def web_user_sync(self, ilsgateway_webuser): email = ilsgateway_webuser.email.lower() if not email: try: validate_email(ilsgateway_webuser.username) email = ilsgateway_webuser.username except ValidationError: return None user = WebUser.get_by_username(email) user_dict = { 'first_name': ilsgateway_webuser.first_name, 'last_name': ilsgateway_webuser.last_name, 'is_active': ilsgateway_webuser.is_active, 'password_hashed': True, } location_id = None if ilsgateway_webuser.location: try: sql_location = SQLLocation.objects.get(domain=self.domain, external_id=ilsgateway_webuser.location) location_id = sql_location.location_id except SQLLocation.DoesNotExist: location_id = None if user is None: try: ils_sql_web_user = ILSGatewayWebUser.objects.get(external_id=ilsgateway_webuser.id) except ILSGatewayWebUser.DoesNotExist: ils_sql_web_user = None if ils_sql_web_user: # if user exists in db it means he was already migrated but he changed email in v1 old_email = ils_sql_web_user.email user = WebUser.get_by_username(old_email) if user: user.delete_domain_membership(self.domain) user.save() user = self._create_web_user(email, ilsgateway_webuser, location_id, user_dict) ils_sql_web_user.email = email ils_sql_web_user.save() return user else: user = self._create_web_user(email, ilsgateway_webuser, location_id, user_dict) else: self._edit_web_user(user, location_id) ilsgateway_webuser, _ = ILSGatewayWebUser.objects.get_or_create( external_id=ilsgateway_webuser.id, ) ilsgateway_webuser.email = email ilsgateway_webuser.save() return user
def test_basic_workflow(self): """ This should execute a basic transferring of domains. user will transfer a domain to muggle. user should be able to see status of transferred domain and muggle will accept transfer request. """ # Get the transfer request page resp = self.client.get(reverse(TransferDomainView.urlname, args=[self.domain.name])) self.assertEqual(resp.status_code, 200) self.assertEqual(type(resp.context['form']), TransferDomainForm, "Should get TransferRequestForm") form = resp.context['form'] form.data['domain'] = self.domain.name form.data['to_username'] = self.muggle.username # Post the form data resp = self.client.post(reverse(TransferDomainView.urlname, args=[self.domain.name]), form.data, follow=True) self.assertEqual(resp.status_code, 200) self.assertEqual(len(mail.outbox), 2, "Should send an email to both requester and requestee") transfer = TransferDomainRequest.objects.get(to_username=self.muggle.username, from_username=self.user.username, domain=self.domain.name) self.assertIsNotNone(transfer) self.assertIsNone(transfer.confirm_time) self.assertTrue(transfer.active) # Land on the activate transfer page self.client.login(username=self.muggle.username, password=self.password) resp = self.client.get(reverse('activate_transfer_domain', args=[transfer.transfer_guid]), follow=True) self.assertEqual(resp.status_code, 200) self.assertIsNotNone(resp.context['transfer']) # Finally accept the transfer mail.outbox = [] # Clear outbox resp = self.client.post(reverse('activate_transfer_domain', args=[transfer.transfer_guid]), follow=True) self.assertEqual(len(mail.outbox), 1, "Send an email to Dimagi to confirm") # Reload from DB user = WebUser.get_by_username(self.user.username) muggle = WebUser.get_by_username(self.muggle.username) transfer = TransferDomainRequest.objects.get(to_username=self.muggle.username, from_username=self.user.username, domain=self.domain.name) self.assertFalse(user.is_member_of(self.domain.name)) self.assertTrue(muggle.is_member_of(self.domain.name)) self.assertTrue(muggle.get_domain_membership(self.domain.name).is_admin) self.assertIsNotNone(transfer.confirm_time)
def activation_24hr_reminder_email(): """ Reminds inactive users registered 24 hrs ago to activate their account. """ request_reminders = RegistrationRequest.get_requests_24hrs_ago() DNS_name = get_site_domain() for request in request_reminders: user = WebUser.get_by_username(request.new_user_username) registration_link = 'http://' + DNS_name + reverse( 'registration_confirm_domain') + request.activation_guid + '/' email_context = { "domain": request.domain, "registration_link": registration_link, "full_name": user.full_name, "first_name": user.first_name, 'url_prefix': '' if settings.STATIC_CDN else 'http://' + DNS_name, } message_plaintext = render_to_string( 'registration/email/confirm_account_reminder.txt', email_context) message_html = render_to_string( 'registration/email/confirm_account.html', email_context) subject = ugettext('Reminder to Activate your CommCare project') send_html_email_async.delay( subject, request.new_user_username, message_html, text_content=message_plaintext, email_from=settings.DEFAULT_FROM_EMAIL )
def sync_ilsgateway_webuser(domain, ilsgateway_webuser): user = WebUser.get_by_username(ilsgateway_webuser.email.lower()) user_dict = { 'first_name': ilsgateway_webuser.first_name, 'last_name': ilsgateway_webuser.last_name, 'is_staff': ilsgateway_webuser.is_staff, 'is_active': ilsgateway_webuser.is_active, 'is_superuser': ilsgateway_webuser.is_superuser, 'last_login': force_to_datetime(ilsgateway_webuser.last_login), 'date_joined': force_to_datetime(ilsgateway_webuser.date_joined), 'password_hashed': True, } sp = SupplyPointCase.view('hqcase/by_domain_external_id', key=[domain, str(ilsgateway_webuser.location)], reduce=False, include_docs=True, limit=1).first() role_id = ilsgateway_webuser.role_id if hasattr(ilsgateway_webuser, 'role_id') else None location_id = sp.location_id if sp else None if user is None: try: user = WebUser.create(domain=None, username=ilsgateway_webuser.email.lower(), password=ilsgateway_webuser.password, email=ilsgateway_webuser.email, **user_dict) user.add_domain_membership(domain, role_id=role_id, location_id=location_id) user.save() except Exception as e: logging.error(e) else: if domain not in user.get_domains(): user.add_domain_membership(domain, role_id=role_id, location_id=location_id) user.save() return user
