GitLab

commit 1439d6383113b151b6a3316e320a0418fa30d421

CookieAuthenticationMiddleware.process_request() synchronizes
the astakos cookie with the request user.
If an astakos cookie is set but there is no logged in user,
the middleware deletes the cookie.
Respectively, if there is a logged in user but the astakos cookie
is not set, the middleware setis the cookie.
In order to set/delete the cookie, redirects to the request path.

For checking whether the user is logged in or not,
utilized the django.contrib.auth.models.User.is_authenticated() method.
This returns always True for django.contrib.auth.models.User instances
(request.user for non authenticated requests is
 django.contrib.auth.models.AnonymousUser instance)

Some astakos api calls are decorated by
astakos.api.utils.user_for_token()
which checks the X-Auth-Token request header and if its valid
sets the request.user to the respective AstakosUser instance.

Therefore, the above check succeeded for these calls
and the middleware used to set the cookie.
Subsequent requests read the cookie and
if it did not comform with the request.user
(no authentication info supplied)
redirected to request path for deleting it.

In order to resolve this undesired behavior
the cookie fix() method has been changed
and if it is actually an api call request
it returns immediately without affecting the cookie.

removed deprecated options `-p` and `-n`. Admins should use
`--pending-moderation` and `--pending-verification` instead.

using the new option `--verify` added in `user-modify` command

Conflicts:
	snf-astakos-app/astakos/im/templates/im/account_pending_moderation_notification.txt
	snf-astakos-app/astakos/im/templates/im/group_creation_notification.txt
	snf-astakos-app/astakos/im/views.py

use the common api.proxy method from snf-django-lib

Related to commit aee9a38

Also fix call of qh_sync_users in migration script.

Since negative usage makes no sense, we always check this lower
boundary when issuing a commission.

Also fix printing user quota.

When registering pending apps, catch only NoCapacityError. No other
QuotaholderError is expected and should not be treated here.

This can happen, if the actual usage registered by a service exceeds
the quota limit.
Advise the user to try the --force option.

Update astakos 'get_menu' API method, to check if request.user is an
instance of django User model. This view function called by astakos
context processor. However, if astakos and helpdesk are installed
together, the request.user will not hold an AnonymousUser, but a
dictionary. This issue caused some weird logs when running tests.

Do not disable by default all existing loggers.

Use mock to library to bypass astakos authentication in helpdesk views.

Fix bug in flavor-modify command, which resulted in flavors being always
deleted. Deleted option must be parsed to bool, otherwise is always
True.

Move common between API method and management command for creating a
server to a separate function.

Enforce Group entries flush. As a fix to strange errors raised while running
tests using sqlite database. The driver doesn't seem to be able to properly
cleanup related database entries, a procedure that takes place after each
execution of a TransactionTestCase test.

Do not follow redirections in im tests.

Define assertGreater, assertIn, assertRaises in snf_django.utils.testing

After changing sys.path, synnefo and synnefo.versions must be reloaded
because if they have been cached, the updated sys.path will not be
consulted because importing synnefo and synnefo.versions will stop at
the cache in sys.modules

Change erroneous import

Major refactoring on user email verification/activation process
---------------------------------------------------------------
Activation logic moved from dispersed code in functions/view modules to
ActivationBackend methods. All user activation handling code in astakos views
and command line utilities was updated to use activation backend instances.

User moderation takes place right after user has verified the email address used
during the signup process. This solves issues caused when users signed up using
an existing but not yet verified email, causing invalidation of previously
moderated accounts.

A bunch of new fields added in AstakosUser model. Those fields added to clear up
a bit the identification of user status at a given time and additionaly keep
track of when specific user actions took place as a reference for
administrators. The following section contains detailed description of each
introduced field.

Introduced AstakosUser fields
-----------------------------

Fields get properly set across sigup/activation/moderation processes.

* verification_code
  Unique identifier used instead of user auth token in user email
  verification url. This is initially set when user signup and gets updated
  each time a new verification mail is sent (requested either by admin or user)

* verified_at
  The date user email got verified.

* moderated
  Whether or not the used passed through moderation process.

* moderated_at
  The date user got moderated.

* moderated_data
  A snapshot of user instance by the time of moderation (in json format).

* accepted_policy
  A string to identify if user was automatically moderated/accepted.

* accepted_email
  The email used during user activation.

* deactivated_reason
  Reason user got deactivated, provided by the administrator.

* deactivated_at
  Date user got deactivated.

* activated_at
  Date user got activated.

* is_rejected
  Whether or not account was rejected.

South data migration included.
******************************

Handles user entries as follows

Users with no activation_sent date
----------------------------------
- Generate and fill verification_code field.
- Once user will visit the activation url an additional moderation step
  will be required to activate the user.

Users with verified email which are not active
----------------------------------------------
- Set moderated to True
- Set is_active to False
- Set moderated_at to user.auth_token_created
- Set accepted_email to user.email
- Set accepted_policy to 'migration'
- Set deactivated_reason to "migration"
- Set deactivated_at to user.updated

Users with verified email which are active
------------------------------------------
- Set moderated to True
- Set moderated_at to user.auth_token_created
- Set accepted_policy to 'migration'
- Set accepted_email to user.email
- Set verified_at to user.moderated_at

Users with no verified email and activation_sent set
----------------------------------------------------
- Set moderated to True
- Set moderated_at to user.updated
- Set verification_code to user.auth_token (to avoid invalidating old
  activation urls)

Updated management commands
***************************
- New options --pending-moderation, --pending-verification added in `user-list`
  command.
- New fields verified/moderated included in `user-list` command.
- New moderation options `--accept`/`--reject` added in `user-modify` command.
  `--reject` can optionally be combined with `--reject-reason`.

Other changes
*************
- Cleaned up explicit smtp error handling when sending email notifications.
- Prevent already signed in users from using an account activation url
- Allow user to logout even when latest terms where not accepted
- Renamed templates
    * helpdesk_notification.txt -> account_activated_notification.txt
    * account_creation_notification.txt ->
        account_pending_moderation_notification.txt
- Updated im tests

- In sync with new AstakosUser model
- Remove nested settings wrappers to slightly increase tests performance

--service: We do not support automatic importing of resources
--conf: Use resource-modify to configure resource limit

 - Split code that lists and syncs quotas
 - Merge the latter with qh_sync_users
 - Move qh_sync_projects in quotas.py; sync only active members
 - Add missing select for update in project suspend
 - Clean up quotas.py