def DBCreateNew(sUsername, sFullName, sAuthType, sPassword, sGeneratePW, sForcePasswordChange, sUserRole, sEmail, sStatus, sGroupArray): try: # TODO: All the password testing, etc. db = catocommon.new_conn() sNewID = catocommon.new_guid() if sAuthType == "local": if sPassword: if sPassword: result, msg = User.ValidatePassword(None, sPassword) if result: sEncPW = "'%s'" % catocommon.cato_encrypt(sPassword) else: return None, msg elif catocommon.is_true(sGeneratePW): sEncPW = "'%s'" % catocommon.cato_encrypt(catocommon.generate_password()) else: return None, "A password must be provided, or check the box to generate one." elif sAuthType == "ldap": sEncPW = " null" sSQL = "insert into users" \ " (user_id, username, full_name, authentication_type, force_change, email, status, user_role, user_password)" \ " values ('" + sNewID + "'," \ "'" + sUsername + "'," \ "'" + sFullName + "'," \ "'" + sAuthType + "'," \ "'" + sForcePasswordChange + "'," \ "'" + (sEmail if sEmail else "") + "'," \ "'" + sStatus + "'," \ "'" + sUserRole + "'," \ "" + sEncPW + "" \ ")" if not db.tran_exec_noexcep(sSQL): if db.error == "key_violation": return None, "A User with that Login ID already exists. Please select another." else: return None, db.error db.tran_commit() if sGroupArray: # if we can't create groups we don't actually fail... for tag in sGroupArray: sql = "insert object_tags (object_type, object_id, tag_name) values (1, '%s','%s')" % (sNewID, tag) if not db.exec_db_noexcep(sql): print "Error creating Groups for new user %s." % sNewID # now it's inserted... lets get it back from the db as a complete object for confirmation. u = User() u.FromID(sNewID) u.AddPWToHistory(sEncPW) return u, None except Exception, ex: raise ex
def DBCreateNew(username, fullname, role, password, generatepw, authtype="local", forcechange=1, email=None, status=1, expires=None, groups=None): # TODO: All the password testing, etc. db = catocommon.new_conn() # all sorts of validation if re.match("^[\a-zA-Z0-9_.-@]+$", username) is None: raise Exception("Usernames cannot contain spaces or any characters other than letters, numbers or these chars [_.@-].") newid = catocommon.new_guid() authtype = authtype if authtype else "local" forcechange = 0 if forcechange == 0 or forcechange == "0" else 1 email = email if email else "" encpw = None if authtype == "local": if password: result, msg = User.ValidatePassword(None, password) if result: encpw = catocommon.cato_encrypt(password) else: raise Exception(msg) elif catocommon.is_true(generatepw): encpw = catocommon.cato_encrypt(catocommon.generate_password()) else: raise Exception("A password must be provided, or check the box to generate one.") if role not in ("Administrator", "Developer", "User"): raise Exception("Role must be 'Administrator', 'Developer', or 'User'.") pw2insert = "'%s'" % encpw if encpw else " null" ex2insert = ("str_to_date('{0}', '%%m/%%d/%%Y')".format(expires) if expires else " null") sql = """insert into users (user_id, username, full_name, authentication_type, force_change, email, status, user_role, user_password, expiration_dt) values ('%s', '%s', '%s', '%s', %s, '%s', '%s', '%s', %s, %s)""" % (newid, username, fullname, authtype, forcechange, email, status, role, pw2insert, ex2insert) if not db.tran_exec_noexcep(sql): if db.error == "key_violation": raise Exception("A User with that Login ID already exists. Please select another.") else: raise Exception(db.error) db.tran_commit() if groups: # if we can't create groups we don't actually fail... sql = "select group_concat(tag_name order by tag_name separator ',') as tags from tags" alltags = db.select_col_noexcep(sql) if alltags: alltags = alltags.split(",") for tag in groups: if tag in alltags: sql = "insert object_tags (object_type, object_id, tag_name) values (1, '%s','%s')" % (newid, tag) if not db.exec_db_noexcep(sql): logger.error("Error creating Groups for new user %s." % newid) # now it's inserted... lets get it back from the db as a complete object for confirmation. u = User() u.FromID(newid) u.AddPWToHistory(encpw) db.close() return u
def ChangePassword(self, new_password=None, generate=False, force_change=True): """ Updating a user password is a different function with extra rules, so it's kept separate from the DBUpdate function. You cannot explicitly change a password, AND do the Generate function, so if a password is set it'll use it and continue, otherwise it'll generate. """ if not new_password and not self.Email: raise InfoException("Unable to generate a random password - User [%s] does not have an email address defined." % (self.FullName)) if not new_password and not generate: raise InfoException("Unable to reset password - New password is required or random generation option must be specified.") return False # TODO: maybe have a setting for the application url in the email? # TODO: should have the ability to use a configurable "company" name in the email db = catocommon.new_conn() # only do the password if _NewPassword exists on the object. # NOTE: no function that inits a user will set a password property, so it must've been set explicitly if new_password: logger.info("Updating password for User [%s]" % (self.FullName)) result, msg = User.ValidatePassword(self.ID, new_password) if result: sql = "update users set user_password = %s where user_id = %s" db.exec_db(sql, (catocommon.cato_encrypt(new_password), self.ID)) # this flag can be reset from the calling function at it's discretion. # for example, if the user making the request IS the user being changed, # which we don't know at this point. if not force_change: sql = "update users set force_change = 0 where user_id = %s" db.exec_db(sql, (self.ID)) body = """%s - your password has been reset by an Administrator.""" % (self.FullName) if self.Email: catocommon.send_email_via_messenger(self.Email, "Cloud Sidekick - Account Information", body) else: logger.warning("Attempt to send a password message failed - User [%s] has no email defined." % (self.FullName)) else: raise InfoException(msg) # Here's something special... # If the arg "_NewRandomPassword" was provided and is true... # Generate a new password and send out an email. # IF for some reason this AND a password were provided, it means someone is hacking # (We don't do both of them at the same time.) # so the provided one takes precedence. if generate: logger.info("Generating a new password for User [%s]" % (self.FullName)) sNewPassword = catocommon.generate_password() sql = "update users set force_change = 1, user_password = %s where user_id = %s" db.exec_db(sql, (catocommon.cato_encrypt(sNewPassword), self.ID)) s_set = settings.settings.security() body = s_set.NewUserMessage if not body: body = """%s - your password has been reset by an Administrator.\n\n Your temporary password is: %s.""" % (self.FullName, sNewPassword) # replace our special tokens with the values body = body.replace("##FULLNAME##", self.FullName).replace("##USERNAME##", self.LoginID).replace("##PASSWORD##", sNewPassword) if self.Email: catocommon.send_email_via_messenger(self.Email, "Cloud Sidekick - Account Information", body) else: logger.warning("Attempt to send a password message failed - User [%s] has no email defined." % (self.FullName)) # f !uiCommon.SendEmailMessage(sEmail.strip(), ag.APP_COMPANYNAME + " Account Management", "Account Action in " + ag.APP_NAME, sBody, 0000BYREF_ARG0000sErr: db.close() return True