def rows(self): rows = [] web_users = [] offset = 1000 meta, chunk = self.endpoint.get_webusers(limit=1000) web_users.extend(chunk) while meta.get('next', False): meta, chunk = self.endpoint.get_webusers(offset=offset, limit=1000) offset += 1000 web_users.extend(chunk) for web_user in web_users: try: if not web_user.is_superuser and web_user.groups and web_user.groups[0].name == 'facility_manager': User.objects.get(username="******" % (web_user.username.lower(), self.domain)) else: user = User.objects.get(username__in=[web_user.username, web_user.email.lower()]) webuser = WebUser.get_by_username(user.username) if webuser: if self.domain not in webuser.get_domains(): raise User.DoesNotExist except User.DoesNotExist: rows.append([web_user.username, web_user.email, web_user.date_joined, web_user.is_active, False]) except User.MultipleObjectsReturned: pass return rows
def clean_to_username(self): username = self.cleaned_data['to_username'] if not WebUser.get_by_username(username): raise forms.ValidationError(TransferDomainFormErrors.USER_DNE) return username
def handle(self, username, **options): from corehq.apps.users.models import WebUser try: validate_email(username) except EmailSyntaxError: raise CommandError('Your username must be an email address') couch_user = WebUser.get_by_username(username) if couch_user: if not isinstance(couch_user, WebUser): raise CommandError('Username already in use by a non-web user') print("✓ User {} exists".format(couch_user.username)) else: password = self.get_password_from_user() couch_user = WebUser.create(None, username, password) print("→ User {} created".format(couch_user.username)) is_superuser_changed = not couch_user.is_superuser is_staff_changed = not couch_user.is_staff couch_user.is_superuser = True couch_user.is_staff = True if is_superuser_changed or is_staff_changed: couch_user.save() if is_superuser_changed: print("→ User {} is now a superuser".format(couch_user.username)) else: print("✓ User {} is a superuser".format(couch_user.username)) if is_staff_changed: print("→ User {} can now access django admin".format(couch_user.username)) else: print("✓ User {} can access django admin".format(couch_user.username))
def handle(self, *args, **options): from corehq.apps.users.models import WebUser if len(args) != 3: raise CommandError('Usage: manage.py bootstrap <domain> <email> <password>') domain_name, username, passwd = args domain = Domain.get_or_create_with_name(domain_name, is_active=True) couch_user = WebUser.get_by_username(username) membership = None if couch_user: if not isinstance(couch_user, WebUser): raise CommandError('Username already in use by a non-web user') membership = couch_user.get_domain_membership(domain_name) else: couch_user = WebUser.create(domain_name, username, passwd) if not membership: couch_user.add_domain_membership(domain_name, is_admin=True) couch_user.is_superuser = True couch_user.is_staff = True couch_user.save() print "user %s created and added to domain %s" % (couch_user.username, domain) if not getattr(settings, 'BASE_ADDRESS', None): print ("Warning: You must set BASE_ADDRESS setting " "in your localsettings.py file in order for commcare-hq " "to be able to generate absolute urls. " "This is necessary for a number of features.")
def send_autopay_failed(invoice, payment_method): subscription = invoice.subscription auto_payer = subscription.account.auto_pay_user payment_method = StripePaymentMethod.objects.get(web_user=auto_payer) autopay_card = payment_method.get_autopay_card(subscription.account) try: recipient = WebUser.get_by_username(auto_payer).get_email() except ResourceNotFound: recipient = auto_payer domain = invoice.get_domain() context = { 'domain': domain, 'subscription_plan': subscription.plan_version.plan.name, 'billing_date': datetime.date.today(), 'invoice_number': invoice.invoice_number, 'autopay_card': autopay_card, 'domain_url': absolute_reverse('dashboard_default', args=[domain]), 'billing_info_url': absolute_reverse('domain_update_billing_info', args=[domain]), 'support_email': settings.INVOICING_CONTACT_EMAIL, } template_html = 'accounting/autopay_failed_email.html' template_plaintext = 'accounting/autopay_failed_email.txt' send_HTML_email( subject="Subscription Payment for CommCare Invoice %s was declined" % invoice.invoice_number, recipient=recipient, html_content=render_to_string(template_html, context), text_content=render_to_string(template_plaintext, context), email_from=get_dimagi_from_email_by_product(subscription.plan_version.product_rate.product.product_type), )
def send_purchase_receipt(payment_record, domain, template_html, template_plaintext, additional_context): username = payment_record.payment_method.web_user try: web_user = WebUser.get_by_username(username) email = web_user.get_email() name = web_user.first_name except ResourceNotFound: log_accounting_error( "Strange. A payment attempt was made by a user that " "we can't seem to find! %s" % username, show_stack_trace=True, ) name = email = username context = { 'name': name, 'amount': fmt_dollar_amount(payment_record.amount), 'project': domain, 'date_paid': payment_record.date_created.strftime(USER_DATE_FORMAT), 'transaction_id': payment_record.public_transaction_id, } context.update(additional_context) email_html = render_to_string(template_html, context) email_plaintext = render_to_string(template_plaintext, context) send_HTML_email( ugettext("Payment Received - Thank You!"), email, email_html, text_content=email_plaintext, email_from=get_dimagi_from_email(), )
def obj_get_list(self, bundle, **kwargs): domain = kwargs['domain'] username = bundle.request.GET.get('username') if username: user = WebUser.get_by_username(username) return [user] if user else [] return list(WebUser.by_domain(domain))
def _get_custom_context(self): api_root = reverse('api_dispatch_list', kwargs={'domain': self.domain, 'resource_name': 'location', 'api_name': 'v0.3'}) selected_loc_id = self.request.GET.get('location_id') user = WebUser.get_by_username(str(self.request.user)) domain = Domain.get_by_name(self.domain) context = {} from corehq.apps.commtrack.util import is_commtrack_location if is_commtrack_location(user, domain): selected_loc_id = user.location_id if domain.location_restriction_for_users: context.update({'restriction': domain.location_restriction_for_users}) context.update({ 'api_root': api_root, 'control_name': self.name, 'control_slug': self.slug, 'loc_id': selected_loc_id, 'locations': json.dumps(load_locs_json(self.domain, selected_loc_id)), 'hierarchy': location_hierarchy_config(self.domain), }) return context
