Beispiel #1
0
 def set_random_password(self, username=None):
     user = M.User.by_username(username)
     if not user or user.is_anonymous():
         raise HTTPNotFound()
     pwd = h.random_password()
     AuthenticationProvider.get(request).set_password(user, None, pwd)
     h.auditlog_user('Set random password', user=user)
     flash('Password is set', 'ok')
     redirect(request.referer)
Beispiel #2
0
 def set_random_password(self, username=None):
     user = M.User.by_username(username)
     if not user or user.is_anonymous():
         raise HTTPNotFound()
     pwd = h.random_password()
     AuthenticationProvider.get(request).set_password(user, None, pwd)
     h.auditlog_user('Set random password', user=user)
     flash('Password is set', 'ok')
     redirect(request.referer)
Beispiel #3
0
 def set_status(self, username=None, status=None):
     user = M.User.by_username(username)
     if not user or user.is_anonymous():
         raise HTTPNotFound()
     if status == 'enable' and (user.disabled or user.pending):
         AuthenticationProvider.get(request).activate_user(user, audit=False)
         AuthenticationProvider.get(request).enable_user(user)
         flash('User enabled')
     elif status == 'disable' and not user.disabled:
         AuthenticationProvider.get(request).disable_user(user)
         flash('User disabled')
     elif status == 'pending':
         AuthenticationProvider.get(request).deactivate_user(user)
         AuthenticationProvider.get(request).enable_user(user, audit=False)
         flash('Set user status to pending')
     redirect(request.referer)
Beispiel #4
0
    def display(self, *a, **kw):
        """
        Renders the section using the context from :meth:`prepare_context`
        and the :attr:`template`, if :meth:`check_display` returns True.

        If overridden or this base class is not used, this method should
        return either plain text (which will be escaped) or a `jinja2.Markup`
        instance.
        """
        if not self.check_display():
            return ''
        try:
            tmpl = g.jinja2_env.get_template(self.template)
            context = self.prepare_context({
                'h': h,
                'c': c,
                'g': g,
                'user': self.user,
                'config': tg.config,
                'auth': AuthenticationProvider.get(request),
            })
            return Markup(tmpl.render(context))
        except Exception as e:
            log.exception('Error rendering section %s: %s', type(self).__name__, e)
            if asbool(tg.config.get('debug')):
                raise
            else:
                return ''
Beispiel #5
0
    def display(self, *a, **kw):
        """
        Renders the section using the context from :meth:`prepare_context`
        and the :attr:`template`, if :meth:`check_display` returns True.

