def edit(self, id, format='html'):
"""GET /users/id/edit: Form to edit an existing item"""
# url('edit_user', id=ID)
c.user = User.get_or_404(id)
if c.user.username == 'default':
h.flash(_("You can't edit this user"), category='warning')
return redirect(url('users'))
c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)
c.user.permissions = {}
c.granted_permissions = UserModel().fill_perms(c.user)\
.permissions['global']
c.user_email_map = UserEmailMap.query()\
.filter(UserEmailMap.user == c.user).all()
c.user_ip_map = UserIpMap.query()\
.filter(UserIpMap.user == c.user).all()
user_model = UserModel()
c.ldap_dn = c.user.ldap_dn
defaults = c.user.get_dict()
defaults.update({
'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),
'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
})
return htmlfill.render(
render('admin/users/user_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False
)
def register(self):
user_model = UserModel()
c.auto_active = False
for perm in user_model.get_by_username('default',
cache=False).user_perms:
if perm.permission.permission_name == 'hg.register.auto_activate':
c.auto_active = True
break
if request.POST:
register_form = RegisterForm()()
try:
form_result = register_form.to_python(dict(request.POST))
form_result['active'] = c.auto_active
user_model.create_registration(form_result)
h.flash(_('You have successfully registered into rhodecode'),
category='success')
return redirect(url('login_home'))
except formencode.Invalid, errors:
return htmlfill.render(
render('/register.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8")
def test_update(self, name, expected):
self.log_user()
uname = 'testme'
usr = UserModel().create_or_update(username=uname,
password='******',
email='*****@*****.**')
self.Session().commit()
params = usr.get_api_data()
params.update({name: expected})
params.update({'password_confirmation': ''})
params.update({'new_password': ''})
if name == 'email':
params['emails'] = [expected]
if name == 'ldap_dn':
#cannot update this via form
params['ldap_dn'] = None
try:
response = self.app.put(url('user', id=usr.user_id), params)
self.checkSessionFlash(response, '''User updated successfully''')
updated_user = User.get_by_username(uname)
updated_params = updated_user.get_api_data()
updated_params.update({'password_confirmation': ''})
updated_params.update({'new_password': ''})
self.assertEqual(params, updated_params)
finally:
UserModel().delete('testme')
def create(self):
"""POST /users: Create a new item"""
# url('users')
c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
user_model = UserModel()
user_form = UserForm()()
try:
form_result = user_form.to_python(dict(request.POST))
user = user_model.create(form_result)
Session().flush()
username = form_result['username']
action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,
None, self.ip_addr, self.sa)
user_link = h.link_to(h.escape(username),
url('edit_user', user_id=user.user_id))
h.flash(h.literal(
_('Created user %(user_link)s') % {'user_link': user_link}),
category='success')
Session().commit()
except formencode.Invalid as errors:
return htmlfill.render(render('admin/users/user_add.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
except UserCreationError as e:
h.flash(e, 'error')
except Exception:
log.exception("Exception creation of user")
h.flash(_('Error occurred during creation of user %s') %
request.POST.get('username'),
category='error')
return redirect(url('users'))
def __init__(self, methodName='runTest'):
Session.remove()
self.u1 = UserModel().create_or_update(username=u'u1',
password=u'qweqwe',
email=u'*****@*****.**',
name=u'u1',
lastname=u'u1')
Session.commit()
self.u1 = self.u1.user_id
self.u2 = UserModel().create_or_update(username=u'u2',
password=u'qweqwe',
email=u'*****@*****.**',
name=u'u2',
lastname=u'u3')
Session.commit()
self.u2 = self.u2.user_id
self.u3 = UserModel().create_or_update(username=u'u3',
password=u'qweqwe',
email=u'*****@*****.**',
name=u'u3',
lastname=u'u3')
Session.commit()
self.u3 = self.u3.user_id
super(TestNotifications, self).__init__(methodName=methodName)
def test_update(self, name, expected):
self.log_user()
uname = 'testme'
usr = UserModel().create_or_update(username=uname, password='******',
email='*****@*****.**')
Session().commit()
params = usr.get_api_data()
params.update({name: expected})
params.update({'password_confirmation': ''})
params.update({'new_password': ''})
if name == 'email':
params['emails'] = [expected]
if name == 'ldap_dn':
#cannot update this via form
params['ldap_dn'] = None
try:
response = self.app.put(url('user', id=usr.user_id), params)
self.checkSessionFlash(response, '''User updated successfully''')
updated_user = User.get_by_username(uname)
updated_params = updated_user.get_api_data()
updated_params.update({'password_confirmation': ''})
updated_params.update({'new_password': ''})
