19.1.52. camcops_server.cc_modules.cc_user


Copyright (C) 2012-2018 Rudolf Cardinal (rudolf@pobox.com).

This file is part of CamCOPS.

CamCOPS is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

CamCOPS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with CamCOPS. If not, see <http://www.gnu.org/licenses/>.


class camcops_server.cc_modules.cc_user.SecurityAccountLockout(**kwargs)[source]
classmethod delete_old_account_lockouts(req: CamcopsRequest) → None[source]

Delete all expired account lockouts.

classmethod lock_user_out(req: CamcopsRequest, username: str, lockout_minutes: int) → None[source]

Lock user out for a specified number of minutes.

classmethod user_locked_out_until(req: CamcopsRequest, username: str) → Union[pendulum.datetime.DateTime, NoneType][source]

When is the user locked out until?

Returns datetime in local timezone (or None).

class camcops_server.cc_modules.cc_user.SecurityLoginFailure(**kwargs)[source]
classmethod act_on_login_failure(req: CamcopsRequest, username: str) → None[source]

Record login failure and lock out user if necessary.

classmethod clear_dummy_login_failures_if_necessary(req: CamcopsRequest) → None[source]

Clear dummy login failures if we haven’t done so for a while.

Not too often! See CLEAR_DUMMY_LOGIN_FREQUENCY_DAYS.

classmethod clear_login_failures(req: CamcopsRequest, username: str) → None[source]

Clear login failures for a user.

classmethod clear_login_failures_for_nonexistent_users(req: CamcopsRequest) → None[source]

Clear login failures for nonexistent users.

Login failues are recorded for nonexistent users to mimic the lockout seen for real users, i.e. to reduce the potential for username discovery.

classmethod enable_user(req: CamcopsRequest, username: str) → None[source]

Unlock user and clear login failures.

classmethod how_many_login_failures(req: CamcopsRequest, username: str) → int[source]

How many times has the user failed to log in (recently)?

classmethod record_login_failure(req: CamcopsRequest, username: str) → None[source]

Record that a user has failed to log in.

class camcops_server.cc_modules.cc_user.User(**kwargs)[source]

Class representing a user.

agree_terms(req: CamcopsRequest) → None[source]

Mark the user as having agreed to the terms/conditions of use now.

authorized_for_reports

Is the user authorized to run reports?

authorized_to_dump

Is the user authorized to dump data?

clear_login_failures(req: CamcopsRequest) → None[source]

Clear login failures.

enable(req: CamcopsRequest) → None[source]

Re-enables a user, unlocking them and clearing login failures.

force_password_change() → None[source]

Make the user change their password at next login.

classmethod get_system_user(dbsession: sqlalchemy.orm.session.Session) → camcops_server.cc_modules.cc_user.User[source]

Returns a user representing “command-line access”.

classmethod get_user_from_username_password(req: CamcopsRequest, username: str, password: str, take_time_for_nonexistent_user: bool = True) → Union[User, NoneType][source]

Retrieve a User object from the supplied username, if the password is correct; otherwise, return None.

is_locked_out(req: CamcopsRequest) → bool[source]

Is the user locked out because of multiple login failures?

is_password_valid(password: str) → bool[source]

Is the supplied password valid?

static is_username_permissible(username: str) → bool[source]

Is this a permissible username?

locked_out_until(req: CamcopsRequest) → Union[pendulum.datetime.DateTime, NoneType][source]

When is the user locked out until (or None)?

Returns datetime in local timezone (or None).

login(req: CamcopsRequest) → None[source]

Called when the framework has determined a successful login.

Clears any login failures. Requires the user to change their password if policies say they should.

may_register_devices

You can register a device if your chosen upload groups allow you to do so. (You have to have a chosen group – even for superusers – because the tablet wants group ID policies at the moment of registration, so we have to know which group.)

may_view_all_patients_when_unfiltered

May the user view all patients when no filters are applied?

may_view_no_patients_when_unfiltered

May the user view no patients when no filters are applied?

must_agree_terms

Does the user still need to agree the terms/conditions of use?

set_password(req: CamcopsRequest, new_password: str) → None[source]

Set a user’s password.

set_password_change_flag_if_necessary(req: CamcopsRequest) → None[source]

If we’re requiring users to change their passwords, then check to see if they must do so now.

static take_some_time_mimicking_password_encryption() → None[source]

Waste some time. We use this when an attempt has been made to log in with a nonexistent user; we know the user doesn’t exist very quickly, but we mimic the time it takes to check a real user’s password.

class camcops_server.cc_modules.cc_user.UserTests(methodName='runTest')[source]
camcops_server.cc_modules.cc_user.set_password_directly(req: CamcopsRequest, username: str, password: str) → bool[source]

If the user exists, set its password. Returns Boolean success. Used from the command line.