UCL-INGI · Drumor · Nov 14, 2018 · Nov 15, 2018 · Nov 15, 2018 · Nov 15, 2018
diff --git a/ictv/app.py b/ictv/app.py
@@ -214,7 +214,9 @@ def match(mapping, path):
     def authentication_processor(handler):
         def post_auth():
             if 'user' in app.session:
-                User.get(id=app.session['user']['id'])
+                u = User.get(id=app.session['user']['id'])
+                from datetime import datetime
+                u.last_connection = datetime.now()
                 app.session.pop('sidebar', None)
             return handler()
 

diff --git a/ictv/database.py b/ictv/database.py
@@ -109,8 +109,14 @@ def update_database():
         DBVersion(version=database_version)
     db_version = DBVersion.select().getOne().version
     if db_version < 1:
-        # Do upgrade stuff
-        pass
+        print('Updating database to version %d' % 1)
+        table = User.sqlmeta.table
+        from datetime import datetime
+        column_sql = User.sqlmeta.getColumns()['creation_date'].sqliteCreateSQL()
+        assert conn.queryOne('ALTER TABLE %s ADD %s' % (table, column_sql)) is None
+        column_sql = User.sqlmeta.getColumns()['last_connection'].sqliteCreateSQL()
+        assert conn.queryOne('ALTER TABLE %s ADD %s' % (table, column_sql)) is None
+        db_version = 1
     DBVersion.select().getOne().set(version=db_version)
 
 

diff --git a/ictv/models/user.py b/ictv/models/user.py
@@ -20,11 +20,12 @@
 #    along with ICTV.  If not, see <http://www.gnu.org/licenses/>.
 
 from ictv.common import utils
-from sqlobject import StringCol, BoolCol, SQLMultipleJoin, SQLRelatedJoin, SQLRelatedJoin
+from sqlobject import StringCol, BoolCol, SQLMultipleJoin, SQLRelatedJoin, SQLRelatedJoin, DateTimeCol
 
 from ictv.models.ictv_object import ICTVObject
 from ictv.models.role import UserPermissions, Role
 from ictv.models.subscription import Subscription
+from datetime import datetime
 
 
 class User(ICTVObject):
@@ -41,6 +42,8 @@ class User(ICTVObject):
     password = StringCol(default=None)  # Used for local login
     reset_secret = StringCol(notNone=True)  # Used for local login to reset password
     has_toured = BoolCol(default=False)  # Has the user completed the app tour
+    creation_date = DateTimeCol(default=DateTimeCol.now)
+    last_connection = DateTimeCol(default=None)
 
     def __init__(self, *args, **kwargs):
         kwargs['reset_secret'] = utils.generate_secret()
@@ -83,6 +86,13 @@ def get_subscriptions_of_owned_screens(self):
         if UserPermissions.administrator in self.highest_permission_level:
             return Subscription.select()
         return self.screens.throughTo.subscriptions
+
+    def connected_since_creation(self):
+        if self.last_connection is None:
+            return False
+        if self.last_connection > self.creation_date:
+            return True
+        return False
 
     class sqlmeta:
         table = "user_table"   # prevent table name to collide with reserved keywords of some databases
diff --git a/ictv/pages/local_login.py b/ictv/pages/local_login.py
@@ -21,7 +21,6 @@
 
 import hashlib
 from logging import getLogger
-
 import web
 from ictv.common import utils
 

diff --git a/ictv/pages/shibboleth.py b/ictv/pages/shibboleth.py
@@ -147,13 +147,13 @@ def POST(self):
                 email = attrs[settings['sp']['attrs']['email']][0]
 
                 u = User.selectBy(email=email).getOne(None)
+
                 if not u:  # The user does not exist in our DB
                     u = User(username=username,
                              email=email,
                              fullname=realname,
                              super_admin=False,
                              disabled=True)
-
                 self.session['user'] = u.to_dictionary(['id', 'fullname', 'username', 'email'])
 
                 self_url = OneLogin_Saml2_Utils.get_self_url(req)

diff --git a/ictv/pages/users_page.py b/ictv/pages/users_page.py
@@ -20,7 +20,7 @@
 #    along with ICTV.  If not, see <http://www.gnu.org/licenses/>.
 
 import re
-
+import datetime
 import web
 from sqlobject import SQLObjectNotFound
 from sqlobject.dberrors import DuplicateEntryError
@@ -80,7 +80,7 @@ def POST(self):
                     raise ImmediateFeedback(form.action, 'invalid_username')
 
                 try:
-                    User(username=username, fullname=fullname, email=email, super_admin=super_admin, disabled=False)
+                    User(username=username, fullname=fullname, email=email, super_admin=super_admin, disabled=False, creation_date=datetime.datetime.now())
                 except DuplicateEntryError:
                     u = User.selectBy(email=form.email).getOne(None)
                     if u is not None:

diff --git a/ictv/templates/users.html b/ictv/templates/users.html
@@ -77,6 +77,8 @@ <h4><i class="icon fa $icon"></i>$action.title()</h4>
                             <th>Email</th>
                             <th>Permissions</th>
                             <th>Status</th>
+                            <th>Last connection</th>
+                            <th>Creation date</th>
                             <th>Actions</th>
                         </tr>
                         </thead>
@@ -87,6 +89,8 @@ <h4><i class="icon fa $icon"></i>$action.title()</h4>
                             <th>Email</th>
                             <th>Permissions</th>
                             <th>Status</th>
+                            <th>Last connection</th>
+                            <th>Creation date</th>
                             <th>Actions</th>
                         </tr>
                         </tfoot>
@@ -133,6 +137,12 @@ <h6 class="label label-default"><i class="fa fa-circle-o"></i>None</h6>
                                 <td data-disable="$user.disabled">
                                     $('Deactivated' if user.disabled else 'Activated')
                                 </td>
+                                <td data-last_connection="$user.last_connection">
+                                    <p>$("{:%d-%m-%Y}".format(user.last_connection) if user.last_connection else "")</p>
+                                </td>
+                                <td data-last_connection="$user.creation_date">
+                                    <p>$("{:%d-%m-%Y}".format(user.creation_date) if user.creation_date else "")</p>
+                                </td>
                                 <td>
                                     $if 'real_user' not in session or session['real_user']['email'] != user.email:
                                         <button class="btn btn-xs btn-primary" data-toggle="modal" data-target="#edit-user-modal"><i class="fa fa-pencil-square-o"></i>Edit</button>
@@ -144,7 +154,6 @@ <h6 class="label label-default"><i class="fa fa-circle-o"></i>None</h6>
                                             </button>
                                         $if user.highest_permission_level in current_user.highest_permission_level:
                                             <a href="/logas/$user.email" class="btn btn-xs btn-success"><i class="fa fa-user-secret"></i>Log as</a>
-
                                     $if show_reset_button and UserPermissions.administrator in current_user.highest_permission_level:
                                         <button class="btn btn-xs copy-secret pull-right" data-clipboard-text="$homedomain()/reset/$:user.reset_secret">
                                             Copy password reset link
@@ -406,7 +415,8 @@ <h4 class="modal-title"></h4>
                     $$modal.find('#' + prefix + 'super_admin').prop('disabled', is_current_user_admin || $session['user']['id'] == $$td.parent().attr('data-user-id'));
                     $$modal.find('#' + prefix + 'admin').prop('disabled', is_current_user_admin || super_admin || $session['user']['id'] == $$td.parent().attr('data-user-id'));
                 }
-
+                $$td = $$td.prev();
+                $$td = $$td.prev();
                 $$td = $$td.prev();
                 $$modal.find('#'+prefix+'email').val($$td.children().html());
                 $$td = $$td.prev();
@@ -419,6 +429,8 @@ <h4 class="modal-title"></h4>
         var $$modal = $$('#toggle-activation-user-modal');
         $$modal.on('show.bs.modal', function(e) {
             $$td = $$(e.relatedTarget.parentElement).prev();
+            $$td = $$td.prev();
+            $$td = $$td.prev();
             const disabled = $$td.attr('data-disable') == 'True';
             $$modal.find('.modal-title').html((disabled ? 'Activate' : 'Deactivate') + ' this user account')
             $$modal.find('button[type="submit"]').html('<span class="glyphicon glyphicon-alert"></span>' + (disabled ? 'Activate' : 'Deactivate'))

diff --git a/ictv/tests/pages/test_users_page.py b/ictv/tests/pages/test_users_page.py
@@ -151,19 +151,26 @@ def runTest(self):
         fullname = "Test FullName"
         correct_email = "[email protected]"
         wrong_emails = ["wrongemail", "[email protected]", "vivelété@mail.com", "vivel'[email protected]", "@"]
-        users_before = {repr(user) for user in User.select()}
+
+        def set_last_connection_null(user):
+            """This method set the last_connection parameter of a user as null.
+               This is done to simplify comparaison."""
+            user.last_connection=None
+            return user
+
+        users_before = {repr(set_last_connection_null(user)) for user in User.select()}
         # test some wrong email addresses
         for email in wrong_emails:
             post_params = {"action": "create", "admin": "", "super_admin": "", "username": username,
                            "fullname": fullname, "email": email}
             assert self.testApp.post("/users", post_params, status=303).body is not None
-            users_after = {repr(user) for user in User.select()}
+            users_after = {repr(set_last_connection_null(user)) for user in User.select()}
             assert users_after == users_before
 
         # test with wrong usernames
         for username in ["a", "ab"]:
             post_params = {"action": "create", "admin": "", "super_admin": "", "username": username,
                            "fullname": fullname, "email": correct_email}
             assert self.testApp.post("/users", post_params, status=303).body is not None
-            users_after = {repr(user) for user in User.select()}
+            users_after = {repr(set_last_connection_null(user)) for user in User.select()}
             assert users_after == users_before