diff --git a/ietf/ietfauth/tests.py b/ietf/ietfauth/tests.py index e9c521d08d..29afa56d78 100644 --- a/ietf/ietfauth/tests.py +++ b/ietf/ietfauth/tests.py @@ -226,29 +226,8 @@ def register_and_verify(self, email): self.assertTrue(self.username_in_htpasswd_file(email)) - def test_create_allowlisted_account(self): - email = "new-account@example.com" - - # add allowlist entry - r = self.client.post(urlreverse(ietf.ietfauth.views.login), {"username":"secretary", "password":"secretary+password"}) - self.assertEqual(r.status_code, 302) - self.assertEqual(urlsplit(r["Location"])[2], urlreverse(ietf.ietfauth.views.profile)) - - r = self.client.get(urlreverse(ietf.ietfauth.views.add_account_allowlist)) - self.assertEqual(r.status_code, 200) - self.assertContains(r, "Add an allowlist entry") - - r = self.client.post(urlreverse(ietf.ietfauth.views.add_account_allowlist), {"email": email}) - self.assertEqual(r.status_code, 200) - self.assertContains(r, "Allowlist entry creation successful") - - # log out - r = self.client.post(urlreverse('django.contrib.auth.views.logout'), {}) - self.assertEqual(r.status_code, 200) - - # register and verify allowlisted email - self.register_and_verify(email) - + + # This also tests new account creation. def test_create_existing_account(self): # create account once email = "new-account@example.com" diff --git a/ietf/ietfauth/urls.py b/ietf/ietfauth/urls.py index 56daae0535..30e639ad65 100644 --- a/ietf/ietfauth/urls.py +++ b/ietf/ietfauth/urls.py @@ -24,5 +24,4 @@ url(r'^review/$', views.review_overview), url(r'^testemail/$', views.test_email), url(r'^username/$', views.change_username), - url(r'^allowlist/add/?$', views.add_account_allowlist), ] diff --git a/ietf/ietfauth/views.py b/ietf/ietfauth/views.py index 53c28b5899..8c61b8356a 100644 --- a/ietf/ietfauth/views.py +++ b/ietf/ietfauth/views.py @@ -63,11 +63,10 @@ from ietf.group.models import Role, Group from ietf.ietfauth.forms import ( RegistrationForm, PasswordForm, ResetPasswordForm, TestEmailForm, - AllowlistForm, ChangePasswordForm, get_person_form, RoleEmailForm, + ChangePasswordForm, get_person_form, RoleEmailForm, NewEmailForm, ChangeUsernameForm, PersonPasswordForm) from ietf.ietfauth.htpasswd import update_htpasswd_file -from ietf.ietfauth.utils import role_required, has_role -from ietf.mailinglists.models import Allowlisted +from ietf.ietfauth.utils import has_role from ietf.name.models import ExtResourceName from ietf.nomcom.models import NomCom from ietf.person.models import Person, Email, Alias, PersonalApiKey, PERSON_API_KEY_VALUES @@ -600,23 +599,7 @@ def test_email(request): return r -@role_required('Secretariat') -def add_account_allowlist(request): - success = False - if request.method == 'POST': - form = AllowlistForm(request.POST) - if form.is_valid(): - email = form.cleaned_data['email'] - entry = Allowlisted(email=email, by=request.user.person) - entry.save() - success = True - else: - form = AllowlistForm() - return render(request, 'ietfauth/allowlist_form.html', { - 'form': form, - 'success': success, - }) class AddReviewWishForm(forms.Form): doc = SearchableDocumentField(label="Document", doc_type="draft") diff --git a/ietf/mailinglists/models.py b/ietf/mailinglists/models.py index 1e56c43d9b..f575ffe5a4 100644 --- a/ietf/mailinglists/models.py +++ b/ietf/mailinglists/models.py @@ -21,6 +21,8 @@ def __str__(self): def info_url(self): return settings.MAILING_LIST_INFO_URL % {'list_addr': self.name } +# Allowlisted is unused, but is not being dropped until its human-curated content +# is archived outside this database. class Allowlisted(models.Model): time = models.DateTimeField(auto_now_add=True) email = models.CharField("Email address", max_length=64, validators=[validate_email]) diff --git a/ietf/templates/base/menu_user.html b/ietf/templates/base/menu_user.html index 8245ece71c..9a0bf56838 100644 --- a/ietf/templates/base/menu_user.html +++ b/ietf/templates/base/menu_user.html @@ -186,12 +186,6 @@ Sync discrepancies -
  • - - Account allowlist - -
    • {% endif %} {% if user|has_role:"IANA" %} {% if flavor == "top" %} diff --git a/ietf/templates/ietfauth/allowlist_form.html b/ietf/templates/ietfauth/allowlist_form.html deleted file mode 100644 index c7f3981b7b..0000000000 --- a/ietf/templates/ietfauth/allowlist_form.html +++ /dev/null @@ -1,78 +0,0 @@ -{% extends "base.html" %} -{# Copyright The IETF Trust 2016, All Rights Reserved #} -{% load origin %} -{% load django_bootstrap5 %} -{% block title %}Set up test email address{% endblock %} -{% block content %} - {% origin %} - {% if success %} -

    Allowlist entry creation successful

    -

    - Please ask the requestor to try the - account creation form - again, with the allowlisted email address. -

    - {% else %} -

    Add an allowlist entry for account creation.

    -

    - When an email request comes in for assistance with account creation - because the automated account creation has failed, you can add the - address to an account creation allowlist here. -

    -

    - Before you do so, please complete the following 3 verification steps: -

    -
      -
    1. - Has the person provided relevant information in his request, or has he simply - copied the text from the account creation failure message? All genuine (non-spam) - account creation requests seen between 2009 and 2016 for tools.ietf.org have - contained a reasonable request message, rather than just copy-pasting the account - creation failure message. If there's no proper request message, step 2 below can - be performed to make sure the request is bogus, but if that also fails, no further - effort should be needed. -
      2. -
    2. - Google for the person's name within the ietf.org site: "Jane Doe site:ietf.org". If - found, and the email address matches an address used in Internet-Drafts or discussions, - things are fine, and it's OK to add the address to the allowlist using this form, - and ask the person to please try the - account creation form - again. -
      3. -
    3. -

      - If google finds no trace of the person being an ietf participant, he or she could - still be somebody who is just getting involved in IETF work. A datatracker account - is probably not necessary, (no account is necessary to 'join' a WG -- the right thing - in that case is to join the right mailing list, and the person could be told so) -- - but in case this is a legitimate request, please email the person and ask: - - "Which wgs do you require a password for?" - -

      -

      - This is a bit of a trick question, because it is very unlikely that somebody who - isn't involved in IETF work will give a reasonable response, while almost any answer - from somebody who is doing IETF work will show that they have some clue. -

      -

      - Please note the exact wording. Do not ask about "working groups" -- - that will make it easier for people to google for IETF working groups. Ask the - question as given above, with lowercase "wgs". -

      -

      - If the answer to this question shows clue, then add the address to the allowlist - using this form, and ask the person to please try the - account creation form - again. -

      -
      4. -
    -
    - {% csrf_token %} - {% bootstrap_form form %} - -
    - {% endif %} -{% endblock %} \ No newline at end of file