def search_users(self, firstName=None, lastName=None, userId=None, format="json", external="false", **kwargs): config = cherrypy.request.app.config['filelocker'] user, foundUsers, sMessages, fMessages, tooManyResults = ( cherrypy.session.get("user"), [], [], [], False) external = False if external.lower() != "true" else True try: if firstName is not None or lastName is not None or userId is not None: #Must have something to search on firstName = strip_tags(firstName) lastName = strip_tags(lastName) userId = strip_tags(userId) directory = AccountService.ExternalDirectory(external != True) foundUsers = directory.get_user_matches( firstName, lastName, userId) else: fMessages.append( "Please specify the first name, last name, or username of the user for whom you are searching" ) except Exception, e: if str(e) == "toomany": tooManyResults = True else: cherrypy.log.error( "[%s] [search_users] [Errors during directory search: %s]" % (user.id, str(fMessages))) fMessages.append(str(e))
def process_login(self, username, password, **kwargs): rootURL, local = cherrypy.request.app.config['filelocker'][ 'root_url'], False if kwargs.has_key("local") and kwargs['local'] == str(True): local = True username = strip_tags(username) if password is None or password == "": raise cherrypy.HTTPRedirect("%s/login?msg=3&local=%s" % (rootURL, str(local))) else: directory = AccountService.ExternalDirectory(local) if directory.authenticate(username, password): cherrypy.session['request-origin'] = str( os.urandom(32).encode('hex'))[0:32] currentUser = AccountService.get_user( username, True ) #if they are authenticated and local, this MUST return a user object if currentUser is not None: if not currentUser.authorized: raise cherrypy.HTTPError( 403, "You do not have permission to access this system") session.add( AuditLog( cherrypy.session.get("user").id, "Login", "User %s logged in successfully from IP %s" % (currentUser.id, Filelocker.get_client_address()))) session.commit() raise cherrypy.HTTPRedirect(rootURL) else: #This should only happen in the case of a user existing in the external directory, but having never logged in before try: newUser = directory.lookup_user(username) AccountService.install_user(newUser) currentUser = AccountService.get_user(username, True) if currentUser is not None and currentUser.authorized != False: raise cherrypy.HTTPRedirect(rootURL) else: raise cherrypy.HTTPError( 403, "You do not have permission to access this system" ) except Exception, e: return "Unable to install user: %s" % str(e) else: