2011-02-01 09:57:29 +08:00
|
|
|
#
|
|
|
|
|
# Copyright (C) 2011 Instructure, Inc.
|
|
|
|
|
#
|
|
|
|
|
# This file is part of Canvas.
|
|
|
|
|
#
|
|
|
|
|
# Canvas is free software: you can redistribute it and/or modify it under
|
|
|
|
|
# the terms of the GNU Affero General Public License as published by the Free
|
|
|
|
|
# Software Foundation, version 3 of the License.
|
|
|
|
|
#
|
|
|
|
|
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
|
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
|
|
|
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
|
|
|
# details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU Affero General Public License along
|
|
|
|
|
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
class CommunicationChannel < ActiveRecord::Base
|
|
|
|
|
# You should start thinking about communication channels
|
|
|
|
|
# as independent of pseudonyms
|
|
|
|
|
include Workflow
|
|
|
|
|
|
|
|
|
|
attr_accessible :user, :path, :path_type, :build_pseudonym_on_confirm, :pseudonym
|
|
|
|
|
|
2015-06-04 05:08:30 +08:00
|
|
|
serialize :last_bounce_details
|
2015-09-04 05:09:05 +08:00
|
|
|
serialize :last_transient_bounce_details
|
2015-06-04 05:08:30 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
belongs_to :pseudonym
|
|
|
|
|
has_many :pseudonyms
|
|
|
|
|
belongs_to :user
|
|
|
|
|
has_many :notification_policies, :dependent => :destroy
|
2015-03-05 01:16:37 +08:00
|
|
|
has_many :delayed_messages, :dependent => :destroy
|
2011-02-01 09:57:29 +08:00
|
|
|
has_many :messages
|
2012-12-29 03:28:09 +08:00
|
|
|
|
2014-04-11 03:03:43 +08:00
|
|
|
EXPORTABLE_ATTRIBUTES = [
|
|
|
|
|
:id, :path, :path_type, :position, :user_id, :pseudonym_id, :bounce_count, :workflow_state, :confirmation_code,
|
|
|
|
|
:created_at, :updated_at, :build_pseudonym_on_confirm
|
|
|
|
|
]
|
|
|
|
|
|
2014-05-21 05:36:13 +08:00
|
|
|
EXPORTABLE_ASSOCIATIONS = [:pseudonyms, :pseudonym, :user]
|
2014-04-11 03:03:43 +08:00
|
|
|
|
2014-08-29 09:45:03 +08:00
|
|
|
before_save :assert_path_type, :set_confirmation_code
|
2011-02-01 09:57:29 +08:00
|
|
|
before_save :consider_building_pseudonym
|
2013-08-08 06:19:48 +08:00
|
|
|
validates_presence_of :path, :path_type, :user, :workflow_state
|
2012-01-06 02:57:35 +08:00
|
|
|
validate :uniqueness_of_path
|
2012-11-14 04:21:18 +08:00
|
|
|
validate :not_otp_communication_channel, :if => lambda { |cc| cc.path_type == TYPE_SMS && cc.retired? && !cc.new_record? }
|
2014-09-04 07:25:20 +08:00
|
|
|
after_commit :check_if_bouncing_changed
|
refactor user creation/invitations closes #5833
fixes #5573, #5572, #5753
* communication channels are now only unique within a single user
* UserList changes
* Always resolve pseudonym#unique_ids
* Support looking up by SMS CCs
* Option to either require e-mails match an existing CC,
or e-mails that don't match a Pseudonym will always be
returned unattached (relying on better merging behavior
to not have a gazillion accounts created)
* Method to return users, creating new ones (*without* a
Pseudonym) if necessary. (can't create with a pseudonym,
since Pseudonym#unique_id is still unique, I can't have
multiple outstanding users with the same unique_id)
* EnrollmentsFromUserList is mostly gutted, now using UserList's
functionality directy.
* Use UserList for adding account admins, removing the now
unused Account#add_admin => User#find_by_email/User#assert_by_email
codepath
* Update UsersController#create to not worry about duplicate
communication channels
* Remove AccountsController#add_user, and just use
UsersController#create
* Change SIS::UserImporter to send out a merge opportunity
e-mail if a conflicting CC is found (but still create the CC)
* In /profile, don't worry about conflicting CCs (the CC confirmation
process will now allow merging)
* Remove CommunicationChannelsController#try_merge and #merge
* For the non-simple case of CoursesController#enrollment_invitation
redirect to /register (CommunicationsChannelController#confirm)
* Remove CoursesController#transfer_enrollment
* Move PseudonymsController#registration_confirmation to
CommunicationChannelsController#confirm (have to be able to
register an account without a Pseudonym yet)
* Fold the old direct confirm functionality in, if there are
no available merge opportunities
* Allow merging the new account with the currently logged in user
* Allow changing the Pseudonym#unique_id when registering a new
account (since there might be conflicts)
* Display a list of merge opportunities based on conflicting
communication channels
* Provide link(s) to log in as the other user,
redirecting back to the registration page after login is
complete (to complete the merge as the current user)
* Remove several assert_* methods that are no longer needed
* Update PseudonymSessionsController a bit to deal with the new
way of dealing with conflicting CCs (especially CCs from LDAP),
and to redirect back to the registration/confirmation page when
attempting to do a merge
* Expose the open_registration setting; use it to control if
inviting users to a course is able to create new users
Change-Id: If2f38818a71af656854d3bf8431ddbf5dcb84691
Reviewed-on: https://gerrit.instructure.com/6149
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
2011-10-13 04:30:48 +08:00
|
|
|
|
2013-11-26 06:33:50 +08:00
|
|
|
acts_as_list :scope => :user
|
2012-12-29 03:28:09 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
has_a_broadcast_policy
|
2012-12-29 03:28:09 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
attr_reader :request_password
|
|
|
|
|
attr_reader :send_confirmation
|
refactor user creation/invitations closes #5833
fixes #5573, #5572, #5753
* communication channels are now only unique within a single user
* UserList changes
* Always resolve pseudonym#unique_ids
* Support looking up by SMS CCs
* Option to either require e-mails match an existing CC,
or e-mails that don't match a Pseudonym will always be
returned unattached (relying on better merging behavior
to not have a gazillion accounts created)
* Method to return users, creating new ones (*without* a
Pseudonym) if necessary. (can't create with a pseudonym,
since Pseudonym#unique_id is still unique, I can't have
multiple outstanding users with the same unique_id)
* EnrollmentsFromUserList is mostly gutted, now using UserList's
functionality directy.
