| 1 |
1 |
from __future__ import print_function
|
| 2 |
2 |
|
|
3 |
import json
|
| 3 |
4 |
import logging
|
| 4 |
|
import datetime
|
| 5 |
5 |
|
|
6 |
from datetime import timedelta
|
| 6 |
7 |
from django.contrib.auth import get_user_model
|
| 7 |
8 |
from django.core.management.base import BaseCommand, CommandError
|
| 8 |
9 |
from django.core.mail import send_mail
|
| 9 |
10 |
from django.utils.timezone import now
|
| 10 |
11 |
from django.template.loader import render_to_string
|
|
12 |
from django_rbac.utils import get_ou_model
|
| 11 |
13 |
|
| 12 |
14 |
from authentic2.models import DeletedUser
|
| 13 |
15 |
|
| ... | ... | |
| 24 |
26 |
help = '''Clean unused accounts'''
|
| 25 |
27 |
|
| 26 |
28 |
def add_arguments(self, parser):
|
| 27 |
|
parser.add_argument('clean_threshold', type=int)
|
| 28 |
|
parser.add_argument(
|
| 29 |
|
"--alert-thresholds",
|
| 30 |
|
help='list of durations before sending an alert '
|
| 31 |
|
'message for unused account, default is none',
|
| 32 |
|
default=None)
|
| 33 |
|
parser.add_argument(
|
| 34 |
|
"--period", type=int,
|
| 35 |
|
help='period between two calls to '
|
| 36 |
|
'clean-unused-accounts as days, default is 1',
|
| 37 |
|
default=1
|
| 38 |
|
)
|
| 39 |
29 |
parser.add_argument("--fake", action='store_true', help='do nothing', default=False)
|
| 40 |
|
parser.add_argument(
|
| 41 |
|
"--filter", help='filter to apply to the user queryset, '
|
| 42 |
|
'the Django filter key and value are separated by character =', action='append',
|
| 43 |
|
default=[]
|
| 44 |
|
)
|
| 45 |
|
parser.add_argument(
|
| 46 |
|
'--from-email', default=settings.DEFAULT_FROM_EMAIL,
|
| 47 |
|
help='sender address for notifications, default is DEFAULT_FROM_EMAIL from settings'
|
| 48 |
|
)
|
| 49 |
30 |
|
| 50 |
31 |
def handle(self, *args, **options):
|
| 51 |
32 |
log = logging.getLogger(__name__)
|
| ... | ... | |
| 55 |
36 |
log.exception('failure while cleaning unused accounts')
|
| 56 |
37 |
|
| 57 |
38 |
def clean_unused_acccounts(self, *args, **options):
|
| 58 |
|
if options['period'] < 1:
|
| 59 |
|
raise CommandError('period must be > 0')
|
| 60 |
|
|
| 61 |
|
clean_threshold = options['clean_threshold']
|
| 62 |
|
if clean_threshold < 1:
|
| 63 |
|
raise CommandError('clean_threshold must be an integer > 0')
|
| 64 |
|
|
| 65 |
39 |
if options['verbosity'] == '0':
|
| 66 |
40 |
logging.basicConfig(level=logging.CRITICAL)
|
| 67 |
41 |
if options['verbosity'] == '1':
|
| ... | ... | |
| 74 |
48 |
log = logging.getLogger(__name__)
|
| 75 |
49 |
n = now().replace(hour=0, minute=0, second=0, microsecond=0)
|
| 76 |
50 |
self.fake = options['fake']
|
| 77 |
|
self.from_email = options['from_email']
|
| 78 |
51 |
if self.fake:
|
| 79 |
52 |
log.info('fake call to clean-unused-accounts')
|
| 80 |
53 |
users = get_user_model().objects.all()
|
| 81 |
|
if options['filter']:
|
| 82 |
|
for f in options['filter']:
|
| 83 |
|
key, value = f.split('=', 1)
|
|
54 |
for ou in get_ou_model().objects.all():
|
|
55 |
if ou.clean_unused_accounts_filter:
|
| 84 |
56 |
try:
|
| 85 |
|
users = users.filter(**{key: value})
|
|
57 |
for key, value in json.loads(ou.clean_unused_accounts_filter):
|
|
58 |
users = users.filter(**{key: value})
|
| 86 |
59 |
except:
|
| 87 |
|
raise CommandError('invalid --filter %s' % f)
|
| 88 |
|
if options['alert_thresholds']:
|
| 89 |
|
alert_thresholds = options['alert_thresholds']
|
| 90 |
|
alert_thresholds = alert_thresholds.split(',')
|
| 91 |
|
try:
|
| 92 |
|
alert_thresholds = map(int, alert_thresholds)
|
| 93 |
|
except ValueError:
|
| 94 |
|
raise CommandError('alert_thresholds must be a comma '
|
| 95 |
|
'separated list of integers')
|
| 96 |
|
for threshold in alert_thresholds:
|
| 97 |
|
if not (0 < threshold < clean_threshold):
|
| 98 |
|
raise CommandError('alert-threshold must a positive integer '
|
| 99 |
|