self.assertEqual(params, updated_params)
finally:
UserModel().delete('testme')
def test_show(self, user, password):
self.log_user(user, password)
cur_user = self._get_logged_user()
u1 = UserModel().create_or_update(username='******',
password='******',
email='*****@*****.**',
firstname='u1',
lastname='u1')
u2 = UserModel().create_or_update(username='******',
password='******',
email='*****@*****.**',
firstname='u2',
lastname='u2')
self.destroy_users.add('u1')
self.destroy_users.add('u2')
subject = u'test'
notif_body = u'hi there'
notification = NotificationModel().create(
created_by=cur_user,
notification_subject=subject,
notification_body=notif_body,
recipients=[cur_user, u1, u2])
response = self.app.get(
url('notification', notification_id=notification.notification_id))
response.mustcontain(subject)
response.mustcontain(notif_body)
def create_users(self, request, pylonsapp):
Session.remove()
self.u1 = UserModel().create_or_update(username=u'u1',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u1',
lastname=u'u1')
Session().commit()
self.u1 = self.u1.user_id
self.u2 = UserModel().create_or_update(username=u'u2',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u2',
lastname=u'u2')
Session().commit()
self.u2 = self.u2.user_id
self.u3 = UserModel().create_or_update(username=u'u3',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u3',
lastname=u'u3')
Session().commit()
self.u3 = self.u3.user_id
self.destroy_users.add('u1')
self.destroy_users.add('u2')
self.destroy_users.add('u3')
def test_extra_email_map(self):
usr = UserModel().create_or_update(username=u'test_user',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u1', lastname=u'u1')
Session().commit()
m = UserEmailMap()
m.email = u'*****@*****.**'
m.user = usr
Session().add(m)
Session().commit()
u = User.get_by_email(email='*****@*****.**')
self.assertEqual(usr.user_id, u.user_id)
self.assertEqual(usr.username, u.username)
u = User.get_by_email(email='*****@*****.**')
self.assertEqual(usr.user_id, u.user_id)
self.assertEqual(usr.username, u.username)
u = User.get_by_email(email='*****@*****.**')
self.assertEqual(None, u)
UserModel().delete(usr.user_id)
Session().commit()
def test_delete(self):
self.log_user()
cur_user = self._get_logged_user()
u1 = UserModel().create_or_update(username='******', password='******',
email='*****@*****.**',
firstname='u1', lastname='u1')
u2 = UserModel().create_or_update(username='******', password='******',
email='*****@*****.**',
firstname='u2', lastname='u2')
# make notifications
notification = NotificationModel().create(created_by=cur_user,
subject=u'test',
body=u'hi there',
recipients=[cur_user, u1, u2])
Session().commit()
u1 = User.get(u1.user_id)
u2 = User.get(u2.user_id)
# check DB
get_notif = lambda un: [x.notification for x in un]
self.assertEqual(get_notif(cur_user.notifications), [notification])
self.assertEqual(get_notif(u1.notifications), [notification])
self.assertEqual(get_notif(u2.notifications), [notification])
cur_usr_id = cur_user.user_id
response = self.app.delete(url('notification',
notification_id=
notification.notification_id))
self.assertEqual(response.body, 'ok')
cur_user = User.get(cur_usr_id)
self.assertEqual(cur_user.notifications, [])
def update(self, id):
"""PUT /users/id: Update an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="PUT" />
# Or using helpers:
# h.form(url('update_user', id=ID),
# method='put')
# url('user', id=ID)
user_model = UserModel()
c.user = user_model.get(id)
_form = UserForm(edit=True, old_data={'user_id': id,
'email': c.user.email})()
form_result = {}
try:
form_result = _form.to_python(dict(request.POST))
user_model.update(id, form_result)
h.flash(_('User updated successfully'), category='success')
Session.commit()
except formencode.Invalid, errors:
e = errors.error_dict or {}
perm = Permission.get_by_key('hg.create.repository')
e.update({'create_repo_perm': user_model.has_perm(id, perm)})
return htmlfill.render(
render('admin/users/user_edit.html'),
defaults=errors.value,
errors=e,
prefix_error=False,
encoding="UTF-8")
def prepare_users(self, request):
# TODO: User creation is a duplicate of test_nofitications, check
# if that can be unified
self.u1 = UserModel().create_or_update(username=u'u1',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u1',
lastname=u'u1')
self.u2 = UserModel().create_or_update(username=u'u2',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u2',
lastname=u'u2')
self.u3 = UserModel().create_or_update(username=u'u3',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u3',
lastname=u'u3')
self.anon = User.get_default_user()
self.a1 = UserModel().create_or_update(username=u'a1',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'a1',
lastname=u'a1',
admin=True)
Session().commit()
request.addfinalizer(self.cleanup)
def edit(self, id, format='html'):
"""GET /users/id/edit: Form to edit an existing item"""
