From eb09c82d3709cd4fcf43bf5f551cdf1d19942655 Mon Sep 17 00:00:00 2001 From: Jing Cheng Date: Fri, 13 Sep 2024 14:34:20 -0400 Subject: [PATCH 1/3] Log user change for sso deactivation and reactivation --- corehq/apps/sso/backends.py | 7 +++++++ corehq/apps/sso/tasks.py | 7 +++++++ corehq/const.py | 3 +++ 3 files changed, 17 insertions(+) diff --git a/corehq/apps/sso/backends.py b/corehq/apps/sso/backends.py index 1ea63a7b1fec..b51e6493f2ee 100644 --- a/corehq/apps/sso/backends.py +++ b/corehq/apps/sso/backends.py @@ -4,6 +4,7 @@ from django.utils.translation import gettext as _ from corehq.apps.registration.models import AsyncSignupRequest +from corehq.apps.users.util import log_user_change from dimagi.utils.web import get_ip from corehq.apps.analytics.tasks import ( @@ -21,6 +22,7 @@ from corehq.apps.sso.utils.user_helpers import get_email_domain_from_username from corehq.apps.users.models import CouchUser, WebUser from corehq.const import ( + USER_CHANGE_VIA_REACTIVATION, USER_CHANGE_VIA_SSO_INVITE, USER_CHANGE_VIA_SSO_NEW_USER, ) @@ -84,6 +86,11 @@ def authenticate(self, request, username, idp_slug, is_handshake_successful): if not is_new_user and not web_user.is_active: web_user.is_active = True web_user.save() + log_user_change(by_domain=None, for_domain=None, + by_domain_required_for_log=False, for_domain_required_for_log=False, + couch_user=web_user, changed_by_user=web_user, + fields_changed={'is_active': web_user.is_active}, + changed_via=USER_CHANGE_VIA_REACTIVATION) request.sso_new_user_messages['success'].append( _("User account for {} has been re-activated.").format(web_user.username) ) diff --git a/corehq/apps/sso/tasks.py b/corehq/apps/sso/tasks.py index 3bace85f8da2..1b33b8382b7f 100644 --- a/corehq/apps/sso/tasks.py +++ b/corehq/apps/sso/tasks.py @@ -21,7 +21,9 @@ from corehq.apps.sso.utils.user_helpers import convert_emails_to_lowercase from corehq.apps.users.models import WebUser from corehq.apps.users.models import HQApiKey +from corehq.apps.users.util import SYSTEM_USER_ID, log_user_change from django.contrib.auth.models import User +from corehq.const import USER_CHANGE_VIA_SSO_DEACTIVATION from corehq.sql_db.util import paginate_query from django.db import router from django.db.models import Q @@ -163,6 +165,11 @@ def auto_deactivate_removed_sso_users(): if user and user.is_active: user.is_active = False user.save() + log_user_change(by_domain=None, for_domain=None, + by_domain_required_for_log=False, for_domain_required_for_log=False, + couch_user=user, fields_changed={'is_active': user.is_active}, + changed_via=USER_CHANGE_VIA_SSO_DEACTIVATION, + changed_by_user=SYSTEM_USER_ID) def send_deactivation_skipped_email(idp, failure_code, error=None, error_description=None): diff --git a/corehq/const.py b/corehq/const.py index 15ceeadab414..6050ef9abd33 100644 --- a/corehq/const.py +++ b/corehq/const.py @@ -36,5 +36,8 @@ USER_CHANGE_VIA_SSO_NEW_USER = "sso_new" USER_CHANGE_VIA_SSO_INVITE = "sso_invitation" USER_CHANGE_VIA_AUTO_DEACTIVATE = "auto_deactivate" +USER_CHANGE_VIA_REACTIVATION = "reactivation" +USER_CHANGE_VIA_SSO_DEACTIVATION = "sso_deactivation" + LOADTEST_HARD_LIMIT = 500_000 # max cases a loadtest user can sync From bf850493b8cc698c92c8f6a08a61a80d0a29ecd3 Mon Sep 17 00:00:00 2001 From: Jing Cheng Date: Mon, 16 Sep 2024 18:20:48 -0400 Subject: [PATCH 2/3] Allow UserHistory report to return record that is not for any domain --- corehq/apps/reports/standard/users/reports.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/corehq/apps/reports/standard/users/reports.py b/corehq/apps/reports/standard/users/reports.py index 480f020c0670..2be434d38f25 100644 --- a/corehq/apps/reports/standard/users/reports.py +++ b/corehq/apps/reports/standard/users/reports.py @@ -141,7 +141,7 @@ def _get_users_es_query(self, slugs): ) def _build_query(self, user_ids, changed_by_user_ids, user_property, actions, user_upload_record_id): - filters = Q(for_domain__in=self._for_domains()) + filters = Q(for_domain__in=self._for_domains()) | Q(for_domain__isnull=True) if user_ids: filters = filters & Q(user_id__in=user_ids) From dd82e9f32a4df74c29d4af64144c700858faf210 Mon Sep 17 00:00:00 2001 From: Jing Cheng Date: Mon, 16 Sep 2024 21:28:51 -0400 Subject: [PATCH 3/3] Show records that are changed by users not from the current domain --- corehq/apps/reports/standard/users/reports.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/corehq/apps/reports/standard/users/reports.py b/corehq/apps/reports/standard/users/reports.py index 2be434d38f25..4556a32316c7 100644 --- a/corehq/apps/reports/standard/users/reports.py +++ b/corehq/apps/reports/standard/users/reports.py @@ -118,7 +118,11 @@ def _get_queryset(self): return UserHistory.objects.none() changed_by_user_slugs = self.request.GET.getlist(ChangedByUserFilter.slug) - changed_by_user_ids = self._get_user_ids(changed_by_user_slugs) + if changed_by_user_slugs: + changed_by_user_ids = self._get_user_ids(changed_by_user_slugs) + else: + # Show records that might be changed not by user in this domain + changed_by_user_ids = None # return empty queryset if no matching users were found if changed_by_user_slugs and not changed_by_user_ids: return UserHistory.objects.none()