def send_purchase_receipt(payment_record, core_product, template_html, template_plaintext, additional_context): email = payment_record.payment_method.billing_admin.web_user try: web_user = WebUser.get_by_username(email) name = web_user.first_name except ResourceNotFound: logger.error( "[BILLING] Strange. A payment attempt was made by a user that " "we can't seem to find! %s" % email ) name = email context = { 'name': name, 'amount': fmt_dollar_amount(payment_record.amount), 'project': payment_record.payment_method.billing_admin.domain, 'date_paid': payment_record.date_created.strftime('%d %B %Y'), 'product': core_product, 'transaction_id': payment_record.public_transaction_id, } context.update(additional_context) email_html = render_to_string(template_html, context) email_plaintext = render_to_string(template_plaintext, context) send_HTML_email( ugettext("Payment Received - Thank You!"), email, email_html, text_content=email_plaintext, email_from=get_dimagi_from_email_by_product(core_product), )
def test_create(self): self.client.login(username=self.username, password=self.password) user_json = { "username":"******", "password":"******", "email":"*****@*****.**", "first_name":"Joe", "is_admin": True, "last_name":"Admin", "permissions":{ "edit_apps":True, "edit_commcare_users":True, "edit_data":True, "edit_web_users":True, "view_reports":True }, "phone_numbers":[ ], "role":"admin" } response = self.client.post(self.list_endpoint, simplejson.dumps(user_json), content_type='application/json') self.assertEqual(response.status_code, 201) user_back = WebUser.get_by_username("test_1234") self.assertEqual(user_back.username, "test_1234") self.assertEqual(user_back.first_name, "Joe") self.assertEqual(user_back.last_name, "Admin") self.assertEqual(user_back.email, "*****@*****.**") user_back.delete()
def _check_report(self, report, reports, day, interval): if report.report not in EmailSettingsSync.REPORT_MAP or not report.users: return False username = report.users[0].lower() location_code = report.view_args.split()[1][1:-2] desc = "Report not migrated; " report_tuple = (username, day, report.hours, location_code, EmailSettingsSync.REPORT_MAP[report.report], interval) external_id = '{}-{}-{}-{}-{}-{}'.format(*report_tuple) if report_tuple not in reports: web_user = WebUser.get_by_username(username) if not web_user or self.domain not in web_user.domains: desc += 'User {} is not active; '.format(username) try: sql_location = SQLLocation.objects.get(domain=self.domain, site_code=location_code) if sql_location.is_archived: desc += 'Location {} is not active; '.format(location_code) except SQLLocation.DoesNotExist: desc += 'Location {} does not exist; '.format(location_code) migration_problem, _ = EWSMigrationProblem.objects.get_or_create( domain=self.domain, object_id=username, object_type='email_report', external_id=external_id ) migration_problem.description = desc migration_problem.save() return True
def web_user_sync(self, ews_webuser): username = ews_webuser.email.lower() if not username: try: validate_email(ews_webuser.username) username = ews_webuser.username except ValidationError: return None user = WebUser.get_by_username(username) user_dict = { 'first_name': ews_webuser.first_name, 'last_name': ews_webuser.last_name, 'is_active': ews_webuser.is_active, 'last_login': force_to_datetime(ews_webuser.last_login), 'date_joined': force_to_datetime(ews_webuser.date_joined), 'password_hashed': True, } location_id = None if ews_webuser.location: try: location = SQLLocation.objects.get(domain=self.domain, external_id=ews_webuser.location) location_id = location.location_id except SQLLocation.DoesNotExist: pass if user is None: try: user = WebUser.create(domain=None, username=username, password=ews_webuser.password, email=ews_webuser.email, **user_dict) user.add_domain_membership(self.domain, location_id=location_id) except Exception as e: logging.error(e) else: if self.domain not in user.get_domains(): user.add_domain_membership(self.domain, location_id=location_id) ews_webuser_extension(user, ews_webuser) dm = user.get_domain_membership(self.domain) if dm.location_id != location_id: dm.location_id = location_id if ews_webuser.is_superuser: dm.role_id = UserRole.by_domain_and_name(self.domain, 'Administrator')[0].get_id elif ews_webuser.groups and ews_webuser.groups[0].name == 'facility_manager': dm.role_id = UserRole.by_domain_and_name(self.domain, 'Facility manager')[0].get_id else: if ews_webuser.supply_point: supply_point = get_supply_point_case_by_domain_external_id(self.domain, ews_webuser.supply_point) if supply_point: dm.location_id = supply_point.location_id dm.role_id = UserRole.by_domain_and_name(self.domain, 'Web Reporter')[0].get_id else: dm.role_id = UserRole.get_read_only_role_by_domain(self.domain).get_id else: dm.role_id = UserRole.get_read_only_role_by_domain(self.domain).get_id user.save() return user
def update_params(self): self.selected = self.request.GET.get('program') user = WebUser.get_by_username(str(self.request.user)) if not self.selected and self.selected != '': self.selected = user.program_id self.programs = Program.by_domain(self.domain) opts = [dict(val=program.get_id, text=program.name) for program in self.programs] self.options = opts
def tearDown(self): user = WebUser.get_by_username(self.username) if user: user.delete() domain_obj = Domain.get_by_name(self.domain) if domain_obj: domain_obj.delete()