# url('edit_user', id=ID)
c.user = User.get_or_404(id)
if c.user.username == 'default':
h.flash(_("You can't edit this user"), category='warning')
return redirect(url('users'))
c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)
c.user.permissions = {}
c.granted_permissions = UserModel().fill_perms(c.user)\
.permissions['global']
c.user_email_map = UserEmailMap.query()\
.filter(UserEmailMap.user == c.user).all()
c.user_ip_map = UserIpMap.query()\
.filter(UserIpMap.user == c.user).all()
user_model = UserModel()
c.ldap_dn = c.user.ldap_dn
defaults = c.user.get_dict()
defaults.update({
'create_repo_perm':
user_model.has_perm(id, 'hg.create.repository'),
'fork_repo_perm':
user_model.has_perm(id, 'hg.fork.repository'),
})
return htmlfill.render(render('admin/users/user_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False)
def tearDown(self):
perm = Permission.query().all()
for p in perm:
UserModel().revoke_perm(self.u1, p)
UserModel().delete(self.u1)
Session.commit()
def test_update(self, name, expected):
self.log_user()
uname = "testme"
usr = UserModel().create_or_update(username=uname, password="******", email="*****@*****.**")
self.Session().commit()
params = usr.get_api_data()
params.update({name: expected})
params.update({"password_confirmation": ""})
params.update({"new_password": ""})
if name == "email":
params["emails"] = [expected]
if name == "ldap_dn":
# cannot update this via form
params["ldap_dn"] = None
try:
response = self.app.put(url("user", id=usr.user_id), params)
self.checkSessionFlash(response, """User updated successfully""")
updated_user = User.get_by_username(uname)
updated_params = updated_user.get_api_data()
updated_params.update({"password_confirmation": ""})
updated_params.update({"new_password": ""})
self.assertEqual(params, updated_params)
finally:
UserModel().delete("testme")
def update_perm(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('user_perm', id=ID, method='put')
grant_perm = request.POST.get('create_repo_perm', False)
user_model = UserModel()
if grant_perm:
perm = Permission.get_by_key('hg.create.none')
user_model.revoke_perm(id, perm)
perm = Permission.get_by_key('hg.create.repository')
user_model.grant_perm(id, perm)
h.flash(_("Granted 'repository create' permission to user"),
category='success')
Session.commit()
else:
perm = Permission.get_by_key('hg.create.repository')
user_model.revoke_perm(id, perm)
perm = Permission.get_by_key('hg.create.none')
user_model.grant_perm(id, perm)
h.flash(_("Revoked 'repository create' permission to user"),
category='success')
Session.commit()
return redirect(url('edit_user', id=id))
def register(self):
user_model = UserModel()
c.auto_active = False
for perm in User.get_by_username("default").user_perms:
if perm.permission.permission_name == "hg.register.auto_activate":
c.auto_active = True
break
if request.POST:
register_form = RegisterForm()()
try:
form_result = register_form.to_python(dict(request.POST))
form_result["active"] = c.auto_active
user_model.create_registration(form_result)
h.flash(_("You have successfully registered into rhodecode"), category="success")
return redirect(url("login_home"))
except formencode.Invalid, errors:
return htmlfill.render(
render("/register.html"),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8",
)
def my_account_update(self):
"""PUT /_admin/my_account_update: Update an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="PUT" />
# Or using helpers:
# h.form(url('admin_settings_my_account_update'),
# method='put')
# url('admin_settings_my_account_update', id=ID)
user_model = UserModel()
uid = self.rhodecode_user.user_id
_form = UserForm(edit=True,
old_data={'user_id': uid,
'email': self.rhodecode_user.email})()
form_result = {}
try:
form_result = _form.to_python(dict(request.POST))
user_model.update_my_account(uid, form_result)
h.flash(_('Your account was updated successfully'),
category='success')
Session.commit()
except formencode.Invalid, errors:
c.user = User.get(self.rhodecode_user.user_id)
all_repos = self.sa.query(Repository)\
.filter(Repository.user_id == c.user.user_id)\
.order_by(func.lower(Repository.repo_name))\
.all()
c.user_repos = ScmModel().get_repos(all_repos)
return htmlfill.render(
render('admin/users/user_edit_my_account.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8")
def update_user(self, apiuser, userid, username, password, email,
firstname, lastname, active, admin, ldap_dn):
"""
Updates given user
:param apiuser:
:param username:
:param password:
:param email:
:param name:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
"""
if not UserModel().get_user(userid):
raise JSONRPCError("user %s does not exist" % username)
try:
usr = UserModel().create_or_update(
username, password, email, firstname,
lastname, active, admin, ldap_dn
)
Session.commit()
return dict(
id=usr.user_id,
msg='updated user %s' % username
