def put(self, request, email):
# basic user info check
is_staff = request.data.get("is_staff", None)
if is_staff:
try:
is_staff = to_python_boolean(is_staff)
except ValueError:
error_msg = 'is_staff invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
is_active = request.data.get("is_active", None)
if is_active:
try:
is_active = to_python_boolean(is_active)
except ValueError:
error_msg = 'is_active invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# additional user info check
role = request.data.get("role", None)
if role:
available_roles = get_available_roles()
if role.lower() not in available_roles:
error_msg = 'role must be in %s.' % str(available_roles)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
name = request.data.get("name", None)
if name:
if len(name) > 64:
error_msg = 'Name is too long (maximum is 64 characters).'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if "/" in name:
error_msg = "Name should not include '/'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# argument check for login_id
login_id = request.data.get("login_id", None)
if login_id is not None:
login_id = login_id.strip()
username_by_login_id = Profile.objects.get_username_by_login_id(
login_id)
if username_by_login_id is not None:
return api_error(status.HTTP_400_BAD_REQUEST,
_(u"Login id %s already exists." % login_id))
reference_id = request.data.get("reference_id", "").strip()
if reference_id:
if ' ' in reference_id:
return api_error(status.HTTP_400_BAD_REQUEST,
'Reference ID can not contain spaces.')
primary_id = ccnet_api.get_primary_id(reference_id)
if primary_id:
return api_error(
status.HTTP_400_BAD_REQUEST,
'Reference ID %s already exists.' % reference_id)
department = request.data.get("department", None)
if department:
if len(department) > 512:
error_msg = "Department is too long (maximum is 512 characters)."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
quota_total_mb = request.data.get("quota_total", None)
if quota_total_mb:
try:
quota_total_mb = int(quota_total_mb)
except ValueError:
error_msg = "Must be an integer that is greater than or equal to 0."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if quota_total_mb < 0:
error_msg = "Space quota is too low (minimum value is 0)."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_org_context(request):
org_id = request.user.org.org_id
org_quota_mb = seafile_api.get_org_quota(org_id) / \
get_file_size_unit('MB')
if quota_total_mb > org_quota_mb:
error_msg = 'Failed to set quota: maximum quota is %d MB' % org_quota_mb
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# query user info
try:
user_obj = User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
update_user_info(request, user_obj)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
user_info = get_user_info(email)
return Response(user_info)
def process_request(self, request):
if request.path.rstrip('/') != settings.SITE_ROOT + 'sso':
return
# AuthenticationMiddleware is required so that request.user exists.
if not hasattr(request, 'user'):
raise ImproperlyConfigured(
"The Django remote user auth middleware requires the"
" authentication middleware to be installed. Edit your"
" MIDDLEWARE setting to insert"
" 'django.contrib.auth.middleware.AuthenticationMiddleware'"
" before the RemoteUserMiddleware class.")
# To support logout. If this variable is True, do not
# authenticate user and return now.
if request.session.get(LOGOUT_SESSION_KEY) is True:
return
else:
# Delete the shib reauth session key if present.
request.session.pop(LOGOUT_SESSION_KEY, None)
# Locate the remote user header.
# import pprint; pprint.pprint(request.META)
try:
username = request.META[SHIB_USER_HEADER]
except KeyError:
# If specified header doesn't exist then return (leaving
# request.user set to AnonymousUser by the
# AuthenticationMiddleware).
return
p_id = ccnet_api.get_primary_id(username)
if p_id is not None:
username = p_id
# If the user is already authenticated and that user is the user we are
# getting passed in the headers, then the correct user is already
# persisted in the session and we don't need to continue.
if request.user.is_authenticated():
if request.user.username == username:
if request.user.is_staff:
update_sudo_mode_ts(request)
return
# Make sure we have all required Shiboleth elements before proceeding.
shib_meta, error = self.parse_attributes(request)
# Add parsed attributes to the session.
request.session['shib'] = shib_meta
if error:
raise ShibbolethValidationError("All required Shibboleth elements"
" not found. %s" % shib_meta)
# We are seeing this user for the first time in this session, attempt
# to authenticate the user.
user = auth.authenticate(remote_user=username, shib_meta=shib_meta)
if user:
if not user.is_active:
return HttpResponseRedirect(reverse('shib_complete'))
# User is valid. Set request.user and persist user in the session
# by logging the user in.
request.user = user
auth.login(request, user)
user.set_unusable_password()
user.save()
# call make profile.
self.make_profile(user, shib_meta)
if CUSTOM_SHIBBOLETH_GET_USER_ROLE:
user_role = custom_shibboleth_get_user_role(shib_meta)
if user_role:
ccnet_api.update_role_emailuser(user.email, user_role)
else:
user_role = self.update_user_role(user, shib_meta)
else:
user_role = self.update_user_role(user, shib_meta)
if user_role:
self.update_user_quota(user, user_role)
# setup session.
self.setup_session(request)
request.shib_login = True
def validate(self, attrs):
login_id = attrs.get('username')
password = attrs.get('password')
platform = attrs.get('platform', None)
device_id = attrs.get('device_id', None)
device_name = attrs.get('device_name', None)
client_version = attrs.get('client_version', None)
platform_version = attrs.get('platform_version', None)
v2_fields = (platform, device_id, device_name)
# Decide the version of token we need
if all_none(v2_fields):
v2 = False
elif all_not_none(v2_fields):
v2 = True
else:
raise serializers.ValidationError('invalid params')
if login_id and password:
user = authenticate(username=login_id, password=password)
if user:
if not user.is_active:
raise serializers.ValidationError(
'User account is disabled.')
else:
"""try login id/contact email/primary id"""
# convert login id or contact email to username if any
username = Profile.objects.convert_login_str_to_username(
login_id)
# convert username to primary id if any
p_id = ccnet_api.get_primary_id(username)
if p_id is not None:
username = p_id
user = authenticate(username=username, password=password)
if user is None:
raise serializers.ValidationError(
'Unable to login with provided credentials.')
else:
raise serializers.ValidationError(
'Must include "username" and "password"')
self._two_factor_auth(self.context['request'], user)
# Now user is authenticated
if v2:
if platform in DESKTOP_PLATFORMS:
if not user.permissions.can_connect_with_desktop_clients():
raise serializers.ValidationError(
'Not allowed to connect to desktop client.')
elif platform == 'android':
if not user.permissions.can_connect_with_android_clients():
raise serializers.ValidationError(
'Not allowed to connect to android client.')
elif platform == 'ios':
if not user.permissions.can_connect_with_ios_clients():
raise serializers.ValidationError(
'Not allowed to connect to ios client.')
else:
logger.info('%s: unrecognized device' % login_id)
token = get_token_v2(self.context['request'], user.username,
platform, device_id, device_name,
client_version, platform_version)
else:
token = get_token_v1(user.username)
return token.key
def put(self, request, email):
if not request.user.admin_permissions.can_manage_user():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
# basic user info check
is_staff = request.data.get("is_staff", None)
if is_staff:
try:
is_staff = to_python_boolean(is_staff)
except ValueError:
error_msg = 'is_staff invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
is_active = request.data.get("is_active", None)
if is_active:
try:
is_active = to_python_boolean(is_active)
except ValueError:
error_msg = 'is_active invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# additional user info check
role = request.data.get("role", None)
if role:
available_roles = get_available_roles()
if role not in available_roles:
error_msg = 'role must be in %s.' % str(available_roles)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
name = request.data.get("name", None)
if name:
if len(name) > 64:
error_msg = 'Name is too long (maximum is 64 characters).'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if "/" in name:
error_msg = "Name should not include '/'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# argument check for login_id
login_id = request.data.get("login_id", None)
if login_id is not None:
login_id = login_id.strip()
username_by_login_id = Profile.objects.get_username_by_login_id(
login_id)
if username_by_login_id is not None:
return api_error(status.HTTP_400_BAD_REQUEST,
_("Login id %s already exists." % login_id))
contact_email = request.data.get("contact_email", None)
if contact_email is not None and contact_email.strip() != '':
if not is_valid_email(contact_email):
error_msg = 'Contact email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
password = request.data.get("password")
reference_id = request.data.get("reference_id", None)
if reference_id:
if ' ' in reference_id:
return api_error(status.HTTP_400_BAD_REQUEST,
'Reference ID can not contain spaces.')
primary_id = ccnet_api.get_primary_id(reference_id)
if primary_id:
return api_error(
status.HTTP_400_BAD_REQUEST,
'Reference ID %s already exists.' % reference_id)
quota_total_mb = request.data.get("quota_total", None)
if quota_total_mb:
try:
quota_total_mb = int(quota_total_mb)
except ValueError:
error_msg = "Must be an integer that is greater than or equal to 0."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if quota_total_mb < 0:
error_msg = "Space quota is too low (minimum value is 0)."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_org_context(request):
org_id = request.user.org.org_id
org_quota_mb = seafile_api.get_org_quota(org_id) / \
get_file_size_unit('MB')
if quota_total_mb > org_quota_mb:
error_msg = 'Failed to set quota: maximum quota is %d MB' % org_quota_mb
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
institution = request.data.get("institution", None)
if institution:
try:
Institution.objects.get(name=institution)
except Institution.DoesNotExist:
error_msg = 'Institution %s does not exist' % institution
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# query user info
try:
user_obj = User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
update_user_info(request,
user=user_obj,
password=password,
is_active=is_active,
is_staff=is_staff,
role=role,
nickname=name,
login_id=login_id,
contact_email=contact_email,
reference_id=reference_id,
quota_total_mb=quota_total_mb,
institution_name=institution)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# update user
try:
user_obj.save()
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
update_status_tip = ''
if is_active is not None:
update_status_tip = _('Edit succeeded')
if user_obj.is_active and IS_EMAIL_CONFIGURED:
try:
send_html_email(
_(u'Your account on %s is activated') %
get_site_name(), 'sysadmin/user_activation_email.html',
{'username': user_obj.email}, None,
[email2contact_email(user_obj.email)])
update_status_tip = _(
'Edit succeeded, an email has been sent.')
except Exception as e:
logger.error(e)
update_status_tip = _(
'Edit succeeded, but failed to send email, please check your email configuration.'