def confirm_domain(request, guid=None): error = None # Did we get a guid? if guid is None: error = _('An account activation key was not provided. If you think this ' 'is an error, please contact the system administrator.') # Does guid exist in the system? else: req = RegistrationRequest.get_by_guid(guid) if not req: error = _('The account activation key "%s" provided is invalid. If you ' 'think this is an error, please contact the system ' 'administrator.') % guid if error is not None: context = { 'message_body': error, 'current_page': {'page_name': 'Account Not Activated'}, } return render(request, 'registration/confirmation_error.html', context) requested_domain = Domain.get_by_name(req.domain) # Has guid already been confirmed? if requested_domain.is_active: assert(req.confirm_time is not None and req.confirm_ip is not None) messages.success(request, 'Your account %s has already been activated. ' 'No further validation is required.' % req.new_user_username) return HttpResponseRedirect(reverse("dashboard_default", args=[requested_domain])) # Set confirm time and IP; activate domain and new user who is in the req.confirm_time = datetime.utcnow() req.confirm_ip = get_ip(request) req.save() requested_domain.is_active = True requested_domain.save() requesting_user = WebUser.get_by_username(req.new_user_username) send_new_request_update_email(requesting_user, get_ip(request), requested_domain.name, is_confirming=True) messages.success(request, 'Your account has been successfully activated. Thank you for taking ' 'the time to confirm your email address: %s.' % (requesting_user.username)) track_workflow(requesting_user.email, "Confirmed new project") track_confirmed_account_on_hubspot.delay(requesting_user) url = reverse("dashboard_default", args=[requested_domain]) # If user already created an app (via prelogin demo), send them there apps = get_apps_in_domain(requested_domain.name, include_remote=False) if len(apps) == 1: app = apps[0] if len(app.modules) == 1 and len(app.modules[0].forms) == 1: url = reverse('form_source', args=[requested_domain.name, app.id, 0, 0]) return HttpResponseRedirect(url)
def delete_web_user(): if settings.SERVER_ENVIRONMENT == 'production': for username in [ 'create_growth' + '@' + 'outlook.com', 'growth-analytics' + '@' + 'outlook.com', ]: web_user = WebUser.get_by_username(username) if web_user: web_user.delete()
def join_team(request, org, team_id): username = request.POST.get("username", None) if not username: messages.error(request, "You must specify a member's email address") else: user = WebUser.get_by_username(username) user.add_to_team(org, team_id) user.save() return HttpResponseRedirect(reverse(request.POST.get('redirect_url', 'orgs_team_members'), args=(org, team_id)))
def clean_billing_account_admins(self): billing_account_admins = self.cleaned_data['billing_account_admins'] if billing_account_admins != '': invalid_emails = [] for email in billing_account_admins.split(','): email_no_whitespace = email.strip() if WebUser.get_by_username(email_no_whitespace) is None: invalid_emails.append("'%s'" % email_no_whitespace) if len(invalid_emails) != 0: raise ValidationError("Invalid emails: %s" % ', '.join(invalid_emails)) return billing_account_admins
def arbitrary_web_user(save=True, is_dimagi=False): domain = data_gen.arbitrary_unique_name().lower()[:25] username = "******" % (data_gen.arbitrary_username(), 'dimagi' if is_dimagi else 'gmail') try: web_user = WebUser.create(domain, username, 'test123') except Exception: web_user = WebUser.get_by_username(username) web_user.is_active = True if save: web_user.save() return web_user
def leave_team(request, org, team_id): username = request.POST.get("username", None) if not username: messages.error(request, "You must specify a member's email address") else: user = WebUser.get_by_username(username) user.remove_from_team(org, team_id) user.save() messages.success(request, render_to_string('orgs/partials/undo_leave_team.html', {"team_id": team_id, "org": org, "user": user}), extra_tags="html") return HttpResponseRedirect(reverse(request.POST.get('redirect_url', 'orgs_team_members'), args=(org, team_id)))
def test_create_with_preset_role(self): user_json = deepcopy(self.default_user_json) user_json["role"] = "Field Implementer" user_json["is_admin"] = False response = self._assert_auth_post_resource(self.list_endpoint, json.dumps(user_json), content_type='application/json') self.assertEqual(response.status_code, 201) user_back = WebUser.get_by_username("test_1234") self.assertEqual(user_back.role, 'Field Implementer') user_back.delete()
def test_upload_edit_web_user(self): username = '******' web_user = WebUser.create(self.domain.name, username, 'password', None, None) import_users_and_groups( self.domain.name, [self._get_spec(web_user='******', role=self.role.name)], [], self.uploading_user, mock.MagicMock() ) web_user = WebUser.get_by_username(username) self.assertEqual(web_user.get_role(self.domain.name).name, self.role.name)
def test_remove_web_user(self): username = '******' web_user = WebUser.create(self.domain.name, username, 'password', None, None) import_users_and_groups( self.domain.name, [self._get_spec(web_user='******', remove_web_user='******')], [], self.uploading_user, mock.MagicMock() ) web_user = WebUser.get_by_username(username) self.assertFalse(web_user.is_member_of(self.domain.name))
def arbitrary_web_user(save=True, is_dimagi=False): domain = data_gen.arbitrary_unique_name().lower()[:25] username = "******" % (data_gen.arbitrary_username(), 'dimagi' if is_dimagi else 'gmail') try: web_user = WebUser.create(domain, username, 'test123') except Exception: web_user = WebUser.get_by_username(username) web_user.is_active = True if save: web_user.save() return web_user
def arbitrary_web_user(save=True, is_dimagi=False): domain = Domain(name=unique_name()[:25]) domain.save() username = "******" % (unique_name(), "dimagi" if is_dimagi else "gmail") try: web_user = WebUser.create(domain.name, username, "test123") except Exception: web_user = WebUser.get_by_username(username) web_user.is_active = True if save: web_user.save() return web_user
def _create_new_account(self, reg_form): activate_new_user(reg_form, ip=get_ip(self.request)) new_user = authenticate(username=reg_form.cleaned_data['email'], password=reg_form.cleaned_data['password']) if 'phone_number' in reg_form.cleaned_data and reg_form.cleaned_data[ 'phone_number']: web_user = WebUser.get_by_username(new_user.username) web_user.phone_numbers.append( reg_form.cleaned_data['phone_number']) web_user.save() track_workflow(new_user.email, "Requested new account") login(self.request, new_user)