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to update user %s' % username)
def my_account_emails_delete(self):
email_id = request.POST.get('del_email_id')
user_model = UserModel()
user_model.delete_extra_email(c.rhodecode_user.user_id, email_id)
Session().commit()
h.flash(_("Removed email address from user account"),
category='success')
return redirect(url('my_account_emails'))
def delete_email(self, id):
"""DELETE /user_emails_delete/id: Delete an existing item"""
# url('user_emails_delete', id=ID, method='delete')
user_model = UserModel()
user_model.delete_extra_email(id, request.POST.get('del_email'))
Session().commit()
h.flash(_("Removed email from user"), category='success')
return redirect(url('edit_user', id=id))
def delete_email(self, id):
"""DELETE /user_emails_delete/id: Delete an existing item"""
# url('user_emails_delete', id=ID, method='delete')
user_model = UserModel()
user_model.delete_extra_email(id, request.POST.get('del_email'))
Session().commit()
h.flash(_("Removed email from user"), category='success')
return redirect(url('edit_user', id=id))
def update_user(self,
apiuser,
userid,
username=Optional(None),
email=Optional(None),
firstname=Optional(None),
lastname=Optional(None),
active=Optional(None),
admin=Optional(None),
ldap_dn=Optional(None),
password=Optional(None)):
"""
Updates given user
:param apiuser:
:param userid:
:param username:
:param email:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
:param password:
"""
user = get_user_or_error(userid)
# call function and store only updated arguments
updates = {}
def store_update(attr, name):
if not isinstance(attr, Optional):
updates[name] = attr
try:
store_update(username, 'username')
store_update(password, 'password')
store_update(email, 'email')
store_update(firstname, 'name')
store_update(lastname, 'lastname')
store_update(active, 'active')
store_update(admin, 'admin')
store_update(ldap_dn, 'ldap_dn')
user = UserModel().update_user(user, **updates)
Session().commit()
return dict(msg='updated user ID:%s %s' %
(user.user_id, user.username),
user=user.get_api_data())
except DefaultUserException:
log.error(traceback.format_exc())
raise JSONRPCError('editing default user is forbidden')
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to update user `%s`' % userid)
def cleanup():
if UserModel().get_user(usr.user_id) is None:
return
perm = Permission.query().all()
for p in perm:
UserModel().revoke_perm(usr, p)
UserModel().delete(usr.user_id)
Session().commit()
def delete_ip(self, id):
"""DELETE /user_ips_delete/id: Delete an existing item"""
# url('user_ips_delete', id=ID, method='delete')
user_model = UserModel()
user_model.delete_extra_ip(id, request.POST.get('del_ip'))
Session().commit()
h.flash(_("Removed ip from user"), category='success')
if 'default_user' in request.POST:
return redirect(url('edit_permission', id='default'))
return redirect(url('edit_user', id=id))
def test_revoke_perm(test_user):
perm = Permission.query().all()[0]
UserModel().grant_perm(test_user, perm)
Session().commit()
assert UserModel().has_perm(test_user, perm)
# revoke
UserModel().revoke_perm(test_user, perm)
Session().commit()
assert not UserModel().has_perm(test_user, perm)
def delete_ip(self, id):
"""DELETE /user_ips_delete/id: Delete an existing item"""
# url('user_ips_delete', id=ID, method='delete')
user_model = UserModel()
user_model.delete_extra_ip(id, request.POST.get('del_ip'))
Session().commit()
h.flash(_("Removed ip from user"), category='success')
if 'default_user' in request.POST:
return redirect(url('edit_permission', id='default'))
return redirect(url('edit_user', id=id))
def test_api_get_user_without_giving_userid_non_admin(self):
id_, params = build_data(self.apikey_regular, 'get_user')
response = api_call(self.app, params)
usr = UserModel().get_by_username(self.TEST_USER_LOGIN)
ret = usr.get_api_data(include_secrets=True)
ret['permissions'] = AuthUser(usr.user_id).permissions
expected = ret
assert_ok(id_, expected, given=response.body)
def test_revoke_perm(self):
perm = Permission.query().all()[0]
UserModel().grant_perm(self.u1, perm)
Session.commit()
self.assertEqual(UserModel().has_perm(self.u1, perm), True)
#revoke
UserModel().revoke_perm(self.u1, perm)
Session.commit()
self.assertEqual(UserModel().has_perm(self.u1, perm), False)
def update_perm(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('user_perm', id=ID, method='put')
grant_perm = request.POST.get('create_repo_perm', False)
user_model = UserModel()
if grant_perm:
perm = Permission.get_by_key('hg.create.none')
user_model.revoke_perm(id, perm)
perm = Permission.get_by_key('hg.create.repository')
user_model.grant_perm(id, perm)
h.flash(_("Granted 'repository create' permission to user"),
category='success')
Session.commit()
else:
perm = Permission.get_by_key('hg.create.repository')
user_model.revoke_perm(id, perm)
