def create_user_backend(request: HttpRequest, user_profile: UserProfile,
email: str=REQ(), password: str=REQ(), full_name_raw: str=REQ("full_name"),
short_name: str=REQ()) -> HttpResponse:
full_name = check_full_name(full_name_raw)
form = CreateUserForm({'full_name': full_name, 'email': email})
if not form.is_valid():
return json_error(_('Bad name or username'))
# Check that the new user's email address belongs to the admin's realm
# (Since this is an admin API, we don't require the user to have been
# invited first.)
realm = user_profile.realm
try:
email_allowed_for_realm(email, user_profile.realm)
except DomainNotAllowedForRealmError:
return json_error(_("Email '%(email)s' not allowed in this organization") %
{'email': email})
except DisposableEmailError:
return json_error(_("Disposable email addresses are not allowed in this organization"))
except EmailContainsPlusError:
return json_error(_("Email addresses containing + are not allowed."))
try:
get_user_by_delivery_email(email, user_profile.realm)
return json_error(_("Email '%s' already in use") % (email,))
except UserProfile.DoesNotExist:
pass
do_create_user(email, password, realm, full_name, short_name)
return json_success()
def handle(self, **options: Any) -> None:
realm = self.get_realm(options)
if realm is None:
realm = Realm.objects.filter(string_id__startswith='realm') \
.order_by('-string_id').first()
if realm is None:
print('Warning: Using default zulip realm, which has an unusual configuration.\n'
'Try running `python manage.py add_new_realm`, and then running this again.')
realm = Realm.objects.get(string_id='zulip')
domain = 'zulip.com'
else:
domain = realm.string_id + '.zulip.com'
name = '%02d-user' % (UserProfile.objects.filter(email__contains='user@').count(),)
do_create_user('%s@%s' % (name, domain), 'password', realm, name, name)
def get_or_create_user(self, username, ldap_user):
# type: (str, _LDAPUser) -> Tuple[UserProfile, bool]
try:
user_profile = get_user_profile_by_email(username)
if not user_profile.is_active or user_profile.realm.deactivated:
raise ZulipLDAPException("Realm has been deactivated")
if not ldap_auth_enabled(user_profile.realm):
raise ZulipLDAPException("LDAP Authentication is not enabled")
return user_profile, False
except UserProfile.DoesNotExist:
# No need to check for an inactive user since they don't exist yet
if self._realm.deactivated:
raise ZulipLDAPException("Realm has been deactivated")
full_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["full_name"]
short_name = full_name = ldap_user.attrs[full_name_attr][0]
try:
full_name = check_full_name(full_name)
except JsonableError as e:
raise ZulipLDAPException(e.error)
if "short_name" in settings.AUTH_LDAP_USER_ATTR_MAP:
short_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["short_name"]
short_name = ldap_user.attrs[short_name_attr][0]
user_profile = do_create_user(username, None, self._realm, full_name, short_name)
return user_profile, True
def create_user_backend(request, user_profile, email=REQ(), password=REQ(),
full_name=REQ(), short_name=REQ()):
# type: (HttpRequest, UserProfile, text_type, text_type, text_type, text_type) -> HttpResponse
form = CreateUserForm({'full_name': full_name, 'email': email})
if not form.is_valid():
return json_error(_('Bad name or username'))
# Check that the new user's email address belongs to the admin's realm
# (Since this is an admin API, we don't require the user to have been
# invited first.)
realm = user_profile.realm
if not email_allowed_for_realm(email, user_profile.realm):
return json_error(_("Email '%(email)s' does not belong to domain '%(domain)s'") %
{'email': email, 'domain': realm.domain})
try:
user_profile = get_user_profile_by_email(email)
return json_error(
_("Email '%s' already in use") % (email,),
dict(api_key=user_profile.api_key)
)
except UserProfile.DoesNotExist:
pass
user_profile = do_create_user(email, password, realm, full_name, short_name)
return json_success(dict(api_key=user_profile.api_key))
def setUp(self) -> None:
self.user_profile = self.example_user("othello")
self.bot_profile = do_create_user(email="*****@*****.**",
password="******",
realm=get_realm("zulip"),
full_name="FooBot",
short_name="foo-bot",
bot_type=UserProfile.OUTGOING_WEBHOOK_BOT,
bot_owner=self.user_profile)
self.second_bot_profile = do_create_user(email="*****@*****.**",
password="******",
realm=get_realm("zulip"),
full_name="BarBot",
short_name="bar-bot",
bot_type=UserProfile.OUTGOING_WEBHOOK_BOT,
bot_owner=self.user_profile)
def add_bot_backend(request, user_profile, full_name=REQ(), short_name=REQ(),
default_sending_stream_name=REQ('default_sending_stream', default=None),
default_events_register_stream_name=REQ('default_events_register_stream', default=None),
default_all_public_streams=REQ(validator=check_bool, default=None)):
# type: (HttpRequest, UserProfile, text_type, text_type, Optional[text_type], Optional[text_type], Optional[bool]) -> HttpResponse
short_name += "-bot"
email = short_name + "@" + user_profile.realm.domain
form = CreateUserForm({'full_name': full_name, 'email': email})
if not form.is_valid():
# We validate client-side as well
return json_error(_('Bad name or username'))
try:
get_user_profile_by_email(email)
return json_error(_("Username already in use"))
except UserProfile.DoesNotExist:
pass
if len(request.FILES) == 0:
avatar_source = UserProfile.AVATAR_FROM_GRAVATAR
elif len(request.FILES) != 1:
return json_error(_("You may only upload one file at a time"))
else:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, email)
avatar_source = UserProfile.AVATAR_FROM_USER
default_sending_stream = None
if default_sending_stream_name is not None:
default_sending_stream = stream_or_none(default_sending_stream_name, user_profile.realm)
if default_sending_stream and not default_sending_stream.is_public() and not \
subscribed_to_stream(user_profile, default_sending_stream):
return json_error(_('Insufficient permission'))
default_events_register_stream = None
if default_events_register_stream_name is not None:
default_events_register_stream = stream_or_none(default_events_register_stream_name,
user_profile.realm)
if default_events_register_stream and not default_events_register_stream.is_public() and not \
subscribed_to_stream(user_profile, default_events_register_stream):
return json_error(_('Insufficient permission'))
bot_profile = do_create_user(email=email, password='',
realm=user_profile.realm, full_name=full_name,
short_name=short_name, active=True,
bot_type=UserProfile.DEFAULT_BOT,
bot_owner=user_profile,
avatar_source=avatar_source,
default_sending_stream=default_sending_stream,
default_events_register_stream=default_events_register_stream,
default_all_public_streams=default_all_public_streams)
json_result = dict(
api_key=bot_profile.api_key,
avatar_url=avatar_url(bot_profile),
default_sending_stream=get_stream_name(bot_profile.default_sending_stream),
default_events_register_stream=get_stream_name(bot_profile.default_events_register_stream),
default_all_public_streams=bot_profile.default_all_public_streams,
)
return json_success(json_result)
def get_or_build_user(self, username: str, ldap_user: _LDAPUser) -> Tuple[UserProfile, bool]:
return_data = {} # type: Dict[str, Any]
if settings.LDAP_EMAIL_ATTR is not None:
# Get email from ldap attributes.
if settings.LDAP_EMAIL_ATTR not in ldap_user.attrs:
return_data["ldap_missing_attribute"] = settings.LDAP_EMAIL_ATTR
raise ZulipLDAPException("LDAP user doesn't have the needed %s attribute" % (
settings.LDAP_EMAIL_ATTR,))
username = ldap_user.attrs[settings.LDAP_EMAIL_ATTR][0]
if 'userAccountControl' in settings.AUTH_LDAP_USER_ATTR_MAP: # nocoverage
ldap_disabled = self.is_account_control_disabled_user(ldap_user)
if ldap_disabled:
