.get_django_user(web_user))
api_key = api_key.key
api_params = urlencode({'username': username, 'api_key': api_key})
if "?" in url:
api_url = "%s&%s" % (url, api_params)
else:
api_url = "%s?%s" % (url, api_params)
return api_url
def leave_team(request, org, team_id):
username = request.POST.get("username", None)
if not username:
messages.error(request, "You must specify a member's email address")
else:
user = WebUser.get_by_username(username)
user.remove_from_team(org, team_id)
user.save()
messages.success(request,
render_to_string('orgs/partials/undo_leave_team.html',
{
"team_id": team_id,
"org": org,
"user": user
}),
extra_tags="html")
return HttpResponseRedirect(
reverse(request.POST.get('redirect_url', 'orgs_team_members'),
args=(org, team_id)))
def handle(self, email, **options):
web_user = WebUser.get_by_username(email)
if not web_user:
self.stdout.write(self.style.ERROR(
"User not does not exist on CommCare HQ."
))
return
blocked_domains = set(get_blocked_hubspot_domains())
user_domains = set(web_user.get_domains())
blocked_memberships = user_domains.intersection(blocked_domains)
if not blocked_memberships:
self.show_status_of_possibly_unblocked_user(email, blocked_domains)
else:
self.show_status_of_blocked_user(email, blocked_memberships)
self.display_first_conversion_status(email)
def send_autopay_failed(invoice, payment_method):
subscription = invoice.subscription
auto_payer = subscription.account.auto_pay_user
payment_method = StripePaymentMethod.objects.get(web_user=auto_payer)
autopay_card = payment_method.get_autopay_card(subscription.account)
web_user = WebUser.get_by_username(auto_payer)
if web_user:
recipient = web_user.get_email()
else:
recipient = auto_payer
domain = invoice.get_domain()
context = {
'domain':
domain,
'subscription_plan':
subscription.plan_version.plan.name,
'billing_date':
datetime.date.today(),
'invoice_number':
invoice.invoice_number,
'autopay_card':
autopay_card,
'domain_url':
absolute_reverse('dashboard_default', args=[domain]),
'billing_info_url':
absolute_reverse('domain_update_billing_info', args=[domain]),
'support_email':
settings.INVOICING_CONTACT_EMAIL,
}
template_html = 'accounting/autopay_failed_email.html'
template_plaintext = 'accounting/autopay_failed_email.txt'
send_HTML_email(
subject="Subscription Payment for CommCare Invoice %s was declined" %
invoice.invoice_number,
recipient=recipient,
html_content=render_to_string(template_html, context),
text_content=render_to_string(template_plaintext, context),
email_from=get_dimagi_from_email(),
)
def web_user_lookup(request):
template = "hqadmin/web_user_lookup.html"
web_user_email = request.GET.get("q")
if not web_user_email:
return render(request, template, {})
web_user = WebUser.get_by_username(web_user_email)
context = {
'audit_report_url': reverse('admin_report_dispatcher', args=('user_audit_report',))
}
if web_user is None:
messages.error(
request, "Sorry, no user found with email {}. Did you enter it correctly?".format(web_user_email)
)
else:
from django_otp import user_has_device
context['web_user'] = web_user
django_user = web_user.get_django_user()
context['has_two_factor'] = user_has_device(django_user)
return render(request, template, context)
