Skip to content

E
edx-platform
Commit 0206dfae by Sven Marnach
Options

Add support to set initial password hash to manage_user command.

parent cad10c23
Showing with 41 additions and 5 deletions
common/djangoapps/student/management/commands/manage_user.py
...@@ -4,6 +4,7 @@ Django users, set/unset permission bits, and associate groups by name. ...@@ -4,6 +4,7 @@ Django users, set/unset permission bits, and associate groups by name.
""" """
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from django.contrib.auth.hashers import is_password_usable
from django.contrib.auth.models import Group, BaseUserManager from django.contrib.auth.models import Group, BaseUserManager
from django.core.management.base import BaseCommand, CommandError from django.core.management.base import BaseCommand, CommandError
from django.db import transaction from django.db import transaction
...@@ -24,6 +25,7 @@ class Command(BaseCommand): ...@@ -24,6 +25,7 @@ class Command(BaseCommand):
parser.add_argument('--superuser', dest='is_superuser', action='store_true') parser.add_argument('--superuser', dest='is_superuser', action='store_true')
parser.add_argument('--staff', dest='is_staff', action='store_true') parser.add_argument('--staff', dest='is_staff', action='store_true')
parser.add_argument('--unusable-password', dest='unusable_password', action='store_true') parser.add_argument('--unusable-password', dest='unusable_password', action='store_true')
parser.add_argument('--initial-password-hash', dest='initial_password_hash')
parser.add_argument('-g', '--groups', nargs='*', default=[]) parser.add_argument('-g', '--groups', nargs='*', default=[])
def _maybe_update(self, user, attribute, new_value): def _maybe_update(self, user, attribute, new_value):
...@@ -69,7 +71,8 @@ class Command(BaseCommand): ...@@ -69,7 +71,8 @@ class Command(BaseCommand):
user.delete() user.delete()
@transaction.atomic @transaction.atomic
def handle(self, username, email, is_remove, is_staff, is_superuser, groups, unusable_password, *args, **options): def handle(self, username, email, is_remove, is_staff, is_superuser, groups,
unusable_password, initial_password_hash, *args, **options):
if is_remove: if is_remove:
return self._handle_remove(username, email) return self._handle_remove(username, email)
...@@ -81,10 +84,15 @@ class Command(BaseCommand): ...@@ -81,10 +84,15 @@ class Command(BaseCommand):
) )
if created: if created:
# Set the password to a random, unknown, but usable password if initial_password_hash:
# allowing self-service password resetting. Cases where unusable if not is_password_usable(initial_password_hash):
# passwords are required, should be explicit, and will be handled below. raise CommandError('The password hash provided for user {} is invalid.'.format(username))
user.set_password(BaseUserManager().make_random_password(25)) user.password = initial_password_hash
else:
# Set the password to a random, unknown, but usable password
# allowing self-service password resetting. Cases where unusable
# passwords are required, should be explicit, and will be handled below.
user.set_password(BaseUserManager().make_random_password(25))
self.stderr.write(_('Created new user: "{}"').format(user)) self.stderr.write(_('Created new user: "{}"').format(user))
else: else:
# NOTE, we will not update the email address of an existing user. # NOTE, we will not update the email address of an existing user.
......
common/djangoapps/student/management/tests/test_manage_user.py
...@@ -4,6 +4,7 @@ Unit tests for user_management management commands. ...@@ -4,6 +4,7 @@ Unit tests for user_management management commands.
import itertools import itertools
import ddt import ddt
from django.contrib.auth.hashers import make_password
from django.contrib.auth.models import Group, User from django.contrib.auth.models import Group, User
from django.core.management import call_command, CommandError from django.core.management import call_command, CommandError
from django.test import TestCase from django.test import TestCase
...@@ -71,6 +72,33 @@ class TestManageUserCommand(TestCase): ...@@ -71,6 +72,33 @@ class TestManageUserCommand(TestCase):
call_command('manage_user', TEST_USERNAME, TEST_EMAIL, '--unusable-password') call_command('manage_user', TEST_USERNAME, TEST_EMAIL, '--unusable-password')
self.assertFalse(user.has_usable_password()) self.assertFalse(user.has_usable_password())
def test_initial_password_hash(self):
"""
Ensure that a user's password hash is set correctly when the user is created,
and that it isn't touched for existing users.
"""
initial_hash = make_password('hunter2')
# Make sure the command aborts if the provided hash isn't a valid Django password hash
with self.assertRaises(CommandError) as exc_context:
call_command('manage_user', TEST_USERNAME, TEST_EMAIL, '--initial-password-hash', 'invalid_hash')
self.assertIn('password hash', str(exc_context.exception).lower())
# Make sure the hash gets set correctly for a new user
call_command('manage_user', TEST_USERNAME, TEST_EMAIL, '--initial-password-hash', initial_hash)
user = User.objects.get(username=TEST_USERNAME)
self.assertEqual(user.password, initial_hash)
# Change the password
new_hash = make_password('correct horse battery staple')
user.password = new_hash
user.save()
# Verify that calling manage_user again leaves the password untouched
call_command('manage_user', TEST_USERNAME, TEST_EMAIL, '--initial-password-hash', initial_hash)
user = User.objects.get(username=TEST_USERNAME)
self.assertEqual(user.password, new_hash)
def test_wrong_email(self): def test_wrong_email(self):
""" """
Ensure that the operation is aborted if the username matches an Ensure that the operation is aborted if the username matches an
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment