GitLab

Remove functionality from management commands `quota' and `user-modify'
for setting base quota. They will now be handled through projects.

Abort operation when raw_input raises an EOFError.

Write actual command output and user prompts to stdout; error and progress
messages to stderr.

Allow project enrollment and ownership only for users that are accepted,
not just email_verified.

Also change base quota only for accepted users.

Provide auth.make_user() as the single way to create a new user. This
function is responsible to set all automatically generated fields, such as
username, uuid, and token. Clean up AstakosUser.save(), that used to
update these fields, and remove AstakosUser.__init__(). Remove trigger
that renewed token on every AstakosUser update. In order to set a user's
email, use AstakosUser.set_email(); this takes care to update the
username, too.

Provide function create_user() in user creation forms, which calls
auth.make_user() with the form-provided data.

Use the wrapper auth.make_local_user() in management command `user-add'.

Use the same infrastructure to extend a django superuser to an AstakosUser
(in management command `fix-superusers').

When new terms are added, set has_signed_terms=False for all users, forcing
them to accept the new terms. If there are no terms, a new user is created
with has_signed_terms=True.

With this change we can skip querying the terms when authenticating a user,
speeding up POST /tokens.

Add option `--all' in command user-modify to support setting base quota
for all users. Exceptions can be specified with `--exclude'.

Also select user for update in user-modify.

View the resource defaults as a skeleton to be consulted when accepting
a new user. All users keep their quota in AstakosUserQuota.

Operate resource-modify in bulk, in order to avoiding updating the
quotaholder separately for each resource.

Prior to 1.3, django wouldn't set the transaction dirty upon a DB
exception and thus wouldn't trigger a rollback, resulting in a dangling
aborted DB exception. See https://code.djangoproject.com/ticket/9964

Since this is now fixed, there is no need for our custom transaction
management.

New option ``--delete`` to permanently delete a user entry.
New option ``--set-email`` to change user's email address.

Since there is no way to delete a registered service, confirmation
is needed to register a service.

Add also a `--no-confirm' option to bypass this check in service-add
as well as in user-modify.

Add library synnefo.util.units for parsing numerical values
with an optional unit suffix and printing integer values based
on a given style.

Styles `b', `kb', `mb', etc allow printing in the respective multiples
of byte, style `auto' in a human-readable manner, while `none' omits
units altogether.

Add option `--unit-style' in all astakos management commands that print
resource limits and quota usage. Consult the resource definitions to find
out which unit, if any, to show. For resources with unit `bytes', all
commands default to MB.

Import astakos settings module instead of importing specific settings

using the new option `--verify` added in `user-modify` command

Major refactoring on user email verification/activation process
---------------------------------------------------------------
Activation logic moved from dispersed code in functions/view modules to
ActivationBackend methods. All user activation handling code in astakos views
and command line utilities was updated to use activation backend instances.

User moderation takes place right after user has verified the email address used
during the signup process. This solves issues caused when users signed up using
an existing but not yet verified email, causing invalidation of previously
moderated accounts.

A bunch of new fields added in AstakosUser model. Those fields added to clear up
a bit the identification of user status at a given time and additionaly keep
track of when specific user actions took place as a reference for
administrators. The following section contains detailed description of each
introduced field.

Introduced AstakosUser fields
-----------------------------

Fields get properly set across sigup/activation/moderation processes.

* verification_code
  Unique identifier used instead of user auth token in user email
  verification url. This is initially set when user signup and gets updated
  each time a new verification mail is sent (requested either by admin or user)

* verified_at
  The date user email got verified.

* moderated
  Whether or not the used passed through moderation process.

* moderated_at
  The date user got moderated.

* moderated_data
  A snapshot of user instance by the time of moderation (in json format).

* accepted_policy
  A string to identify if user was automatically moderated/accepted.

* accepted_email
  The email used during user activation.

* deactivated_reason
  Reason user got deactivated, provided by the administrator.

* deactivated_at
  Date user got deactivated.

* activated_at
  Date user got activated.

* is_rejected
  Whether or not account was rejected.

South data migration included.
******************************

Handles user entries as follows

Users with no activation_sent date
----------------------------------
- Generate and fill verification_code field.
- Once user will visit the activation url an additional moderation step
  will be required to activate the user.

Users with verified email which are not active
----------------------------------------------
- Set moderated to True
- Set is_active to False
- Set moderated_at to user.auth_token_created
- Set accepted_email to user.email
- Set accepted_policy to 'migration'
- Set deactivated_reason to "migration"
- Set deactivated_at to user.updated

Users with verified email which are active
------------------------------------------
- Set moderated to True
- Set moderated_at to user.auth_token_created
- Set accepted_policy to 'migration'
- Set accepted_email to user.email
- Set verified_at to user.moderated_at

Users with no verified email and activation_sent set
----------------------------------------------------
- Set moderated to True
- Set moderated_at to user.updated
- Set verification_code to user.auth_token (to avoid invalidating old
  activation urls)

Updated management commands
***************************
- New options --pending-moderation, --pending-verification added in `user-list`
  command.
- New fields verified/moderated included in `user-list` command.
- New moderation options `--accept`/`--reject` added in `user-modify` command.
  `--reject` can optionally be combined with `--reject-reason`.

Other changes
*************
- Cleaned up explicit smtp error handling when sending email notifications.
- Prevent already signed in users from using an account activation url
- Allow user to logout even when latest terms where not accepted
- Renamed templates
    * helpdesk_notification.txt -> account_activated_notification.txt
    * account_creation_notification.txt ->
        account_pending_moderation_notification.txt
- Updated im tests

To change base quota for a specified user:
  snf-manage user-modify user --set-base-quota resource limit

To import base quota in batch from a file:
  snf-manage astakos-quota --import-base-quota filename

Rename `initial' to `base quota' in command output.
Move code that creates/removes AstakosUserQuota entries in file quotas.py;
sync user to quotaholder after such a change.

Refs #3411

Permit also to lookup user using the UUID

Rename to conform with the rest synnefo 
modification commands

Add UserSettings model for storing integer-valued settings.
If an entry is missing, a default synnefo setting is consulted.

The limit can be set/unset with snf-manage user-update.

- Never reset activation_sent date
- Check for inactive users too for email/username uniqueness
- Check both email/username uniquness in user creation process
- Activated users should have both email_verified/activation_sent fields
  set

Refs: #2793

* integration with quota holder
* new credit event for integration with aquarium