def post(self):
# login_required when lti_create_user_link not set
if not sess.get('lti_create_user_link') and not current_user.is_authenticated:
return current_app.login_manager.unauthorized()
user = User()
params = new_user_parser.parse_args()
user.student_number = params.get("student_number", None)
user.email = params.get("email")
user.firstname = params.get("firstname")
user.lastname = params.get("lastname")
user.displayname = params.get("displayname")
email_notification_method = params.get("email_notification_method")
check_valid_email_notification_method(email_notification_method)
user.email_notification_method = EmailNotificationMethod(email_notification_method)
if not current_app.config.get('APP_LOGIN_ENABLED'):
# if APP_LOGIN_ENABLED is not enabled, allow blank username and password
user.username = None
user.password = None
else:
# else enforce required password and unique username
user.password = params.get("password")
if user.password == None:
abort(400, title="User Not Saved", message="A password is required. Please enter a password and try saving again.")
elif len(params.get("password")) < 4:
abort(400, title="User Not Saved", message="The password must be at least 4 characters long.")
user.username = params.get("username")
if user.username == None:
abort(400, title="User Not Saved", message="A username is required. Please enter a username and try saving again.")
username_exists = User.query.filter_by(username=user.username).first()
if username_exists:
abort(409, title="User Not Saved", message="Sorry, this username already exists and usernames must be unique in ComPAIR. Please enter another username and try saving again.")
student_number_exists = User.query.filter_by(student_number=user.student_number).first()
# if student_number is not left blank and it exists -> 409 error
if user.student_number is not None and student_number_exists:
abort(409, title="User Not Saved", message="Sorry, this student number already exists and student numbers must be unique in ComPAIR. Please enter another number and try saving again.")
# handle lti_create_user_link setup for third party logins
if sess.get('lti_create_user_link') and sess.get('LTI'):
lti_user = LTIUser.query.get_or_404(sess['lti_user'])
lti_user.compair_user = user
user.system_role = lti_user.system_role
lti_user.update_user_profile()
if sess.get('lti_context') and sess.get('lti_user_resource_link'):
lti_context = LTIContext.query.get_or_404(sess['lti_context'])
lti_user_resource_link = LTIUserResourceLink.query.get_or_404(sess['lti_user_resource_link'])
if lti_context.is_linked_to_course():
# create new enrollment
new_user_course = UserCourse(
user=user,
course_id=lti_context.compair_course_id,
course_role=lti_user_resource_link.course_role
)
db.session.add(new_user_course)
else:
system_role = params.get("system_role")
check_valid_system_role(system_role)
user.system_role = SystemRole(system_role)
require(CREATE, user,
title="User Not Saved",
message="Sorry, your role does not allow you to save users.")
# only students can have student numbers
if user.system_role != SystemRole.student:
user.student_number = None
try:
db.session.add(user)
db.session.commit()
if current_user.is_authenticated:
on_user_create.send(
self,
event_name=on_user_create.name,
user=current_user,
data=marshal(user, dataformat.get_full_user()))
else:
on_user_create.send(
self,
event_name=on_user_create.name,
data=marshal(user, dataformat.get_full_user()))
except exc.IntegrityError:
db.session.rollback()
current_app.logger.error("Failed to add new user. Duplicate.")
abort(409, title="User Not Saved", message="Sorry, this ID already exists and IDs must be unique in ComPAIR. Please try addding another user.")
# handle lti_create_user_link teardown for third party logins
if sess.get('lti_create_user_link'):
authenticate(user, login_method='LTI')
sess.pop('lti_create_user_link')
return marshal_user_data(user)
def post(self):
# login_required when lti_create_user_link not set
if not sess.get(
'lti_create_user_link') and not current_user.is_authenticated:
return current_app.login_manager.unauthorized()
user = User()
params = new_user_parser.parse_args()
user.student_number = params.get("student_number", None)
user.email = params.get("email")
user.firstname = params.get("firstname")
user.lastname = params.get("lastname")
user.displayname = params.get("displayname")
email_notification_method = params.get("email_notification_method")
check_valid_email_notification_method(email_notification_method)
user.email_notification_method = EmailNotificationMethod(
email_notification_method)
if not current_app.config.get('APP_LOGIN_ENABLED'):
# if APP_LOGIN_ENABLED is not enabled, allow blank username and password
user.username = None
user.password = None
else:
# else enforce required password and unique username
user.password = params.get("password")
if user.password == None:
abort(
400,
title="User Not Saved",
message=
"A password is required. Please enter a password and try saving again."
)
elif len(params.get("password")) < 4:
abort(
400,
title="User Not Saved",
message="The password must be at least 4 characters long.")
user.username = params.get("username")
if user.username == None:
abort(
400,
title="User Not Saved",
message=
"A username is required. Please enter a username and try saving again."
)
username_exists = User.query.filter_by(
username=user.username).first()
if username_exists:
abort(
409,
title="User Not Saved",
message=
"Sorry, this username already exists and usernames must be unique in ComPAIR. Please enter another username and try saving again."
)
student_number_exists = User.query.filter_by(
student_number=user.student_number).first()
# if student_number is not left blank and it exists -> 409 error
if user.student_number is not None and student_number_exists:
abort(
409,
title="User Not Saved",
message=
"Sorry, this student number already exists and student numbers must be unique in ComPAIR. Please enter another number and try saving again."
