nikdoof/test-auth
1
0
Fork 0
mirror of https://github.com/nikdoof/test-auth.git synced 2025-12-17 19:59:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Permission updates now disables accounts instead of deleting them,

Browse Source
This commit is contained in:
Andrew Williams
2010-03-23 21:00:33 +00:00
parent 1e2b18f1d0
commit 81804cb409
3 changed files with 23 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
sso/cron.py
View File

@@ -23,18 +23,28 @@ class RemoveInvalidUsers():
# For each user, update access list based on Corp details # For each user, update access list based on Corp details
user.get_profile().update_access() user.get_profile().update_access()
# Check each service account and delete access if they're not allowed # Check each service account and disable access if they're not allowed
for servacc in ServiceAccount.objects.filter(user=user): for servacc in ServiceAccount.objects.filter(user=user):
if not (set(user.groups.all()) & set(servacc.service.groups.all())): if not (set(user.groups.all()) & set(servacc.service.groups.all())):
self._logger.info("User %s is not in allowed group for %s, deleting account" % (user.username, servacc.service)) self._logger.info("User %s is not in allowed group for %s, deleting account" % (user.username, servacc.service))
servacc.delete() servacc.active = 0
servacc.save()
servacc.user.message_set.create(message="Your %s account has been disabled due to lack of permissions. If this is incorrect, check your API keys." % (servacc.service))
pass pass
else:
if not servacc.active:
self._logger.info("User % is now in a allowed group for %s, enabling account" % (user.username, servacc.service))
servacc.active = 1
servacc.save()
servacc.user.message_set.create(message="Your %s account has been re-enabled, you may need to reset your password to access this service again." % (servacc.service))
pass
# For users set to not active, delete all accounts # For users set to not active, delete all accounts
if not user.is_active: if not user.is_active:
print "User %s is inactive, deleting related service accounts" % user.username print "User %s is inactive, disabling related service accounts" % user.username
for servacc in ServiceAccount.objects.filter(user=user): for servacc in ServiceAccount.objects.filter(user=user):
servacc.delete() servacc.active = 0
servacc.save()
pass pass

8
sso/views.py
View File

@@ -119,9 +119,7 @@ def service_add(request):
if form.is_valid(): if form.is_valid():
acc = ServiceAccount() acc = ServiceAccount()
acc.user = request.user acc.user = request.user
acc.service = form.cleaned_data['service'] acc.service = form.cleaned_data['service']
acc.character = form.cleaned_data['character'] acc.character = form.cleaned_data['character']
acc.password = hashlib.sha1('%s%s%s' % (form.cleaned_data['character'].name, settings.SECRET_KEY, random.randint(0, 2147483647))).hexdigest() acc.password = hashlib.sha1('%s%s%s' % (form.cleaned_data['character'].name, settings.SECRET_KEY, random.randint(0, 2147483647))).hexdigest()
@@ -173,6 +171,9 @@ def service_reset(request, serviceid=0, accept=0):
except ServiceAccount.DoesNotExist: except ServiceAccount.DoesNotExist:
return HttpResponseRedirect(reverse('sso.views.profile')) return HttpResponseRedirect(reverse('sso.views.profile'))
if not acc.active:
return HttpResponseRedirect(reverse('sso.views.profile'))
if acc.user == request.user: if acc.user == request.user:
if not accept: if not accept:
return render_to_response('sso/serviceaccount/reset.html', locals(), context_instance=RequestContext(request)) return render_to_response('sso/serviceaccount/reset.html', locals(), context_instance=RequestContext(request))
@@ -186,7 +187,6 @@ def service_reset(request, serviceid=0, accept=0):
return HttpResponseRedirect(reverse('sso.views.profile')) return HttpResponseRedirect(reverse('sso.views.profile'))
@login_required @login_required
def reddit_add(request): def reddit_add(request):
if request.method == 'POST': if request.method == 'POST':
@@ -220,8 +220,6 @@ def reddit_del(request, redditid=0):
return HttpResponseRedirect(reverse('sso.views.profile')) return HttpResponseRedirect(reverse('sso.views.profile'))
@login_required @login_required
def user_view(request, username=None): def user_view(request, username=None):
if username: if username:

9
templates/sso/profile.html
View File

@@ -25,12 +25,15 @@ create a login for a service click the Add Service link</p>
<tr><td>{{ acc.service }}</td> <tr><td>{{ acc.service }}</td>
<td>{{ acc.service_uid }}</td> <td>{{ acc.service_uid }}</td>
<td><a href="{{ acc.service.url }}">{{ acc.service.url }}</a></td> <td><a href="{{ acc.service.url }}">{{ acc.service.url }}</a></td>
<td>{{ acc.active }}</td> <td>{% if acc.active %}Yes{% else %}No{% endif %}</td>
<td><a href="/profile/del/service/{{ acc.id }}/">Delete</a> / <a href="/profile/reset/service/{{ acc.id }}/">Reset</a> <td><a href="/profile/del/service/{{ acc.id }}/">Delete</a>
{% if acc.active %}
&nbsp;/&nbsp;<a href="/profile/reset/service/{{ acc.id }}/">Reset</a>
{% if acc.service.provide_login %} {% if acc.service.provide_login %}
&nbsp;/&nbsp;<a href="/profile/login/service/{{ acc.id }}/">Login</a> &nbsp;/&nbsp;<a href="/profile/login/service/{{ acc.id }}/">Login</a>
{% endif %} {% endif %}
</a></td> {% endif %}
</td>
</tr> </tr>
{% endfor %} {% endfor %}
</tbody> </tbody>