# Treat disabled users as deactivated in Zulip.
return_data["inactive_user"] = True
raise ZulipLDAPException("User has been deactivated")
user_profile = common_get_active_user(username, self._realm, return_data)
if user_profile is not None:
# An existing user, successfully authed; return it.
return user_profile, False
if return_data.get("inactive_realm"):
# This happens if there is a user account in a deactivated realm
raise ZulipLDAPException("Realm has been deactivated")
if return_data.get("inactive_user"):
raise ZulipLDAPException("User has been deactivated")
if return_data.get("invalid_subdomain"):
# TODO: Implement something in the caller for this to
# provide a nice user-facing error message for this
# situation (right now it just acts like any other auth
# failure).
raise ZulipLDAPException("Wrong subdomain")
if self._realm.deactivated:
# This happens if no account exists, but the realm is
# deactivated, so we shouldn't create a new user account
raise ZulipLDAPException("Realm has been deactivated")
# We have valid LDAP credentials; time to create an account.
full_name, short_name = self.get_mapped_name(ldap_user)
try:
full_name = check_full_name(full_name)
except JsonableError as e:
raise ZulipLDAPException(e.msg)
opts = {} # type: Dict[str, Any]
if self._prereg_user:
invited_as = self._prereg_user.invited_as
opts['prereg_user'] = self._prereg_user
opts['is_realm_admin'] = invited_as == PreregistrationUser.INVITE_AS['REALM_ADMIN']
opts['is_guest'] = invited_as == PreregistrationUser.INVITE_AS['GUEST_USER']
opts['default_stream_groups'] = get_default_stream_groups(self._realm)
user_profile = do_create_user(username, None, self._realm, full_name, short_name, **opts)
self.sync_avatar_from_ldap(user_profile, ldap_user)
self.sync_custom_profile_fields_from_ldap(user_profile, ldap_user)
return user_profile, True
def setUp(self) -> None:
self.user_profile = self.example_user("othello")
self.bot_profile = do_create_user(email="*****@*****.**",
password="******",
realm=get_realm("zulip"),
full_name="EmbeddedBo1",
short_name="embedded-bot-1",
bot_type=UserProfile.EMBEDDED_BOT,
bot_owner=self.user_profile)
self.second_bot_profile = do_create_user(email="*****@*****.**",
password="******",
realm=get_realm("zulip"),
full_name="EmbeddedBot2",
short_name="embedded-bot-2",
bot_type=UserProfile.EMBEDDED_BOT,
bot_owner=self.user_profile)
def test_requires_billing_update_for_is_active_changes(self) -> None:
count = RealmAuditLog.objects.count()
realm = get_realm("zulip")
user1 = do_create_user('*****@*****.**', 'password', realm, 'full name', 'short name')
do_deactivate_user(user1)
do_reactivate_user(user1)
# Not a proper use of do_activate_user, but it's fine to call it like this for this test
do_activate_user(user1)
self.assertEqual(count + 4,
RealmAuditLog.objects.filter(requires_billing_update=False).count())
realm.has_seat_based_plan = True
realm.save(update_fields=['has_seat_based_plan'])
user2 = do_create_user('*****@*****.**', 'password', realm, 'full name', 'short name')
do_deactivate_user(user2)
do_reactivate_user(user2)
do_activate_user(user2)
self.assertEqual(4, RealmAuditLog.objects.filter(requires_billing_update=True).count())
def add_bot_backend(request, user_profile, full_name_raw=REQ("full_name"), short_name=REQ(),
default_sending_stream_name=REQ('default_sending_stream', default=None),
default_events_register_stream_name=REQ('default_events_register_stream', default=None),
default_all_public_streams=REQ(validator=check_bool, default=None)):
# type: (HttpRequest, UserProfile, Text, Text, Optional[Text], Optional[Text], Optional[bool]) -> HttpResponse
short_name += "-bot"
full_name = check_full_name(full_name_raw)
email = '%s@%s' % (short_name, user_profile.realm.get_bot_domain())
form = CreateUserForm({'full_name': full_name, 'email': email})
if not form.is_valid():
# We validate client-side as well
return json_error(_('Bad name or username'))
try:
get_user_profile_by_email(email)
return json_error(_("Username already in use"))
except UserProfile.DoesNotExist:
pass
if len(request.FILES) == 0:
avatar_source = UserProfile.AVATAR_FROM_GRAVATAR
elif len(request.FILES) != 1:
return json_error(_("You may only upload one file at a time"))
else:
avatar_source = UserProfile.AVATAR_FROM_USER
default_sending_stream = None
if default_sending_stream_name is not None:
(default_sending_stream, ignored_rec, ignored_sub) = access_stream_by_name(
user_profile, default_sending_stream_name)
default_events_register_stream = None
if default_events_register_stream_name is not None:
(default_events_register_stream, ignored_rec, ignored_sub) = access_stream_by_name(
user_profile, default_events_register_stream_name)
bot_profile = do_create_user(email=email, password='',
realm=user_profile.realm, full_name=full_name,
short_name=short_name, active=True,
bot_type=UserProfile.DEFAULT_BOT,
bot_owner=user_profile,
avatar_source=avatar_source,
default_sending_stream=default_sending_stream,
default_events_register_stream=default_events_register_stream,
default_all_public_streams=default_all_public_streams)
if len(request.FILES) == 1:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, bot_profile)
json_result = dict(
api_key=bot_profile.api_key,
avatar_url=avatar_url(bot_profile),
default_sending_stream=get_stream_name(bot_profile.default_sending_stream),
default_events_register_stream=get_stream_name(bot_profile.default_events_register_stream),
default_all_public_streams=bot_profile.default_all_public_streams,
)
return json_success(json_result)
def create_test_bot(self, email: Text, user_profile: UserProfile, full_name: Text,
short_name: Text, bot_type: int, service_name: str=None) -> UserProfile:
bot_profile = do_create_user(email=email, password='', realm=user_profile.realm,
full_name=full_name, short_name=short_name,
bot_type=bot_type, bot_owner=user_profile)
if bot_type in (UserProfile.OUTGOING_WEBHOOK_BOT, UserProfile.EMBEDDED_BOT):
add_service(name=service_name, user_profile=bot_profile,
base_url='', interface=Service.GENERIC,
token='abcdef')
return bot_profile
def test_get_user(self) -> None:
mit_realm = get_realm("zephyr")
user_profile = self.example_user("hamlet")
email = user_profile.email
self.assertEqual(self.command.get_user(email, self.zulip_realm), user_profile)
self.assertEqual(self.command.get_user(email, None), user_profile)
error_message = "The realm '<Realm: zephyr 2>' does not contain a user with email"
with self.assertRaisesRegex(CommandError, error_message):
self.command.get_user(email, mit_realm)
with self.assertRaisesRegex(CommandError, "server does not contain a user with email"):
self.command.get_user('*****@*****.**', None)
do_create_user(email, 'password', mit_realm, 'full_name', 'short_name')
with self.assertRaisesRegex(CommandError, "server contains multiple users with that email"):
self.command.get_user(email, None)
def setUp(self):
# type: () -> None
self.user_profile = self.example_user("othello")
self.bot_profile = do_create_user(email="*****@*****.**",
password="******",
realm=get_realm("zulip"),
full_name="FooBot",
short_name="foo-bot",
bot_type=UserProfile.OUTGOING_WEBHOOK_BOT,
bot_owner=self.user_profile)
self.second_bot_profile = do_create_user(email="*****@*****.**",
password="******",
realm=get_realm("zulip"),
full_name="BarBot",
short_name="bar-bot",
bot_type=UserProfile.OUTGOING_WEBHOOK_BOT,
bot_owner=self.user_profile)
# TODO: In future versions this won't be required
self.subscribe(self.bot_profile, 'Denmark')
def create_bot(self, owner: UserProfile, bot_email: str, bot_name: str) -> UserProfile:
user = do_create_user(
email=bot_email,
password='******',
realm=owner.realm,
full_name=bot_name,
short_name=bot_name,
bot_type=UserProfile.DEFAULT_BOT,
bot_owner=owner
)
return user
def handle(self, *args: Any, **options: Any) -> None:
if not options["tos"]:
raise CommandError("""You must confirm that this user has accepted the
Terms of Service by passing --this-user-has-accepted-the-tos.""")