        If overridden or this base class is not used, this method should
        return either plain text (which will be escaped) or a `jinja2.Markup`
        instance.
        """
        if not self.check_display():
            return ''
        try:
            tmpl = g.jinja2_env.get_template(self.template)
            context = self.prepare_context({
                'h':
                h,
                'c':
                c,
                'g':
                g,
                'user':
                self.user,
                'config':
                tg.config,
                'auth':
                AuthenticationProvider.get(request),
            })
            return Markup(tmpl.render(context))
        except Exception as e:
            log.exception('Error rendering profile section %s: %s',
                          type(self).__name__, e)
            if asbool(tg.config.get('debug')):
                raise
            else:
                return ''
Beispiel #6
0
 def set_status(self, username=None, status=None):
     user = M.User.by_username(username)
     if not user or user.is_anonymous():
         raise HTTPNotFound()
     if status == 'enable' and (user.disabled or user.pending):
         AuthenticationProvider.get(request).activate_user(user,
                                                           audit=False)
         AuthenticationProvider.get(request).enable_user(user)
         flash('User enabled')
     elif status == 'disable' and not user.disabled:
         AuthenticationProvider.get(request).disable_user(user)
         flash('User disabled')
     elif status == 'pending':
         AuthenticationProvider.get(request).deactivate_user(user)
         AuthenticationProvider.get(request).enable_user(user, audit=False)
         flash('Set user status to pending')
     redirect(request.referer)
Beispiel #7
0
 def search_users(self, q=None, f=None, page=0, limit=None, **kw):
     fields = [('username', 'username'), ('display_name', 'display name')]
     add_fields = aslist(tg.config.get('search.user.additional_search_fields'), ',')
     r = self._search(M.User, fields, add_fields, q, f, page, limit, **kw)
     r['objects'] = [dict(u, status=h.get_user_status(u['object'])) for u in r['objects']]
     r['search_results_template'] = 'allura:templates/site_admin_search_users_results.html'
     r['additional_display_fields'] = \
         aslist(tg.config.get('search.user.additional_display_fields'), ',')
     r['provider'] = AuthenticationProvider.get(request)
     return r
Beispiel #8
0
 def index(self, **kw):
     user = c.project.user_project_of
     if not user:
         raise exc.HTTPNotFound()
     provider = AuthenticationProvider.get(request)
     sections = [section(user, c.project)
                 for section in c.app.profile_sections]
     return dict(
         user=user,
         reg_date=provider.user_registration_date(user),
         sections=sections)
Beispiel #9
0
 def index(self, **kw):
     user = c.project.user_project_of
     if not user:
         raise exc.HTTPNotFound()
     provider = AuthenticationProvider.get(request)
     sections = [
         section(user, c.project) for section in c.app.profile_sections
     ]
     return dict(user=user,
                 reg_date=provider.user_registration_date(user),
                 sections=sections)
 def execute(cls, options):
     auth_provider = AuthenticationProvider.get(None)
     for i, chunk in enumerate(chunked_find(M.User, {})):
         log.info('Backfilling login details for chunk #%s', i)
         for u in chunk:
             try:
                 u.backfill_login_details(auth_provider)
                 session(u).flush(u)
             except Exception:
                 log.exception('Error backfilling on user %s', u)
     log.info('Finished backfilling previous login details')
Beispiel #11
0
 def __json__(self):
     auth_provider = AuthenticationProvider.get(request)
     return dict(
         username=self.user.username,
         name=self.user.display_name,
         joined=auth_provider.user_registration_date(self.user),
         localization=self.user.get_pref('localization')._deinstrument(),
         sex=self.user.get_pref('sex'),
         telnumbers=self.user.get_pref('telnumbers')._deinstrument(),
         skypeaccount=self.user.get_pref('skypeaccount'),
         webpages=self.user.get_pref('webpages')._deinstrument(),
         availability=self.user.get_pref('availability')._deinstrument())
Beispiel #12
0
 def __json__(self):
     auth_provider = AuthenticationProvider.get(request)
     return dict(
         username=self.user.username,
         name=self.user.display_name,
         joined=auth_provider.user_registration_date(self.user),
         localization=self.user.get_pref('localization')._deinstrument(),
         sex=self.user.get_pref('sex'),
         telnumbers=self.user.get_pref('telnumbers')._deinstrument(),
         skypeaccount=self.user.get_pref('skypeaccount'),
         webpages=self.user.get_pref('webpages')._deinstrument(),
         availability=self.user.get_pref('availability')._deinstrument())
Beispiel #13
0
 def search_users(self, q=None, f=None, page=0, limit=None, **kw):
     fields = [('username', 'username'), ('display_name', 'display name')]
     add_fields = aslist(
         tg.config.get('search.user.additional_search_fields'), ',')
     r = self._search(M.User, fields, add_fields, q, f, page, limit, **kw)
     r['objects'] = [
         dict(u, status=h.get_user_status(u['object']))
         for u in r['objects']
     ]
     r['search_results_template'] = 'allura:templates/site_admin_search_users_results.html'
     r['additional_display_fields'] = \
         aslist(tg.config.get('search.user.additional_display_fields'), ',')
     r['provider'] = AuthenticationProvider.get(request)
     return r
    def execute(cls, options):
        auth_provider = AuthenticationProvider.get(None)
        for i, chunk in enumerate(chunked_find(M.User, {}, pagesize=2)):
            log.info('Backfilling login details for chunk #%s', i)
            for u in chunk:
                try:
                    u.backfill_login_details(auth_provider)
                except Exception:
                    log.exception('Error backfilling on user %s', u)

            main_orm_session.clear()  # AuditLog and User objs
            main_explicitflush_orm_session.clear(
            )  # UserLoginDetails objs, already flushed individually

        log.info('Finished backfilling previous login details')
Beispiel #15
0
 def _default(self, username, limit=25, page=0):
     user = M.User.by_username(username)
     if not user or user.is_anonymous():
         raise HTTPNotFound()
     projects = user.my_projects().all()
     audit_log = self._audit_log(user, limit, page)
     info = {
         'user': user,
         'status': h.get_user_status(user),
         'projects': projects,
         'audit_log': audit_log,
     }
     p = AuthenticationProvider.get(request)
     info.update(p.user_details(user))
     return info
Beispiel #16
0
 def _default(self, username, limit=25, page=0):
     user = M.User.by_username(username)
     if not user or user.is_anonymous():
         raise HTTPNotFound()
     projects = user.my_projects().all()
     audit_log = self._audit_log(user, limit, page)
     info = {
         'user': user,
         'status': h.get_user_status(user),
         'projects': projects,
         'audit_log': audit_log,
     }
     p = AuthenticationProvider.get(request)
     info.update(p.user_details(user))
     return info
Beispiel #17
0
    def disable_users(cls, usernames):
        auth_provider = AuthenticationProvider.get(request=None)

