def put(self, request, email): # basic user info check is_staff = request.data.get("is_staff", None) if is_staff: try: is_staff = to_python_boolean(is_staff) except ValueError: error_msg = 'is_staff invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) is_active = request.data.get("is_active", None) if is_active: try: is_active = to_python_boolean(is_active) except ValueError: error_msg = 'is_active invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # additional user info check role = request.data.get("role", None) if role: available_roles = get_available_roles() if role.lower() not in available_roles: error_msg = 'role must be in %s.' % str(available_roles) return api_error(status.HTTP_400_BAD_REQUEST, error_msg) name = request.data.get("name", None) if name: if len(name) > 64: error_msg = 'Name is too long (maximum is 64 characters).' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if "/" in name: error_msg = "Name should not include '/'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # argument check for login_id login_id = request.data.get("login_id", None) if login_id is not None: login_id = login_id.strip() username_by_login_id = Profile.objects.get_username_by_login_id( login_id) if username_by_login_id is not None: return api_error(status.HTTP_400_BAD_REQUEST, _(u"Login id %s already exists." % login_id)) reference_id = request.data.get("reference_id", "").strip() if reference_id: if ' ' in reference_id: return api_error(status.HTTP_400_BAD_REQUEST, 'Reference ID can not contain spaces.') primary_id = ccnet_api.get_primary_id(reference_id) if primary_id: return api_error( status.HTTP_400_BAD_REQUEST, 'Reference ID %s already exists.' % reference_id) department = request.data.get("department", None) if department: if len(department) > 512: error_msg = "Department is too long (maximum is 512 characters)." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) quota_total_mb = request.data.get("quota_total", None) if quota_total_mb: try: quota_total_mb = int(quota_total_mb) except ValueError: error_msg = "Must be an integer that is greater than or equal to 0." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if quota_total_mb < 0: error_msg = "Space quota is too low (minimum value is 0)." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if is_org_context(request): org_id = request.user.org.org_id org_quota_mb = seafile_api.get_org_quota(org_id) / \ get_file_size_unit('MB') if quota_total_mb > org_quota_mb: error_msg = 'Failed to set quota: maximum quota is %d MB' % org_quota_mb return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # query user info try: user_obj = User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: update_user_info(request, user_obj) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) user_info = get_user_info(email) return Response(user_info)
def process_request(self, request): if request.path.rstrip('/') != settings.SITE_ROOT + 'sso': return # AuthenticationMiddleware is required so that request.user exists. if not hasattr(request, 'user'): raise ImproperlyConfigured( "The Django remote user auth middleware requires the" " authentication middleware to be installed. Edit your" " MIDDLEWARE setting to insert" " 'django.contrib.auth.middleware.AuthenticationMiddleware'" " before the RemoteUserMiddleware class.") # To support logout. If this variable is True, do not # authenticate user and return now. if request.session.get(LOGOUT_SESSION_KEY) is True: return else: # Delete the shib reauth session key if present. request.session.pop(LOGOUT_SESSION_KEY, None) # Locate the remote user header. # import pprint; pprint.pprint(request.META) try: username = request.META[SHIB_USER_HEADER] except KeyError: # If specified header doesn't exist then return (leaving # request.user set to AnonymousUser by the # AuthenticationMiddleware). return p_id = ccnet_api.get_primary_id(username) if p_id is not None: username = p_id # If the user is already authenticated and that user is the user we are # getting passed in the headers, then the correct user is already # persisted in the session and we don't need to continue. if request.user.is_authenticated(): if request.user.username == username: if request.user.is_staff: update_sudo_mode_ts(request) return # Make sure we have all required Shiboleth elements before proceeding. shib_meta, error = self.parse_attributes(request) # Add parsed attributes to the session. request.session['shib'] = shib_meta if error: raise ShibbolethValidationError("All required Shibboleth elements" " not found. %s" % shib_meta) # We are seeing this user for the first time in this session, attempt # to authenticate the user. user = auth.authenticate(remote_user=username, shib_meta=shib_meta) if user: if not user.is_active: return HttpResponseRedirect(reverse('shib_complete')) # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user auth.login(request, user) user.set_unusable_password() user.save() # call make profile. self.make_profile(user, shib_meta) if CUSTOM_SHIBBOLETH_GET_USER_ROLE: user_role = custom_shibboleth_get_user_role(shib_meta) if user_role: ccnet_api.update_role_emailuser(user.email, user_role) else: user_role = self.update_user_role(user, shib_meta) else: user_role = self.update_user_role(user, shib_meta) if user_role: self.update_user_quota(user, user_role) # setup session. self.setup_session(request) request.shib_login = True