realm = self.get_realm(options)
assert realm is not None # Should be ensured by parser
try:
email = options['email']
full_name = options['full_name']
try:
validators.validate_email(email)
except ValidationError:
raise CommandError("Invalid email address.")
except KeyError:
if 'email' in options or 'full_name' in options:
raise CommandError("""Either specify an email and full name as two
parameters, or specify no parameters for interactive user creation.""")
else:
while True:
email = input("Email: ")
try:
validators.validate_email(email)
break
except ValidationError:
print("Invalid email address.", file=sys.stderr)
full_name = input("Full name: ")
try:
if 'password' in options:
pw = options['password']
if 'password_file' in options:
pw = open(options['password_file'], 'r').read()
else:
user_initial_password = initial_password(email)
if user_initial_password is None:
raise CommandError("Password is unusable.")
pw = user_initial_password.encode()
do_create_user(email, pw, realm, full_name, email_to_username(email))
except IntegrityError:
raise CommandError("User already exists.")
def create_user_backend(request, user_profile, email=REQ, password=REQ,
full_name=REQ, short_name=REQ):
form = CreateUserForm({'full_name': full_name, 'email': email})
if not form.is_valid():
return json_error('Bad name or username')
# Check that the new user's email address belongs to the admin's realm
# (Since this is an admin API, we don't require the user to have been
# invited first.)
realm = user_profile.realm
if not email_allowed_for_realm(email, user_profile.realm):
return json_error("Email '%s' does not belong to domain '%s'" % (email, realm.domain))
try:
get_user_profile_by_email(email)
return json_error("Email '%s' already in use" % (email,))
except UserProfile.DoesNotExist:
pass
do_create_user(email, password, realm, full_name, short_name)
return json_success()
def create_bot(self, owner, bot_email, bot_name):
# type: (UserProfile, Text, Text) -> UserProfile
user = do_create_user(
email=bot_email,
password='******',
realm=owner.realm,
full_name=bot_name,
short_name=bot_name,
bot_type=UserProfile.DEFAULT_BOT,
bot_owner=owner
)
return user
def _get_outgoing_bot(self) -> UserProfile:
outgoing_bot = do_create_user(
email="*****@*****.**",
password="******",
realm=get_realm("zulip"),
full_name="BarBot",
short_name='bb',
bot_type=UserProfile.OUTGOING_WEBHOOK_BOT,
bot_owner=self.example_user('cordelia'),
)
return outgoing_bot
def handle(self, **options: Any) -> None:
string_id = 'realm%02d' % (
Realm.objects.filter(string_id__startswith='realm').count(),)
realm = do_create_realm(string_id, string_id)
setup_initial_streams(realm)
name = '%02d-user' % (
UserProfile.objects.filter(email__contains='user@').count(),)
user = do_create_user('%s@%s.zulip.com' % (name, string_id),
'password', realm, name, name, is_realm_admin=True)
bulk_add_subscriptions([realm.signup_notifications_stream], [user])
send_initial_realm_messages(realm)
def create_user_dev(request):
if request.method != 'POST':
return json_error("Wrong method")
json_data = simplejson.loads(request.body)
email = json_data['email']
password = json_data['password']
realm = Realm.objects.get(name='Tijee_test')
full_name = json_data['full_name']
short_name = email_to_username(email)
if (UserProfile.objects.filter(email=email).count()!=0):
return json_error("The email has been used!")
user_profile = do_create_user(email, password, realm, full_name, short_name)
return json_success({'user_id':user_profile.id, 'user_name':user_profile.full_name, 'user_email':user_profile.email})
def handle(self, **options):
# type: (**Any) -> None
string_id = 'realm%02d' % (
Realm.objects.filter(string_id__startswith='realm').count(),)
realm = do_create_realm(string_id, string_id)
setup_initial_streams(realm)
name = '%02d-user' % (
UserProfile.objects.filter(email__contains='user@').count(),)
user = do_create_user('%s@%s.zulip.com' % (name, string_id),
'password', realm, name, name, is_realm_admin=True)
setup_initial_private_stream(user)
send_initial_realm_messages(realm)
def test_user_activation(self) -> None:
realm = get_realm('zulip')
now = timezone_now()
user = do_create_user('email', 'password', realm, 'full_name', 'short_name')
do_deactivate_user(user)
do_activate_user(user)
do_deactivate_user(user)
do_reactivate_user(user)
self.assertEqual(RealmAuditLog.objects.filter(event_time__gte=now).count(), 5)
event_types = list(RealmAuditLog.objects.filter(
realm=realm, acting_user=None, modified_user=user, modified_stream=None,
event_time__gte=now, event_time__lte=now+timedelta(minutes=60))
.order_by('event_time').values_list('event_type', flat=True))
self.assertEqual(event_types, [RealmAuditLog.USER_CREATED, RealmAuditLog.USER_DEACTIVATED, RealmAuditLog.USER_ACTIVATED,
RealmAuditLog.USER_DEACTIVATED, RealmAuditLog.USER_REACTIVATED])
def test_get_user(self) -> None:
mit_realm = get_realm("zephyr")
user_profile = self.example_user("hamlet")
email = user_profile.delivery_email
self.assertEqual(self.command.get_user(email, self.zulip_realm),
user_profile)
self.assertEqual(self.command.get_user(email, None), user_profile)
error_message = "The realm '%s' does not contain a user with email" % (
mit_realm, )
with self.assertRaisesRegex(CommandError, error_message):
self.command.get_user(email, mit_realm)
with self.assertRaisesRegex(
CommandError, "server does not contain a user with email"):
self.command.get_user('*****@*****.**', None)
do_create_user(email, 'password', mit_realm, 'full_name', 'short_name')
with self.assertRaisesRegex(
CommandError,
"server contains multiple users with that email"):
self.command.get_user(email, None)
def test_gather_new_users(self, mock_django_timezone: mock.MagicMock) -> None:
cutoff = timezone_now()
do_create_user('*****@*****.**', password='******', realm=get_realm('zulip'), full_name='abc', short_name='abc')
# Normal users get info about new users
user = self.example_user('aaron')
gathered_no_of_user, _ = gather_new_users(user, cutoff)
self.assertEqual(gathered_no_of_user, 1)
# Definitely, admin users get info about new users
user = self.example_user('iago')
gathered_no_of_user, _ = gather_new_users(user, cutoff)
self.assertEqual(gathered_no_of_user, 1)
# Guest users don't get info about new users
user = self.example_user('polonius')
gathered_no_of_user, _ = gather_new_users(user, cutoff)
self.assertEqual(gathered_no_of_user, 0)
# Zephyr users also don't get info about new users in their realm
user = self.mit_user('starnine')
do_create_user('*****@*****.**', password='******', realm=user.realm, full_name='abc', short_name='abc')
gathered_no_of_user, _ = gather_new_users(user, cutoff)
self.assertEqual(gathered_no_of_user, 0)
def test_gather_new_users(self, mock_django_timezone: mock.MagicMock) -> None:
cutoff = timezone_now()
do_create_user('*****@*****.**', password='******', realm=get_realm('zulip'), full_name='abc', short_name='abc')
# Normal users get info about new users
user = self.example_user('aaron')
gathered_no_of_user, _ = gather_new_users(user, cutoff)
self.assertEqual(gathered_no_of_user, 1)
# Definitely, admin users get info about new users
user = self.example_user('iago')
gathered_no_of_user, _ = gather_new_users(user, cutoff)
self.assertEqual(gathered_no_of_user, 1)
# Guest users don't get info about new users
user = self.example_user('polonius')
gathered_no_of_user, _ = gather_new_users(user, cutoff)
self.assertEqual(gathered_no_of_user, 0)
# Zephyr users also don't get info about new users in their realm
user = self.mit_user('starnine')
do_create_user('*****@*****.**', password='******', realm=user.realm, full_name='abc', short_name='abc')
gathered_no_of_user, _ = gather_new_users(user, cutoff)
self.assertEqual(gathered_no_of_user, 0)
def create_user_backend(request, user_profile, email=REQ(), password=REQ(),
full_name_raw=REQ("full_name"), short_name=REQ()):
# type: (HttpRequest, UserProfile, Text, Text, Text, Text) -> HttpResponse
full_name = check_full_name(full_name_raw)
form = CreateUserForm({'full_name': full_name, 'email': email})
if not form.is_valid():
return json_error(_('Bad name or username'))