        # would be nice to use the BatchIndexer extension around this but that only works for artifacts not users

        for username in usernames:
            user = M.User.query.get(username=username)
            if not user:
                log.info('Could not find user: %s', username)
            elif user.disabled:
                log.info('User is already disabled: %s', username)
                session(user).expunge(user)
            else:
                log.info('Disabling user: %s', username)
                auth_provider.disable_user(user)
                session(user).flush(user)
Beispiel #18
0
    def disable_users(cls, usernames):
        auth_provider = AuthenticationProvider.get(request=None)

        # would be nice to use the BatchIndexer extension around this but that only works for artifacts not users

        for username in usernames:
            user = M.User.query.get(username=username)
            if not user:
                log.info('Could not find user: %s', username)
            elif user.disabled:
                log.info('User is already disabled: %s', username)
                session(user).expunge(user)
            else:
                log.info('Disabling user: %s', username)
                auth_provider.disable_user(user)
                session(user).flush(user)
Beispiel #19
0
    def execute(cls, options):
        provider = ProjectRegistrationProvider.get()
        auth_provider = AuthenticationProvider.get(Request.blank('/'))
        for proj in options.projects:
            proj = cls.get_project(proj)
            if proj:
                if proj.is_user_project:
                    # disable user as well
                    user = proj.user_project_of
                    if user:
                        auth_provider.disable_user(user, audit=False)
                        msg = u'Account disabled because user-project was specified for deletion. Reason: {}'.format(
                            options.reason)
                        log_entry = h.auditlog_user(msg, user=user)
                        session(log_entry).flush(log_entry)
                    else:
                        log.info('Could not find associated user for user-project %s', proj.shortname)

                log.info('Purging %s Reason: %s', proj.url(), options.reason)
                provider.purge_project(proj, disable_users=options.disable_users, reason=options.reason)
Beispiel #20
0
def reconfirm_auth(func, *args, **kwargs):
    '''
    A decorator to require the user to reconfirm their login.  Useful for sensitive pages.
    '''
    from allura.lib.plugin import AuthenticationProvider

    if request.POST.get('password'):
        if AuthenticationProvider.get(request).validate_password(c.user, request.POST['password']):
            session['auth-reconfirmed'] = datetime.utcnow()
            session.save()
            kwargs.pop('password', None)
        else:
            c.form_errors['password'] = '******'

    allowed_timedelta = timedelta(seconds=asint(config.get('auth.reconfirm.seconds', 60)))
    last_reconfirm = session.get('auth-reconfirmed', datetime.min)
    if datetime.utcnow() - last_reconfirm <= allowed_timedelta:
        return func(*args, **kwargs)
    else:
        return render({}, 'jinja', "allura:templates/reconfirm_auth.html")
Beispiel #21
0
def reconfirm_auth(func, *args, **kwargs):
    '''
    A decorator to require the user to reconfirm their login.  Useful for sensitive pages.
    '''
    from allura.lib.plugin import AuthenticationProvider

    if request.POST.get('password'):
        if AuthenticationProvider.get(request).validate_password(c.user, request.POST['password']):
            session['auth-reconfirmed'] = datetime.utcnow()
            session.save()
            kwargs.pop('password', None)
        else:
            c.form_errors['password'] = '******'

    allowed_timedelta = timedelta(seconds=asint(config.get('auth.reconfirm.seconds', 60)))
    last_reconfirm = session.get('auth-reconfirmed', datetime.min)
    if datetime.utcnow() - last_reconfirm <= allowed_timedelta:
        return func(*args, **kwargs)
    else:
        return render({}, 'jinja', "allura:templates/reconfirm_auth.html")
Beispiel #22
0
    def execute(cls, options):
        provider = ProjectRegistrationProvider.get()
        auth_provider = AuthenticationProvider.get(Request.blank('/'))
        for proj in options.projects:
            proj = cls.get_project(proj)
            if proj:
                if proj.is_user_project:
                    # disable user as well
                    user = proj.user_project_of
                    if user:
                        auth_provider.disable_user(user, audit=False)
                        msg = u'Account disabled because user-project was specified for deletion. Reason: {}'.format(
                            options.reason)
                        log_entry = h.auditlog_user(msg, user=user)
                        session(log_entry).flush(log_entry)
                    else:
                        log.info(
                            'Could not find associated user for user-project %s',
                            proj.shortname)

                log.info('Purging %s Reason: %s', proj.url(), options.reason)
                provider.purge_project(proj,
                                       disable_users=options.disable_users,
                                       reason=options.reason)
 def index(self, **kw):
     user = c.project.user_project_of
     if not user:
         raise exc.HTTPNotFound()
     provider = AuthenticationProvider.get(request)
     return dict(user=user, reg_date=provider.user_registration_date(user))
Beispiel #24
0
 def index(self, **kw):
     user = c.project.user_project_of
     if not user:
         raise exc.HTTPNotFound()
     provider = AuthenticationProvider.get(request)
     return dict(user=user, reg_date=provider.user_registration_date(user))