def import_users(self):
"""Return location and internal location records."""
def _commit_user(user_data):
"""Commit new user in db."""
user = User(**self.import_user(user_data))
db.session.add(user)
db.session.commit()
return user.id
for ldap_user in self.ldap_users:
print("Importing user with person id {}".format(
ldap_user["employeeID"][0].decode("utf8")))
user_id = _commit_user(ldap_user)
identity = UserIdentity(
**self.import_user_identity(user_id, ldap_user))
db.session.add(identity)
profile = UserProfile(
**self.import_user_profile(user_id, ldap_user))
db.session.add(profile)
client_id = (current_app.config.get(
"CERN_APP_CREDENTIALS", {}).get("consumer_key") or "CLIENT_ID")
remote_account = RemoteAccount(client_id=client_id,
**self.import_remote_account(
user_id, ldap_user))
db.session.add(remote_account)
db.session.commit()
def system_user(app, db):
"""Create a regular system user."""
user = User(**dict(email="*****@*****.**", active=True))
db.session.add(user)
db.session.commit()
user_id = user.id
identity = UserIdentity(**dict(id="1", method="cern", id_user=user_id))
db.session.add(identity)
profile = UserProfile(
**dict(
user_id=user_id,
_displayname="id_" + str(user_id),
full_name="System User",
)
)
db.session.add(profile)
remote_account = RemoteAccount(
client_id="CLIENT_ID",
**dict(
user_id=user_id,
extra_data=dict(person_id="1", department="Department"),
)
)
db.session.add(remote_account)
db.session.commit()
return user
def _import_users(users, users_identities, users_profiles,
remote_accounts):
"""Import users in db."""
click.secho('Migrating {0} users'.format(len(users)), fg='green')
for user in users:
user = User(**user)
db.session.add(user)
click.secho('Migrating {0} user identities'.format(
len(users_identities)),
fg='green')
for identity in users_identities:
user_identity = UserIdentity(**identity)
db.session.add(user_identity)
click.secho('Migrating {0} user profiles'.format(len(users_profiles)),
fg='green')
for profile in users_profiles:
user_profile = UserProfile(**profile)
db.session.add(user_profile)
click.secho('Migrating {0} remote accoutns'.format(
len(remote_accounts)),
fg='green')
client_id = current_app.config['CERN_APP_CREDENTIALS']['consumer_key']
for account in remote_accounts:
remote_account = RemoteAccount(client_id=client_id, **account)
db.session.add(remote_account)
db.session.commit()
def patron1(app, db):
"""Create a patron user."""
user = User(**dict(email="*****@*****.**", active=True))
db.session.add(user)
db.session.commit()
user_id = user.id
identity = UserIdentity(**dict(id="1", method="cern", id_user=user_id))
db.session.add(identity)
profile = UserProfile(
**dict(
user_id=user_id,
_displayname="id_" + str(user_id),
full_name="System User",
)
)
db.session.add(profile)
client_id = app.config["CERN_APP_OPENID_CREDENTIALS"]["consumer_key"]
remote_account = RemoteAccount(
client_id=client_id,
**dict(
user_id=user_id,
extra_data=dict(person_id="1", department="Department"),
)
)
db.session.add(remote_account)
db.session.commit()
return user
def update(self, data):
"""User record update.
:param data - dictionary representing a user record to update
"""
from ..patrons.listener import update_from_profile
self._validate(data=data)
email = data.pop('email', None)
roles = data.pop('roles', None)
user = self.user
with db.session.begin_nested():
if user.profile is None:
user.profile = UserProfile(user_id=user.id)
profile = user.profile
for field in self.profile_fields:
if field == 'birth_date':
setattr(profile, field,
datetime.strptime(data.get(field), '%Y-%m-%d'))
else:
setattr(profile, field, data.get(field, ''))
# change password
if data.get('password'):
user.password = hash_password(data['password'])
if email and email != user.email:
user.email = email
# remove the email from user data
elif not email and user.email:
user.email = None
db.session.merge(user)
db.session.commit()
confirm_user(user)
update_from_profile('user', self.user.profile)
return self
def create_invenio_user_profile(self, user_id, ldap_user):
"""Return new user profile."""
display_name = ldap_user["user_profile_full_name"]
return UserProfile(
user_id=user_id,
_displayname="id_{}".format(user_id),
full_name=display_name,
)
def create_userprofile_for(email, username, full_name):
"""Create a fake user profile."""
user = User.query.filter_by(email=email).one_or_none()
if user:
profile = UserProfile(user_id=int(user.get_id()))
profile.username = username
profile.full_name = full_name
db.session.add(profile)
db.session.commit()
def test_template_filter(app):
"""Test template filter."""
