Security accounts

Implemented a mechanism that makes normal accounts be valid under a supervision track. A valid supervisor is required to keep the account valid. New features:

• each user has a profile
• the registration step asks for a valid godfather
• daily cron actions clean invalid users and check for account validity
• each user need to validate his account every year
• a supervision track give the possibility to track which account is supervised by which user (history is kept)
• a supervisor can reject a supervisee at anytime
• acceptance and rejection messages are emailed to users
• a new supervisor request can be made by supervisee at anytime and an email is sent to inform the supervisor
• if the year validation is not performed the account gets blocked after a specific deadline (account re-activation possible)
• implemented account management for supervisees
• implemented supervisee management for supervisors
• implemented unittest with the API

Note: Must take into accounts that supervisor registration and account tracking is not implemented yet.

beat/web/accounts/management/commands/clean_blocked_users_expired_requests.py

+#!/usr/bin/env python
+# vim: set fileencoding=utf-8 :
+# encoding: utf-8
+
+###############################################################################
+#                                                                             #
+# Copyright (c) 2016 Idiap Research Institute, http://www.idiap.ch/           #
+# Contact: beat.support@idiap.ch                                              #
+#                                                                             #
+# This file is part of the beat.web module of the BEAT platform.              #
+#                                                                             #
+# Commercial License Usage                                                    #
+# Licensees holding valid commercial BEAT licenses may use this file in       #
+# accordance with the terms contained in a written agreement between you      #
+# and Idiap. For further information contact tto@idiap.ch                     #
+#                                                                             #
+# Alternatively, this file may be used under the terms of the GNU Affero      #
+# Public License version 3 as published by the Free Software and appearing    #
+# in the file LICENSE.AGPL included in the packaging of this file.            #
+# The BEAT platform is distributed in the hope that it will be useful, but    #
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY  #
+# or FITNESS FOR A PARTICULAR PURPOSE.                                        #
+#                                                                             #
+# You should have received a copy of the GNU Affero Public License along      #
+# with the BEAT platform. If not, see http://www.gnu.org/licenses/.           #
+#                                                                             #
+###############################################################################
+
+
+from django.core.management.base import BaseCommand, CommandError
+
+from datetime import date
+import datetime
+
+from django.contrib.auth.models import User
+from django.conf import settings
+
+from ...models import SupervisionTrack
+from ...models import Profile
+from ....ui.registration.models import RegistrationProfile
+
+import sys
+import random
+
+class Command(BaseCommand):
+
+    help = 'Clean blocked users expired requests for supervisor validation'
+
+    def add_arguments(self, parser):
+        parser.add_argument('--noinput', action='store_false', dest='interactive', default=False,
+            help=('Tells Django to NOT prompt the user for input of any kind.'))
+
+
+    def handle(self, *args, **options):
+        block = True
+
+        if options['interactive']:
+            try:
+                answer = self.get_input_data('Clean blocked user(s) that have not been validated by a supervisor?  (y/n)? ', 'y').lower()
+            except KeyboardInterrupt:
+                self.stderr.write("\nOperation canceled.")
+                sys.exit(1)
+
+            if answer != 'y':
+                self.stdout.write('Clean blocked users operation canceled')
+                sys.exit(1)
+
+        if block:
+            blocked_profiles = Profile.objects.filter(status=Profile.BLOCKED)
+            count = 0
+            for blocked_profile in blocked_profiles:
+                user = blocked_profile.user
+                if user.profile.rejection_date is not None:
+                    if user.profile.rejection_date < datetime.datetime.now():
+                        count +=1
+                        user.profile.status = Profile.BLOCKED
+                        user.profile.rejection_date = None
+                        user.is_active = False
+
+                        if user.profile.supervision_key != None:
+                            supervisiontrack = SupervisionTrack.objects.get(supervision_key=blocked_profile.supervision_key)
+                            if supervisiontrack.is_valid == False and supervisiontrack.start_date is None:
+                                user.profile.supervision_key = None
+                                supervisiontrack.delete()
+
+                        user.profile.save()
+                        user.save()
+
+            self.stdout.write('{} Blocked user(s) successfully cleaned from expired supervision/'.format(count) + '{} Total user(s) checked'.format(blocked_profiles.count()))
+
+
+    def get_input_data(self, message, default=None):
+        """
+        Override this method if you want to customize data inputs or
+        validation exceptions.
+        """
+        raw_value = raw_input(message)
+
+        if default and raw_value == '':
+            raw_value = default
+
+        return raw_value