def user_update(context, data_dict):
"""Updates the user\'s details"""
model = context["model"]
user = context["user"]
session = context["session"]
schema = context.get("schema") or default_update_user_schema()
id = data_dict["id"]
user_obj = model.User.get(id)
context["user_obj"] = user_obj
if user_obj is None:
raise NotFound("User was not found.")
check_access("user_update", context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors, group_error_summary(errors))
user = user_dict_save(data, context)
activity_dict = {"user_id": user.id, "object_id": user.id, "activity_type": "changed user"}
activity_create_context = {"model": model, "user": user, "defer_commit": True, "session": session}
from ckan.logic.action.create import activity_create
activity_create(activity_create_context, activity_dict, ignore_auth=True)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
if not context.get("defer_commit"):
model.repo.commit()
return user_dictize(user, context)
def user_update(context, data_dict):
'''Updates the user\'s details'''
model = context['model']
user = context['user']
schema = context.get('schema') or default_update_user_schema()
id = data_dict['id']
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
check_access('user_update', context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
model.Session.rollback()
raise ValidationError(errors, group_error_summary(errors))
user = user_dict_save(data, context)
if not context.get('defer_commit'):
model.repo.commit()
return user_dictize(user, context)
def user_update(context, data_dict):
'''Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account.
For further parameters see
:py:func:`~ckan.logic.action.create.user_create`.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
'''
model = context['model']
user = context['user']
session = context['session']
schema = context.get('schema') or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
_check_access('user_update', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
# user schema prevents non-sysadmins from providing password_hash
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user',
}
activity_create_context = {
'model': model,
'user': user,
'defer_commit': True,
'ignore_auth': True,
'session': session
}
_get_action('activity_create')(activity_create_context, activity_dict)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
if not context.get('defer_commit'):
model.repo.commit()
return model_dictize.user_dictize(user, context)
def user_update(context, data_dict):
'''Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account.
For further parameters see
:py:func:`~ckan.logic.action.create.user_create`.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
'''
model = context['model']
user = context['user']
session = context['session']
schema = context.get('schema') or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
_check_access('user_update', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
# user schema prevents non-sysadmins from providing password_hash
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user',
}
activity_create_context = {
'model': model,
'user': user,
'defer_commit': True,
'ignore_auth': True,
'session': session
}
_get_action('activity_create')(activity_create_context, activity_dict)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
if not context.get('defer_commit'):
model.repo.commit()
return model_dictize.user_dictize(user, context)
def user_update(context, data_dict):
"""Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account.
For further parameters see
:py:func:`~ckan.logic.action.create.user_create`.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
"""
model = context["model"]
user = context["user"]
session = context["session"]
schema = context.get("schema") or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, "id")
user_obj = model.User.get(id)
context["user_obj"] = user_obj
if user_obj is None:
raise NotFound("User was not found.")
_check_access("user_update", context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
# user schema prevents non-sysadmins from providing password_hash
if "password_hash" in data:
data["_password"] = data.pop("password_hash")
user = model_save.user_dict_save(data, context)
activity_dict = {"user_id": user.id, "object_id": user.id, "activity_type": "changed user"}
activity_create_context = {
"model": model,
"user": user,
"defer_commit": True,
"ignore_auth": True,
"session": session,
}
_get_action("activity_create")(activity_create_context, activity_dict)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
if not context.get("defer_commit"):
model.repo.commit()
return model_dictize.user_dictize(user, context)
def custom_update_user_schema(form_schema=False):
schema = default_update_user_schema()
schema['password'] = [custom_user_password_validator,
toolkit.get_validator('user_password_not_empty'),
toolkit.get_validator('ignore_missing'),
unicode]
if form_schema:
schema['password'] = [toolkit.get_validator('ignore_missing')]
schema['password1'] = [toolkit.get_validator('ignore_missing'),
custom_user_password_validator,
toolkit.get_validator('user_passwords_match'),
unicode]
schema['password2'] = [toolkit.get_validator('ignore_missing'),
unicode]
return schema
def user_update(context, data_dict):
"""Updates the user's details"""
model = context["model"]
user = context["user"]
schema = context.get("schema") or default_update_user_schema()
id = data_dict["id"]
user_obj = model.User.get(id)
context["user_obj"] = user_obj
if user_obj is None:
raise NotFound("User was not found.")
check_access("user_update", context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
model.Session.rollback()
raise ValidationError(errors, group_error_summary(errors))
user = user_dict_save(data, context)
model.repo.commit()
return user_dictize(user, context)
def user_update(context, data_dict):
'''Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account. Can not modify exisiting user's name.
