Create endpoint to expire members #23

Closed
opened 1 year ago by merenber · 0 comments
Owner

We should set a flag in LDAP when someone's membership has expired so that they no longer have access to our various web-based services (which use LDAP for authentication).
I propose setting ShadowExpire (an attribute of ShadowAccount) to 1. We can then use LDAP filters in our web services to filter out users who have this flag set.

Implementation

  • Create a POST endpoint called /api/members/expire (or similar) which sets the LDAP flag on users' records if their membership has expired for over a month. This endpoint should accept a dry_run URL parameter which, when set to true, returns the list of members who would be updated. When the flag is set to false (the default), a list of members who were updated should be returned.
    There is a helper class in ceo_common called Term; this may be helpful.
  • When someone's membership is renewed, we should delete this attribute from their LDAP record if it exists. You will need to modify /api/members/<username/renew.
  • Create a new CLI command for this endpoint, e.g. ceo members expire [--dry-run]. In production, this will be called on a cron job, e.g. once a day.
  • Write unit tests for all of the changes above.
We should set a flag in LDAP when someone's membership has expired so that they no longer have access to our various web-based services (which use LDAP for authentication). I propose setting ShadowExpire (an attribute of ShadowAccount) to 1. We can then use LDAP filters in our web services to filter out users who have this flag set. ## Implementation - [ ] Create a POST endpoint called `/api/members/expire` (or similar) which sets the LDAP flag on users' records if their membership has expired for over a month. This endpoint should accept a `dry_run` URL parameter which, when set to true, returns the list of members who *would* be updated. When the flag is set to false (the default), a list of members who were updated should be returned. There is a helper class in ceo_common called Term; this may be helpful. - [ ] When someone's membership is renewed, we should delete this attribute from their LDAP record if it exists. You will need to modify `/api/members/<username/renew`. - [ ] Create a new CLI command for this endpoint, e.g. `ceo members expire [--dry-run]`. In production, this will be called on a cron job, e.g. once a day. - [ ] Write unit tests for all of the changes above.
r345liu was assigned by merenber 1 year ago
merenber closed this issue 12 months ago
merenber referenced this issue from a commit 12 months ago
Sign in to join this conversation.
No Label
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: public/pyceo#23
Loading…
There is no content yet.