diff --git a/ietf/ietfauth/tests.py b/ietf/ietfauth/tests.py
index e9c521d08..29afa56d7 100644
--- a/ietf/ietfauth/tests.py
+++ b/ietf/ietfauth/tests.py
@@ -226,29 +226,8 @@ class IetfAuthTests(TestCase):
self.assertTrue(self.username_in_htpasswd_file(email))
- def test_create_allowlisted_account(self):
- email = "new-account@example.com"
-
- # add allowlist entry
- r = self.client.post(urlreverse(ietf.ietfauth.views.login), {"username":"secretary", "password":"secretary+password"})
- self.assertEqual(r.status_code, 302)
- self.assertEqual(urlsplit(r["Location"])[2], urlreverse(ietf.ietfauth.views.profile))
-
- r = self.client.get(urlreverse(ietf.ietfauth.views.add_account_allowlist))
- self.assertEqual(r.status_code, 200)
- self.assertContains(r, "Add an allowlist entry")
-
- r = self.client.post(urlreverse(ietf.ietfauth.views.add_account_allowlist), {"email": email})
- self.assertEqual(r.status_code, 200)
- self.assertContains(r, "Allowlist entry creation successful")
-
- # log out
- r = self.client.post(urlreverse('django.contrib.auth.views.logout'), {})
- self.assertEqual(r.status_code, 200)
-
- # register and verify allowlisted email
- self.register_and_verify(email)
-
+
+ # This also tests new account creation.
def test_create_existing_account(self):
# create account once
email = "new-account@example.com"
diff --git a/ietf/ietfauth/urls.py b/ietf/ietfauth/urls.py
index 56daae053..30e639ad6 100644
--- a/ietf/ietfauth/urls.py
+++ b/ietf/ietfauth/urls.py
@@ -24,5 +24,4 @@ urlpatterns = [
url(r'^review/$', views.review_overview),
url(r'^testemail/$', views.test_email),
url(r'^username/$', views.change_username),
- url(r'^allowlist/add/?$', views.add_account_allowlist),
]
diff --git a/ietf/ietfauth/views.py b/ietf/ietfauth/views.py
index 53c28b589..8c61b8356 100644
--- a/ietf/ietfauth/views.py
+++ b/ietf/ietfauth/views.py
@@ -63,11 +63,10 @@ import debug # pyflakes:ignore
from ietf.group.models import Role, Group
from ietf.ietfauth.forms import ( RegistrationForm, PasswordForm, ResetPasswordForm, TestEmailForm,
- AllowlistForm, ChangePasswordForm, get_person_form, RoleEmailForm,
+ ChangePasswordForm, get_person_form, RoleEmailForm,
NewEmailForm, ChangeUsernameForm, PersonPasswordForm)
from ietf.ietfauth.htpasswd import update_htpasswd_file
-from ietf.ietfauth.utils import role_required, has_role
-from ietf.mailinglists.models import Allowlisted
+from ietf.ietfauth.utils import has_role
from ietf.name.models import ExtResourceName
from ietf.nomcom.models import NomCom
from ietf.person.models import Person, Email, Alias, PersonalApiKey, PERSON_API_KEY_VALUES
@@ -600,23 +599,7 @@ def test_email(request):
return r
-@role_required('Secretariat')
-def add_account_allowlist(request):
- success = False
- if request.method == 'POST':
- form = AllowlistForm(request.POST)
- if form.is_valid():
- email = form.cleaned_data['email']
- entry = Allowlisted(email=email, by=request.user.person)
- entry.save()
- success = True
- else:
- form = AllowlistForm()
- return render(request, 'ietfauth/allowlist_form.html', {
- 'form': form,
- 'success': success,
- })
class AddReviewWishForm(forms.Form):
doc = SearchableDocumentField(label="Document", doc_type="draft")
diff --git a/ietf/mailinglists/models.py b/ietf/mailinglists/models.py
index 1e56c43d9..f575ffe5a 100644
--- a/ietf/mailinglists/models.py
+++ b/ietf/mailinglists/models.py
@@ -21,6 +21,8 @@ class NonWgMailingList(models.Model):
def info_url(self):
return settings.MAILING_LIST_INFO_URL % {'list_addr': self.name }
+# Allowlisted is unused, but is not being dropped until its human-curated content
+# is archived outside this database.