perm = Permission.get_by_key('hg.create.none')
user_model.grant_perm(id, perm)
h.flash(_("Revoked 'repository create' permission to user"),
category='success')
Session.commit()
return redirect(url('edit_user', id=id))
def test_api_get_user(self):
id_, params = _build_data(self.apikey, 'get_user',
userid=TEST_USER_ADMIN_LOGIN)
response = api_call(self, params)
usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)
ret = usr.get_api_data()
ret['permissions'] = AuthUser(usr.user_id).permissions
expected = ret
self._compare_ok(id_, expected, given=response.body)
def create_user(self, username, password, email='', admin=False,
strict_creation_check=True, api_key=None):
log.info('creating user %s' % username)
user = UserModel().create_or_update(
username, password, email, firstname='RhodeCode', lastname='Admin',
active=True, admin=admin, extern_type="rhodecode",
strict_creation_check=strict_creation_check)
if api_key:
log.info('setting a provided api key for the user %s', username)
user.api_key = api_key
def test_api_update_user_when_exception_happens(self):
usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)
ret = jsonify(usr.get_api_data())
id_, params = _build_data(self.apikey, 'update_user',
userid=usr.user_id)
response = api_call(self, params)
ret = 'failed to update user `%s`' % usr.user_id
expected = ret
self._compare_error(id_, expected, given=response.body)
def test_api_update_user_when_exception_happens(self):
usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)
ret = jsonify(usr.get_api_data(include_secrets=True))
id_, params = build_data(self.apikey,
'update_user',
userid=usr.user_id)
response = api_call(self.app, params)
ret = 'failed to update user `%s`' % (usr.user_id, )
expected = ret
assert_error(id_, expected, given=response.body)
def delete_email(self, user_id):
"""DELETE /user_emails_delete/user_id: Delete an existing item"""
# url('user_emails_delete', user_id=ID, method='delete')
user_id = safe_int(user_id)
c.user = User.get_or_404(user_id)
email_id = request.POST.get('del_email_id')
user_model = UserModel()
user_model.delete_extra_email(user_id, email_id)
Session().commit()
h.flash(_("Removed email address from user account"),
category='success')
return redirect(url('edit_user_emails', user_id=user_id))
def test_api_get_user(self):
id_, params = build_data(self.apikey,
'get_user',
userid=TEST_USER_ADMIN_LOGIN)
response = api_call(self.app, params)
usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)
ret = usr.get_api_data(include_secrets=True)
ret['permissions'] = AuthUser(usr.user_id).permissions
expected = ret
assert_ok(id_, expected, given=response.body)
def action_logger(user, action, repo, ipaddr='', sa=None):
"""
Action logger for various actions made by users
:param user: user that made this action, can be a unique username string or
object containing user_id attribute
:param action: action to log, should be on of predefined unique actions for
easy translations
:param repo: string name of repository or object containing repo_id,
that action was made on
:param ipaddr: optional ip address from what the action was made
:param sa: optional sqlalchemy session
"""
if not sa:
sa = meta.Session()
try:
um = UserModel()
if hasattr(user, 'user_id'):
user_obj = user
elif isinstance(user, basestring):
user_obj = um.get_by_username(user, cache=False)
else:
raise Exception('You have to provide user object or username')
rm = RepoModel()
if hasattr(repo, 'repo_id'):
repo_obj = rm.get(repo.repo_id, cache=False)
repo_name = repo_obj.repo_name
elif isinstance(repo, basestring):
repo_name = repo.lstrip('/')
repo_obj = rm.get_by_repo_name(repo_name, cache=False)
else:
raise Exception('You have to provide repository to action logger')
user_log = UserLog()
user_log.user_id = user_obj.user_id
user_log.action = action
user_log.repository_id = repo_obj.repo_id
user_log.repository_name = repo_name
user_log.action_date = datetime.datetime.now()
user_log.user_ip = ipaddr
sa.add(user_log)
sa.commit()
log.info('Adding user %s, action %s on %s', user_obj, action, repo)
except:
log.error(traceback.format_exc())
sa.rollback()
def update_user(self, apiuser, userid, username=Optional(None),
email=Optional(None), firstname=Optional(None),
lastname=Optional(None), active=Optional(None),
admin=Optional(None), ldap_dn=Optional(None),
password=Optional(None)):
"""
Updates given user
:param apiuser:
:param userid:
:param username:
:param email:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
:param password:
"""
user = get_user_or_error(userid)
# call function and store only updated arguments
updates = {}
def store_update(attr, name):
if not isinstance(attr, Optional):
updates[name] = attr
try:
store_update(username, 'username')
store_update(password, 'password')
store_update(email, 'email')
store_update(firstname, 'name')
store_update(lastname, 'lastname')
store_update(active, 'active')