def confirm_domain(request, guid=''): with CriticalSection(['confirm_domain_' + guid]): error = None # Did we get a guid? if not guid: error = _('An account activation key was not provided. If you think this ' 'is an error, please contact the system administrator.') # Does guid exist in the system? else: req = RegistrationRequest.get_by_guid(guid) if not req: error = _('The account activation key "%s" provided is invalid. If you ' 'think this is an error, please contact the system ' 'administrator.') % guid if error is not None: context = { 'message_body': error, 'current_page': {'page_name': 'Account Not Activated'}, } return render(request, 'registration/confirmation_error.html', context) requested_domain = Domain.get_by_name(req.domain) view_name = "dashboard_default" view_args = [requested_domain.name] # Has guid already been confirmed? if requested_domain.is_active: assert(req.confirm_time is not None and req.confirm_ip is not None) messages.success(request, 'Your account %s has already been activated. ' 'No further validation is required.' % req.new_user_username) return HttpResponseRedirect(reverse(view_name, args=view_args)) # Set confirm time and IP; activate domain and new user who is in the req.confirm_time = datetime.utcnow() req.confirm_ip = get_ip(request) req.save() requested_domain.is_active = True requested_domain.save() requesting_user = WebUser.get_by_username(req.new_user_username) send_new_request_update_email(requesting_user, get_ip(request), requested_domain.name, is_confirming=True) messages.success(request, 'Your account has been successfully activated. Thank you for taking ' 'the time to confirm your email address: %s.' % (requesting_user.username)) track_workflow(requesting_user.email, "Confirmed new project") track_confirmed_account_on_hubspot.delay(requesting_user) request.session['CONFIRM'] = True return HttpResponseRedirect(reverse(view_name, args=view_args))
def authenticate(self, request, username, idp_slug, is_handshake_successful): if not (request and username and idp_slug and is_handshake_successful): return None try: identity_provider = IdentityProvider.objects.get(slug=idp_slug) except IdentityProvider.DoesNotExist: # not sure how we would even get here, but just in case request.sso_login_error = f"Identity Provider {idp_slug} does not exist." return None if not identity_provider.is_active: request.sso_login_error = f"This Identity Provider {idp_slug} is not active." return None email_domain = get_email_domain_from_username(username) if not email_domain: # not a valid username request.sso_login_error = f"Username {username} is not valid." return None if not AuthenticatedEmailDomain.objects.filter( email_domain=email_domain, identity_provider=identity_provider ).exists(): # if this user's email domain is not authorized by this identity # do not continue with authentication request.sso_login_error = ( f"The Email Domain {email_domain} is not allowed to " f"authenticate with this Identity Provider ({idp_slug})." ) return None async_signup = AsyncSignupRequest.get_by_username(username) # because the django messages middleware is not yet available... request.sso_new_user_messages = { 'success': [], 'error': [], } try: user = User.objects.get(username=username) is_new_user = False web_user = WebUser.get_by_username(username) except User.DoesNotExist: user, web_user = self._create_new_user(request, username, async_signup) is_new_user = True if async_signup and async_signup.invitation: self._process_invitation(request, async_signup.invitation, web_user, is_new_user) request.sso_login_error = None return user
def test_create_with_preset_role(self): user_json = deepcopy(self.default_user_json) user_json["role"] = "Field Implementer" user_json["is_admin"] = False response = self._assert_auth_post_resource( self.list_endpoint, json.dumps(user_json), content_type='application/json') self.assertEqual(response.status_code, 201) user_back = WebUser.get_by_username("test_1234") self.assertEqual(user_back.role, 'Field Implementer') user_back.delete(deleted_by=None)
def web_user_sync(self, ilsgateway_webuser): username = ilsgateway_webuser.email.lower() if not username: try: validate_email(ilsgateway_webuser.username) username = ilsgateway_webuser.username except ValidationError: return None user = WebUser.get_by_username(username) user_dict = { 'first_name': ilsgateway_webuser.first_name, 'last_name': ilsgateway_webuser.last_name, 'is_active': ilsgateway_webuser.is_active, # I don't know why sample_webusers.json has these in a number o # different formats, w/ and w/o 'T', with timezone offset, etc # I do not know how timezones are meant to be handled, so I am # conservatively keeping the behavior the same by explicitly # stripping the timezone with no conversion # todo: this is almost certainly not what was intended 'last_login': force_to_datetime(ilsgateway_webuser.last_login).replace(tzinfo=None), 'date_joined': force_to_datetime(ilsgateway_webuser.date_joined).replace(tzinfo=None), 'password_hashed': True, } location_id = None if ilsgateway_webuser.location: try: sql_location = SQLLocation.objects.get(domain=self.domain, external_id=ilsgateway_webuser.location) location_id = sql_location.location_id except SQLLocation.DoesNotExist: location_id = None if user is None: try: user = WebUser.create(domain=None, username=username, password=ilsgateway_webuser.password, email=ilsgateway_webuser.email.lower(), **user_dict) user.add_domain_membership(self.domain, location_id=location_id) user.save() except Exception as e: if settings.UNIT_TESTING: raise logging.error(e) else: if self.domain not in user.get_domains(): user.add_domain_membership(self.domain, location_id=location_id) user.save() else: dm = user.get_domain_membership(self.domain) if dm.location_id != location_id: dm.location_id = location_id user.save() return user