def validate(self, attrs): login_id = attrs.get('username') password = attrs.get('password') platform = attrs.get('platform', None) device_id = attrs.get('device_id', None) device_name = attrs.get('device_name', None) client_version = attrs.get('client_version', None) platform_version = attrs.get('platform_version', None) v2_fields = (platform, device_id, device_name) # Decide the version of token we need if all_none(v2_fields): v2 = False elif all_not_none(v2_fields): v2 = True else: raise serializers.ValidationError('invalid params') if login_id and password: user = authenticate(username=login_id, password=password) if user: if not user.is_active: raise serializers.ValidationError( 'User account is disabled.') else: """try login id/contact email/primary id""" # convert login id or contact email to username if any username = Profile.objects.convert_login_str_to_username( login_id) # convert username to primary id if any p_id = ccnet_api.get_primary_id(username) if p_id is not None: username = p_id user = authenticate(username=username, password=password) if user is None: raise serializers.ValidationError( 'Unable to login with provided credentials.') else: raise serializers.ValidationError( 'Must include "username" and "password"') self._two_factor_auth(self.context['request'], user) # Now user is authenticated if v2: if platform in DESKTOP_PLATFORMS: if not user.permissions.can_connect_with_desktop_clients(): raise serializers.ValidationError( 'Not allowed to connect to desktop client.') elif platform == 'android': if not user.permissions.can_connect_with_android_clients(): raise serializers.ValidationError( 'Not allowed to connect to android client.') elif platform == 'ios': if not user.permissions.can_connect_with_ios_clients(): raise serializers.ValidationError( 'Not allowed to connect to ios client.') else: logger.info('%s: unrecognized device' % login_id) token = get_token_v2(self.context['request'], user.username, platform, device_id, device_name, client_version, platform_version) else: token = get_token_v1(user.username) return token.key
def put(self, request, email): if not request.user.admin_permissions.can_manage_user(): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') # basic user info check is_staff = request.data.get("is_staff", None) if is_staff: try: is_staff = to_python_boolean(is_staff) except ValueError: error_msg = 'is_staff invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) is_active = request.data.get("is_active", None) if is_active: try: is_active = to_python_boolean(is_active) except ValueError: error_msg = 'is_active invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # additional user info check role = request.data.get("role", None) if role: available_roles = get_available_roles() if role not in available_roles: error_msg = 'role must be in %s.' % str(available_roles) return api_error(status.HTTP_400_BAD_REQUEST, error_msg) name = request.data.get("name", None) if name: if len(name) > 64: error_msg = 'Name is too long (maximum is 64 characters).' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if "/" in name: error_msg = "Name should not include '/'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # argument check for login_id login_id = request.data.get("login_id", None) if login_id is not None: login_id = login_id.strip() username_by_login_id = Profile.objects.get_username_by_login_id( login_id) if username_by_login_id is not None: return api_error(status.HTTP_400_BAD_REQUEST, _("Login id %s already exists." % login_id)) contact_email = request.data.get("contact_email", None) if contact_email is not None and contact_email.strip() != '': if not is_valid_email(contact_email): error_msg = 'Contact email invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) password = request.data.get("password") reference_id = request.data.get("reference_id", None) if reference_id: if ' ' in reference_id: return api_error(status.HTTP_400_BAD_REQUEST, 'Reference ID can not contain spaces.') primary_id = ccnet_api.get_primary_id(reference_id) if primary_id: return api_error( status.HTTP_400_BAD_REQUEST, 'Reference ID %s already exists.' % reference_id) quota_total_mb = request.data.get("quota_total", None) if quota_total_mb: try: quota_total_mb = int(quota_total_mb) except ValueError: error_msg = "Must be an integer that is greater than or equal to 0." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if quota_total_mb < 0: error_msg = "Space quota is too low (minimum value is 0)." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if is_org_context(request): org_id = request.user.org.org_id org_quota_mb = seafile_api.get_org_quota(org_id) / \ get_file_size_unit('MB') if quota_total_mb > org_quota_mb: error_msg = 'Failed to set quota: maximum quota is %d MB' % org_quota_mb return api_error(status.HTTP_400_BAD_REQUEST, error_msg) institution = request.data.get("institution", None) if institution: try: Institution.objects.get(name=institution) except Institution.DoesNotExist: error_msg = 'Institution %s does not exist' % institution return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # query user info try: user_obj = User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: update_user_info(request, user=user_obj, password=password, is_active=is_active, is_staff=is_staff, role=role, nickname=name, login_id=login_id, contact_email=contact_email, reference_id=reference_id, quota_total_mb=quota_total_mb, institution_name=institution) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # update user try: user_obj.save() except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) update_status_tip = '' if is_active is not None: update_status_tip = _('Edit succeeded') if user_obj.is_active and IS_EMAIL_CONFIGURED: try: send_html_email( _(u'Your account on %s is activated') % get_site_name(), 'sysadmin/user_activation_email.html', {'username': user_obj.email}, None, [email2contact_email(user_obj.email)]) update_status_tip = _( 'Edit succeeded, an email has been sent.') except Exception as e: logger.error(e) update_status_tip = _( 'Edit succeeded, but failed to send email, please check your email configuration.' ) user_info = get_user_info(email) user_info['update_status_tip'] = update_status_tip return Response(user_info)
