0001-manager-expose-user-deactivation-reason-19718.patch
| src/authentic2/custom_user/models.py | ||
|---|---|---|
| 374 | 374 |
self.deactivation_reason = reason |
| 375 | 375 |
self.save(update_fields=['is_active', 'deactivation', 'deactivation_reason']) |
| 376 | 376 | |
| 377 |
@property |
|
| 378 |
def verbose_deactivation_reason(self): |
|
| 379 |
from authentic2.backends.ldap_backend import ( |
|
| 380 |
LDAP_DEACTIVATION_REASON_NOT_PRESENT, |
|
| 381 |
LDAP_DEACTIVATION_REASON_OLD_SOURCE, |
|
| 382 |
) |
|
| 383 | ||
| 384 |
if self.deactivation_reason == LDAP_DEACTIVATION_REASON_NOT_PRESENT: |
|
| 385 |
return _('associated LDAP account does not exist anymore')
|
|
| 386 |
elif self.deactivation_reason == LDAP_DEACTIVATION_REASON_OLD_SOURCE: |
|
| 387 |
return _('associated LDAP source has been deleted')
|
|
| 388 |
else: |
|
| 389 |
return self.deactivation_reason |
|
| 390 | ||
| 377 | 391 |
def set_random_password(self): |
| 378 | 392 |
self.set_password(base64.b64encode(os.urandom(32)).decode('ascii'))
|
| 379 | 393 | |
| src/authentic2/manager/templates/authentic2/manager/user_detail.html | ||
|---|---|---|
| 69 | 69 | |
| 70 | 70 |
{% if not object.is_active and object.deactivation %}
|
| 71 | 71 |
<p class="a2-manager-user-date-deactivated"> |
| 72 |
{% blocktrans with date=object.deactivation %}Deactivated on {{ date }}{% endblocktrans %}
|
|
| 72 |
{% blocktrans trimmed with date=object.deactivation reason=object.verbose_deactivation_reason %}
|
|
| 73 |
Deactivated on {{ date }} ({{ reason }}).
|
|
| 74 |
{% endblocktrans %}
|
|
| 73 | 75 |
</p> |
| 74 | 76 |
{% endif %}
|
| 75 | 77 | |
| src/authentic2/manager/user_views.py | ||
|---|---|---|
| 355 | 355 |
if request.user == self.object: |
| 356 | 356 |
messages.warning(request, _('You cannot desactivate your own ' 'user'))
|
| 357 | 357 |
else: |
| 358 |
self.object.mark_as_inactive() |
|
| 358 |
self.object.mark_as_inactive(reason=_('by %s') % request.user.get_full_name())
|
|
| 359 | 359 |
request.journal.record('manager.user.deactivation', target_user=self.object)
|
| 360 | 360 | |
| 361 | 361 |
def action_password_reset(self, request, *args, **kwargs): |
| tests/test_ldap.py | ||
|---|---|---|
| 233 | 233 |
assert 'password' not in client.session['ldap-data'] |
| 234 | 234 | |
| 235 | 235 | |
| 236 |
def test_deactivate_orphaned_users(slapd, settings, client, db): |
|
| 236 |
def test_deactivate_orphaned_users(slapd, settings, client, db, app, superuser):
|
|
| 237 | 237 |
settings.LDAP_AUTH_SETTINGS = [ |
| 238 | 238 |
{
|
| 239 | 239 |
'url': [slapd.ldap_url], |
| ... | ... | |
| 241 | 241 |
'use_tls': False, |
| 242 | 242 |
} |
| 243 | 243 |
] |
| 244 |
utils.login(app, superuser) |
|
| 244 | 245 | |
| 245 | 246 |
# create users as a side effect |
| 246 |
list(ldap_backend.LDAPBackend.get_users()) |
|
| 247 |
users = list(ldap_backend.LDAPBackend.get_users())
|
|
| 247 | 248 |
block = settings.LDAP_AUTH_SETTINGS[0] |
| 248 | 249 |
assert ( |
| 249 | 250 |
ldap_backend.UserExternalId.objects.filter(user__is_active=False, source=block['realm']).count() == 0 |
| 250 | 251 |
) |
| 252 |
resp = app.get('/manage/users/%s/' % users[0].pk)
|
|
| 253 |
assert 'Deactivated' not in resp.text |
|
| 251 | 254 | |
| 252 | 255 |
conn = slapd.get_connection_admin() |
| 253 | 256 |
conn.delete_s(DN) |
| ... | ... | |
| 267 | 270 |
reason='ldap-not-present', |
| 268 | 271 |
origin=slapd.ldap_url, |
| 269 | 272 |
) |
| 273 |
resp = app.get('/manage/users/%s/' % deactivated_user.user.pk)
|
|
| 274 |
assert 'Deactivated' in resp.text |
|
| 275 |
assert 'associated LDAP account does not exist anymore' in resp.text |
|
| 270 | 276 | |
| 271 | 277 |
# deactivate an active user manually |
| 272 | 278 |
User.objects.filter(is_active=True).first().mark_as_inactive(reason='bad user') |
| ... | ... | |
| 298 | 304 |
target_user=ldap_user.user, |
| 299 | 305 |
reason='ldap-old-source', |
| 300 | 306 |
) |
| 307 |
resp = app.get('/manage/users/%s/' % ldap_user.user.pk)
|
|
| 308 |
assert 'Deactivated' in resp.text |
|
| 309 |
assert 'associated LDAP source has been deleted' in resp.text |
|
| 301 | 310 | |
| 302 | 311 |
# reactivate users |
| 303 | 312 |
settings.LDAP_AUTH_SETTINGS = [block] |
| ... | ... | |
| 313 | 322 |
== 1 |
| 314 | 323 |
) |
| 315 | 324 |
reactivated_users = User.objects.filter( |
| 316 |
is_active=True, deactivation_reason__isnull=True, deactivation__isnull=True |
|
| 325 |
is_active=True, |
|
| 326 |
deactivation_reason__isnull=True, |
|
| 327 |
deactivation__isnull=True, |
|
| 328 |
userexternalid__isnull=False, |
|
| 317 | 329 |
) |
| 318 | 330 |
assert reactivated_users.count() == 4 |
| 319 | 331 |
assert User.objects.filter(is_active=False).count() == 2 |
| 320 |
assert User.objects.count() == 6
|
|
| 332 |
assert User.objects.count() == 7
|
|
| 321 | 333 | |
| 322 | 334 |
for user in reactivated_users: |
| 323 | 335 |
utils.assert_event( |
| ... | ... | |
| 326 | 338 |
reason='ldap-reactivation', |
| 327 | 339 |
origin=slapd.ldap_url, |
| 328 | 340 |
) |
| 341 |
resp = app.get('/manage/users/%s/' % user.pk)
|
|
| 342 |
assert 'Deactivated' not in resp.text |
|
| 329 | 343 | |
| 330 | 344 | |
| 331 | 345 |
@pytest.mark.django_db |
| tests/test_manager.py | ||
|---|---|---|
| 644 | 644 |
form = response.forms['object-actions'] |
| 645 | 645 |
response = form.submit('deactivate')
|
| 646 | 646 |
assert 'Deactivated on' in response.text |
| 647 |
assert 'by global admin' in response.text |
|
| 647 | 648 |
assert 'Activate' in response.text |
| 648 | 649 | |
| 649 | 650 | |
| 650 |
- |
|