* Use UserList for adding account admins, removing the now
unused Account#add_admin => User#find_by_email/User#assert_by_email
codepath
* Update UsersController#create to not worry about duplicate
communication channels
* Remove AccountsController#add_user, and just use
UsersController#create
* Change SIS::UserImporter to send out a merge opportunity
e-mail if a conflicting CC is found (but still create the CC)
* In /profile, don't worry about conflicting CCs (the CC confirmation
process will now allow merging)
* Remove CommunicationChannelsController#try_merge and #merge
* For the non-simple case of CoursesController#enrollment_invitation
redirect to /register (CommunicationsChannelController#confirm)
* Remove CoursesController#transfer_enrollment
* Move PseudonymsController#registration_confirmation to
CommunicationChannelsController#confirm (have to be able to
register an account without a Pseudonym yet)
* Fold the old direct confirm functionality in, if there are
no available merge opportunities
* Allow merging the new account with the currently logged in user
* Allow changing the Pseudonym#unique_id when registering a new
account (since there might be conflicts)
* Display a list of merge opportunities based on conflicting
communication channels
* Provide link(s) to log in as the other user,
redirecting back to the registration page after login is
complete (to complete the merge as the current user)
* Remove several assert_* methods that are no longer needed
* Update PseudonymSessionsController a bit to deal with the new
way of dealing with conflicting CCs (especially CCs from LDAP),
and to redirect back to the registration/confirmation page when
attempting to do a merge
* Expose the open_registration setting; use it to control if
inviting users to a course is able to create new users
Change-Id: If2f38818a71af656854d3bf8431ddbf5dcb84691
Reviewed-on: https://gerrit.instructure.com/6149
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
2011-10-13 04:30:48 +08:00
|
|
|
|
2012-07-19 07:18:29 +08:00
|
|
|
# Constants for the different supported communication channels
|
|
|
|
|
TYPE_EMAIL = 'email'
|
|
|
|
|
TYPE_SMS = 'sms'
|
|
|
|
|
TYPE_TWITTER = 'twitter'
|
2013-10-15 03:28:32 +08:00
|
|
|
TYPE_PUSH = 'push'
|
2014-10-17 18:38:51 +08:00
|
|
|
TYPE_YO = 'yo'
|
2012-07-19 07:18:29 +08:00
|
|
|
|
2015-10-26 20:17:36 +08:00
|
|
|
RETIRE_THRESHOLD = 1
|
2013-06-01 00:51:54 +08:00
|
|
|
|
2015-08-03 12:36:39 +08:00
|
|
|
# TODO: Will need to be internationalized. Also, do we want to allow this to be specified in a config file?
|
|
|
|
|
def self.country_codes
|
|
|
|
|
# [country code, name, true if email should be used instead of Twilio]
|
|
|
|
|
@country_codes ||= [
|
|
|
|
|
['54', 'Argentina', false],
|
|
|
|
|
['61', 'Australia', false],
|
|
|
|
|
['32', 'Belgium', false],
|
|
|
|
|
['55', 'Brazil', false],
|
|
|
|
|
['1', 'Canada', false],
|
|
|
|
|
['56', 'Chile', false],
|
|
|
|
|
['57', 'Colombia', false],
|
|
|
|
|
['45', 'Denmark', false],
|
|
|
|
|
['358', 'Finland', false],
|
|
|
|
|
['49', 'Germany', false],
|
|
|
|
|
['504', 'Honduras', false],
|
|
|
|
|
['852', 'Hong Kong', false],
|
|
|
|
|
['353', 'Ireland', false],
|
|
|
|
|
['352', 'Luxembourg', false],
|
|
|
|
|
['60', 'Malaysia', false],
|
|
|
|
|
['52', 'Mexico', false],
|
|
|
|
|
['31', 'Netherlands', false],
|
|
|
|
|
['64', 'New Zealand', false],
|
|
|
|
|
['47', 'Norway', false],
|
|
|
|
|
['507', 'Panama', false],
|
|
|
|
|
['51', 'Peru', false],
|
|
|
|
|
['63', 'Philippines', false],
|
|
|
|
|
['974', 'Qatar', false],
|
|
|
|
|
['966', 'Saudi Arabia', false],
|
|
|
|
|
['65', 'Singapore', false],
|
|
|
|
|
['34', 'Spain', false],
|
|
|
|
|
['46', 'Sweden', false],
|
|
|
|
|
['41', 'Switzerland', false],
|
|
|
|
|
['971', 'United Arab Emirates', false],
|
|
|
|
|
['44', 'United Kingdom', false],
|
|
|
|
|
['1', 'United States', true]
