def user_update(request, user, **data):
manager = keystoneclient(request, admin=True).users
error = None
if not keystone_can_edit_user():
raise keystone_exceptions.ClientException(
405, _("Identity service does not allow editing user data."))
# The v2 API updates user model, password and default project separately
if VERSIONS.active < 3:
password = data.pop('password')
project = data.pop('project')
# Update user details
try:
user = manager.update(user, **data)
except Exception:
error = exceptions.handle(request, ignore=True)
# Update default tenant
try:
user_update_tenant(request, user, project)
user.tenantId = project
except Exception:
error = exceptions.handle(request, ignore=True)
# Check for existing roles
# Show a warning if no role exists for the project
user_roles = roles_for_user(request, user, project)
if not user_roles:
messages.warning(
request,
_('User %s has no role defined for '
'that project.') % data.get('name', None))
# If present, update password
# FIXME(gabriel): password change should be its own form + view
if password:
try:
user_update_password(request, user, password)
if user.id == request.user.id:
return utils.logout_with_message(
request,
_("Password changed. Please log in again to continue.")
)
except Exception:
error = exceptions.handle(request, ignore=True)
if error is not None:
raise error
# v3 API is so much simpler...
else:
if not data['password']:
data.pop('password')
user = manager.update(user, **data)
if data.get('password') and user.id == request.user.id:
return utils.logout_with_message(
request,
_("Password changed. Please log in again to continue."))
def user_update(request, user, **data):
manager = keystoneclient(request, admin=True).users
error = None
if not keystone_can_edit_user():
raise keystone_exceptions.ClientException(405, _("Identity service " "does not allow editing user data."))
# The v2 API updates user model, password and default project separately
if VERSIONS.active < 3:
password = data.pop("password")
project = data.pop("project")
# Update user details
try:
user = manager.update(user, **data)
except Exception:
error = exceptions.handle(request, ignore=True)
# Update default tenant
try:
user_update_tenant(request, user, project)
user.tenantId = project
except Exception:
error = exceptions.handle(request, ignore=True)
# Check for existing roles
# Show a warning if no role exists for the project
user_roles = roles_for_user(request, user, project)
if not user_roles:
messages.warning(request, _("User %s has no role defined for " "that project.") % data.get("name", None))
# If present, update password
# FIXME(gabriel): password change should be its own form + view
if password:
try:
user_update_password(request, user, password)
if user.id == request.user.id:
return utils.logout_with_message(request, _("Password changed. Please log in again to continue."))
except Exception:
error = exceptions.handle(request, ignore=True)
if error is not None:
raise error
# v3 API is so much simpler...
else:
if not data["password"]:
data.pop("password")
user = manager.update(user, **data)
if data.get("password") and user.id == request.user.id:
return utils.logout_with_message(request, _("Password changed. Please log in again to continue."))
def handle(self, request, data):
user_id = data.pop('id')
password = data.pop('password')
admin_password = None
# Throw away the password confirmation, we're done with it.
data.pop('confirm_password', None)
# Verify admin password before changing user password
if getattr(settings, 'ENFORCE_PASSWORD_CHECK', False):
admin_password = data.pop('admin_password')
if not api.keystone.user_verify_admin_password(
request, admin_password):
self.api_error(_('The admin password is incorrect.'))
return False
try:
response = api.keystone.user_update_password(
request, user_id, password)
if user_id == request.user.id:
return utils.logout_with_message(
request,
_('Password changed. Please log in to continue.'),
redirect=False)
messages.success(request,
_('User password has been updated successfully.'))
except Exception:
response = exceptions.handle(request, ignore=True)
messages.error(request, _('Unable to update the user password.'))
if isinstance(response, http.HttpResponse):
return response
else:
return True
def handle(self, request, data):
user_id = data.pop('id')
password = data.pop('password')
# Throw away the password confirmation, we're done with it.
data.pop('confirm_password', None)
try:
response = api.keystone.user_update_password(
request, user_id, password)
if user_id == request.user.id:
return utils.logout_with_message(
request,
_('Password changed. Please log in to continue.'),
redirect=False)
messages.success(request,
_('User password has been updated successfully.'))
except Exception:
response = exceptions.handle(request, ignore=True)
messages.error(request, _('Unable to update the user password.'))