def _create_new_account(self, reg_form, additional_hubspot_data=None): activate_new_user_via_reg_form(reg_form, created_by=None, created_via=USER_CHANGE_VIA_WEB, ip=get_ip(self.request)) new_user = authenticate(username=reg_form.cleaned_data['email'], password=reg_form.cleaned_data['password'], request=self.request) web_user = WebUser.get_by_username(new_user.username, strict=True) if 'phone_number' in reg_form.cleaned_data and reg_form.cleaned_data[ 'phone_number']: web_user.phone_numbers.append( reg_form.cleaned_data['phone_number']) web_user.save() if settings.IS_SAAS_ENVIRONMENT: email = new_user.email # registration analytics # only do anything with this in a SAAS environment persona = reg_form.cleaned_data['persona'] persona_other = reg_form.cleaned_data['persona_other'] track_workflow(email, "Requested New Account", { 'environment': settings.SERVER_ENVIRONMENT, }) track_workflow(email, "Persona Field Filled Out", { 'personachoice': persona, 'personaother': persona_other, }) if not additional_hubspot_data: additional_hubspot_data = {} additional_hubspot_data.update({ 'buyer_persona': persona, 'buyer_persona_other': persona_other, }) track_web_user_registration_hubspot(self.request, web_user, additional_hubspot_data) if not persona or (persona == 'Other' and not persona_other): # There shouldn't be many instances of this. _assert = soft_assert('@'.join(['bbuczyk', 'dimagi.com']), exponential_backoff=False) _assert( False, "[BAD PERSONA DATA] Persona fields during " "login submitted empty. User: {}".format(email)) login(self.request, new_user)
def test_create_with_custom_role(self): new_user_role = UserRole.get_or_create_with_permissions( self.domain.name, Permissions(edit_apps=True, view_reports=True), 'awesomeness') user_json = deepcopy(self.default_user_json) user_json["role"] = new_user_role.name user_json["is_admin"] = False response = self._assert_auth_post_resource(self.list_endpoint, json.dumps(user_json), content_type='application/json') self.assertEqual(response.status_code, 201) user_back = WebUser.get_by_username("test_1234") self.assertEqual(user_back.role, new_user_role.name) user_back.delete(deleted_by=None)
def test_create_with_custom_role(self): new_user_role = UserRole.get_or_create_with_permissions( self.domain.name, Permissions(edit_apps=True, view_reports=True), 'awesomeness') user_json = deepcopy(self.default_user_json) user_json["role"] = new_user_role.name user_json["is_admin"] = False response = self._assert_auth_post_resource(self.list_endpoint, json.dumps(user_json), content_type='application/json') self.assertEqual(response.status_code, 201) user_back = WebUser.get_by_username("test_1234") self.assertEqual(user_back.role, new_user_role.name) user_back.delete()
def test_create(self): user_json = deepcopy(self.default_user_json) response = self._assert_auth_post_resource(self.list_endpoint, json.dumps(user_json), content_type='application/json') self.assertEqual(response.status_code, 201) user_back = WebUser.get_by_username("test_1234") self.assertEqual(user_back.username, "test_1234") self.assertEqual(user_back.first_name, "Joe") self.assertEqual(user_back.last_name, "Admin") self.assertEqual(user_back.email, "*****@*****.**") self.assertTrue(user_back.is_domain_admin(self.domain.name)) user_back.delete(deleted_by=None)
def _get_api_key_auth_headers(self, headers=None, username=None): if headers and 'HTTP_AUTHORIZATION' in headers: return {} username = username or self.username api_key = self.api_key.key if username != self.username: web_user = WebUser.get_by_username(username) api_key, _ = HQApiKey.objects.get_or_create( user=WebUser.get_django_user(web_user)) api_key = api_key.key return {'HTTP_AUTHORIZATION': f'apikey {username}:{api_key}'}
def test_remove_user(self): self.setup_users() username = '******' WebUser.create(self.domain.name, username, 'password', None, None) import_users_and_groups( self.domain.name, [self._get_spec(username='******', remove='True')], [], self.uploading_user, mock.MagicMock(), True) web_user = WebUser.get_by_username(username) self.assertFalse(web_user.is_member_of(self.domain.name)) self.assertIsNone( Invitation.objects.filter(domain=self.domain_name, email=username).first())
def update_params(self): self.selected = self.request.GET.get('program') user = WebUser.get_by_username(str(self.request.user)) if not self.selected and \ self.selected != '' and \ user.get_domain_membership(self.domain): self.selected = user.get_domain_membership(self.domain).program_id self.programs = Program.by_domain(self.domain) opts = [ dict(val=program.get_id, text=program.name) for program in self.programs ] self.options = opts
def test_upload_add_web_user(self, mock_invitation_class): username = '******' web_user = WebUser.create(self.other_domain.name, username, 'password', None, None) mock_invite = mock_invitation_class.return_value import_users_and_groups(self.domain.name, [ self._get_spec(web_user='******', is_account_confirmed='True', role=self.role.name) ], [], self.uploading_user, mock.MagicMock()) web_user = WebUser.get_by_username(username) self.assertFalse(mock_invite.send_activation_email.called) self.assertTrue(web_user.is_member_of(self.domain.name))
def web_user_lookup(request): template = "hqadmin/web_user_lookup.html" web_user_email = request.GET.get("q") if not web_user_email: return render(request, template, {}) web_user = WebUser.get_by_username(web_user_email) if web_user is None: messages.error( request, "Sorry, no user found with email {}. Did you enter it correctly?". format(web_user_email)) return render(request, template, {'web_user': web_user})
def test_create(self): user_json = deepcopy(self.default_user_json) response = self._assert_auth_post_resource(self.list_endpoint, json.dumps(user_json), content_type='application/json') self.assertEqual(response.status_code, 201) user_back = WebUser.get_by_username("test_1234") self.assertEqual(user_back.username, "test_1234") self.assertEqual(user_back.first_name, "Joe") self.assertEqual(user_back.last_name, "Admin") self.assertEqual(user_back.email, "*****@*****.**") self.assertTrue(user_back.is_domain_admin(self.domain.name)) user_back.delete()
def was_user_created_after(username, checkpoint): """ Return true if user was created after checkpoint :param username: Web User username (string). :param checkpoint: datetime object. """ from corehq.apps.users.models import WebUser user = WebUser.get_by_username(username) return ( user is not None and user.created_on is not None and user.created_on > checkpoint )
def _create_new_account(self, reg_form, additional_hubspot_data=None): activate_new_user(reg_form, ip=get_ip(self.request)) new_user = authenticate( username=reg_form.cleaned_data['email'], password=reg_form.cleaned_data['password'] ) web_user = WebUser.get_by_username(new_user.username, strict=True) if 'phone_number' in reg_form.cleaned_data and reg_form.cleaned_data['phone_number']: web_user.phone_numbers.append(reg_form.cleaned_data['phone_number']) web_user.save() if settings.IS_SAAS_ENVIRONMENT: email = new_user.email # registration analytics # only do anything with this in a SAAS environment persona = reg_form.cleaned_data['persona'] persona_other = reg_form.cleaned_data['persona_other'] track_workflow(email, "Requested New Account", { 'environment': settings.SERVER_ENVIRONMENT, }) track_workflow(email, "Persona Field Filled Out", { 'personachoice': persona, 'personaother': persona_other, }) if not additional_hubspot_data: additional_hubspot_data = {} additional_hubspot_data.update({ 'buyer_persona': persona, 'buyer_persona_other': persona_other, }) track_web_user_registration_hubspot( self.request, web_user, additional_hubspot_data ) if not persona or (persona == 'Other' and not persona_other): # There shouldn't be many instances of this. _assert = soft_assert('@'.join(['bbuczyk', 'dimagi.com']), exponential_backoff=False) _assert( False, "[BAD PERSONA DATA] Persona fields during " "login submitted empty. User: {}".format(email) ) login(self.request, new_user)
def setUp(self): self.factory = RequestFactory() domain = Domain.get_or_create_with_name('test-pna') domain.is_active = True domain.save() self.domain = domain user = WebUser.get_by_username('test') if not user: user = WebUser.create(domain.name, 'test', 'passwordtest') user.is_authenticated = True user.is_superuser = True user.is_authenticated = True user.is_active = True self.user = user
def register_new_user(self, data): reg_form = RegisterWebUserForm( data['data'], show_number=( self.ab.version == ab_tests.NEW_USER_NUMBER_OPTION_SHOW_NUM)) if reg_form.is_valid(): self._create_new_account(reg_form) try: requested_domain = request_new_domain(self.request, reg_form, is_new_user=True) # If user created a form via prelogin demo, create an app for them if reg_form.cleaned_data['xform']: lang = 'en' app = Application.new_app(requested_domain, "Untitled Application") module = Module.new_module(_("Untitled Module"), lang) app.add_module(module) save_xform(app, app.new_form(0, "Untitled Form", lang), reg_form.cleaned_data['xform']) app.save() web_user = WebUser.get_by_username( reg_form.cleaned_data['email']) if web_user: update_hubspot_properties(web_user, { 'signup_via_demo': 'yes', }) except NameUnavailableException: # technically, the form should never reach this as names are # auto-generated now. But, just in case... logging.error( "There as an issue generating a unique domain name " "for a user during new registration.") return { 'errors': { 'project name unavailable': [], } } return { 'success': True, } logging.error( "There was an error processing a new user registration form." "This shouldn't happen as validation should be top-notch " "client-side. Here is what the errors are: {}".format( reg_form.errors)) return { 'errors': reg_form.errors, }
def tearDownClass(cls): AuthenticatedEmailDomain.objects.all().delete() IdentityProvider.objects.all().delete() cls.user.delete(None) # cleanup "new" users for username in [ '*****@*****.**', '*****@*****.**', '*****@*****.**' ]: web_user = WebUser.get_by_username(username) if web_user: web_user.delete(None) cls.domain.delete() cls.account.delete() super().tearDownClass()
def setUpClass(cls): super().setUpClass() cls.factory = RequestFactory() # gets created + removed in package level setup / teardown domain = Domain.get_or_create_with_name('test-pna') domain.is_active = True domain.save() cls.domain = domain user = WebUser.get_by_username('test') if not user: user = WebUser.create(domain.name, 'test', 'passwordtest', None, None) user.is_authenticated = True user.is_superuser = True user.is_authenticated = True user.is_active = True cls.user = user
def handle(self, username, **options): if not settings.ALLOW_MAKE_SUPERUSER_COMMAND: from dimagi.utils.web import get_site_domain raise CommandError( f"""You cannot run this command in SaaS Enviornments. Use https://{get_site_domain()}/hq/admin/superuser_management/ for granting superuser permissions""" ) from corehq.apps.users.models import WebUser try: validate_email(username) except EmailSyntaxError: raise CommandError('Your username must be an email address') couch_user = WebUser.get_by_username(username) if couch_user: if not isinstance(couch_user, WebUser): raise CommandError('Username already in use by a non-web user') logger.info("✓ User {} exists".format(couch_user.username)) else: password = self.get_password_from_user() couch_user = WebUser.create(None, username, password, created_by=None, created_via=__name__, by_domain_required_for_log=False) logger.info("→ User {} created".format(couch_user.username)) is_superuser_changed = not couch_user.is_superuser is_staff_changed = not couch_user.is_staff couch_user.is_superuser = True couch_user.is_staff = True if is_superuser_changed or is_staff_changed: couch_user.save() if is_superuser_changed: logger.info("→ User {} is now a superuser".format( couch_user.username)) else: logger.info("✓ User {} is a superuser".format(couch_user.username)) if is_staff_changed: logger.info("→ User {} can now access django admin".format( couch_user.username)) else: logger.info("✓ User {} can access django admin".format( couch_user.username))