# Check that the new user's email address belongs to the admin's realm
# (Since this is an admin API, we don't require the user to have been
# invited first.)
realm = user_profile.realm
if not email_allowed_for_realm(email, user_profile.realm):
return json_error(_("Email '%(email)s' not allowed for realm '%(realm)s'") %
{'email': email, 'realm': realm.string_id})
try:
get_user(email, user_profile.realm)
return json_error(_("Email '%s' already in use") % (email,))
except UserProfile.DoesNotExist:
pass
do_create_user(email, password, realm, full_name, short_name)
return json_success()
def get_or_create_user(self, username, ldap_user):
try:
return get_user_profile_by_email(username), False
except UserProfile.DoesNotExist:
domain = resolve_email_to_domain(username)
realm = get_realm(domain)
full_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["full_name"]
short_name = full_name = ldap_user.attrs[full_name_attr]
if "short_name" in settings.AUTH_LDAP_USER_ATTR_MAP:
short_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["short_name"]
short_name = ldap_user.attrs[short_name_attr]
user_profile = do_create_user(username, None, realm, full_name, short_name)
return user_profile, False
def handle(self, **options):
# type: (**Any) -> None
string_id = 'realm%02d' % (
Realm.objects.filter(string_id__startswith='realm').count(),)
realm = do_create_realm(string_id, string_id)
setup_initial_streams(realm)
name = '%02d-user' % (
UserProfile.objects.filter(email__contains='user@').count(),)
user = do_create_user('%s@%s.zulip.com' % (name, string_id),
'password', realm, name, name, is_realm_admin=True)
send_initial_pms(user)
setup_initial_private_stream(user)
send_initial_realm_messages(realm)
def create_non_active_user(self, realm: Realm, email: str, name: str) -> UserProfile:
user = do_create_user(
email=email,
password='******',
realm=realm,
full_name=name,
short_name=name,
)
# Doing a full-stack deactivation would be expensive here,
# and we really only need to flip the flag to get a valid
# test.
user.is_active = False
user.save()
return user
def create_user_backend(
request: HttpRequest,
user_profile: UserProfile,
email: str = REQ(),
password: str = REQ(),
full_name_raw: str = REQ("full_name"),
short_name: str = REQ()
) -> HttpResponse:
full_name = check_full_name(full_name_raw)
form = CreateUserForm({'full_name': full_name, 'email': email})
if not form.is_valid():
return json_error(_('Bad name or username'))
# Check that the new user's email address belongs to the admin's realm
# (Since this is an admin API, we don't require the user to have been
# invited first.)
realm = user_profile.realm
try:
email_allowed_for_realm(email, user_profile.realm)
except DomainNotAllowedForRealmError:
return json_error(
_("Email '%(email)s' not allowed in this organization") %
{'email': email})
except DisposableEmailError:
return json_error(
_("Disposable email addresses are not allowed in this organization"
))
try:
get_user(email, user_profile.realm)
return json_error(_("Email '%s' already in use") % (email, ))
except UserProfile.DoesNotExist:
pass
do_create_user(email, password, realm, full_name, short_name)
return json_success()
def test_requires_billing_update_for_is_active_changes(self) -> None:
count = RealmAuditLog.objects.count()
realm = get_realm("zulip")
user1 = do_create_user('*****@*****.**', 'password', realm,
'full name', 'short name')
do_deactivate_user(user1)
do_reactivate_user(user1)
# Not a proper use of do_activate_user, but it's fine to call it like this for this test
do_activate_user(user1)
self.assertEqual(
count + 4,
RealmAuditLog.objects.filter(
requires_billing_update=False).count())
realm.has_seat_based_plan = True
realm.save(update_fields=['has_seat_based_plan'])
user2 = do_create_user('*****@*****.**', 'password', realm,
'full name', 'short name')
do_deactivate_user(user2)
do_reactivate_user(user2)
do_activate_user(user2)
self.assertEqual(
4,
RealmAuditLog.objects.filter(requires_billing_update=True).count())
def create_user_backend(request, user_profile, email=REQ(), password=REQ(),
full_name_raw=REQ("full_name"), short_name=REQ()):
# type: (HttpRequest, UserProfile, Text, Text, Text, Text) -> HttpResponse
full_name = check_full_name(full_name_raw)
form = CreateUserForm({'full_name': full_name, 'email': email})
if not form.is_valid():
return json_error(_('Bad name or username'))
# Check that the new user's email address belongs to the admin's realm
# (Since this is an admin API, we don't require the user to have been
# invited first.)
realm = user_profile.realm
if not email_allowed_for_realm(email, user_profile.realm):
return json_error(_("Email '%(email)s' not allowed for realm '%(realm)s'") %
{'email': email, 'realm': realm.string_id})
try:
get_user_profile_by_email(email)
return json_error(_("Email '%s' already in use") % (email,))
except UserProfile.DoesNotExist:
pass
do_create_user(email, password, realm, full_name, short_name)
return json_success()
def test_user_activation(self) -> None:
realm = get_realm('zulip')
now = timezone_now()
user = do_create_user('email', 'password', realm, 'full_name', 'short_name')
do_deactivate_user(user)
do_activate_user(user)
do_deactivate_user(user)
do_reactivate_user(user)
self.assertEqual(RealmAuditLog.objects.filter(event_time__gte=now).count(), 5)
event_types = list(RealmAuditLog.objects.filter(
realm=realm, acting_user=None, modified_user=user, modified_stream=None,
event_time__gte=now, event_time__lte=now+timedelta(minutes=60))
.order_by('event_time').values_list('event_type', flat=True))
self.assertEqual(event_types, [RealmAuditLog.USER_CREATED, RealmAuditLog.USER_DEACTIVATED, RealmAuditLog.USER_ACTIVATED,
RealmAuditLog.USER_DEACTIVATED, RealmAuditLog.USER_REACTIVATED])
def create_non_active_user(self, realm: Realm, email: str, name: str) -> UserProfile:
user = do_create_user(
email=email,
password='******',
realm=realm,
full_name=name,
short_name=name,
)
# Doing a full-stack deactivation would be expensive here,
# and we really only need to flip the flag to get a valid
# test.
user.is_active = False
user.save()
return user
def deactivate_own_user() -> Dict[str, object]:
test_user_email = "*****@*****.**"
deactivate_test_user = do_create_user(
test_user_email,
"secret",
get_realm("zulip"),
"Mr. Delete",
role=200,
acting_user=None,
)
realm = get_realm("zulip")
test_user = get_user(test_user_email, realm)
test_user_api_key = get_api_key(test_user)
