def test_user_management():
    email1 = '%s@%s.com' % (randstring(6), randstring(6))
    email2 = '%s@%s.com' % (randstring(6), randstring(6))
    passwd1 = 'randstring(6)'
    passwd2 = 'randstring(6)'

    ccnet_api.add_emailuser(email1, passwd1, 1, 1)
    ccnet_api.add_emailuser(email2, passwd2, 0, 0)

    ccnet_email1 = ccnet_api.get_emailuser(email1)
    ccnet_email2 = ccnet_api.get_emailuser(email2)
    assert ccnet_email1.is_active == True
    assert ccnet_email1.is_staff == True
    assert ccnet_email2.is_active == False
    assert ccnet_email2.is_staff == False

    assert ccnet_api.validate_emailuser(email1, passwd1) == 0
    assert ccnet_api.validate_emailuser(email2, passwd2) == 0

    users = ccnet_api.search_emailusers('DB',email1, -1, -1)
    assert len(users) == 1
    user_ccnet = users[0]
    assert user_ccnet.email == email1

    user_counts = ccnet_api.count_emailusers('DB')
    user_numbers = ccnet_api.get_emailusers('DB', -1, -1)

    ccnet_api.update_emailuser('DB', ccnet_email2.id, passwd2, 1, 1)
    email2_new = ccnet_api.get_emailuser(email2)
    assert email2_new.is_active == True
    assert email2_new.is_staff == True

    ccnet_api.remove_emailuser('DB', email1)
    ccnet_api.remove_emailuser('DB', email2)
Beispiel #2
0
    def test_update_password(self):

        self.login_as(self.admin)

        # change user password
        password = randstring(10)
        data = {"email": self.tmp_email, "password": password}
        resp = self.client.put(self.url, json.dumps(data), 'application/json')
        self.assertEqual(200, resp.status_code)

        assert ccnet_api.validate_emailuser(self.tmp_email, password) == 0
Beispiel #3
0
    def basic_auth_user(self, realmname, username, password, environ):
        if "'" in username:
            return False

        try:
            ccnet_email = None
            session = None
            if self.session_cls:
                session = self.session_cls()

            user = api.get_emailuser(username)
            if user:
                ccnet_email = user.email
            else:
                if session:
                    profile_profile = seahub_db.Base.classes.profile_profile
                    q = session.query(profile_profile.user).filter(
                        profile_profile.contact_email == username)
                    res = q.first()
                    if res:
                        ccnet_email = res[0]

            if not ccnet_email:
                _logger.warning('User %s doesn\'t exist', username)
                return False

            enable_webdav_secret = False
            if hasattr(seahub_settings, 'ENABLE_WEBDAV_SECRET'):
                enable_webdav_secret = seahub_settings.ENABLE_WEBDAV_SECRET

            enable_two_factor_auth = False
            if session and enableTwoFactorAuth(session, ccnet_email):
                enable_two_factor_auth = True

            if not enable_webdav_secret and enable_two_factor_auth:
                _logger.warning(
                    "Two factor auth is enabled, no access to webdav.")
                return False

            if enable_webdav_secret:
                if not session:
                    return False
                else:
                    from Crypto.Cipher import AES
                    secret = seahub_settings.SECRET_KEY[:BLOCK_SIZE]
                    cipher = AES.new(secret.encode('utf8'), AES.MODE_ECB)
                    encoded_str = 'aes$' + EncodeAES(
                        cipher, password.encode('utf8')).decode('utf8')
                    options_useroptions = seahub_db.Base.classes.options_useroptions
                    q = session.query(options_useroptions.email)
                    q = q.filter(options_useroptions.email == ccnet_email,
                                 options_useroptions.option_val == encoded_str)
                    res = q.first()
                    if not res:
                        return False
            elif api.validate_emailuser(ccnet_email, password) != 0:
                return False

            username = ccnet_email
        except Exception as e:
            _logger.warning('Failed to login: %s', e)
            return False
        finally:
            if session:
                session.close()

        try:
            user = api.get_emailuser_with_import(username)
            if user.role == 'guest':
                environ['seafile.is_guest'] = True
            else:
                environ['seafile.is_guest'] = False
        except Exception as e:
            _logger.exception('get_emailuser')

        if multi_tenancy_enabled():
            try:
                orgs = api.get_orgs_by_user(username)
                if orgs:
                    environ['seafile.org_id'] = orgs[0].org_id
            except Exception as e:
                _logger.exception('get_orgs_by_user')
                pass

        environ["http_authenticator.username"] = username

        return True
Beispiel #4
0
    def basic_auth_user(self, realmname, username, password, environ):
        if "'" in username:
            return False