if isinstance(response, http.HttpResponse):
return response
else:
return True
def handle(self, request, data):
user_id = data.pop('id')
password = data.pop('password')
admin_password = None
# Throw away the password confirmation, we're done with it.
data.pop('confirm_password', None)
# Verify admin password before changing user password
if getattr(settings, 'ENFORCE_PASSWORD_CHECK', False):
admin_password = data.pop('admin_password')
if not api.keystone.user_verify_admin_password(request,
admin_password):
self.api_error(_('The admin password is incorrect.'))
return False
try:
response = api.keystone.user_update_password(
request, user_id, password)
if user_id == request.user.id:
return utils.logout_with_message(
request,
_('Password changed. Please log in to continue.'),
redirect=False)
messages.success(request,
_('User password has been updated successfully.'))
except Exception:
response = exceptions.handle(request, ignore=True)
messages.error(request, _('Unable to update the user password.'))
if isinstance(response, http.HttpResponse):
return response
else:
return True
def user_update(request, user, use_idm_account=False, **data):
if use_idm_account:
manager = internal_keystoneclient(request).users
else:
manager = api.keystone.keystoneclient(request, admin=True).users
if not data['password']:
data.pop('password')
user = manager.update(user, **data)
if data.get('password') and user.id == request.user.id:
return utils.logout_with_message(
request, "Password changed. Please log in again to continue.")
def user_update(request, user, use_idm_account=False, **data):
if use_idm_account:
manager = internal_keystoneclient(request).users
else:
manager = api.keystone.keystoneclient(
request, admin=True).users
if not data['password']:
data.pop('password')
user = manager.update(user, **data)
if data.get('password') and user.id == request.user.id:
return utils.logout_with_message(
request,
"Password changed. Please log in again to continue."
)
def handle(self, request, data):
user_id = data.pop('id')
password = data.pop('password')
admin_password = None
# Throw away the password confirmation, we're done with it.
data.pop('confirm_password', None)
# Verify admin password before changing user password
if settings.ENFORCE_PASSWORD_CHECK:
admin_password = data.pop('admin_password')
if not api.keystone.user_verify_admin_password(
request, admin_password):
self.api_error(_('The admin password is incorrect.'))
return False
try:
response = api.keystone.user_update_password(request,
user_id,
password,
admin=False)
if user_id == request.user.id:
return utils.logout_with_message(
request,
_('Password changed. Please log in to continue.'),
redirect=False)
messages.success(request,
_('User password has been updated successfully.'))
except Exception as exc:
response = exceptions.handle(request, ignore=True)
match = re.match((r'The password does not match the '
r'requirements:(.*?) [(]HTTP 400[)]'), str(exc),
re.UNICODE | re.MULTILINE)
if match:
info = match.group(1)
messages.error(
request,
_('The password does not match the '
'requirements: %s') % info)
else:
messages.error(request,
_('Unable to update the user password.'))
if isinstance(response, http.HttpResponse):
return response
else:
return True
def user_update(request, user, **data):
manager = keystoneclient(request, admin=True).users
error = None
if not keystone_can_edit_user():
raise keystone_exceptions.ClientException(
405, _("Identity service does not allow editing user data."))
# The v2 API updates user model and default project separately
if VERSIONS.active < 3:
# Update user details
try:
user = manager.update(user, **data)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
except Exception:
error = exceptions.handle(request, ignore=True)
if "project" in data:
project = data.pop('project')
password = data.pop('password')
# Update default tenant
try:
user_update_tenant(request, user, project)
user.tenantId = project
except Exception:
error = exceptions.handle(request, ignore=True)
# Check for existing roles
# Show a warning if no role exists for the project
user_roles = roles_for_user(request, user, project)
if not user_roles:
messages.warning(
request,
_('User %s has no role defined for '
'that project.') % data.get('name', None))
if password:
email = data.pop('email')
LOG.info("v2 password:%s email:%s" % (password, email))
try:
user_update_password(request, user, password)
if user.id == request.user.id:
return utils.logout_with_message(
request,
_("Password changed. Please log in again to continue."
))
if email:
LOG.info("v2 send email")
send_mail(request, email, password)
except Exception:
error = exceptions.handle(request, ignore=True)
if error is not None:
raise error
# v3 API is so much simpler...
else:
try:
user = manager.update(user, **data)
password = data.pop('password')
if password:
email = data.pop('email')
LOG.info("v3 password:%s email:%s" % (password, email))
try:
user_update_password(request, user, password)
if user.id == request.user.id:
return utils.logout_with_message(
request,
_("Password changed. Please log in again to continue."
))
if email:
LOG.info("v3 send email")
send_mail(request, email, password)
except Exception:
error = exceptions.handle(request, ignore=True)
if error is not None:
raise error
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