store_update(admin, 'admin')
store_update(ldap_dn, 'ldap_dn')
user = UserModel().update_user(user, **updates)
Session().commit()
return dict(
msg='updated user ID:%s %s' % (user.user_id, user.username),
user=user.get_api_data()
)
except DefaultUserException:
log.error(traceback.format_exc())
raise JSONRPCError('editing default user is forbidden')
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to update user `%s`' % userid)
def test_api_update_user_by_user_id(self):
usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)
ret = jsonify(usr.get_api_data())
id_, params = _build_data(self.apikey, 'update_user',
userid=usr.user_id)
response = api_call(self, params)
ret = {
'msg': 'updated user ID:%s %s' % (usr.user_id, TEST_USER_ADMIN_LOGIN),
'user': ret
}
expected = ret
self._compare_ok(id_, expected, given=response.body)
def testuser_api(request, pylonsapp):
cls = request.cls
cls.usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)
cls.apikey = cls.usr.api_key
cls.test_user = UserModel().create_or_update(
username='******',
password='******',
email='*****@*****.**',
firstname='first',
lastname='last')
Session().commit()
cls.TEST_USER_LOGIN = cls.test_user.username
cls.apikey_regular = cls.test_user.api_key
def test_api_create_user_group_regular_user(self):
group_name = 'some_new_group'
usr = UserModel().get_by_username(self.TEST_USER_LOGIN)
usr.inherit_default_permissions = False
Session().add(usr)
UserModel().grant_perm(self.TEST_USER_LOGIN,
'hg.usergroup.create.true')
Session().commit()
id_, params = build_data(self.apikey_regular,
'create_user_group',
group_name=group_name)
response = api_call(self.app, params)
expected = {
'msg':
'created new user group `%s`' % (group_name, ),
'user_group':
jsonify(UserGroupModel().get_by_name(group_name).get_api_data())
}
try:
assert_ok(id_, expected, given=response.body)
finally:
self.fixture.destroy_user_group(group_name)
UserModel().revoke_perm(self.TEST_USER_LOGIN,
'hg.usergroup.create.true')
usr = UserModel().get_by_username(self.TEST_USER_LOGIN)
usr.inherit_default_permissions = True
Session().add(usr)
Session().commit()
def add_ip(self, id):
"""POST /user_ips:Add an existing item"""
# url('user_ips', id=ID, method='put')
ip = request.POST.get('new_ip')
user_model = UserModel()
try:
user_model.add_extra_ip(id, ip)
Session().commit()
h.flash(_("Added ip %s to user") % ip, category='success')
except formencode.Invalid, error:
msg = error.error_dict['ip']
h.flash(msg, category='error')
def add_email(self, id):
"""POST /user_emails:Add an existing item"""
# url('user_emails', id=ID, method='put')
email = request.POST.get('new_email')
user_model = UserModel()
try:
user_model.add_extra_email(id, email)
Session().commit()
h.flash(_("Added email %s to user") % email, category='success')
except formencode.Invalid, error:
msg = error.error_dict['email']
h.flash(msg, category='error')
def add_ip(self, id):
"""POST /user_ips:Add an existing item"""
# url('user_ips', id=ID, method='put')
ip = request.POST.get('new_ip')
user_model = UserModel()
try:
user_model.add_extra_ip(id, ip)
Session().commit()
h.flash(_("Added ip %s to user") % ip, category='success')
except formencode.Invalid, error:
msg = error.error_dict['ip']
h.flash(msg, category='error')
def delete(self, id):
"""DELETE /users/id: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('delete_user', id=ID),
# method='delete')
# url('user', id=ID)
user_model = UserModel()
try:
user_model.delete(id)
h.flash(_('successfully deleted user'), category='success')
except (UserOwnsReposException, DefaultUserException), e:
h.flash(str(e), category='warning')
def password_reset_confirmation(self):
if request.GET and request.GET.get('key'):
try:
user_model = UserModel()
user = User.get_by_api_key(request.GET.get('key'))
data = dict(email=user.email)
user_model.reset_password(data)
h.flash(_('Your password reset was successful, '
'new password has been sent to your email'),
category='success')
except Exception, e:
log.error(e)
return redirect(url('reset_password'))
def add_email(self, id):
"""POST /user_emails:Add an existing item"""
# url('user_emails', id=ID, method='put')
email = request.POST.get('new_email')
user_model = UserModel()
try:
user_model.add_extra_email(id, email)
Session().commit()
h.flash(_("Added email %s to user") % email, category='success')
except formencode.Invalid, error:
msg = error.error_dict['email']
h.flash(msg, category='error')
def create_user(self,
apiuser,
username,
email,
password=Optional(None),
firstname=Optional(None),
lastname=Optional(None),
active=Optional(True),
admin=Optional(False),
ldap_dn=Optional(None)):
"""
Create new user
:param apiuser:
:param username:
:param email:
:param password:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
"""
if UserModel().get_by_username(username):
raise JSONRPCError("user `%s` already exist" % username)
if UserModel().get_by_email(email, case_insensitive=True):
raise JSONRPCError("email `%s` already exist" % email)
if Optional.extract(ldap_dn):
# generate temporary password if ldap_dn
password = PasswordGenerator().gen_password(length=8)
try:
user = UserModel().create_or_update(
username=Optional.extract(username),
password=Optional.extract(password),
email=Optional.extract(email),
firstname=Optional.extract(firstname),
lastname=Optional.extract(lastname),
active=Optional.extract(active),
admin=Optional.extract(admin),
ldap_dn=Optional.extract(ldap_dn))
Session().commit()
return dict(msg='created new user `%s`' % username,
user=user.get_api_data())
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to create user `%s`' % username)
def tearDown(self):
if hasattr(self, 'test_repo'):
RepoModel().delete(repo=self.test_repo)
UserModel().delete(self.u1)
UserModel().delete(self.u2)
UserModel().delete(self.a1)
if hasattr(self, 'g1'):
ReposGroupModel().delete(self.g1.group_id)
if hasattr(self, 'g2'):
ReposGroupModel().delete(self.g2.group_id)
if hasattr(self, 'ug1'):
UsersGroupModel().delete(self.ug1, force=True)
Session.commit()
def create_default_user(self):
log.info('creating default user')
# create default user for handling default permissions.
user = UserModel().create_or_update(username=User.DEFAULT_USER,
password=str(uuid.uuid1())[:20],
email='*****@*****.**',
firstname='Anonymous',
lastname='User')
# based on configuration options activate/deactive this user which
# controlls anonymous access
if self.cli_args.get('public_access') is False:
log.info('Public access disabled')
user.active = False
Session().add(user)
Session().commit()
def create_user(self, apiuser, username, email, password,
firstname=Optional(None), lastname=Optional(None),
active=Optional(True), admin=Optional(False),
ldap_dn=Optional(None)):
"""
Create new user
:param apiuser:
:param username:
:param email:
:param password:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
"""
if UserModel().get_by_username(username):
raise JSONRPCError("user `%s` already exist" % username)
if UserModel().get_by_email(email, case_insensitive=True):
raise JSONRPCError("email `%s` already exist" % email)
if Optional.extract(ldap_dn):
# generate temporary password if ldap_dn
password = PasswordGenerator().gen_password(length=8)
try:
user = UserModel().create_or_update(
username=Optional.extract(username),
password=Optional.extract(password),
email=Optional.extract(email),
firstname=Optional.extract(firstname),
lastname=Optional.extract(lastname),
active=Optional.extract(active),
admin=Optional.extract(admin),
ldap_dn=Optional.extract(ldap_dn)
)
Session().commit()
return dict(
msg='created new user `%s`' % username,
user=user.get_api_data()
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to create user `%s`' % username)
def password_reset(self):
user_model = UserModel()
if request.POST:
password_reset_form = PasswordResetForm()()
try:
form_result = password_reset_form.to_python(dict(request.POST))
user_model.reset_password_link(form_result)
h.flash(_('Your password reset link was sent'),
category='success')
return redirect(url('login_home'))
except formencode.Invalid, errors:
return htmlfill.render(
render('/password_reset.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8")
def create(self):
"""POST /users: Create a new item"""
# url('users')
user_model = UserModel()
login_form = UserForm()()
try:
form_result = login_form.to_python(dict(request.POST))
user_model.create(form_result)
h.flash(_('created user %s') % form_result['username'],
category='success')
#action_logger(self.rhodecode_user, 'new_user', '', '', self.sa)
except formencode.Invalid, errors:
return htmlfill.render(
render('admin/users/user_add.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8")
def test_my_account_update(self, name, expected):
uname = 'testme'
usr = UserModel().create_or_update(username=uname, password='******',
email='*****@*****.**')
self.Session().commit()
params = usr.get_api_data()
user_id = usr.user_id
self.log_user(username=uname, password='******')
params.update({name: expected})
params.update({'password_confirmation': ''})
params.update({'new_password': ''})
try:
response = self.app.put(url('admin_settings_my_account_update',
id=user_id), params)
self.checkSessionFlash(response,
'Your account was updated successfully')
updated_user = User.get_by_username(uname)
updated_params = updated_user.get_api_data()
updated_params.update({'password_confirmation': ''})
updated_params.update({'new_password': ''})
params['last_login'] = updated_params['last_login']
if name == 'email':
params['emails'] = [expected]
if name == 'ldap_dn':
#cannot update this via form
params['ldap_dn'] = None
if name == 'active':
#my account cannot deactivate account
params['active'] = True
if name == 'admin':
#my account cannot make you an admin !