# change authentication line to allow test_client to delete itself.
AUTHENTICATION_LINE[0] = f"{deactivate_test_user.email}:{test_user_api_key}"
return {}
def test_check_admin_different_realm_emoji(self) -> None:
# Test that two different realm emojis in two different realms but
# having same name can be administered independently.
realm_1 = do_create_realm("test_realm", "test_realm")
emoji_author_1 = do_create_user("*****@*****.**",
password="******",
realm=realm_1,
full_name="abc",
acting_user=None)
self.create_test_emoji("test_emoji", emoji_author_1)
emoji_author_2 = self.example_user("othello")
self.create_test_emoji("test_emoji", emoji_author_2)
self.login_user(emoji_author_2)
result = self.client_delete("/json/realm/emoji/test_emoji")
self.assert_json_success(result)
def handle(self, **options: Any) -> None:
string_id = 'realm{:02}'.format(
Realm.objects.filter(string_id__startswith='realm').count())
realm = do_create_realm(string_id, string_id)
name = '{:02}-user'.format(
UserProfile.objects.filter(email__contains='user@').count())
user = do_create_user(f'{name}@{string_id}.zulip.com',
'password',
realm,
name,
name,
role=UserProfile.ROLE_REALM_ADMINISTRATOR)
bulk_add_subscriptions([realm.signup_notifications_stream], [user])
send_initial_realm_messages(realm)
def handle(self, **options: Any) -> None:
string_id = 'realm%02d' % (Realm.objects.filter(
string_id__startswith='realm').count(), )
realm = do_create_realm(string_id, string_id)
name = '%02d-user' % (UserProfile.objects.filter(
email__contains='user@').count(), )
user = do_create_user('%s@%s.zulip.com' % (name, string_id),
'password',
realm,
name,
name,
is_realm_admin=True)
bulk_add_subscriptions([realm.signup_notifications_stream], [user])
send_initial_realm_messages(realm)
def test_check_admin_different_realm_emoji(self) -> None:
# Test that two different realm emojis in two different realms but
# having same name can be administered independently.
realm_1 = do_create_realm('test_realm', 'test_realm')
emoji_author_1 = do_create_user('*****@*****.**',
password='******',
realm=realm_1,
full_name='abc',
short_name='abc')
self.create_test_emoji('test_emoji', emoji_author_1)
emoji_author_2 = self.example_user('othello')
self.create_test_emoji('test_emoji', emoji_author_2)
self.login(emoji_author_2.email)
result = self.client_delete('/json/realm/emoji/test_emoji')
self.assert_json_success(result)
def create_user_backend(
request: HttpRequest,
user_profile: UserProfile,
email: str = REQ(),
password: str = REQ(),
full_name_raw: str = REQ("full_name"),
) -> HttpResponse:
if not user_profile.can_create_users:
raise JsonableError(_("User not authorized for this query"))
full_name = check_full_name(full_name_raw)
form = CreateUserForm({"full_name": full_name, "email": email})
if not form.is_valid():
raise JsonableError(_("Bad name or username"))
# Check that the new user's email address belongs to the admin's realm
# (Since this is an admin API, we don't require the user to have been
# invited first.)
realm = user_profile.realm
try:
email_allowed_for_realm(email, user_profile.realm)
except DomainNotAllowedForRealmError:
raise JsonableError(
_("Email '{email}' not allowed in this organization").format(
email=email, ))
except DisposableEmailError:
raise JsonableError(
_("Disposable email addresses are not allowed in this organization"
))
except EmailContainsPlusError:
raise JsonableError(_("Email addresses containing + are not allowed."))
try:
get_user_by_delivery_email(email, user_profile.realm)
raise JsonableError(_("Email '{}' already in use").format(email))
except UserProfile.DoesNotExist:
pass
if not check_password_strength(password):
raise JsonableError(PASSWORD_TOO_WEAK_ERROR)
target_user = do_create_user(email,
password,
realm,
full_name,
acting_user=user_profile)
return json_success({"user_id": target_user.id})
def get_or_build_user(self, username: str, ldap_user: _LDAPUser) -> Tuple[UserProfile, bool]:
return_data = {} # type: Dict[str, Any]
if settings.LDAP_EMAIL_ATTR is not None:
# Get email from ldap attributes.
if settings.LDAP_EMAIL_ATTR not in ldap_user.attrs:
return_data["ldap_missing_attribute"] = settings.LDAP_EMAIL_ATTR
raise ZulipLDAPException("LDAP user doesn't have the needed %s attribute" % (
settings.LDAP_EMAIL_ATTR,))
username = ldap_user.attrs[settings.LDAP_EMAIL_ATTR][0]
user_profile = common_get_active_user(username, self._realm, return_data)
if user_profile is not None:
# An existing user, successfully authed; return it.
return user_profile, False
if return_data.get("inactive_realm"):
# This happens if there is a user account in a deactivated realm
raise ZulipLDAPException("Realm has been deactivated")
if return_data.get("inactive_user"):
raise ZulipLDAPException("User has been deactivated")
if return_data.get("invalid_subdomain"):
# TODO: Implement something in the caller for this to
# provide a nice user-facing error message for this
# situation (right now it just acts like any other auth
# failure).
raise ZulipLDAPException("Wrong subdomain")
if self._realm.deactivated:
# This happens if no account exists, but the realm is
# deactivated, so we shouldn't create a new user account
raise ZulipLDAPException("Realm has been deactivated")
# We have valid LDAP credentials; time to create an account.
full_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["full_name"]
short_name = full_name = ldap_user.attrs[full_name_attr][0]
try:
full_name = check_full_name(full_name)
except JsonableError as e:
raise ZulipLDAPException(e.msg)
if "short_name" in settings.AUTH_LDAP_USER_ATTR_MAP:
short_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["short_name"]
short_name = ldap_user.attrs[short_name_attr][0]
user_profile = do_create_user(username, None, self._realm, full_name, short_name)
return user_profile, True
def get_or_build_user(self, username: str, ldap_user: _LDAPUser) -> Tuple[UserProfile, bool]:
return_data = {} # type: Dict[str, Any]
if settings.LDAP_EMAIL_ATTR is not None:
# Get email from ldap attributes.
if settings.LDAP_EMAIL_ATTR not in ldap_user.attrs:
return_data["ldap_missing_attribute"] = settings.LDAP_EMAIL_ATTR
raise ZulipLDAPException("LDAP user doesn't have the needed %s attribute" % (
settings.LDAP_EMAIL_ATTR,))
username = ldap_user.attrs[settings.LDAP_EMAIL_ATTR][0]
user_profile = common_get_active_user(username, self._realm, return_data)
if user_profile is not None:
# An existing user, successfully authed; return it.
return user_profile, False
if return_data.get("inactive_realm"):
# This happens if there is a user account in a deactivated realm
raise ZulipLDAPException("Realm has been deactivated")
if return_data.get("inactive_user"):
raise ZulipLDAPException("User has been deactivated")
if return_data.get("invalid_subdomain"):
# TODO: Implement something in the caller for this to
# provide a nice user-facing error message for this
# situation (right now it just acts like any other auth
# failure).
raise ZulipLDAPException("Wrong subdomain")
if self._realm.deactivated:
# This happens if no account exists, but the realm is
# deactivated, so we shouldn't create a new user account
raise ZulipLDAPException("Realm has been deactivated")
# We have valid LDAP credentials; time to create an account.
full_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["full_name"]
short_name = full_name = ldap_user.attrs[full_name_attr][0]
try:
full_name = check_full_name(full_name)
except JsonableError as e:
raise ZulipLDAPException(e.msg)
if "short_name" in settings.AUTH_LDAP_USER_ATTR_MAP:
short_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["short_name"]
short_name = ldap_user.attrs[short_name_attr][0]
user_profile = do_create_user(username, None, self._realm, full_name, short_name)
return user_profile, True
def get_or_create_user(self, username, ldap_user):
try:
return get_user_profile_by_email(username), False
except UserProfile.DoesNotExist:
domain = resolve_email_to_domain(username)
realm = get_realm(domain)
full_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["full_name"]
short_name = full_name = ldap_user.attrs[full_name_attr][0]
if "short_name" in settings.AUTH_LDAP_USER_ATTR_MAP:
short_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP[
"short_name"]
short_name = ldap_user.attrs[short_name_attr][0]
user_profile = do_create_user(username, None, realm, full_name,
short_name)
return user_profile, False
def handle(self, *args: Any, **options: Any) -> None:
if not options["tos"]:
raise CommandError(
"""You must confirm that this user has accepted the
Terms of Service by passing --this-user-has-accepted-the-tos.""")