with app.app_context():
user = User(email='*****@*****.**', password='******')
db.session.add(user)
db.session.commit()
user.profile = UserProfile(username='******', full_name='name')
db.session.commit()
assert userprofile(user.profile.user_id) == user.profile
def authorize(name):
ui_flag = session.pop('ui', None)
client = current_auth.create_client(name)
try:
token = client.authorize_access_token()
except HTTPException:
return render_template(
current_app.config['AUTHENTICATION_POPUP_TEMPLATE'],
msg=f'Access not provided to {name} service.'), 400
configs = OAUTH_SERVICES.get(name.upper(), {})
extra_data_method = configs.get('extra_data_method')
# TOFIX Add error handlers for reject, auth errors, etc
extra_data = {}
if extra_data_method:
extra_data = extra_data_method(client, token)
_token = _create_or_update_token(name, token)
_token.extra_data = extra_data
db.session.add(_token)
# Add extra data to user profile.
# If user profile doesn't exist yet, it creates one.
_profile = UserProfile.get_by_userid(current_user.id)
if not _profile:
_profile = UserProfile(user_id=current_user.id)
db.session.add(_profile)
profile_data = get_oauth_profile(name, token=_token, client=client)
if _profile.extra_data:
profile_services = _profile.extra_data.get("services", {})
else:
profile_services = {}
profile_services[name] = profile_data
_profile.extra_data = {"services": profile_services}
flag_modified(_profile, "extra_data")
db.session.commit()
if ui_flag:
return render_template(
current_app.config['AUTHENTICATION_POPUP_TEMPLATE'],
msg=f'Authorization to {name} succeeded.'), 302
else:
return jsonify({"message": f"Authorization to {name} succeeded."}), 200
def authorize(name):
ui_flag = session.pop('ui', None)
client = current_auth.create_client(name)
token = client.authorize_access_token()
configs = OAUTH_SERVICES.get(name.upper(), {})
extra_data_method = configs.get('extra_data_method')
# TOFIX Add error handlers for reject, auth errors, etc
extra_data = {}
if extra_data_method:
extra_data = extra_data_method(client, token)
_token = _create_or_update_token(name, token)
_token.extra_data = extra_data
db.session.add(_token)
# Add extra data to user profile.
# If user profile doesn't exist yet, it creates one.
_profile = UserProfile.get_by_userid(current_user.id)
if not _profile:
_profile = UserProfile(user_id=current_user.id)
db.session.add(_profile)
profile_data = get_oauth_profile(name, token=_token, client=client)
if _profile.extra_data:
profile_services = _profile.extra_data.get("services", {})
else:
profile_services = {}
profile_services[name] = profile_data
_profile.extra_data = {"services": profile_services}
flag_modified(_profile, "extra_data")
db.session.commit()
if ui_flag:
if current_app.config['DEBUG']:
redirect_url = "http://localhost:3000/settings/auth/connect"
else:
redirect_url = "/settings/auth/connect"
return redirect(redirect_url)
else:
return jsonify(
{"message": "Authorization to {} succeeded".format(name)}), 200
def patron2(app, db):
"""Create a patron user without remote account."""
user = User(**dict(email="*****@*****.**", active=True))
db.session.add(user)
db.session.commit()
user_id = user.id
profile = UserProfile(
**dict(
user_id=user_id,
_displayname="id_" + str(user_id),
full_name="System User",
)
)
db.session.add(profile)
db.session.commit()
return user
def sync_user_and_profile(cls, data):
"""Create or update the rero user with the patron data.
:param data - dict representing the patron data
"""
created = False
# start a session to be able to rollback if the data are not valid
user = cls._get_user_by_data(data)
with db.session.begin_nested():
# need to create the user
if not user:
birth_date = data.get('birth_date')
# sanity check
if not birth_date:
raise RecordValidationError('birth_date field is required')
# the default password is the birth date
user = User(email=data.get('email'),
password=hash_password(birth_date),
profile=dict(),
active=True)
db.session.add(user)
created = True
else:
if user.email != data.get('email'):
user.email = data.get('email')
# update all common fields
if user.profile is None:
user.profile = UserProfile(user_id=user.id)
profile = user.profile
for field in cls.profile_fields:
# date field need conversion
if field == 'birth_date':
setattr(profile, field,
datetime.strptime(data.get(field), '%Y-%m-%d'))
elif field == 'keep_history':
setattr(profile, field,
data.get('patron', {}).get(field, True))
else:
setattr(profile, field, data.get(field, ''))
db.session.merge(user)
data['user_id'] = user.id
if created:
# the fresh created user
return user
def _register_or_update_user(entries, user_account=None):
"""Register or update a user."""
email = entries[app.config['LDAPCLIENT_EMAIL_ATTRIBUTE']].values[0]
username = entries[app.config['LDAPCLIENT_USERNAME_ATTRIBUTE']].values[0]
if 'LDAPCLIENT_FULL_NAME_ATTRIBUTE' in app.config:
full_name = entries[
app.config['LDAPCLIENT_FULL_NAME_ATTRIBUTE']].values[0]
if user_account is None:
kwargs = dict(email=email, active=True, password=uuid.uuid4().hex)
_datastore.create_user(**kwargs)
user_account = User.query.filter_by(email=email).one_or_none()
profile = UserProfile(user_id=int(user_account.get_id()))
else:
user_account.email = email
db.session.add(user_account)
profile = user_account.profile
profile.full_name = full_name
profile.username = username
db.session.add(profile)
return user_account