|
|
|
|
|
]
|
|
|
|
|
end
|
|
|
|
|
|
multi-factor authentication closes #9532
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-03 05:17:50 +08:00
|
|
|
def self.sms_carriers
|
2014-05-17 00:49:42 +08:00
|
|
|
@sms_carriers ||= Canvas::ICU.collate_by((ConfigFile.load('sms', false) ||
|
multi-factor authentication closes #9532
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-03 05:17:50 +08:00
|
|
|
{ 'AT&T' => 'txt.att.net',
|
|
|
|
|
'Alltel' => 'message.alltel.com',
|
|
|
|
|
'Boost' => 'myboostmobile.com',
|
2013-01-05 05:59:44 +08:00
|
|
|
'C Spire' => 'cspire1.com',
|
multi-factor authentication closes #9532
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-03 05:17:50 +08:00
|
|
|
'Cingular' => 'cingularme.com',
|
|
|
|
|
'CellularOne' => 'mobile.celloneusa.com',
|
|
|
|
|
'Cricket' => 'sms.mycricket.com',
|
|
|
|
|
'Nextel' => 'messaging.nextel.com',
|
|
|
|
|
'Sprint PCS' => 'messaging.sprintpcs.com',
|
|
|
|
|
'T-Mobile' => 'tmomail.net',
|
|
|
|
|
'Verizon' => 'vtext.com',
|
2013-09-27 05:15:55 +08:00
|
|
|
'Virgin Mobile' => 'vmobl.com' }), &:first)
|
multi-factor authentication closes #9532
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-03 05:17:50 +08:00
|
|
|
end
|
|
|
|
|
|
2015-10-07 12:27:50 +08:00
|
|
|
set_policy do
|
|
|
|
|
given { |user| self.user.grants_right?(user, :manage_user_details) }
|
|
|
|
|
can :force_confirm
|
|
|
|
|
|
|
|
|
|
given { |user| Account.site_admin.grants_right?(user, :read_messages) }
|
|
|
|
|
can :reset_bounce_count
|
Expose bounce details via the API to siteadmins
Fixes CNVS-22965
Test plan:
- Create a user and a communication channel for that user, or reuse
an existing one that has not been deleted
- Bounce details:
- From a console, do the following, where "..." is the id of the
communication channel you're working with:
c = CommunicationChannel.find(...)
c.last_bounce_details =
{'bouncedRecipients' => [{'diagnosticCode' => 'foo'}]}
c.save!
- As a siteadmin, hit /api/v1/users/.../communication_channels, where
... is the id of the user that owns the communication channel
- Verify that the communication channel includes a
"last_bounce_summary" property whose value is "foo"
- Transient bounce details:
- From a console, do the following, where "..." is the id of the
communication channel you're working with:
c = CommunicationChannel.find(...)
c.last_transient_bounce_details =
{'bouncedRecipients' => [{'diagnosticCode' => 'foo'}]}
c.save!
- As a siteadmin, hit /api/v1/users/.../communication_channels, where
... is the id of the user that owns the communication channel
- Verify that the communication channel includes a
"last_transient_bounce_summary" property whose value is "foo"
- Bounce date:
- From a console, do the following, where "..." is the id of the
communication channel you're working with:
c = CommunicationChannel.find(...)
c.last_bounce_at = '2015-01-01T01:01:01.000Z'
c.save!
- As a siteadmin, hit /api/v1/users/.../communication_channels, where
... is the id of the user that owns the communication channel
- Verify that the communication channel includes a
"last_bounce_at" key whose values is "2015-01-01T01:01:01.000Z"
- Transient bounce date:
- From a console, do the following, where "..." is the id of the
communication channel you're working with:
c = CommunicationChannel.find(...)
c.last_transient_bounce_at = '2015-01-01T01:01:01.000Z'
c.save!
- As a siteadmin, hit /api/v1/users/.../communication_channels, where
... is the id of the user that owns the communication channel
- Verify that the communication channel includes a
"last_transient_bounce_at" key whose values is "2015-01-01T01:01:01.000Z"
- Suppression bounce date:
- From a console, do the following, where "..." is the id of the
communication channel you're working with:
c = CommunicationChannel.find(...)
c.last_suppression_bounce_at = '2015-01-01T01:01:01.000Z'
c.save!