realm = self.get_realm(options)
assert realm is not None # Should be ensured by parser
try:
email = options['email']
full_name = options['full_name']
try:
validators.validate_email(email)
except ValidationError:
raise CommandError("Invalid email address.")
except KeyError:
if 'email' in options or 'full_name' in options:
raise CommandError(
"""Either specify an email and full name as two
parameters, or specify no parameters for interactive user creation.""")
else:
while True:
email = input("Email: ")
try:
validators.validate_email(email)
break
except ValidationError:
print("Invalid email address.", file=sys.stderr)
full_name = input("Full name: ")
try:
if 'password' in options:
pw = options['password']
if 'password_file' in options:
pw = open(options['password_file'], 'r').read()
else:
user_initial_password = initial_password(email)
if user_initial_password is None:
raise CommandError("Password is unusable.")
pw = user_initial_password.encode()
notify_new_user(do_create_user(email, pw, realm, full_name,
email_to_username(email)),
internal=True)
except IntegrityError:
raise CommandError("User already exists.")
def handle(self, *args, **options):
# type: (*Any, **Any) -> None
if not options["tos"]:
raise CommandError(
"""You must confirm that this user has accepted the
Terms of Service by passing --this-user-has-accepted-the-tos.""")
if not options["string_id"]:
raise CommandError(
"""Please specify a realm by passing --realm.""")
try:
realm = get_realm(options["string_id"])
except Realm.DoesNotExist:
raise CommandError("Realm does not exist.")
try:
email = options['email']
full_name = options['full_name']
try:
validators.validate_email(email)
except ValidationError:
raise CommandError("Invalid email address.")
except KeyError:
if 'email' in options or 'full_name' in options:
raise CommandError(
"""Either specify an email and full name as two
parameters, or specify no parameters for interactive user creation.""")
else:
while True:
email = input("Email: ")
try:
validators.validate_email(email)
break
except ValidationError:
print("Invalid email address.", file=sys.stderr)
full_name = input("Full name: ")
try:
pw = options.get('password', initial_password(email))
notify_new_user(do_create_user(email, pw, realm, full_name,
email_to_username(email)),
internal=True)
except IntegrityError:
raise CommandError("User already exists.")
def test_no_email_digest_for_bots(self, mock_django_timezone: mock.MagicMock,
mock_queue_digest_recipient: mock.MagicMock) -> None:
cutoff = timezone_now()
# A Tuesday
mock_django_timezone.return_value = datetime.datetime(year=2016, month=1, day=5)
bot = do_create_user('*****@*****.**', 'password', get_realm('zulip'), 'some_bot', '',
bot_type=UserProfile.DEFAULT_BOT)
UserActivity.objects.create(
last_visit=cutoff - datetime.timedelta(days=1),
user_profile=bot,
count=0,
client=get_client('test_client'))
# Check that bots are not sent emails
enqueue_emails(cutoff)
for arg in mock_queue_digest_recipient.call_args_list:
user = arg[0][0]
self.assertNotEqual(user.id, bot.id)
def test_active_users_log_by_is_bot(self):
# type: () -> None
property = 'active_users_log:is_bot:day'
user = do_create_user('email', 'password', self.default_realm, 'full_name', 'short_name')
self.assertEqual(1, RealmCount.objects.filter(property=property, subgroup=False)
.aggregate(Sum('value'))['value__sum'])
do_deactivate_user(user)
self.assertEqual(0, RealmCount.objects.filter(property=property, subgroup=False)
.aggregate(Sum('value'))['value__sum'])
do_activate_user(user)
self.assertEqual(1, RealmCount.objects.filter(property=property, subgroup=False)
.aggregate(Sum('value'))['value__sum'])
do_deactivate_user(user)
self.assertEqual(0, RealmCount.objects.filter(property=property, subgroup=False)
.aggregate(Sum('value'))['value__sum'])
do_reactivate_user(user)
self.assertEqual(1, RealmCount.objects.filter(property=property, subgroup=False)
.aggregate(Sum('value'))['value__sum'])
def handle(self, **options):
# type: (**Any) -> None
realm = self.get_realm(options)
if realm is None:
realm = Realm.objects.filter(string_id__startswith='realm') \
.order_by('-string_id').first()
if realm is None:
print('Warning: Using default zulip realm, which has an unusual configuration.\n'
'Try running `python manage.py add_new_realm`, and then running this again.')
