From b43b174fdd6940e6655ffd45da17f3623d94ed63 Mon Sep 17 00:00:00 2001
From: Bill DeRusha <bderusha@C02X31WFJGH5.tld>
Date: Thu, 20 Sep 2018 12:27:17 -0400
Subject: [PATCH] Set usable password when canceling user retirement

---
 .../support/templates/manage_user.underscore     |  2 +-
 lms/djangoapps/support/views/manage_user.py      | 16 +++++++++++++---
 .../commands/cancel_user_retirement_request.py   |  2 ++
 .../management/tests/test_cancel_retirement.py   |  5 ++++-
 4 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/lms/djangoapps/support/static/support/templates/manage_user.underscore b/lms/djangoapps/support/static/support/templates/manage_user.underscore
index 96027d11fd..eedca0af13 100644
--- a/lms/djangoapps/support/static/support/templates/manage_user.underscore
+++ b/lms/djangoapps/support/static/support/templates/manage_user.underscore
@@ -32,7 +32,7 @@
         <td><% print(user_profile.get('status')) %></td>
         <td>
           <button class="disable-account-btn">
-            <%- gettext('Disable Account') %>
+            <%- gettext('Toggle Account Password (Usable/Unusable)') %>
           </button>
         </td>
       </tr>
diff --git a/lms/djangoapps/support/views/manage_user.py b/lms/djangoapps/support/views/manage_user.py
index 02ce16ef5f..9b64d69d58 100644
--- a/lms/djangoapps/support/views/manage_user.py
+++ b/lms/djangoapps/support/views/manage_user.py
@@ -13,6 +13,7 @@ from rest_framework.response import Response
 from edxmako.shortcuts import render_to_response
 from lms.djangoapps.support.decorators import require_support_permission
 from openedx.core.djangoapps.user_api.accounts.serializers import AccountUserSerializer
+from openedx.core.djangoapps.user_api.accounts.utils import generate_password
 from util.json_request import JsonResponse
 
 
@@ -64,7 +65,16 @@ class ManageUserDetailView(GenericAPIView):
         user = get_user_model().objects.get(
             Q(username=username_or_email) | Q(email=username_or_email)
         )
-        user.set_unusable_password()
+        if user.has_usable_password():
+            user.set_unusable_password()
+        else:
+            user.set_password(generate_password(length=25))
         user.save()
-        password_status = _('Usable') if user.has_usable_password() else _('Unusable')
-        return JsonResponse({'success_msg': _('User Disabled Successfully'), 'status': password_status})
+
+        if user.has_usable_password():
+            password_status = _('Usable')
+            msg = _('User Enabled Successfully')
+        else:
+            password_status = _('Unusable')
+            msg = _('User Disabled Successfully')
+        return JsonResponse({'success_msg': msg, 'status': password_status})
diff --git a/openedx/core/djangoapps/user_api/management/commands/cancel_user_retirement_request.py b/openedx/core/djangoapps/user_api/management/commands/cancel_user_retirement_request.py
index 208c1e049c..62ef39c856 100644
--- a/openedx/core/djangoapps/user_api/management/commands/cancel_user_retirement_request.py
+++ b/openedx/core/djangoapps/user_api/management/commands/cancel_user_retirement_request.py
@@ -8,6 +8,7 @@ from __future__ import print_function
 import logging
 
 from django.core.management.base import BaseCommand, CommandError
+from openedx.core.djangoapps.user_api.accounts.utils import generate_password
 from openedx.core.djangoapps.user_api.models import UserRetirementStatus
 
 
@@ -50,6 +51,7 @@ class Command(BaseCommand):
 
         # Load the user record using the retired email address -and- change the email address back.
         retirement_status.user.email = email_address
+        retirement_status.user.set_password(generate_password(length=25))
         retirement_status.user.save()
 
         # Delete the user retirement status record.
diff --git a/openedx/core/djangoapps/user_api/management/tests/test_cancel_retirement.py b/openedx/core/djangoapps/user_api/management/tests/test_cancel_retirement.py
index d2ec952492..8961e3f448 100644
--- a/openedx/core/djangoapps/user_api/management/tests/test_cancel_retirement.py
+++ b/openedx/core/djangoapps/user_api/management/tests/test_cancel_retirement.py
@@ -2,6 +2,7 @@
 Test the cancel_user_retirement_request management command
 """
 import pytest
+from django.contrib.auth.hashers import UNUSABLE_PASSWORD_PREFIX
 from django.contrib.auth.models import User
 from django.core.management import CommandError, call_command
 
@@ -28,7 +29,9 @@ def test_successful_cancellation(setup_retirement_states, logged_out_retirement_
     with pytest.raises(UserRetirementRequest.DoesNotExist):
         UserRetirementRequest.objects.get(user=logged_out_retirement_request.user)
     # Ensure user can be retrieved using the original email address.
-    User.objects.get(email=logged_out_retirement_request.original_email)
+    user = User.objects.get(email=logged_out_retirement_request.original_email)
+    # Ensure the user has a usable password so they can go through the reset flow
+    assert not user.password.startswith(UNUSABLE_PASSWORD_PREFIX)
     assert "Successfully cancelled retirement request for user with email address" in output
     assert logged_out_retirement_request.original_email in output