.. note:: Update methods may delete parameters not explicitly provided in the
data_dict. If you want to edit only a specific attribute use `user_patch`
instead.
For further parameters see
:py:func:`~ckan.logic.action.create.user_create`.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
'''
model = context['model']
user = author = context['user']
session = context['session']
schema = context.get('schema') or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
_check_access('user_update', context, data_dict)
upload = uploader.get_uploader('user')
upload.update_data_dict(data_dict, 'image_url',
'image_upload', 'clear_upload')
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
# user schema prevents non-sysadmins from providing password_hash
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user',
}
activity_create_context = {
'model': model,
'user': author,
'defer_commit': True,
'ignore_auth': True,
'session': session
}
_get_action('activity_create')(activity_create_context, activity_dict)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
upload.upload(uploader.get_max_image_size())
if not context.get('defer_commit'):
model.repo.commit()
author_obj = model.User.get(context.get('user'))
include_plugin_extras = False
if author_obj:
include_plugin_extras = author_obj.sysadmin and 'plugin_extras' in data
user_dict = model_dictize.user_dictize(
user, context, include_plugin_extras=include_plugin_extras)
return user_dict
def user_update(context: Context, data_dict: DataDict) -> ActionResult.UserUpdate:
'''Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account. Can not modify exisiting user's name.
.. note:: Update methods may delete parameters not explicitly provided in the
data_dict. If you want to edit only a specific attribute use `user_patch`
instead.
For further parameters see
:py:func:`~ckan.logic.action.create.user_create`.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
'''
model = context['model']
user = context['user']
session = context['session']
schema = context.get('schema') or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
if user_obj is None:
raise NotFound('User was not found.')
context['user_obj'] = user_obj
_check_access('user_update', context, data_dict)
upload = uploader.get_uploader('user')
upload.update_data_dict(data_dict, 'image_url',
'image_upload', 'clear_upload')
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
# user schema prevents non-sysadmins from providing password_hash
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
upload.upload(uploader.get_max_image_size())
if not context.get('defer_commit'):
with logic.guard_against_duplicated_email(data_dict['email']):
model.repo.commit()
author_obj = model.User.get(context.get('user'))
include_plugin_extras = False
if author_obj:
include_plugin_extras = author_obj.sysadmin and 'plugin_extras' in data
user_dict = model_dictize.user_dictize(
user, context, include_plugin_extras=include_plugin_extras)
return user_dict
def user_update(context, data_dict):
'''Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account. Can not modify exisiting user's name.
For further parameters see
:py:func:`~ckan.logic.action.create.user_create`.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
'''
model = context['model']
user = context['user']
session = context['session']
schema = context.get('schema') or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
_check_access('user_update', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
# user schema prevents non-sysadmins from providing password_hash
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
# TODO: remove hack to update API Key in CAS database
log.info('Updating Api Key in CAS Database')
sql = 'UPDATE users SET apikey = %s WHERE username = %s'
conn = None
updated_rows = 0
try:
log.info('apikey = ' + data['apikey'])
log.info('username = '******'name'])
log.info('connecting to cas')
conn = psycopg2.connect(
"dbname=casino_ar_prod_users user=cas_default password=casPWnasaace"
)
cur = conn.cursor()
log.info('connected')
cur.execute(sql, (data['apikey'], data['name']))
updated_rows = cur.rowcount
conn.commit()
log.info('user apikey updated')
cur.close()
except (Exception, psycopg2.DatabaseError) as error:
log.error(error)
finally:
if conn is not None:
conn.close()
#end hack
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user',
}
activity_create_context = {
'model': model,
'user': user,
'defer_commit': True,
'ignore_auth': True,
'session': session
}
_get_action('activity_create')(activity_create_context, activity_dict)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
if not context.get('defer_commit'):
model.repo.commit()
return model_dictize.user_dictize(user, context)
from .user_creation import helpers as user_creation_helpers
import plugin
from authenticator import unlock_account, LOGIN_THROTTLE_EXPIRY
LOG = getLogger(__name__)
LOGGED_IN = UserController.logged_in
PACKAGE_EDIT = PackageController._save_edit
RESOURCE_EDIT = PackageController.resource_edit
DEFAULT_USER_SCHEMA = schemas.default_user_schema()
USER_NEW_FORM_SCHEMA = schemas.user_new_form_schema()
USER_EDIT_FORM_SCHEMA = schemas.user_edit_form_schema()
DEFAULT_UPDATE_USER_SCHEMA = schemas.default_update_user_schema()
RESOURCE_SCHEMA = schemas.default_resource_schema()
UPLOAD = Upload.upload
if storage_enabled:
STORAGE_DOWNLOAD = StorageController.file
RESOURCE_DOWNLOAD = PackageController.resource_download
EMAIL_REGEX = re.compile(r"[^@]+@[^@]+\.[^@]+")
def configure(config):
global password_min_length
global password_patterns
password_min_length = int(config.get('password_min_length', '10'))
def user_update(context, data_dict):
'''Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account.