)
user_info = get_user_info(email)
user_info['update_status_tip'] = update_status_tip
return Response(user_info)
def get_primary_id_by_username(self, username):
"""Get user's primary id in case the username is changed.
"""
p_id = ccnet_api.get_primary_id(username)
return p_id if p_id is not None else username
def validate(self, attrs):
login_id = attrs.get('username')
password = attrs.get('password')
platform = attrs.get('platform', None)
device_id = attrs.get('device_id', None)
device_name = attrs.get('device_name', None)
client_version = attrs.get('client_version', None)
platform_version = attrs.get('platform_version', None)
v2_fields = (platform, device_id, device_name)
# Decide the version of token we need
if all_none(v2_fields):
v2 = False
elif all_not_none(v2_fields):
v2 = True
else:
raise serializers.ValidationError('invalid params')
if login_id and password:
user = authenticate(username=login_id, password=password)
if user:
if not user.is_active:
raise serializers.ValidationError('User account is disabled.')
else:
"""try login id/contact email/primary id"""
# convert login id or contact email to username if any
username = Profile.objects.convert_login_str_to_username(login_id)
# convert username to primary id if any
p_id = ccnet_api.get_primary_id(username)
if p_id is not None:
username = p_id
user = authenticate(username=username, password=password)
if user is None:
raise serializers.ValidationError('Unable to login with provided credentials.')
else:
raise serializers.ValidationError('Must include "username" and "password"')
self._two_factor_auth(self.context['request'], user)
# Now user is authenticated
if v2:
if platform in DESKTOP_PLATFORMS:
if not user.permissions.can_connect_with_desktop_clients():
raise serializers.ValidationError('Not allowed to connect to desktop client.')
elif platform == 'android':
if not user.permissions.can_connect_with_android_clients():
raise serializers.ValidationError('Not allowed to connect to android client.')
elif platform == 'ios':
if not user.permissions.can_connect_with_ios_clients():
raise serializers.ValidationError('Not allowed to connect to ios client.')
else:
logger.info('%s: unrecognized device' % login_id)
token = get_token_v2(self.context['request'], user.username, platform,
device_id, device_name, client_version, platform_version)
else:
token = get_token_v1(user.username)
return token.key
def put(self, request, email):
# basic user info check
is_staff = request.data.get("is_staff", None)
if is_staff:
try:
is_staff = to_python_boolean(is_staff)
except ValueError:
error_msg = 'is_staff invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
is_active = request.data.get("is_active", None)
if is_active:
try:
is_active = to_python_boolean(is_active)
except ValueError:
error_msg = 'is_active invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# additional user info check
role = request.data.get("role", None)
if role:
available_roles = get_available_roles()
if role.lower() not in available_roles:
error_msg = 'role must be in %s.' % str(available_roles)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
name = request.data.get("name", None)
if name:
if len(name) > 64:
error_msg = 'Name is too long (maximum is 64 characters).'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if "/" in name:
error_msg = "Name should not include '/'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# argument check for login_id
login_id = request.data.get("login_id", None)
if login_id is not None:
login_id = login_id.strip()
username_by_login_id = Profile.objects.get_username_by_login_id(login_id)
if username_by_login_id is not None:
return api_error(status.HTTP_400_BAD_REQUEST,
_(u"Login id %s already exists." % login_id))
contact_email = request.data.get("contact_email", None)
if contact_email is not None and contact_email.strip() != '':
if not is_valid_email(contact_email):
error_msg = 'Contact email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
profile = Profile.objects.get_profile_by_contact_email(contact_email)
if profile:
error_msg = 'Contact email %s already exists.' % contact_email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
reference_id = request.data.get("reference_id", "")
if reference_id:
if ' ' in reference_id:
return api_error(status.HTTP_400_BAD_REQUEST, 'Reference ID can not contain spaces.')
primary_id = ccnet_api.get_primary_id(reference_id)
if primary_id:
return api_error(status.HTTP_400_BAD_REQUEST, 'Reference ID %s already exists.' % reference_id)
department = request.data.get("department", None)
if department:
if len(department) > 512:
error_msg = "Department is too long (maximum is 512 characters)."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
quota_total_mb = request.data.get("quota_total", None)
if quota_total_mb:
try:
quota_total_mb = int(quota_total_mb)
except ValueError:
error_msg = "Must be an integer that is greater than or equal to 0."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if quota_total_mb < 0:
error_msg = "Space quota is too low (minimum value is 0)."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_org_context(request):
org_id = request.user.org.org_id
org_quota_mb = seafile_api.get_org_quota(org_id) / \
get_file_size_unit('MB')
if quota_total_mb > org_quota_mb:
error_msg = 'Failed to set quota: maximum quota is %d MB' % org_quota_mb
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# query user info
try:
user_obj = User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
update_user_info(request, user_obj)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
user_info = get_user_info(email)
return Response(user_info)
def get_primary_id_by_username(self, username):
"""Get user's primary id in case the username is changed.
"""
p_id = ccnet_api.get_primary_id(username)
return p_id if p_id is not None else username
