def set_random_password(self, username=None):
user = M.User.by_username(username)
if not user or user.is_anonymous():
raise HTTPNotFound()
pwd = h.random_password()
AuthenticationProvider.get(request).set_password(user, None, pwd)
h.auditlog_user('Set random password', user=user)
flash('Password is set', 'ok')
redirect(request.referer)
def set_random_password(self, username=None):
user = M.User.by_username(username)
if not user or user.is_anonymous():
raise HTTPNotFound()
pwd = h.random_password()
AuthenticationProvider.get(request).set_password(user, None, pwd)
h.auditlog_user('Set random password', user=user)
flash('Password is set', 'ok')
redirect(request.referer)
def set_status(self, username=None, status=None):
user = M.User.by_username(username)
if not user or user.is_anonymous():
raise HTTPNotFound()
if status == 'enable' and (user.disabled or user.pending):
AuthenticationProvider.get(request).activate_user(user, audit=False)
AuthenticationProvider.get(request).enable_user(user)
flash('User enabled')
elif status == 'disable' and not user.disabled:
AuthenticationProvider.get(request).disable_user(user)
flash('User disabled')
elif status == 'pending':
AuthenticationProvider.get(request).deactivate_user(user)
AuthenticationProvider.get(request).enable_user(user, audit=False)
flash('Set user status to pending')
redirect(request.referer)
def display(self, *a, **kw):
"""
Renders the section using the context from :meth:`prepare_context`
and the :attr:`template`, if :meth:`check_display` returns True.
If overridden or this base class is not used, this method should
return either plain text (which will be escaped) or a `jinja2.Markup`
instance.
"""
if not self.check_display():
return ''
try:
tmpl = g.jinja2_env.get_template(self.template)
context = self.prepare_context({
'h': h,
'c': c,
'g': g,
'user': self.user,
'config': tg.config,
'auth': AuthenticationProvider.get(request),
})
return Markup(tmpl.render(context))
except Exception as e:
log.exception('Error rendering section %s: %s', type(self).__name__, e)
if asbool(tg.config.get('debug')):
raise
else:
return ''
def display(self, *a, **kw):
"""
Renders the section using the context from :meth:`prepare_context`
and the :attr:`template`, if :meth:`check_display` returns True.
If overridden or this base class is not used, this method should
return either plain text (which will be escaped) or a `jinja2.Markup`
instance.
"""
if not self.check_display():
return ''
try:
tmpl = g.jinja2_env.get_template(self.template)
context = self.prepare_context({
'h':
h,
'c':
c,
'g':
g,
'user':
self.user,
'config':
tg.config,
'auth':
AuthenticationProvider.get(request),
})
return Markup(tmpl.render(context))
except Exception as e:
log.exception('Error rendering profile section %s: %s',
type(self).__name__, e)
if asbool(tg.config.get('debug')):
raise
else:
return ''
def set_status(self, username=None, status=None):
user = M.User.by_username(username)
if not user or user.is_anonymous():
raise HTTPNotFound()
if status == 'enable' and (user.disabled or user.pending):
AuthenticationProvider.get(request).activate_user(user,
audit=False)
AuthenticationProvider.get(request).enable_user(user)
flash('User enabled')
elif status == 'disable' and not user.disabled:
AuthenticationProvider.get(request).disable_user(user)
flash('User disabled')
elif status == 'pending':
AuthenticationProvider.get(request).deactivate_user(user)
AuthenticationProvider.get(request).enable_user(user, audit=False)
flash('Set user status to pending')
redirect(request.referer)
def search_users(self, q=None, f=None, page=0, limit=None, **kw):
fields = [('username', 'username'), ('display_name', 'display name')]
add_fields = aslist(tg.config.get('search.user.additional_search_fields'), ',')
r = self._search(M.User, fields, add_fields, q, f, page, limit, **kw)
r['objects'] = [dict(u, status=h.get_user_status(u['object'])) for u in r['objects']]
r['search_results_template'] = 'allura:templates/site_admin_search_users_results.html'
r['additional_display_fields'] = \
aslist(tg.config.get('search.user.additional_display_fields'), ',')
r['provider'] = AuthenticationProvider.get(request)
return r
def index(self, **kw):
user = c.project.user_project_of
if not user:
raise exc.HTTPNotFound()
provider = AuthenticationProvider.get(request)
sections = [section(user, c.project)
for section in c.app.profile_sections]
return dict(
user=user,
reg_date=provider.user_registration_date(user),
sections=sections)
def index(self, **kw):
user = c.project.user_project_of
if not user:
raise exc.HTTPNotFound()
provider = AuthenticationProvider.get(request)
sections = [
section(user, c.project) for section in c.app.profile_sections
]
return dict(user=user,
reg_date=provider.user_registration_date(user),
sections=sections)
def execute(cls, options):
auth_provider = AuthenticationProvider.get(None)
for i, chunk in enumerate(chunked_find(M.User, {})):
log.info('Backfilling login details for chunk #%s', i)
for u in chunk:
try:
u.backfill_login_details(auth_provider)
session(u).flush(u)
except Exception:
log.exception('Error backfilling on user %s', u)
log.info('Finished backfilling previous login details')
def __json__(self):
auth_provider = AuthenticationProvider.get(request)
return dict(
username=self.user.username,
name=self.user.display_name,
joined=auth_provider.user_registration_date(self.user),
localization=self.user.get_pref('localization')._deinstrument(),
sex=self.user.get_pref('sex'),
telnumbers=self.user.get_pref('telnumbers')._deinstrument(),
skypeaccount=self.user.get_pref('skypeaccount'),
webpages=self.user.get_pref('webpages')._deinstrument(),
availability=self.user.get_pref('availability')._deinstrument())
def __json__(self):
auth_provider = AuthenticationProvider.get(request)
return dict(
username=self.user.username,
name=self.user.display_name,
joined=auth_provider.user_registration_date(self.user),
localization=self.user.get_pref('localization')._deinstrument(),
sex=self.user.get_pref('sex'),
telnumbers=self.user.get_pref('telnumbers')._deinstrument(),
skypeaccount=self.user.get_pref('skypeaccount'),
webpages=self.user.get_pref('webpages')._deinstrument(),
availability=self.user.get_pref('availability')._deinstrument())
def search_users(self, q=None, f=None, page=0, limit=None, **kw):
fields = [('username', 'username'), ('display_name', 'display name')]
add_fields = aslist(
tg.config.get('search.user.additional_search_fields'), ',')
r = self._search(M.User, fields, add_fields, q, f, page, limit, **kw)
r['objects'] = [
dict(u, status=h.get_user_status(u['object']))
for u in r['objects']
]
r['search_results_template'] = 'allura:templates/site_admin_search_users_results.html'
r['additional_display_fields'] = \
aslist(tg.config.get('search.user.additional_display_fields'), ',')
r['provider'] = AuthenticationProvider.get(request)
return r
def execute(cls, options):
auth_provider = AuthenticationProvider.get(None)
for i, chunk in enumerate(chunked_find(M.User, {}, pagesize=2)):
log.info('Backfilling login details for chunk #%s', i)
for u in chunk:
try:
u.backfill_login_details(auth_provider)
except Exception:
log.exception('Error backfilling on user %s', u)
main_orm_session.clear() # AuditLog and User objs
main_explicitflush_orm_session.clear(
) # UserLoginDetails objs, already flushed individually
log.info('Finished backfilling previous login details')
def _default(self, username, limit=25, page=0):
user = M.User.by_username(username)
if not user or user.is_anonymous():
raise HTTPNotFound()
projects = user.my_projects().all()
audit_log = self._audit_log(user, limit, page)
info = {
'user': user,
'status': h.get_user_status(user),
'projects': projects,
'audit_log': audit_log,
}
p = AuthenticationProvider.get(request)
info.update(p.user_details(user))
return info
def _default(self, username, limit=25, page=0):
user = M.User.by_username(username)
if not user or user.is_anonymous():
raise HTTPNotFound()
projects = user.my_projects().all()
audit_log = self._audit_log(user, limit, page)
info = {
'user': user,
'status': h.get_user_status(user),
'projects': projects,
'audit_log': audit_log,
}
p = AuthenticationProvider.get(request)
info.update(p.user_details(user))
return info
def disable_users(cls, usernames):
auth_provider = AuthenticationProvider.get(request=None)
# would be nice to use the BatchIndexer extension around this but that only works for artifacts not users
for username in usernames:
user = M.User.query.get(username=username)
if not user:
log.info('Could not find user: %s', username)
elif user.disabled:
log.info('User is already disabled: %s', username)
session(user).expunge(user)
else:
log.info('Disabling user: %s', username)
auth_provider.disable_user(user)
session(user).flush(user)
def disable_users(cls, usernames):
auth_provider = AuthenticationProvider.get(request=None)
# would be nice to use the BatchIndexer extension around this but that only works for artifacts not users
for username in usernames:
user = M.User.query.get(username=username)
if not user:
log.info('Could not find user: %s', username)
elif user.disabled:
log.info('User is already disabled: %s', username)
session(user).expunge(user)
else:
log.info('Disabling user: %s', username)
auth_provider.disable_user(user)
session(user).flush(user)
def execute(cls, options):
provider = ProjectRegistrationProvider.get()
auth_provider = AuthenticationProvider.get(Request.blank('/'))
for proj in options.projects:
proj = cls.get_project(proj)
if proj:
if proj.is_user_project:
# disable user as well
user = proj.user_project_of
if user:
auth_provider.disable_user(user, audit=False)
msg = u'Account disabled because user-project was specified for deletion. Reason: {}'.format(
options.reason)
log_entry = h.auditlog_user(msg, user=user)
session(log_entry).flush(log_entry)
else:
log.info('Could not find associated user for user-project %s', proj.shortname)
log.info('Purging %s Reason: %s', proj.url(), options.reason)
provider.purge_project(proj, disable_users=options.disable_users, reason=options.reason)
def reconfirm_auth(func, *args, **kwargs):
'''
A decorator to require the user to reconfirm their login. Useful for sensitive pages.
'''
from allura.lib.plugin import AuthenticationProvider
if request.POST.get('password'):
if AuthenticationProvider.get(request).validate_password(c.user, request.POST['password']):
session['auth-reconfirmed'] = datetime.utcnow()
session.save()
kwargs.pop('password', None)
else:
c.form_errors['password'] = '******'
allowed_timedelta = timedelta(seconds=asint(config.get('auth.reconfirm.seconds', 60)))
last_reconfirm = session.get('auth-reconfirmed', datetime.min)
if datetime.utcnow() - last_reconfirm <= allowed_timedelta:
return func(*args, **kwargs)
else:
return render({}, 'jinja', "allura:templates/reconfirm_auth.html")
def reconfirm_auth(func, *args, **kwargs):
'''
A decorator to require the user to reconfirm their login. Useful for sensitive pages.
'''
from allura.lib.plugin import AuthenticationProvider
if request.POST.get('password'):
if AuthenticationProvider.get(request).validate_password(c.user, request.POST['password']):
session['auth-reconfirmed'] = datetime.utcnow()
session.save()
kwargs.pop('password', None)
else:
c.form_errors['password'] = '******'
allowed_timedelta = timedelta(seconds=asint(config.get('auth.reconfirm.seconds', 60)))
last_reconfirm = session.get('auth-reconfirmed', datetime.min)
if datetime.utcnow() - last_reconfirm <= allowed_timedelta:
return func(*args, **kwargs)
else:
return render({}, 'jinja', "allura:templates/reconfirm_auth.html")
def execute(cls, options):
provider = ProjectRegistrationProvider.get()
auth_provider = AuthenticationProvider.get(Request.blank('/'))
for proj in options.projects:
proj = cls.get_project(proj)
if proj:
if proj.is_user_project:
# disable user as well
user = proj.user_project_of
if user:
auth_provider.disable_user(user, audit=False)
msg = u'Account disabled because user-project was specified for deletion. Reason: {}'.format(
options.reason)
log_entry = h.auditlog_user(msg, user=user)
session(log_entry).flush(log_entry)
else:
log.info(
'Could not find associated user for user-project %s',
proj.shortname)
log.info('Purging %s Reason: %s', proj.url(), options.reason)
provider.purge_project(proj,
disable_users=options.disable_users,
reason=options.reason)
def index(self, **kw):
user = c.project.user_project_of
if not user:
raise exc.HTTPNotFound()
provider = AuthenticationProvider.get(request)
return dict(user=user, reg_date=provider.user_registration_date(user))
def index(self, **kw):
user = c.project.user_project_of
if not user:
raise exc.HTTPNotFound()
provider = AuthenticationProvider.get(request)
return dict(user=user, reg_date=provider.user_registration_date(user))