realm = Realm.objects.get(string_id='zulip')
domain = 'zulip.com'
else:
domain = realm.string_id + '.zulip.com'
name = '%02d-user' % (UserProfile.objects.filter(email__contains='user@').count(),)
user = do_create_user('%s@%s' % (name, domain),
'password', realm, name, name)
send_initial_pms(user)
def test_active_users_log_by_is_bot(self):
# type: () -> None
property = 'active_users_log:is_bot:day'
user = do_create_user('email', 'password', self.default_realm, 'full_name', 'short_name')
self.assertEqual(1, RealmCount.objects.filter(property=property, subgroup=False)
.aggregate(Sum('value'))['value__sum'])
do_deactivate_user(user)
self.assertEqual(0, RealmCount.objects.filter(property=property, subgroup=False)
.aggregate(Sum('value'))['value__sum'])
do_activate_user(user)
self.assertEqual(1, RealmCount.objects.filter(property=property, subgroup=False)
.aggregate(Sum('value'))['value__sum'])
do_deactivate_user(user)
self.assertEqual(0, RealmCount.objects.filter(property=property, subgroup=False)
.aggregate(Sum('value'))['value__sum'])
do_reactivate_user(user)
self.assertEqual(1, RealmCount.objects.filter(property=property, subgroup=False)
.aggregate(Sum('value'))['value__sum'])
def test_no_email_digest_for_bots(self, mock_django_timezone: mock.MagicMock,
mock_queue_digest_recipient: mock.MagicMock) -> None:
cutoff = timezone_now()
# A Tuesday
mock_django_timezone.return_value = datetime.datetime(year=2016, month=1, day=5)
bot = do_create_user('*****@*****.**', 'password', get_realm('zulip'), 'some_bot', '',
bot_type=UserProfile.DEFAULT_BOT)
UserActivity.objects.create(
last_visit=cutoff - datetime.timedelta(days=1),
user_profile=bot,
count=0,
client=get_client('test_client'))
# Check that bots are not sent emails
enqueue_emails(cutoff)
for arg in mock_queue_digest_recipient.call_args_list:
user = arg[0][0]
self.assertNotEqual(user.id, bot.id)
def test_billing_quantity_changes_end_to_end(
self, mock_customer_with_subscription: Mock, mock_create_subscription: Mock,
mock_create_customer: Mock) -> None:
self.login(self.example_email("hamlet"))
processor = BillingProcessor.objects.create(
log_row=RealmAuditLog.objects.order_by('id').first(), state=BillingProcessor.DONE)
def check_billing_processor_update(event_type: str, quantity: int) -> None:
def check_subscription_save(subscription: stripe.Subscription, idempotency_key: str) -> None:
self.assertEqual(subscription.quantity, quantity)
log_row = RealmAuditLog.objects.filter(
event_type=event_type, requires_billing_update=True).order_by('-id').first()
self.assertEqual(idempotency_key, 'process_billing_log_entry:%s' % (log_row.id,))
self.assertEqual(subscription.proration_date, datetime_to_timestamp(log_row.event_time))
with patch.object(stripe.Subscription, 'save', autospec=True,
side_effect=check_subscription_save):
run_billing_processor_one_step(processor)
# Test STRIPE_PLAN_QUANTITY_RESET
new_seat_count = 123
# change the seat count while the user is going through the upgrade flow
with patch('corporate.lib.stripe.get_seat_count', return_value=new_seat_count):
self.client_post("/upgrade/", {'stripeToken': self.token,
'signed_seat_count': self.signed_seat_count,
'salt': self.salt,
'plan': Plan.CLOUD_ANNUAL})
check_billing_processor_update(RealmAuditLog.STRIPE_PLAN_QUANTITY_RESET, new_seat_count)
# Test USER_CREATED
user = do_create_user('*****@*****.**', 'password', get_realm('zulip'), 'full name', 'short name')
check_billing_processor_update(RealmAuditLog.USER_CREATED, self.quantity + 1)
# Test USER_DEACTIVATED
do_deactivate_user(user)
check_billing_processor_update(RealmAuditLog.USER_DEACTIVATED, self.quantity - 1)
# Test USER_REACTIVATED
do_reactivate_user(user)
check_billing_processor_update(RealmAuditLog.USER_REACTIVATED, self.quantity + 1)
# Test USER_ACTIVATED
# Not a proper use of do_activate_user, but it's fine to call it like this for this test
do_activate_user(user)
check_billing_processor_update(RealmAuditLog.USER_ACTIVATED, self.quantity + 1)
def test_user_activation(self) -> None:
realm = get_realm("zulip")
now = timezone_now()
user = do_create_user("email",
"password",
realm,
"full_name",
acting_user=None)
do_deactivate_user(user, acting_user=user)
do_activate_user(user, acting_user=user)
do_deactivate_user(user, acting_user=user)
do_reactivate_user(user, acting_user=user)
self.assertEqual(
RealmAuditLog.objects.filter(event_time__gte=now).count(), 5)
event_types = list(
RealmAuditLog.objects.filter(
realm=realm,
acting_user=user,
modified_user=user,
modified_stream=None,
event_time__gte=now,
event_time__lte=now + timedelta(minutes=60),
).order_by("event_time").values_list("event_type", flat=True))
self.assertEqual(
event_types,
[
RealmAuditLog.USER_CREATED,
RealmAuditLog.USER_DEACTIVATED,
RealmAuditLog.USER_ACTIVATED,
RealmAuditLog.USER_DEACTIVATED,
RealmAuditLog.USER_REACTIVATED,
],
)
for event in RealmAuditLog.objects.filter(
realm=realm,
acting_user=user,
modified_user=user,
modified_stream=None,
event_time__gte=now,
event_time__lte=now + timedelta(minutes=60),
):
extra_data = orjson.loads(event.extra_data)
self.check_role_count_schema(extra_data[RealmAuditLog.ROLE_COUNT])
self.assertNotIn(RealmAuditLog.OLD_VALUE, extra_data)
def handle(self, **options: Any) -> None:
string_id = "realm{:02}".format(
Realm.objects.filter(string_id__startswith="realm").count())
realm = do_create_realm(string_id, string_id)
name = "{:02}-user".format(
UserProfile.objects.filter(email__contains="user@").count())
user = do_create_user(
f"{name}@{string_id}.zulip.com",
"password",
realm,
name,
role=UserProfile.ROLE_REALM_ADMINISTRATOR,
acting_user=None,
)
assert realm.signup_notifications_stream is not None
bulk_add_subscriptions(realm, [realm.signup_notifications_stream],
[user])
send_initial_realm_messages(realm)
def get_or_create_user(self, username, ldap_user):
# type: (str, _LDAPUser) -> Tuple[UserProfile, bool]
try:
if settings.LDAP_EMAIL_ATTR is not None:
# Get email from ldap attributes.
if settings.LDAP_EMAIL_ATTR not in ldap_user.attrs:
raise ZulipLDAPException(
"LDAP user doesn't have the needed %s attribute" %
(settings.LDAP_EMAIL_ATTR, ))
username = ldap_user.attrs[settings.LDAP_EMAIL_ATTR][0]
user_profile = get_user_profile_by_email(username)
if not user_profile.is_active or user_profile.realm.deactivated:
raise ZulipLDAPException("Realm has been deactivated")
if not ldap_auth_enabled(user_profile.realm):
raise ZulipLDAPException("LDAP Authentication is not enabled")
return user_profile, False
except UserProfile.DoesNotExist:
if self._realm is None:
raise ZulipLDAPConfigurationError("Realm is None",
self.REALM_IS_NONE_ERROR)
# No need to check for an inactive user since they don't exist yet
if self._realm.deactivated:
raise ZulipLDAPException("Realm has been deactivated")
full_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["full_name"]
short_name = full_name = ldap_user.attrs[full_name_attr][0]
try:
full_name = check_full_name(full_name)
except JsonableError as e:
raise ZulipLDAPException(e.msg)
if "short_name" in settings.AUTH_LDAP_USER_ATTR_MAP:
short_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP[
"short_name"]
short_name = ldap_user.attrs[short_name_attr][0]
user_profile = do_create_user(username, None, self._realm,
full_name, short_name)
return user_profile, True
def get_or_create_user(self, username, ldap_user):
try:
user_profile = get_user_profile_by_email(username)
if not user_profile.is_active or user_profile.realm.deactivated:
raise ZulipLDAPException("Realm has been deactivated")
return user_profile, False
except UserProfile.DoesNotExist:
domain = resolve_email_to_domain(username)
realm = get_realm(domain)
# No need to check for an inactive user since they don't exist yet
if realm.deactivated:
raise ZulipLDAPException("Realm has been deactivated")
full_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["full_name"]
short_name = full_name = ldap_user.attrs[full_name_attr][0]
if "short_name" in settings.AUTH_LDAP_USER_ATTR_MAP:
short_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["short_name"]
short_name = ldap_user.attrs[short_name_attr][0]
user_profile = do_create_user(username, None, realm, full_name, short_name)
return user_profile, False
def create_test_bot(self,
email: Text,
user_profile: UserProfile,
full_name: Text,
short_name: Text,