params['admin'] = False
self.assertEqual(params, updated_params)
finally:
UserModel().delete('testme')
def test_inherited_permissions_from_default_on_user_disabled(self):
user_model = UserModel()
# disable fork and create on default user
usr = '******'
user_model.revoke_perm(usr, 'hg.create.repository')
user_model.grant_perm(usr, 'hg.create.none')
user_model.revoke_perm(usr, 'hg.fork.repository')
user_model.grant_perm(usr, 'hg.fork.none')
# make sure inherit flag is turned on
self.u1.inherit_default_permissions = True
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
# this user will have inherited permissions from default user
self.assertEqual(u1_auth.permissions['global'],
set(['hg.create.none', 'hg.fork.none',
'hg.register.manual_activate',
'repository.read']))
def test_api_create_user(self):
username = '******'
email = username + "@foo.com"
id_, params = _build_data(self.apikey, 'create_user',
username=username,
email=email,
password='******')
response = api_call(self, params)
usr = UserModel().get_by_username(username)
ret = dict(
msg='created new user `%s`' % username,
user=jsonify(usr.get_api_data())
)
expected = ret
self._compare_ok(id_, expected, given=response.body)
UserModel().delete(usr.user_id)
Session().commit()
def test_ip_restriction_git(self):
user_model = UserModel()
try:
user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32')
Session().commit()
clone_url = _construct_url(GIT_REPO)
stdout, stderr = Command('/tmp').execute('git clone', clone_url)
msg = ("""The requested URL returned error: 403""")
assert msg in stderr
finally:
#release IP restrictions
for ip in UserIpMap.getAll():
UserIpMap.delete(ip.ip_id)
Session().commit()
time.sleep(2)
clone_url = _construct_url(GIT_REPO)
stdout, stderr = Command('/tmp').execute('git clone', clone_url)
assert 'Cloning into' in stdout
assert stderr == ''
def propagate_data(self):
user_model = UserModel()
self.anonymous_user = user_model.get_by_username("default", cache=True)
if self._api_key and self._api_key != self.anonymous_user.api_key:
# try go get user by api key
log.debug("Auth User lookup by API KEY %s", self._api_key)
user_model.fill_data(self, api_key=self._api_key)
else:
log.debug("Auth User lookup by USER ID %s", self.user_id)
if self.user_id is not None and self.user_id != self.anonymous_user.user_id:
user_model.fill_data(self, user_id=self.user_id)
else:
if self.anonymous_user.active is True:
user_model.fill_data(self, user_id=self.anonymous_user.user_id)
# then we set this user is logged in
self.is_authenticated = True
else:
self.is_authenticated = False
log.debug("Auth User is now %s", self)
user_model.fill_perms(self)
def create(self):
"""POST /users: Create a new item"""
# url('users')
user_model = UserModel()
user_form = UserForm()()
try:
form_result = user_form.to_python(dict(request.POST))
user_model.create(form_result)
usr = form_result['username']
action_logger(self.rhodecode_user, 'admin_created_user:%s' % usr,
None, self.ip_addr, self.sa)
h.flash(_('Created user %s') % usr,
category='success')
Session().commit()
except formencode.Invalid, errors:
return htmlfill.render(
render('admin/users/user_add.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8")
def login_container_auth(username):
user = User.get_by_username(username)
if user is None:
user_attrs = {
'name': username,
'lastname': None,
'email': None,
}
user = UserModel().create_for_container_auth(username, user_attrs)
if not user:
return None
log.info('User %s was created by container authentication' % username)
if not user.active:
return None
user.update_lastlogin()
Session.commit()
log.debug('User %s is now logged in by container authentication',
user.username)
return user