- As a siteadmin, hit /api/v1/users/.../communication_channels, where
... is the id of the user that owns the communication channel
- Verify that the communication channel includes a
"last_suppression_bounce_at" key whose values is "2015-01-01T01:01:01.000Z"
- Restricted to site admins:
- As the user whose communication channel you were working with,
hit /api/v1/users/.../communication_channels, where ... is that
user's id
- Verify that the communication channel does not include
"last_bounce_at", "last_suppression_bounce_at",
"last_transient_bounce_at", "last_bounce_summary",
or "last_transient_bounce_summary"
Change-Id: I10ed797620392229a55ffc797b2b35d3e979e19a
Reviewed-on: https://gerrit.instructure.com/62578
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Tested-by: Jenkins
QA-Review: Adrian Russell <arussell@instructure.com>
Product-Review: Allison Weiss <allison@instructure.com>
2015-09-04 07:06:44 +08:00
|
|
|
can :read_bounce_details
|
2015-10-07 12:27:50 +08:00
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def pseudonym
|
2013-03-19 03:07:47 +08:00
|
|
|
user.pseudonyms.where(:unique_id => path).first if user
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
set_broadcast_policy do |p|
|
|
|
|
|
p.dispatch :forgot_password
|
|
|
|
|
p.to { self }
|
|
|
|
|
p.whenever { |record|
|
|
|
|
|
@request_password
|
|
|
|
|
}
|
2012-12-29 03:28:09 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
p.dispatch :confirm_registration
|
|
|
|
|
p.to { self }
|
|
|
|
|
p.whenever { |record|
|
|
|
|
|
@send_confirmation and
|
2015-07-25 00:01:44 +08:00
|
|
|
(record.workflow_state == 'active' ||
|
2011-02-01 09:57:29 +08:00
|
|
|
(record.workflow_state == 'unconfirmed' and (self.user.pre_registered? || self.user.creation_pending?))) and
|
2012-07-19 07:18:29 +08:00
|
|
|
self.path_type == TYPE_EMAIL
|
2011-02-01 09:57:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p.dispatch :confirm_email_communication_channel
|
|
|
|
|
p.to { self }
|
2015-07-25 00:01:44 +08:00
|
|
|
p.whenever { |record|
|
2011-02-01 09:57:29 +08:00
|
|
|
@send_confirmation and
|
|
|
|
|
record.workflow_state == 'unconfirmed' and self.user.registered? and
|
2012-07-19 07:18:29 +08:00
|
|
|
self.path_type == TYPE_EMAIL
|
2011-02-01 09:57:29 +08:00
|
|
|
}
|
2012-02-21 04:33:49 +08:00
|
|
|
p.context { @root_account }
|
2012-12-29 03:28:09 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
p.dispatch :merge_email_communication_channel
|
|
|
|
|
p.to { self }
|
|
|
|
|
p.whenever {|record|
|
|
|
|
|
@send_merge_notification and
|
2012-07-19 07:18:29 +08:00
|
|
|
self.path_type == TYPE_EMAIL
|
2011-02-01 09:57:29 +08:00
|
|
|
}
|
2012-12-29 03:28:09 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
p.dispatch :confirm_sms_communication_channel
|
|
|
|
|
p.to { self }
|
|
|
|
|
p.whenever { |record|
|
|
|
|
|
@send_confirmation and
|
|
|
|
|
record.workflow_state == 'unconfirmed' and
|
2012-07-19 07:18:29 +08:00
|
|
|
self.path_type == TYPE_SMS and
|
2011-02-01 09:57:29 +08:00
|
|
|
!self.user.creation_pending?
|
|
|
|
|
}
|
2012-02-21 04:33:49 +08:00
|
|
|
p.context { @root_account }
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
2012-02-21 04:33:49 +08:00
|
|
|
|
2012-01-06 02:57:35 +08:00
|
|
|
def uniqueness_of_path
|
|
|
|
|
return if path.nil?
|
|
|
|
|
return if retired?
|
|
|
|
|
return unless user_id
|
2014-05-16 00:44:08 +08:00
|
|
|
scope = self.class.by_path(path).where(user_id: user_id, path_type: path_type, workflow_state: ['unconfirmed', 'active'])
|
2012-01-06 02:57:35 +08:00
|
|
|
unless new_record?
|
2014-05-16 00:44:08 +08:00
|
|
|
scope = scope.where("id<>?", id)
|
2012-01-06 02:57:35 +08:00
|
|
|
end
|
2014-05-16 00:44:08 +08:00
|
|
|
if scope.exists?
|
2012-01-06 02:57:35 +08:00
|
|
|
self.errors.add(:path, :taken, :value => path)
|
|
|
|
|
end
|
|
|
|
|
end
|
2012-07-19 07:18:29 +08:00
|
|
|
|
multi-factor authentication closes #9532
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-03 05:17:50 +08:00
|
|
|
def not_otp_communication_channel
|
|
|
|
|
self.errors.add(:workflow_state, "Can't remove a user's SMS that is used for one time passwords") if self.id == self.user.otp_communication_channel_id
|
|
|
|
|
end
|
|
|
|
|
|
2014-09-16 03:58:33 +08:00
|
|
|
# Public: Build the url where this record can be confirmed.
|
|
|
|
|
#
|
|
|
|
|
#
|
|
|
|
|
# Returns a string.
|
|
|
|
|
def confirmation_url
|
|
|
|
|
return "" unless path_type == TYPE_EMAIL
|
|
|
|
|
"#{HostUrl.protocol}://#{HostUrl.context_host(context)}/register/#{confirmation_code}"
|
|
|
|
|
end
|
|
|
|
|
|
2012-10-03 04:17:54 +08:00
|
|
|
def context
|
|
|
|
|
pseudonym.try(:account)
|
|
|
|
|
end
|
|
|
|
|
|
2013-02-26 05:32:41 +08:00
|
|
|
# Public: Determine if this channel is the product of an SIS import.
|
|
|
|
|
#
|
|
|
|
|
# Returns a boolean.
|
|
|
|
|
def imported?
|
|
|
|
|
id.present? &&
|
2013-03-19 03:07:47 +08:00
|
|
|
Pseudonym.where(:sis_communication_channel_id => self).exists?
|
2013-02-26 05:32:41 +08:00
|
|
|
end
|
|
|
|
|
|
2012-07-19 07:18:29 +08:00
|
|
|
# Return the 'path' for simple communication channel types like email and sms. For
|
2015-03-27 08:10:14 +08:00
|
|
|
# Yo and Twitter, return the user's configured user_name for the service.
|
2011-02-01 09:57:29 +08:00
|
|
|
def path_description
|
2015-03-27 08:10:14 +08:00
|
|
|
if self.path_type == TYPE_TWITTER
|
2012-07-19 07:18:29 +08:00
|
|
|
res = self.user.user_services.for_service(TYPE_TWITTER).first.service_user_name rescue nil
|
|
|
|
|
res ||= t :default_twitter_handle, 'Twitter Handle'
|
2011-02-10 07:50:14 +08:00
|
|
|
res
|
2014-10-17 18:38:51 +08:00
|
|
|
elsif self.path_type == TYPE_YO
|
|
|
|
|
res = self.user.user_services.for_service(TYPE_YO).first.service_user_name rescue nil
|
|
|
|
|
res ||= t :default_yo_name, 'Yo Name'
|
|
|
|
|
res
|
2013-10-15 03:28:32 +08:00
|
|
|
elsif self.path_type == TYPE_PUSH
|
2015-01-14 06:41:12 +08:00
|
|
|
t 'For All Devices'
|
2011-02-01 09:57:29 +08:00
|
|
|
else
|
|
|
|
|
self.path
|
|
|
|
|
end
|
|
|
|
|
end
|
2015-07-25 00:01:44 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def forgot_password!
|
|
|
|
|
@request_password = true
|
|
|
|
|
set_confirmation_code(true)
|
|
|
|
|
self.save!
|
|
|
|
|
@request_password = false
|
|
|
|
|
end
|
2015-07-25 00:01:44 +08:00
|
|
|
|
2012-02-21 04:33:49 +08:00
|
|
|
def send_confirmation!(root_account)
|
2011-02-01 09:57:29 +08:00
|
|
|
@send_confirmation = true
|
2012-02-21 04:33:49 +08:00
|
|
|
@root_account = root_account
|
2011-02-01 09:57:29 +08:00
|
|
|
self.save!
|
2012-02-21 04:33:49 +08:00
|
|
|
@root_account = nil
|
2011-02-01 09:57:29 +08:00
|
|
|
@send_confirmation = false
|
|
|
|
|
end
|
2015-07-25 00:01:44 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def send_merge_notification!
|
|
|
|
|
@send_merge_notification = true
|
|
|
|
|
self.save!
|
|
|
|
|
@send_merge_notification = false
|
|
|
|
|
end
|
multi-factor authentication closes #9532
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-03 05:17:50 +08:00
|
|
|
|
|
|
|
|
def send_otp!(code)
|
2014-02-20 04:07:15 +08:00
|
|
|
m = self.messages.scoped.new
|
multi-factor authentication closes #9532
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-03 05:17:50 +08:00
|
|
|
m.to = self.path
|
|
|
|
|
m.body = t :body, "Your Canvas verification code is %{verification_code}", :verification_code => code
|
2014-01-17 06:08:04 +08:00
|
|
|
Mailer.create_message(m).deliver rescue nil # omg! just ignore delivery failures
|
multi-factor authentication closes #9532
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-03 05:17:50 +08:00
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
# If you are creating a new communication_channel, do nothing, this just
|
|
|
|
|
# works. If you are resetting the confirmation_code, call @cc.
|
|
|
|
|
# set_confirmation_code(true), or just save the record to leave the old
|
2015-07-25 00:01:44 +08:00
|
|
|
# confirmation code in place.
|
2011-02-01 09:57:29 +08:00
|
|
|
def set_confirmation_code(reset=false)
|
|
|
|
|
self.confirmation_code = nil if reset
|
2012-07-19 07:18:29 +08:00
|
|
|
if self.path_type == TYPE_EMAIL or self.path_type.nil?
|
2014-07-11 01:22:01 +08:00
|
|
|
self.confirmation_code ||= CanvasSlug.generate(nil, 25)
|
2011-02-01 09:57:29 +08:00
|
|
|
else
|
2014-07-11 01:22:01 +08:00
|
|
|
self.confirmation_code ||= CanvasSlug.generate
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
2013-06-01 00:51:54 +08:00
|
|
|
true
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
2015-07-25 00:01:44 +08:00
|
|
|
|
2013-03-21 03:38:19 +08:00
|
|
|
scope :for, lambda { |context|
|
2011-02-01 09:57:29 +08:00
|
|
|
case context
|
|
|
|
|
when User
|
2013-03-21 03:38:19 +08:00
|
|
|
where(:user_id => context)
|
2011-02-01 09:57:29 +08:00
|
|
|
when Notification
|
2015-07-17 05:53:07 +08:00
|
|
|
eager_load(:notification_policies).where(:notification_policies => { :notification_id => context })
|
2011-02-01 09:57:29 +08:00
|
|
|
else
|
2013-03-21 03:38:19 +08:00
|
|
|
scoped
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
}
|
2011-12-31 07:10:04 +08:00
|
|
|
|
2014-05-16 00:44:08 +08:00
|
|
|
def self.by_path_condition(path)
|
2013-02-27 01:37:54 +08:00
|
|
|
if %{mysql mysql2}.include?(connection_pool.spec.config[:adapter])
|
2014-05-16 00:44:08 +08:00
|
|
|
path
|
2011-12-31 07:10:04 +08:00
|
|
|
else
|
2014-05-16 00:44:08 +08:00
|
|
|
"LOWER(#{path})"
|
2011-12-31 07:10:04 +08:00
|
|
|
end
|
2014-05-16 00:44:08 +08:00
|
|
|
end
|
|
|
|
|
scope :by_path, lambda { |path|
|
|
|
|
|
where("#{by_path_condition("communication_channels.path")}=#{by_path_condition("?")}", path)
|
2011-12-31 07:10:04 +08:00
|
|
|
}
|
|
|
|
|
|
2014-07-02 03:38:26 +08:00
|
|
|
scope :email, -> { where(:path_type => TYPE_EMAIL) }
|
|
|
|
|
scope :sms, -> { where(:path_type => TYPE_SMS) }
|
multi-factor authentication closes #9532
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-03 05:17:50 +08:00
|
|
|
|
2014-07-02 03:38:26 +08:00
|
|
|
scope :active, -> { where(:workflow_state => 'active') }
|
|
|
|
|
scope :unretired, -> { where("communication_channels.workflow_state<>'retired'") }
|
2011-11-03 04:59:41 +08:00
|
|
|
|
2013-03-21 03:38:19 +08:00
|
|
|
scope :for_notification_frequency, lambda { |notification, frequency|
|
2014-08-18 21:37:46 +08:00
|
|
|
joins(:notification_policies).where(:notification_policies => { :notification_id => notification, :frequency => frequency })
|
2011-02-01 09:57:29 +08:00
|
|
|
}
|
2012-07-19 07:18:29 +08:00
|
|
|
|
|
|
|
|
# Get the list of communication channels that overrides an association's default order clause.
|
|
|
|
|
# This returns an unretired and properly ordered already fetch array of CommunicationChannel objects ready for usage.
|
|
|
|
|
def self.all_ordered_for_display(user)
|
|
|
|
|
# Add communication channel for users that already had Twitter
|
|
|
|
|
# integrated before we started offering it as a cc
|
|
|
|
|
twitter_service = user.user_services.for_service(CommunicationChannel::TYPE_TWITTER).first
|
|
|
|
|
twitter_service.assert_communication_channel if twitter_service
|
|
|
|
|
|
2013-11-20 00:58:58 +08:00
|
|
|
rank_order = [TYPE_EMAIL, TYPE_SMS, TYPE_PUSH]
|
2015-03-27 08:10:14 +08:00
|
|
|
# Add twitter and yo (in that order) if the user's account is setup for them.
|
2012-07-19 07:18:29 +08:00
|
|
|
rank_order << TYPE_TWITTER if twitter_service
|
2014-10-17 18:38:51 +08:00
|
|
|
rank_order << TYPE_YO unless user.user_services.for_service(CommunicationChannel::TYPE_YO).empty?
|
2013-03-19 03:07:47 +08:00
|
|
|
self.unretired.where('communication_channels.path_type IN (?)', rank_order).
|
2015-07-25 00:01:44 +08:00
|
|
|
order("#{self.rank_sql(rank_order, 'communication_channels.path_type')} ASC, communication_channels.position asc").to_a
|
2012-07-19 07:18:29 +08:00
|
|
|
end
|
|
|
|
|
|
2015-07-17 05:53:07 +08:00
|
|
|
scope :include_policies, -> { preload(:notification_policies) }
|
2011-11-03 04:59:41 +08:00
|
|
|
|
2013-03-21 03:38:19 +08:00
|
|
|
scope :in_state, lambda { |state| where(:workflow_state => state.to_s) }
|
2014-07-02 03:38:26 +08:00
|
|
|
scope :of_type, lambda { |type| where(:path_type => type) }
|
2015-07-25 00:01:44 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def can_notify?
|
|
|
|
|
self.notification_policies.any? { |np| np.frequency == 'never' } ? false : true
|
|
|
|
|
end
|
2015-07-25 00:01:44 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def move_to_user(user, migrate=true)
|
|
|
|
|
return unless user
|
|
|
|
|
if self.pseudonym && self.pseudonym.unique_id == self.path
|
|
|
|
|
self.pseudonym.move_to_user(user, migrate)
|
|
|
|
|
else
|
|
|
|
|
old_user_id = self.user_id
|
|
|
|
|
self.user_id = user.id
|
|
|
|
|
self.save!
|
|
|
|
|
if old_user_id
|
2013-03-19 03:07:47 +08:00
|
|
|
Pseudonym.where(:user_id => old_user_id, :unique_id => self.path).update_all(:user_id => user)
|
2015-12-10 13:08:46 +08:00
|
|
|
User.where(:id => [old_user_id, user]).touch_all
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
2015-07-25 00:01:44 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def consider_building_pseudonym
|
|
|
|
|
if self.build_pseudonym_on_confirm && self.active?
|
|
|
|
|
self.build_pseudonym_on_confirm = false
|
|
|
|
|
pseudonym = self.user.pseudonyms.build(:unique_id => self.path, :account => Account.default)
|
2015-04-28 01:07:13 +08:00
|
|
|
existing_pseudonym = self.user.pseudonyms.active.find{|p| p.account_id == Account.default.id }
|
2011-02-01 09:57:29 +08:00
|
|
|
if existing_pseudonym
|
|
|
|
|
pseudonym.password_salt = existing_pseudonym.password_salt
|
|
|
|
|
pseudonym.crypted_password = existing_pseudonym.crypted_password
|
|
|
|
|
end
|
|
|
|
|
pseudonym.save!
|
|
|
|
|
end
|
|
|
|
|
true
|
|
|
|
|
end
|
2015-07-25 00:01:44 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
alias_method :destroy!, :destroy
|
|
|
|
|
def destroy
|
|
|
|
|
self.workflow_state = 'retired'
|
|
|
|
|
self.save
|
|
|
|
|
end
|
2015-07-25 00:01:44 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
workflow do
|
|
|
|
|
state :unconfirmed do
|
|
|
|
|
event :confirm, :transitions_to => :active do
|
2014-08-21 05:54:34 +08:00
|
|
|
self.set_confirmation_code
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
event :retire, :transitions_to => :retired
|
|
|
|
|
end
|
2015-07-25 00:01:44 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
state :active do
|
|
|
|
|
event :retire, :transitions_to => :retired
|
|
|
|
|
end
|
2015-07-25 00:01:44 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
state :retired do
|
2015-05-27 15:40:43 +08:00
|
|
|
event :re_activate, :transitions_to => :active do
|
|
|
|
|
# Reset bounce count when we're being reactivated
|
|
|
|
|
reset_bounce_count!
|
|
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# This is setup as a default in the database, but this overcomes misspellings.
|
|
|
|
|
def assert_path_type
|
2015-03-27 08:10:14 +08:00
|
|
|
valid_types = [TYPE_EMAIL, TYPE_SMS, TYPE_TWITTER, TYPE_PUSH, TYPE_YO]
|
2013-12-18 05:21:40 +08:00
|
|
|
self.path_type = TYPE_EMAIL unless valid_types.include?(path_type)
|
2013-06-01 00:51:54 +08:00
|
|
|
true
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
protected :assert_path_type
|
2015-07-25 00:01:44 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def self.serialization_excludes; [:confirmation_code]; end
|
2012-11-01 03:34:39 +08:00
|
|
|
|
|
|
|
|
def self.associated_shards(path)
|
|
|
|
|
[Shard.default]
|
|
|
|
|
end
|
2012-11-08 05:02:22 +08:00
|
|
|
|
2012-11-13 00:50:39 +08:00
|
|
|
def merge_candidates(break_on_first_found = false)
|
2015-08-28 09:17:57 +08:00
|
|
|
return [] if path_type == 'push'
|
2012-11-08 05:02:22 +08:00
|
|
|
shards = self.class.associated_shards(self.path) if Enrollment.cross_shard_invitations?
|
2013-02-05 01:57:05 +08:00
|
|
|
shards ||= [self.shard]
|
2012-11-08 05:02:22 +08:00
|
|
|
scope = CommunicationChannel.active.by_path(self.path).of_type(self.path_type)
|
2012-11-13 00:50:39 +08:00
|
|
|
merge_candidates = {}
|
2012-11-08 05:02:22 +08:00
|
|
|
Shard.with_each_shard(shards) do
|
2014-07-24 01:14:22 +08:00
|
|
|
scope = scope.shard(Shard.current)
|
2015-07-17 05:53:07 +08:00
|
|
|
scope.where("user_id<>?", self.user_id).preload(:user).map(&:user).select do |u|
|
2012-11-13 00:50:39 +08:00
|
|
|
result = merge_candidates.fetch(u.global_id) do
|
|
|
|
|
merge_candidates[u.global_id] = (u.all_active_pseudonyms.length != 0)
|
|
|
|
|
end
|
|
|
|
|
return [u] if result && break_on_first_found
|
|
|
|
|
result
|
|
|
|
|
end
|
|
|
|
|
end.uniq
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def has_merge_candidates?
|
|
|
|
|
!merge_candidates(true).empty?
|
2012-11-08 05:02:22 +08:00
|
|
|
end
|
2013-10-15 03:28:32 +08:00
|
|
|
|
2014-08-29 09:45:03 +08:00
|
|
|
def bouncing?
|
|
|
|
|
self.bounce_count >= RETIRE_THRESHOLD
|
|
|
|
|
end
|
|
|
|
|
|
2014-09-04 07:25:20 +08:00
|
|
|
def was_bouncing?
|
|
|
|
|
old_bounce_count = self.previous_changes[:bounce_count].try(:first)
|
|
|
|
|
old_bounce_count ||= self.bounce_count
|
|
|
|
|
old_bounce_count >= RETIRE_THRESHOLD
|
|
|
|
|
end
|
|
|
|
|
|
2015-05-27 15:40:43 +08:00
|
|
|
def reset_bounce_count!
|
|
|
|
|
self.bounce_count = 0
|
|
|
|
|
self.save!
|
|
|
|
|
end
|
|
|
|
|
|
2014-09-04 07:25:20 +08:00
|
|
|
def was_retired?
|
|
|
|
|
old_workflow_state = self.previous_changes[:workflow_state].try(:first)
|
|
|
|
|
old_workflow_state ||= self.workflow_state
|
|
|
|
|
old_workflow_state.to_s == 'retired'
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def check_if_bouncing_changed
|
|
|
|
|
if retired?
|
|
|
|
|
self.user.update_bouncing_channel_message!(self) if !was_retired? && was_bouncing?
|
|
|
|
|
else
|
|
|
|
|
if (was_retired? && bouncing?) || (was_bouncing? != bouncing?)
|
|
|
|
|
self.user.update_bouncing_channel_message!(self)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
private :check_if_bouncing_changed
|
|
|
|
|
|
2015-09-04 05:09:05 +08:00
|
|
|
def self.bounce_for_path(path:, timestamp:, details:, permanent_bounce:, suppression_bounce:)
|
2014-08-29 09:45:03 +08:00
|
|
|
Shard.with_each_shard(CommunicationChannel.associated_shards(path)) do
|
|
|
|
|
CommunicationChannel.unretired.email.by_path(path).each do |channel|
|
2015-09-04 05:09:05 +08:00
|
|
|
channel.bounce_count = channel.bounce_count + 1 if permanent_bounce
|
|
|
|
|
|
2015-06-04 05:08:30 +08:00
|
|
|
if suppression_bounce
|
|
|
|
|
channel.last_suppression_bounce_at = timestamp
|
2015-09-04 05:09:05 +08:00
|
|
|
elsif permanent_bounce
|
2015-06-04 05:08:30 +08:00
|
|
|
channel.last_bounce_at = timestamp
|
|
|
|
|
channel.last_bounce_details = details
|
2015-09-04 05:09:05 +08:00
|
|
|
else
|
|
|
|
|
channel.last_transient_bounce_at = timestamp
|
|
|
|
|
channel.last_transient_bounce_details = details
|
2015-06-04 05:08:30 +08:00
|
|
|
end
|
2015-09-04 05:09:05 +08:00
|
|
|
|
2015-06-04 05:08:30 +08:00
|
|
|
channel.save!
|
2014-08-29 09:45:03 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
2014-08-21 06:35:07 +08:00
|
|
|
|
Expose bounce details via the API to siteadmins
Fixes CNVS-22965
Test plan:
- Create a user and a communication channel for that user, or reuse
an existing one that has not been deleted
- Bounce details:
- From a console, do the following, where "..." is the id of the
communication channel you're working with:
c = CommunicationChannel.find(...)
c.last_bounce_details =
{'bouncedRecipients' => [{'diagnosticCode' => 'foo'}]}
c.save!
- As a siteadmin, hit /api/v1/users/.../communication_channels, where
... is the id of the user that owns the communication channel
- Verify that the communication channel includes a
"last_bounce_summary" property whose value is "foo"
- Transient bounce details:
- From a console, do the following, where "..." is the id of the
communication channel you're working with:
c = CommunicationChannel.find(...)
c.last_transient_bounce_details =
{'bouncedRecipients' => [{'diagnosticCode' => 'foo'}]}
c.save!
- As a siteadmin, hit /api/v1/users/.../communication_channels, where
... is the id of the user that owns the communication channel
- Verify that the communication channel includes a
"last_transient_bounce_summary" property whose value is "foo"
- Bounce date:
- From a console, do the following, where "..." is the id of the
communication channel you're working with:
c = CommunicationChannel.find(...)
c.last_bounce_at = '2015-01-01T01:01:01.000Z'
c.save!
- As a siteadmin, hit /api/v1/users/.../communication_channels, where
... is the id of the user that owns the communication channel
- Verify that the communication channel includes a
"last_bounce_at" key whose values is "2015-01-01T01:01:01.000Z"
- Transient bounce date:
- From a console, do the following, where "..." is the id of the
communication channel you're working with:
c = CommunicationChannel.find(...)
c.last_transient_bounce_at = '2015-01-01T01:01:01.000Z'
c.save!
- As a siteadmin, hit /api/v1/users/.../communication_channels, where
... is the id of the user that owns the communication channel
- Verify that the communication channel includes a
"last_transient_bounce_at" key whose values is "2015-01-01T01:01:01.000Z"
- Suppression bounce date:
- From a console, do the following, where "..." is the id of the
communication channel you're working with:
c = CommunicationChannel.find(...)
c.last_suppression_bounce_at = '2015-01-01T01:01:01.000Z'
c.save!
- As a siteadmin, hit /api/v1/users/.../communication_channels, where
... is the id of the user that owns the communication channel
- Verify that the communication channel includes a
"last_suppression_bounce_at" key whose values is "2015-01-01T01:01:01.000Z"
- Restricted to site admins:
- As the user whose communication channel you were working with,
hit /api/v1/users/.../communication_channels, where ... is that
user's id
- Verify that the communication channel does not include
"last_bounce_at", "last_suppression_bounce_at",
"last_transient_bounce_at", "last_bounce_summary",
or "last_transient_bounce_summary"
Change-Id: I10ed797620392229a55ffc797b2b35d3e979e19a
Reviewed-on: https://gerrit.instructure.com/62578
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Tested-by: Jenkins
QA-Review: Adrian Russell <arussell@instructure.com>
Product-Review: Allison Weiss <allison@instructure.com>
2015-09-04 07:06:44 +08:00
|
|
|
def last_bounce_summary
|
|
|
|
|
last_bounce_details.try(:[], 'bouncedRecipients').try(:[], 0).try(:[], 'diagnosticCode')
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def last_transient_bounce_summary
|
|
|
|
|
last_transient_bounce_details.try(:[], 'bouncedRecipients').try(:[], 0).try(:[], 'diagnosticCode')
|
|
|
|
|
end
|
|
|
|
|
|
2014-08-21 06:35:07 +08:00
|
|
|
def self.find_by_confirmation_code(code)
|
|
|
|
|
where(confirmation_code: code).first
|
|
|
|
|
|
|
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|