)
# handle lti_create_user_link setup for third party logins
if sess.get('lti_create_user_link') and sess.get('LTI'):
lti_user = LTIUser.query.get_or_404(sess['lti_user'])
lti_user.compair_user = user
user.system_role = lti_user.system_role
lti_user.update_user_profile()
if sess.get('lti_context') and sess.get('lti_user_resource_link'):
lti_context = LTIContext.query.get_or_404(sess['lti_context'])
lti_user_resource_link = LTIUserResourceLink.query.get_or_404(
sess['lti_user_resource_link'])
if lti_context.is_linked_to_course():
# create new enrollment
new_user_course = UserCourse(
user=user,
course_id=lti_context.compair_course_id,
course_role=lti_user_resource_link.course_role)
db.session.add(new_user_course)
else:
system_role = params.get("system_role")
check_valid_system_role(system_role)
user.system_role = SystemRole(system_role)
require(
CREATE,
user,
title="User Not Saved",
message="Sorry, your role does not allow you to save users.")
# only students can have student numbers
if user.system_role != SystemRole.student:
user.student_number = None
try:
db.session.add(user)
db.session.commit()
if current_user.is_authenticated:
on_user_create.send(self,
event_name=on_user_create.name,
user=current_user,
data=marshal(user,
dataformat.get_full_user()))
else:
on_user_create.send(self,
event_name=on_user_create.name,
data=marshal(user,
dataformat.get_full_user()))
except exc.IntegrityError:
db.session.rollback()
current_app.logger.error("Failed to add new user. Duplicate.")
abort(
409,
title="User Not Saved",
message=
"Sorry, this ID already exists and IDs must be unique in ComPAIR. Please try addding another user."
)
# handle lti_create_user_link teardown for third party logins
if sess.get('lti_create_user_link'):
authenticate(user, login_method='LTI')
sess.pop('lti_create_user_link')
return marshal_user_data(user)
def post(self):
# login_required when oauth_create_user_link not set
if not sess.get('oauth_create_user_link'):
if not current_app.login_manager._login_disabled and \
not current_user.is_authenticated:
return current_app.login_manager.unauthorized()
user = User()
params = new_user_parser.parse_args()
user.student_number = params.get("student_number", None)
user.email = params.get("email")
user.firstname = params.get("firstname")
user.lastname = params.get("lastname")
user.displayname = params.get("displayname")
email_notification_method = params.get("email_notification_method")
check_valid_email_notification_method(email_notification_method)
user.email_notification_method = EmailNotificationMethod(
email_notification_method)
# if creating a cas user, do not set username or password
if sess.get('oauth_create_user_link') and sess.get('LTI') and sess.get(
'CAS_CREATE'):
user.username = None
user.password = None
else:
# else enforce required password and unique username
user.password = params.get("password")
if user.password == None:
abort(
400,
title="User Not Saved",
message=
"A password is required. Please enter a password and try saving again."
)
user.username = params.get("username")
if user.username == None:
abort(
400,
title="User Not Saved",
message=
"A username is required. Please enter a username and try saving again."
)
username_exists = User.query.filter_by(
username=user.username).first()
if username_exists:
abort(
409,
title="User Not Saved",
message=
"Sorry, this username already exists and usernames must be unique in ComPAIR. Please enter another username and try saving again."
)
student_number_exists = User.query.filter_by(
student_number=user.student_number).first()
# if student_number is not left blank and it exists -> 409 error
if user.student_number is not None and student_number_exists:
abort(
409,
title="User Not Saved",
message=
"Sorry, this student number already exists and student numbers must be unique in ComPAIR. Please enter another number and try saving again."
)
# handle oauth_create_user_link setup for third party logins
if sess.get('oauth_create_user_link'):
login_method = None
if sess.get('LTI'):
lti_user = LTIUser.query.get_or_404(sess['lti_user'])
lti_user.compair_user = user
user.system_role = lti_user.system_role
login_method = 'LTI'
if sess.get('lti_context') and sess.get(
'lti_user_resource_link'):
lti_context = LTIContext.query.get_or_404(
sess['lti_context'])
lti_user_resource_link = LTIUserResourceLink.query.get_or_404(
sess['lti_user_resource_link'])
if lti_context.is_linked_to_course():
# create new enrollment
new_user_course = UserCourse(
user=user,
course_id=lti_context.compair_course_id,
course_role=lti_user_resource_link.course_role)
db.session.add(new_user_course)
if sess.get('CAS_CREATE'):
thirdpartyuser = ThirdPartyUser(
third_party_type=ThirdPartyType.cas,
unique_identifier=sess.get('CAS_UNIQUE_IDENTIFIER'),
params=sess.get('CAS_PARAMS'),
user=user)
login_method = ThirdPartyType.cas.value
db.session.add(thirdpartyuser)
else:
system_role = params.get("system_role")
check_valid_system_role(system_role)
user.system_role = SystemRole(system_role)
require(
CREATE,
user,
title="User Not Saved",
message="Sorry, your role does not allow you to save users.")
# only students can have student numbers
if user.system_role != SystemRole.student:
user.student_number = None
try:
db.session.add(user)
db.session.commit()
if current_user.is_authenticated:
on_user_create.send(self,
event_name=on_user_create.name,
user=current_user,
data=marshal(user,
dataformat.get_user(False)))
else:
on_user_create.send(self,
event_name=on_user_create.name,
data=marshal(user,
dataformat.get_user(False)))
except exc.IntegrityError:
db.session.rollback()
current_app.logger.error("Failed to add new user. Duplicate.")
abort(
409,
title="User Not Saved",
message=
"Sorry, this ID already exists and IDs must be unique in ComPAIR. Please try addding another user."
)
# handle oauth_create_user_link teardown for third party logins
if sess.get('oauth_create_user_link'):
authenticate(user, login_method=login_method)
sess.pop('oauth_create_user_link')
if sess.get('CAS_CREATE'):
sess.pop('CAS_CREATE')
sess.pop('CAS_UNIQUE_IDENTIFIER')
sess['CAS_LOGIN'] = True
return marshal(user, dataformat.get_user())