For further parameters see ``user_create()``.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
'''
model = context['model']
user = context['user']
session = context['session']
schema = context.get('schema') or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
_check_access('user_update', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
if (data_dict.get('current_password')):
if user_obj.validate_password(data_dict.get('current_password')):
log.info("El password anterior es OK. Puede procederse al cambio")
else:
raise ValidationError(
{'error': 'La contraseƱa actual no es '
'correcta'}
)
user = model_save.user_dict_save(data, context)
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user',
}
activity_create_context = {
'model': model,
'user': user,
'defer_commit':True,
'session': session
}
_get_action('activity_create')(activity_create_context, activity_dict, ignore_auth=True)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
if not context.get('defer_commit'):
model.repo.commit()
return model_dictize.user_dictize(user, context)
def _create_or_update_user(self, user_name, saml_info, name_id):
"""Create or update the subject's user account and return the user
object"""
data_dict = {}
user_id = ''
user_schema = schema.default_update_user_schema()
is_new_user = False
userobj = model.User.get(user_name)
if userobj is None:
is_new_user = True
user_schema = schema.default_user_schema()
else:
if userobj.is_deleted():
# If account exists and is deleted, reactivate it. Assumes
# only the IAM driving the IdP will deprovision user
# accounts and wouldn't allow a user to authenticate for
# this app if they shouldn't have access.
log.debug("Reactivating user")
userobj.activate()
userobj.commit()
data_dict = p.toolkit.get_action('user_show')(data_dict={
'id': user_name,
})
user_id = data_dict['id']
# Merge SAML assertions into data_dict according to
# user_mapping
update_user = self.update_data_dict(data_dict, self.user_mapping,
saml_info)
# Remove validation of the values from id and name fields
user_schema['id'] = [p.toolkit.get_validator('not_empty')]
user_schema['name'] = [p.toolkit.get_validator('not_empty')]
context = {'schema': user_schema, 'ignore_auth': True}
if is_new_user:
email = _take_from_saml_or_user('email', saml_info, data_dict)
new_user_username = _get_random_username_from_email(email)
name_id_from_saml2_NameID = config.get(
'saml2.name_id_from_saml2_NameID', False)
if not name_id_from_saml2_NameID:
name_id = _take_from_saml_or_user('id', saml_info, data_dict)
data_dict['name'] = new_user_username
data_dict['id'] = str(uuid.uuid4())
log.debug("Creating user: %s", data_dict)
data_dict['password'] = self.make_password()
new_user = p.toolkit.get_action('user_create')(context, data_dict)
assign_default_role(context, new_user_username)
model.Session.add(SAML2User(id=new_user['id'], name_id=name_id))
model.Session.commit()
return model.User.get(new_user_username)
elif update_user:
if saml2_is_update_user_allowed():
log.debug("Updating user: %s", data_dict)
user_data_dict = copy.copy(data_dict)
user_data_dict['id'] = user_id
p.toolkit.get_action('user_update')(context, user_data_dict)
return model.User.get(user_name)
def user_update_schema():
user_name_validator = get_validator('user_name_validator')
schema = default_update_user_schema()
schema['name'] = [ignore_missing, url_name_validator, user_name_validator, unicode]
return schema
