From d9cdd31928d8162040c4a20a4d99caf78344382c Mon Sep 17 00:00:00 2001
From: Flavio Tarsetti <flavio.tarsetti@idiap.ch>
Date: Wed, 9 Aug 2017 10:40:37 +0200
Subject: [PATCH] [accounts][migration/templates-email] migration to set all
users properly and inform rejected users of the new supervision rule
---
.../migrations/0010_check_all_accounts.py | 105 ++++++++++++++++++
.../mail.migration_10_accounts.message.txt | 18 +++
.../mail.migration_10_accounts.subject.txt | 1 +
3 files changed, 124 insertions(+)
create mode 100644 beat/web/accounts/migrations/0010_check_all_accounts.py
create mode 100644 beat/web/ui/registration/templates/registration/mail.migration_10_accounts.message.txt
create mode 100644 beat/web/ui/registration/templates/registration/mail.migration_10_accounts.subject.txt
diff --git a/beat/web/accounts/migrations/0010_check_all_accounts.py b/beat/web/accounts/migrations/0010_check_all_accounts.py
new file mode 100644
index 000000000..c1dc9a2f8
--- /dev/null
+++ b/beat/web/accounts/migrations/0010_check_all_accounts.py
@@ -0,0 +1,105 @@
+#!/usr/bin/env python
+# vim: set fileencoding=utf-8 :
+
+###############################################################################
+# #
+# Copyright (c) 2017 Idiap Research Institute, http://www.idiap.ch/ #
+# Contact: beat.support@idiap.ch #
+# #
+# This file is part of the beat.web module of the BEAT platform. #
+# #
+# Commercial License Usage #
+# Licensees holding valid commercial BEAT licenses may use this file in #
+# accordance with the terms contained in a written agreement between you #
+# and Idiap. For further information contact tto@idiap.ch #
+# #
+# Alternatively, this file may be used under the terms of the GNU Affero #
+# Public License version 3 as published by the Free Software and appearing #
+# in the file LICENSE.AGPL included in the packaging of this file. #
+# The BEAT platform is distributed in the hope that it will be useful, but #
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY #
+# or FITNESS FOR A PARTICULAR PURPOSE. #
+# #
+# You should have received a copy of the GNU Affero Public License along #
+# with the BEAT platform. If not, see http://www.gnu.org/licenses/. #
+# #
+###############################################################################
+
+from __future__ import unicode_literals
+
+from django.db.models import Q
+from django.core.urlresolvers import reverse
+from django.template import loader
+from django.template import Context
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+from django.contrib.auth.models import User
+from datetime import datetime, timedelta
+import datetime
+import re
+from urlparse import urlparse
+
+import simplejson as json
+
+def set_profile_state(apps, schema_editor):
+ '''Set profile status'''
+
+ profiles = apps.get_model("accounts", "Profile")
+ supervisiontracks = apps.get_model("accounts", "SupervisionTrack")
+
+ users = User.objects.all()
+ now = datetime.datetime.now()
+ expiration_date_delta = datetime.timedelta(days=settings.ACCOUNT_BLOCKAGE_AFTER_FIRST_REJECTION_DAYS)
+
+ specialusers = ["AnonymousUser", "plot", "system", "scheduler"]
+ for user in users:
+ user.save()
+ if user.is_staff or user.username in specialusers:
+ user.profile.status = 'A'
+ user.profile.rejection_date = None
+ else:
+ #reject this account and inform by email the user
+ user.profile.status = 'R'
+ user.profile.rejection_date = now + expiration_date_delta
+ from django.core.mail import send_mail
+
+ parsed_url = urlparse(settings.URL_PREFIX)
+ server_address = '%s://%s' % (parsed_url.scheme, parsed_url.hostname)
+
+ c = Context({ 'user': user,
+ 'prefix': server_address,
+ })
+
+ try:
+ t = loader.get_template('registration/mail.migration_10_accounts.subject.txt')
+ subject = t.render(c)
+
+ # Note: e-mail subject *must not* contain newlines
+ subject = settings.EMAIL_SUBJECT_PREFIX + ''.join(subject.splitlines())
+
+ t = loader.get_template('registration/mail.migration_10_accounts.message.txt')
+ message = t.render(c)
+
+ send_mail(subject, message, settings.DEFAULT_FROM_EMAIL, [user.email])
+ except:
+ pass
+
+ user.profile.supervision_key = None
+
+ user.profile.save()
+ user.save()
+
+def backward_dummy(apps, schema_editor):
+ pass
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('accounts', '0009_auto_20170627_0956'),
+ ]
+
+ operations = [
+ migrations.RunPython(set_profile_state, backward_dummy)
+ ]
diff --git a/beat/web/ui/registration/templates/registration/mail.migration_10_accounts.message.txt b/beat/web/ui/registration/templates/registration/mail.migration_10_accounts.message.txt
new file mode 100644
index 000000000..cc746653c
--- /dev/null
+++ b/beat/web/ui/registration/templates/registration/mail.migration_10_accounts.message.txt
@@ -0,0 +1,18 @@
+Dear {{ user.first_name }},
+
+The admin of the BEAT platform would like to inform you of a security update
+to your account used under username {{ user.username}}
+
+From now on you will need to be supervised by a known supervisor.
+
+To comply with this new rule, please go to your account settings and under
+Account Management click on "Add a supervisor" and validate it with a known
+supervisor.
+
+Failing to do so, your account will be blocked after a few weeks! (you
+can however still re-activate it through an unblock account procedure)
+
+If you are having problems to revalidate your account, contact a member of our
+support staff at {{ prefix }}{% url 'contact' %}.
+
+BEAT Administrators at the Idiap Research Institute
diff --git a/beat/web/ui/registration/templates/registration/mail.migration_10_accounts.subject.txt b/beat/web/ui/registration/templates/registration/mail.migration_10_accounts.subject.txt
new file mode 100644
index 000000000..4d87013ca
--- /dev/null
+++ b/beat/web/ui/registration/templates/registration/mail.migration_10_accounts.subject.txt
@@ -0,0 +1 @@
+Major Account Update - Supervision Required (BEAT platform)
--
GitLab