class Allowlisted(models.Model):
time = models.DateTimeField(auto_now_add=True)
email = models.CharField("Email address", max_length=64, validators=[validate_email])
diff --git a/ietf/templates/base/menu_user.html b/ietf/templates/base/menu_user.html
index 8245ece71..9a0bf5683 100644
--- a/ietf/templates/base/menu_user.html
+++ b/ietf/templates/base/menu_user.html
@@ -186,12 +186,6 @@
Sync discrepancies
</a>
</li>
- <li>
- <a class="dropdown-item {% if flavor != 'top' %} text-wrap{% endif %}"
- href="{% url 'ietf.ietfauth.views.add_account_allowlist' %}">
- Account allowlist
- </a>
- </li>
{% endif %}
{% if user|has_role:"IANA" %}
{% if flavor == "top" %}
diff --git a/ietf/templates/ietfauth/allowlist_form.html b/ietf/templates/ietfauth/allowlist_form.html
deleted file mode 100644
index c7f3981b7..000000000
--- a/ietf/templates/ietfauth/allowlist_form.html
+++ /dev/null
@@ -1,78 +0,0 @@
-{% extends "base.html" %}
-{# Copyright The IETF Trust 2016, All Rights Reserved #}
-{% load origin %}
-{% load django_bootstrap5 %}
-{% block title %}Set up test email address{% endblock %}
-{% block content %}
- {% origin %}
- {% if success %}
- <h1>Allowlist entry creation successful</h1>
- <p>
- Please ask the requestor to try the
- <a href="{% url 'ietf.ietfauth.views.create_account' %}">account creation form</a>
- again, with the allowlisted email address.
- </p>
- {% else %}
- <h1>Add an allowlist entry for account creation.</h1>
- <p>
- When an email request comes in for assistance with account creation
- because the automated account creation has failed, you can add the
- address to an account creation allowlist here.
- </p>
- <p>
- Before you do so, please complete the following 3 verification steps:
- </p>
- <ol class="d-grid gap-3">
- <li>
- Has the person provided relevant information in his request, or has he simply
- copied the text from the account creation failure message? All genuine (non-spam)
- account creation requests seen between 2009 and 2016 for tools.ietf.org have
- contained a reasonable request message, rather than just copy-pasting the account
- creation failure message. If there's no proper request message, step 2 below can
- be performed to make sure the request is bogus, but if that also fails, no further
- effort should be needed.
- </li>
- <li>
- Google for the person's name within the ietf.org site: "Jane Doe site:ietf.org". If
- found, and the email address matches an address used in Internet-Drafts or discussions,
- things are fine, and it's OK to add the address to the allowlist using this form,
- and ask the person to please try the
- <a href="{% url 'ietf.ietfauth.views.create_account' %}">account creation form</a>
- again.
- </li>
- <li>
- <p>
- If google finds no trace of the person being an ietf participant, he or she could
- still be somebody who is just getting involved in IETF work. A datatracker account
- is probably not necessary, (no account is necessary to 'join' a WG -- the right thing
- in that case is to join the right mailing list, and the person could be told so) --
- but in case this is a legitimate request, please email the person and ask:
- <i>
- "Which wgs do you require a password for?"
- </i>
- </p>
- <p>
- This is a bit of a trick question, because it is very unlikely that somebody who
- isn't involved in IETF work will give a reasonable response, while almost any answer
- from somebody who is doing IETF work will show that they have some clue.
- </p>
- <p>
- Please note the exact wording. Do <b><i>not</i></b> ask about "working groups" --
- that will make it easier for people to google for IETF working groups. Ask the
- question as given above, with lowercase "wgs".
- </p>
- <p>
- If the answer to this question shows clue, then add the address to the allowlist
- using this form, and ask the person to please try the
- <a href="{% url 'ietf.ietfauth.views.create_account' %}">account creation form</a>
- again.
- </p>
- </li>
- </ol>
- <form method="post">
- {% csrf_token %}
- {% bootstrap_form form %}
- <button class="btn btn-primary" type="submit">Add address to account creation allowlist</button>
- </form>
- {% endif %}
-{% endblock %}
\ No newline at end of file