0001-manager-expose-user-deactivation-reason-19718.patch
src/authentic2/custom_user/models.py | ||
---|---|---|
374 | 374 |
self.deactivation_reason = reason |
375 | 375 |
self.save(update_fields=['is_active', 'deactivation', 'deactivation_reason']) |
376 | 376 | |
377 |
@property |
|
378 |
def verbose_deactivation_reason(self): |
|
379 |
from authentic2.backends.ldap_backend import ( |
|
380 |
LDAP_DEACTIVATION_REASON_NOT_PRESENT, |
|
381 |
LDAP_DEACTIVATION_REASON_OLD_SOURCE, |
|
382 |
) |
|
383 | ||
384 |
if self.deactivation_reason == LDAP_DEACTIVATION_REASON_NOT_PRESENT: |
|
385 |
return _('associated LDAP account does not exist anymore') |
|
386 |
elif self.deactivation_reason == LDAP_DEACTIVATION_REASON_OLD_SOURCE: |
|
387 |
return _('associated LDAP source has been deleted') |
|
388 |
else: |
|
389 |
return self.deactivation_reason |
|
390 | ||
377 | 391 |
def set_random_password(self): |
378 | 392 |
self.set_password(base64.b64encode(os.urandom(32)).decode('ascii')) |
379 | 393 |
src/authentic2/manager/templates/authentic2/manager/user_detail.html | ||
---|---|---|
69 | 69 | |
70 | 70 |
{% if not object.is_active and object.deactivation %} |
71 | 71 |
<p class="a2-manager-user-date-deactivated"> |
72 |
{% blocktrans with date=object.deactivation %}Deactivated on {{ date }}{% endblocktrans %} |
|
72 |
{% blocktrans trimmed with date=object.deactivation reason=object.verbose_deactivation_reason %} |
|
73 |
Deactivated on {{ date }} ({{ reason }}). |
|
74 |
{% endblocktrans %} |
|
73 | 75 |
</p> |
74 | 76 |
{% endif %} |
75 | 77 |
src/authentic2/manager/user_views.py | ||
---|---|---|
355 | 355 |
if request.user == self.object: |
356 | 356 |
messages.warning(request, _('You cannot desactivate your own ' 'user')) |
357 | 357 |
else: |
358 |
self.object.mark_as_inactive() |
|
358 |
self.object.mark_as_inactive(reason=_('by %s') % request.user.get_full_name())
|
|
359 | 359 |
request.journal.record('manager.user.deactivation', target_user=self.object) |
360 | 360 | |
361 | 361 |
def action_password_reset(self, request, *args, **kwargs): |
tests/test_ldap.py | ||
---|---|---|
233 | 233 |
assert 'password' not in client.session['ldap-data'] |
234 | 234 | |
235 | 235 | |
236 |
def test_deactivate_orphaned_users(slapd, settings, client, db): |
|
236 |
def test_deactivate_orphaned_users(slapd, settings, client, db, app, superuser):
|
|
237 | 237 |
settings.LDAP_AUTH_SETTINGS = [ |
238 | 238 |
{ |
239 | 239 |
'url': [slapd.ldap_url], |
... | ... | |
241 | 241 |
'use_tls': False, |
242 | 242 |
} |
243 | 243 |
] |
244 |
utils.login(app, superuser) |
|
244 | 245 | |
245 | 246 |
# create users as a side effect |
246 |
list(ldap_backend.LDAPBackend.get_users()) |
|
247 |
users = list(ldap_backend.LDAPBackend.get_users())
|
|
247 | 248 |
block = settings.LDAP_AUTH_SETTINGS[0] |
248 | 249 |
assert ( |
249 | 250 |
ldap_backend.UserExternalId.objects.filter(user__is_active=False, source=block['realm']).count() == 0 |
250 | 251 |
) |
252 |
resp = app.get('/manage/users/%s/' % users[0].pk) |
|
253 |
assert 'Deactivated' not in resp.text |
|
251 | 254 | |
252 | 255 |
conn = slapd.get_connection_admin() |
253 | 256 |
conn.delete_s(DN) |
... | ... | |
267 | 270 |
reason='ldap-not-present', |
268 | 271 |
origin=slapd.ldap_url, |
269 | 272 |
) |
273 |
resp = app.get('/manage/users/%s/' % deactivated_user.user.pk) |
|
274 |
assert 'Deactivated' in resp.text |
|
275 |
assert 'associated LDAP account does not exist anymore' in resp.text |
|
270 | 276 | |
271 | 277 |
# deactivate an active user manually |
272 | 278 |
User.objects.filter(is_active=True).first().mark_as_inactive(reason='bad user') |
... | ... | |
298 | 304 |
target_user=ldap_user.user, |
299 | 305 |
reason='ldap-old-source', |
300 | 306 |
) |
307 |
resp = app.get('/manage/users/%s/' % ldap_user.user.pk) |
|
308 |
assert 'Deactivated' in resp.text |
|
309 |
assert 'associated LDAP source has been deleted' in resp.text |
|
301 | 310 | |
302 | 311 |
# reactivate users |
303 | 312 |
settings.LDAP_AUTH_SETTINGS = [block] |
... | ... | |
313 | 322 |
== 1 |
314 | 323 |
) |
315 | 324 |
reactivated_users = User.objects.filter( |
316 |
is_active=True, deactivation_reason__isnull=True, deactivation__isnull=True |
|
325 |
is_active=True, |
|
326 |
deactivation_reason__isnull=True, |
|
327 |
deactivation__isnull=True, |
|
328 |
userexternalid__isnull=False, |
|
317 | 329 |
) |
318 | 330 |
assert reactivated_users.count() == 4 |
319 | 331 |
assert User.objects.filter(is_active=False).count() == 2 |
320 |
assert User.objects.count() == 6
|
|
332 |
assert User.objects.count() == 7
|
|
321 | 333 | |
322 | 334 |
for user in reactivated_users: |
323 | 335 |
utils.assert_event( |
... | ... | |
326 | 338 |
reason='ldap-reactivation', |
327 | 339 |
origin=slapd.ldap_url, |
328 | 340 |
) |
341 |
resp = app.get('/manage/users/%s/' % user.pk) |
|
342 |
assert 'Deactivated' not in resp.text |
|
329 | 343 | |
330 | 344 | |
331 | 345 |
@pytest.mark.django_db |
tests/test_manager.py | ||
---|---|---|
644 | 644 |
form = response.forms['object-actions'] |
645 | 645 |
response = form.submit('deactivate') |
646 | 646 |
assert 'Deactivated on' in response.text |
647 |
assert 'by global admin' in response.text |
|
647 | 648 |
assert 'Activate' in response.text |
648 | 649 | |
649 | 650 | |
650 |
- |