        try:
            ccnet_email = None
            session = None
            if self.session_cls:
                session = self.session_cls()

            user = api.get_emailuser(username)
            if user:
                ccnet_email = user.email
            else:
                if session:
                    profile_profile = seahub_db.Base.classes.profile_profile
                    q = session.query(profile_profile.user).filter(profile_profile.contact_email==username)
                    res = q.first()
                    if res:
                        ccnet_email = res[0]

            if not ccnet_email:
                _logger.warning('User %s doesn\'t exist', username)
                return False
            
            enable_webdav_secret = False
            if hasattr(seahub_settings, 'ENABLE_WEBDAV_SECRET'):
                enable_webdav_secret = seahub_settings.ENABLE_WEBDAV_SECRET
            
            enable_two_factor_auth = False
            if session and enableTwoFactorAuth(session, ccnet_email):
                enable_two_factor_auth = True
            
            if not enable_webdav_secret and enable_two_factor_auth:
                _logger.warning("Two factor auth is enabled, no access to webdav.")
                return False
            elif enable_webdav_secret and enable_two_factor_auth:
                if not validateSecret(session, password, ccnet_email):
                    return False
            elif not enable_webdav_secret and not enable_two_factor_auth:
                if api.validate_emailuser(ccnet_email, password) != 0:
                    return False
            else:
                if not validateSecret(session, password, ccnet_email) and \
                api.validate_emailuser(ccnet_email, password) != 0:
                    return False

            username = ccnet_email
        except Exception as e:
            _logger.warning('Failed to login: %s', e)
            return False
        finally:
            if session:
                session.close()

        try:
            user = api.get_emailuser_with_import(username)
            if user.role == 'guest':
                environ['seafile.is_guest'] = True
            else:
                environ['seafile.is_guest'] = False
        except Exception as e:
            _logger.exception('get_emailuser')

        if multi_tenancy_enabled():
            try:
                orgs = api.get_orgs_by_user(username)
                if orgs:
                    environ['seafile.org_id'] = orgs[0].org_id
            except Exception as e:
                _logger.exception('get_orgs_by_user')
                pass

        environ["http_authenticator.username"] = username

        return True
def test_user_management(repo):
    email1 = '%s@%s.com' % (randstring(6), randstring(6))
    email2 = '%s@%s.com' % (randstring(6), randstring(6))
    passwd1 = 'randstring(6)'
    passwd2 = 'randstring(6)'

    ccnet_api.add_emailuser(email1, passwd1, 1, 1)
    ccnet_api.add_emailuser(email2, passwd2, 0, 0)

    ccnet_email1 = ccnet_api.get_emailuser(email1)
    ccnet_email2 = ccnet_api.get_emailuser(email2)
    assert ccnet_email1.is_active == True
    assert ccnet_email1.is_staff == True
    assert ccnet_email2.is_active == False
    assert ccnet_email2.is_staff == False

    assert ccnet_api.validate_emailuser(email1, passwd1) == 0
    assert ccnet_api.validate_emailuser(email2, passwd2) == 0

    users = ccnet_api.search_emailusers('DB', email1, -1, -1)
    assert len(users) == 1
    user_ccnet = users[0]
    assert user_ccnet.email == email1

    user_counts = ccnet_api.count_emailusers('DB')
    user_numbers = ccnet_api.get_emailusers('DB', -1, -1)

    ccnet_api.update_emailuser('DB', ccnet_email2.id, passwd2, 1, 1)
    email2_new = ccnet_api.get_emailuser(email2)
    assert email2_new.is_active == True
    assert email2_new.is_staff == True

    #test group when update user id
    id1 = ccnet_api.create_group('group1', email1, parent_group_id=-1)
    assert id1 != -1
    group1 = ccnet_api.get_group(id1)
    assert group1.parent_group_id == -1

    # test shared repo when update user id
    api.share_repo(repo.id, USER, email1, "rw")
    assert api.repo_has_been_shared(repo.id)

    new_email1 = '%s@%s.com' % (randstring(6), randstring(6))
    assert ccnet_api.update_emailuser_id(email1, new_email1) == 0

    shared_users = api.list_repo_shared_to(USER, repo.id)
    assert len(shared_users) == 1
    assert shared_users[0].repo_id == repo.id
    assert shared_users[0].user == new_email1
    assert shared_users[0].perm == "rw"

    api.remove_share(repo.id, USER, new_email1)

    email1_groups = ccnet_api.get_groups(new_email1)
    assert len(email1_groups) == 1
    assert email1_groups[0].id == id1
    rm1 = ccnet_api.remove_group(id1)
    assert rm1 == 0

    ccnet_api.remove_emailuser('DB', new_email1)
    ccnet_api.remove_emailuser('DB', email2)