def get_primary_id_by_username(self, username): """Get user's primary id in case the username is changed. """ p_id = ccnet_api.get_primary_id(username) return p_id if p_id is not None else username
def validate(self, attrs): login_id = attrs.get('username') password = attrs.get('password') platform = attrs.get('platform', None) device_id = attrs.get('device_id', None) device_name = attrs.get('device_name', None) client_version = attrs.get('client_version', None) platform_version = attrs.get('platform_version', None) v2_fields = (platform, device_id, device_name) # Decide the version of token we need if all_none(v2_fields): v2 = False elif all_not_none(v2_fields): v2 = True else: raise serializers.ValidationError('invalid params') if login_id and password: user = authenticate(username=login_id, password=password) if user: if not user.is_active: raise serializers.ValidationError('User account is disabled.') else: """try login id/contact email/primary id""" # convert login id or contact email to username if any username = Profile.objects.convert_login_str_to_username(login_id) # convert username to primary id if any p_id = ccnet_api.get_primary_id(username) if p_id is not None: username = p_id user = authenticate(username=username, password=password) if user is None: raise serializers.ValidationError('Unable to login with provided credentials.') else: raise serializers.ValidationError('Must include "username" and "password"') self._two_factor_auth(self.context['request'], user) # Now user is authenticated if v2: if platform in DESKTOP_PLATFORMS: if not user.permissions.can_connect_with_desktop_clients(): raise serializers.ValidationError('Not allowed to connect to desktop client.') elif platform == 'android': if not user.permissions.can_connect_with_android_clients(): raise serializers.ValidationError('Not allowed to connect to android client.') elif platform == 'ios': if not user.permissions.can_connect_with_ios_clients(): raise serializers.ValidationError('Not allowed to connect to ios client.') else: logger.info('%s: unrecognized device' % login_id) token = get_token_v2(self.context['request'], user.username, platform, device_id, device_name, client_version, platform_version) else: token = get_token_v1(user.username) return token.key
def put(self, request, email): # basic user info check is_staff = request.data.get("is_staff", None) if is_staff: try: is_staff = to_python_boolean(is_staff) except ValueError: error_msg = 'is_staff invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) is_active = request.data.get("is_active", None) if is_active: try: is_active = to_python_boolean(is_active) except ValueError: error_msg = 'is_active invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # additional user info check role = request.data.get("role", None) if role: available_roles = get_available_roles() if role.lower() not in available_roles: error_msg = 'role must be in %s.' % str(available_roles) return api_error(status.HTTP_400_BAD_REQUEST, error_msg) name = request.data.get("name", None) if name: if len(name) > 64: error_msg = 'Name is too long (maximum is 64 characters).' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if "/" in name: error_msg = "Name should not include '/'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # argument check for login_id login_id = request.data.get("login_id", None) if login_id is not None: login_id = login_id.strip() username_by_login_id = Profile.objects.get_username_by_login_id(login_id) if username_by_login_id is not None: return api_error(status.HTTP_400_BAD_REQUEST, _(u"Login id %s already exists." % login_id)) contact_email = request.data.get("contact_email", None) if contact_email is not None and contact_email.strip() != '': if not is_valid_email(contact_email): error_msg = 'Contact email invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) profile = Profile.objects.get_profile_by_contact_email(contact_email) if profile: error_msg = 'Contact email %s already exists.' % contact_email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) reference_id = request.data.get("reference_id", "") if reference_id: if ' ' in reference_id: return api_error(status.HTTP_400_BAD_REQUEST, 'Reference ID can not contain spaces.') primary_id = ccnet_api.get_primary_id(reference_id) if primary_id: return api_error(status.HTTP_400_BAD_REQUEST, 'Reference ID %s already exists.' % reference_id) department = request.data.get("department", None) if department: if len(department) > 512: error_msg = "Department is too long (maximum is 512 characters)." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) quota_total_mb = request.data.get("quota_total", None) if quota_total_mb: try: quota_total_mb = int(quota_total_mb) except ValueError: error_msg = "Must be an integer that is greater than or equal to 0." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if quota_total_mb < 0: error_msg = "Space quota is too low (minimum value is 0)." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if is_org_context(request): org_id = request.user.org.org_id org_quota_mb = seafile_api.get_org_quota(org_id) / \ get_file_size_unit('MB') if quota_total_mb > org_quota_mb: error_msg = 'Failed to set quota: maximum quota is %d MB' % org_quota_mb return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # query user info try: user_obj = User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: update_user_info(request, user_obj) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) user_info = get_user_info(email) return Response(user_info)
def get_primary_id_by_username(self, username): """Get user's primary id in case the username is changed. """ p_id = ccnet_api.get_primary_id(username) return p_id if p_id is not None else username