def is_permitted_to_restore(domain, couch_user, as_user, has_data_cleanup_privelege): """ This function determines if the couch_user is permitted to restore for the domain and/or as_user :param domain: Domain of restore :param couch_user: The couch user attempting authentication :param as_user: a string <user>@<domain> that the couch_user is attempting to get a restore for. If None will get restore of the couch_user. :param has_data_cleanup_privelege: Whether the user has permissions to do DATA_CLEANUP :returns: a tuple - first a boolean if the user is permitted, secondly a message explaining why a user was rejected if not permitted """ message = None if couch_user.is_commcare_user() and domain != couch_user.domain: message = u"{} was not in the domain {}".format( couch_user.username, domain) elif couch_user.is_web_user( ) and domain not in couch_user.domains and not couch_user.is_superuser: message = u"{} was not in the domain {}".format( couch_user.username, domain) elif (couch_user.is_web_user() and couch_user.is_member_of(domain) and as_user is not None): if not has_data_cleanup_privelege and not couch_user.is_superuser: message = u"{} does not have permissions to restore as {}".format( couch_user.username, as_user, ) try: username = as_user.split('@')[0] user_domain = as_user.split('@')[1] except IndexError: message = u"Invalid to restore user {}. Format is <user>@<domain>".format( as_user) else: if user_domain != domain: # In this case we may be dealing with a WebUser user = WebUser.get_by_username(as_user) if user and user.is_member_of(domain): message = None else: message = u"{} was not in the domain {}".format( username, domain) return message is None, message
def handle(self, export_file, config_file, domain, user_id, **options): start = datetime.utcnow() if '@' in user_id: user = WebUser.get_by_username(user_id) else: user = WebUser.get(user_id) if not user.is_member_of(domain): raise CommandError("%s can't access %s" % (user, domain)) with open(config_file, 'r', encoding='utf-8') as f: config = ImporterConfig.from_json(f.read()) config.couch_user_id = user._id with get_spreadsheet(export_file) as spreadsheet: print(json.dumps(do_import(spreadsheet, config, domain), default=json_handler)) print('finished in %s seconds' % (datetime.utcnow() - start).seconds)
def setUp(self): self.domain = 'mockdomain' all_logs = SMSLog.by_domain_asc(self.domain).all() for log in all_logs: log.delete() self.user = '******' self.password = '******' self.number = 5555551234 try: self.couch_user = WebUser.create(self.domain, self.user, self.password) except WebUser.Inconsistent: self.couch_user = WebUser.get_by_username(self.user) self.couch_user.add_phone_number(self.number) self.couch_user.save() self.dcs = '8' self.message_ascii = 'It Works' self.message_utf_hex = '0939093F0928094D092609400020091509300924093E00200939094800200907093800200938092E092F00200915093E092E002009390948003F'
def setUp(self): self.database = FakeCouchDb() self.user_orig_db = CommCareUser.get_db() CommCareUser.set_db(self.database) self.factory = RequestFactory() domain = Domain.get_or_create_with_name(DOMAIN) domain.is_active = True domain.save() self.domain = domain user = WebUser.get_by_username('test') if not user: user = WebUser.create(domain.name, 'test', 'passwordtest', None, None) user.is_authenticated = True user.is_superuser = True user.is_authenticated = True user.is_active = True self.user = user
def _api_url(self, url, username=None): if 'api_key' in url: return url username = username or self.username api_key = self.api_key.key if username != self.username: web_user = WebUser.get_by_username(username) api_key, _ = ApiKey.objects.get_or_create(user=WebUser.get_django_user(web_user)) api_key = api_key.key api_params = urlencode({'username': username, 'api_key': api_key}) if "?" in url: api_url = "%s&%s" % (url, api_params) else: api_url = "%s?%s" % (url, api_params) return api_url
def leave_team(request, org, team_id): username = request.POST.get("username", None) if not username: messages.error(request, "You must specify a member's email address") else: user = WebUser.get_by_username(username) user.remove_from_team(org, team_id) user.save() messages.success(request, render_to_string('orgs/partials/undo_leave_team.html', { "team_id": team_id, "org": org, "user": user }), extra_tags="html") return HttpResponseRedirect( reverse(request.POST.get('redirect_url', 'orgs_team_members'), args=(org, team_id)))
def handle(self, email, **options): web_user = WebUser.get_by_username(email) if not web_user: self.stdout.write(self.style.ERROR( "User not does not exist on CommCare HQ." )) return blocked_domains = set(get_blocked_hubspot_domains()) user_domains = set(web_user.get_domains()) blocked_memberships = user_domains.intersection(blocked_domains) if not blocked_memberships: self.show_status_of_possibly_unblocked_user(email, blocked_domains) else: self.show_status_of_blocked_user(email, blocked_memberships) self.display_first_conversion_status(email)
def send_autopay_failed(invoice, payment_method): subscription = invoice.subscription auto_payer = subscription.account.auto_pay_user payment_method = StripePaymentMethod.objects.get(web_user=auto_payer) autopay_card = payment_method.get_autopay_card(subscription.account) web_user = WebUser.get_by_username(auto_payer) if web_user: recipient = web_user.get_email() else: recipient = auto_payer domain = invoice.get_domain() context = { 'domain': domain, 'subscription_plan': subscription.plan_version.plan.name, 'billing_date': datetime.date.today(), 'invoice_number': invoice.invoice_number, 'autopay_card': autopay_card, 'domain_url': absolute_reverse('dashboard_default', args=[domain]), 'billing_info_url': absolute_reverse('domain_update_billing_info', args=[domain]), 'support_email': settings.INVOICING_CONTACT_EMAIL, } template_html = 'accounting/autopay_failed_email.html' template_plaintext = 'accounting/autopay_failed_email.txt' send_HTML_email( subject="Subscription Payment for CommCare Invoice %s was declined" % invoice.invoice_number, recipient=recipient, html_content=render_to_string(template_html, context), text_content=render_to_string(template_plaintext, context), email_from=get_dimagi_from_email(), )
def web_user_lookup(request): template = "hqadmin/web_user_lookup.html" web_user_email = request.GET.get("q") if not web_user_email: return render(request, template, {}) web_user = WebUser.get_by_username(web_user_email) context = { 'audit_report_url': reverse('admin_report_dispatcher', args=('user_audit_report',)) } if web_user is None: messages.error( request, "Sorry, no user found with email {}. Did you enter it correctly?".format(web_user_email) ) else: from django_otp import user_has_device context['web_user'] = web_user django_user = web_user.get_django_user() context['has_two_factor'] = user_has_device(django_user) return render(request, template, context)