bot_type: int,
service_name: str = None) -> UserProfile:
bot_profile = do_create_user(email=email,
password='',
realm=user_profile.realm,
full_name=full_name,
short_name=short_name,
bot_type=bot_type,
bot_owner=user_profile)
if bot_type in (UserProfile.OUTGOING_WEBHOOK_BOT,
UserProfile.EMBEDDED_BOT):
add_service(name=service_name,
user_profile=bot_profile,
base_url='',
interface=Service.GENERIC,
token='abcdef')
return bot_profile
def get_or_create_user(self, username, ldap_user):
# type: (str, _LDAPUser) -> Tuple[UserProfile, bool]
try:
user_profile = get_user_profile_by_email(username)
if not user_profile.is_active or user_profile.realm.deactivated:
raise ZulipLDAPException("Realm has been deactivated")
if not ldap_auth_enabled(user_profile.realm):
raise ZulipLDAPException("LDAP Authentication is not enabled")
return user_profile, False
except UserProfile.DoesNotExist:
# No need to check for an inactive user since they don't exist yet
if self._realm.deactivated:
raise ZulipLDAPException("Realm has been deactivated")
full_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["full_name"]
short_name = full_name = ldap_user.attrs[full_name_attr][0]
if "short_name" in settings.AUTH_LDAP_USER_ATTR_MAP:
short_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["short_name"]
short_name = ldap_user.attrs[short_name_attr][0]
user_profile = do_create_user(username, None, self._realm, full_name, short_name)
return user_profile, True
def add_bot_backend(request,
user_profile,
full_name=REQ(),
short_name=REQ(),
default_sending_stream_name=REQ('default_sending_stream',
default=None),
default_events_register_stream_name=REQ(
'default_events_register_stream', default=None),
default_all_public_streams=REQ(validator=check_bool,
default=None)):
# type: (HttpRequest, UserProfile, text_type, text_type, Optional[text_type], Optional[text_type], Optional[bool]) -> HttpResponse
short_name += "-bot"
email = short_name + "@" + user_profile.realm.domain
form = CreateUserForm({'full_name': full_name, 'email': email})
if not form.is_valid():
# We validate client-side as well
return json_error(_('Bad name or username'))
try:
get_user_profile_by_email(email)
return json_error(_("Username already in use"))
except UserProfile.DoesNotExist:
pass
if len(request.FILES) == 0:
avatar_source = UserProfile.AVATAR_FROM_GRAVATAR
elif len(request.FILES) != 1:
return json_error(_("You may only upload one file at a time"))
else:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, email)
avatar_source = UserProfile.AVATAR_FROM_USER
default_sending_stream = None
if default_sending_stream_name is not None:
default_sending_stream = stream_or_none(default_sending_stream_name,
user_profile.realm)
if (default_sending_stream and not default_sending_stream.is_public() and
not subscribed_to_stream(user_profile, default_sending_stream)):
return json_error(_('Insufficient permission'))
default_events_register_stream = None
if default_events_register_stream_name is not None:
default_events_register_stream = stream_or_none(
default_events_register_stream_name, user_profile.realm)
if (default_events_register_stream
and not default_events_register_stream.is_public()
and not subscribed_to_stream(user_profile,
default_events_register_stream)):
return json_error(_('Insufficient permission'))
bot_profile = do_create_user(
email=email,
password='',
realm=user_profile.realm,
full_name=full_name,
short_name=short_name,
active=True,
bot_type=UserProfile.DEFAULT_BOT,
bot_owner=user_profile,
avatar_source=avatar_source,
default_sending_stream=default_sending_stream,
default_events_register_stream=default_events_register_stream,
default_all_public_streams=default_all_public_streams)
json_result = dict(
api_key=bot_profile.api_key,
avatar_url=avatar_url(bot_profile),
default_sending_stream=get_stream_name(
bot_profile.default_sending_stream),
default_events_register_stream=get_stream_name(
bot_profile.default_events_register_stream),
default_all_public_streams=bot_profile.default_all_public_streams,
)
return json_success(json_result)
def add_bot_backend(
request: HttpRequest,
user_profile: UserProfile,
full_name_raw: str = REQ("full_name"),
short_name_raw: str = REQ("short_name"),
bot_type: int = REQ(validator=check_int, default=UserProfile.DEFAULT_BOT),
payload_url: Optional[str] = REQ(validator=check_url, default=""),
service_name: Optional[str] = REQ(default=None),
config_data: Dict[str, str] = REQ(
default={}, validator=check_dict(value_validator=check_string)),
interface_type: int = REQ(validator=check_int, default=Service.GENERIC),
default_sending_stream_name: Optional[str] = REQ('default_sending_stream',
default=None),
default_events_register_stream_name: Optional[str] = REQ(
'default_events_register_stream', default=None),
default_all_public_streams: Optional[bool] = REQ(validator=check_bool,
default=None)
) -> HttpResponse:
short_name = check_short_name(short_name_raw)
if bot_type != UserProfile.INCOMING_WEBHOOK_BOT:
service_name = service_name or short_name
short_name += "-bot"
full_name = check_full_name(full_name_raw)
try:
email = '%s@%s' % (short_name, user_profile.realm.get_bot_domain())
except InvalidFakeEmailDomain:
return json_error(
_("Can't create bots until FAKE_EMAIL_DOMAIN is correctly configured.\n"
"Please contact your server administrator."))
form = CreateUserForm({'full_name': full_name, 'email': email})
if bot_type == UserProfile.EMBEDDED_BOT:
if not settings.EMBEDDED_BOTS_ENABLED:
return json_error(_("Embedded bots are not enabled."))
if service_name not in [bot.name for bot in EMBEDDED_BOTS]:
return json_error(_("Invalid embedded bot name."))
if not form.is_valid():
# We validate client-side as well
return json_error(_('Bad name or username'))
try:
get_user_by_delivery_email(email, user_profile.realm)
return json_error(_("Username already in use"))
except UserProfile.DoesNotExist:
pass
check_bot_name_available(
realm_id=user_profile.realm_id,
full_name=full_name,
)
check_bot_creation_policy(user_profile, bot_type)
check_valid_bot_type(user_profile, bot_type)
check_valid_interface_type(interface_type)
if len(request.FILES) == 0:
avatar_source = UserProfile.AVATAR_FROM_GRAVATAR
elif len(request.FILES) != 1:
return json_error(_("You may only upload one file at a time"))
else:
avatar_source = UserProfile.AVATAR_FROM_USER
default_sending_stream = None
if default_sending_stream_name is not None:
(default_sending_stream, ignored_rec,
ignored_sub) = access_stream_by_name(user_profile,
default_sending_stream_name)
default_events_register_stream = None
if default_events_register_stream_name is not None:
(default_events_register_stream, ignored_rec,
ignored_sub) = access_stream_by_name(
user_profile, default_events_register_stream_name)
if bot_type in (UserProfile.INCOMING_WEBHOOK_BOT,
UserProfile.EMBEDDED_BOT) and service_name:
check_valid_bot_config(bot_type, service_name, config_data)
bot_profile = do_create_user(
email=email,
password='',
realm=user_profile.realm,
full_name=full_name,
short_name=short_name,
bot_type=bot_type,
bot_owner=user_profile,
avatar_source=avatar_source,
default_sending_stream=default_sending_stream,
default_events_register_stream=default_events_register_stream,
default_all_public_streams=default_all_public_streams)
if len(request.FILES) == 1:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, bot_profile)
if bot_type in (UserProfile.OUTGOING_WEBHOOK_BOT,
UserProfile.EMBEDDED_BOT):
assert (isinstance(service_name, str))
add_service(name=service_name,
user_profile=bot_profile,
base_url=payload_url,
interface=interface_type,
token=generate_api_key())
if bot_type == UserProfile.INCOMING_WEBHOOK_BOT and service_name:
set_bot_config(bot_profile, "integration_id", service_name)
if bot_type in (UserProfile.INCOMING_WEBHOOK_BOT,
UserProfile.EMBEDDED_BOT):
for key, value in config_data.items():
set_bot_config(bot_profile, key, value)
notify_created_bot(bot_profile)
api_key = get_api_key(bot_profile)
json_result = dict(
api_key=api_key,
avatar_url=avatar_url(bot_profile),
default_sending_stream=get_stream_name(
bot_profile.default_sending_stream),
default_events_register_stream=get_stream_name(
bot_profile.default_events_register_stream),
default_all_public_streams=bot_profile.default_all_public_streams,
)
return json_success(json_result)