'inferior to clean-threshold: 0 < %d < %d' % (
|
| 100 |
|
threshold, clean_threshold))
|
| 101 |
|
for threshold in alert_thresholds:
|
| 102 |
|
a = n - datetime.timedelta(days=threshold)
|
| 103 |
|
b = n - datetime.timedelta(days=threshold-options['period'])
|
| 104 |
|
for user in users.filter(last_login__lt=b, last_login__gte=a):
|
| 105 |
|
log.info('%s last login %d days ago, sending alert', user, threshold)
|
| 106 |
|
self.send_alert(user, threshold, clean_threshold-threshold)
|
| 107 |
|
threshold = n - datetime.timedelta(days=clean_threshold)
|
| 108 |
|
for user in users.filter(last_login__lt=threshold):
|
| 109 |
|
d = n - user.last_login
|
| 110 |
|
log.info('%s last login %d days ago, deleting user', user, d.days)
|
| 111 |
|
self.delete_user(user, clean_threshold)
|
| 112 |
|
|
| 113 |
|
|
| 114 |
|
def send_alert(self, user, threshold, clean_threshold):
|
| 115 |
|
ctx = { 'user': user, 'threshold': threshold,
|
| 116 |
|
'clean_threshold': clean_threshold }
|
| 117 |
|
self.send_mail('authentic2/unused_account_alert', user, ctx)
|
|
60 |
raise CommandError('invalid filter {}: {}'.format(
|
|
61 |
key, value))
|
|
62 |
if not ou.clean_unused_accounts_deletion:
|
|
63 |
continue
|
|
64 |
|
|
65 |
deletion = timedelta(days=ou.clean_unused_accounts_deletion)
|
|
66 |
alert = timedelta(days=ou.clean_unused_accounts_alert)
|
|
67 |
|
|
68 |
for user in users.filter(ou=ou, last_login_lt=n-alert):
|
|
69 |
if n - user.last_login >= deletion and \
|
|
70 |
user.last_account_deletion_alert and \
|
|
71 |
n - user.last_account_deletion_alert >= alert:
|
|
72 |
log.info(
|
|
73 |
'%s last login more than %d days ago, deleting user',
|
|
74 |
user, ou.clean_unused_accounts_deletion)
|
|
75 |
self.delete_user(user, clean_threshold)
|
|
76 |
elif not user.last_account_deletion_alert or \
|
|
77 |
n - user.last_account_deletion_alert >= alert:
|
|
78 |
log.info('%s last login %d days ago, sending alert', user,
|
|
79 |
ou.clean_unused_accounts_alert)
|
|
80 |
self.send_alert(user)
|
|
81 |
user.last_account_deletion_alert = n
|
|
82 |
user.save()
|
|
83 |
|
|
84 |
|
|
85 |
def send_alert(self, user):
|
|
86 |
ctx = {
|
|
87 |
'user': user,
|
|
88 |
'threshold': user.ou.clean_unused_accounts_alert,
|
|
89 |
'clean_threshold': user.ou.clean_unused_accounts_deletion
|
|
90 |
}
|
|
91 |
self.send_mail(
|
|
92 |
'authentic2/unused_account_alert_{}'.format(user.ou.slug),
|
|
93 |
'authentic2/unused_account_alert', #default fallback template
|
|
94 |
user, ctx)
|
| 118 |
95 |
|
| 119 |
96 |
|
| 120 |
97 |
def send_mail(self, prefix, user, ctx):
|
| ... | ... | |
| 124 |
101 |
log.debug('%s has no email, no mail sent', user)
|
| 125 |
102 |
subject = render_to_string(prefix + '_subject.txt', ctx).strip()
|
| 126 |
103 |
body = render_to_string(prefix + '_body.txt', ctx)
|
|
104 |
from_email = user.ou.clean_unused_accounts_from_email
|
| 127 |
105 |
if not self.fake:
|
| 128 |
106 |
try:
|
| 129 |
107 |
log.debug('sending mail to %s', user.email)
|
| 130 |
|
send_mail(subject, body, self.from_email, [user.email])
|
|
108 |
send_mail(subject, body, from_email, [user.email])
|
| 131 |
109 |
except:
|
| 132 |
110 |
log.exception('email sending failure')
|
| 133 |
111 |
|
| 134 |
112 |
|
| 135 |
|
def delete_user(self, user, threshold):
|
| 136 |
|
ctx = { 'user': user, 'threshold': threshold }
|
| 137 |
|
self.send_mail('authentic2/unused_account_delete', user,
|
| 138 |
|
ctx)
|
|
113 |
def delete_user(self, user):
|
|
114 |
ctx = {
|
|
115 |
'user': user,
|
|
116 |
'threshold': user.ou.clean_unused_accounts_deletion
|
|
117 |
}
|
|
118 |
self.send_mail(
|
|
119 |
'authentic2/unused_account_delete_{}'.format(user.ou.slug),
|
|
120 |
'authentic2/unused_account_delete', #default fallback template
|
|
121 |
user, ctx)
|
| 139 |
122 |
if not self.fake:
|
| 140 |
123 |
DeletedUser.objects.delete_user(user)
|
| 141 |
|
-
|