def sync_unix_users_and_groups(min_uid, max_uid, min_gid, max_gid, check_shell):
"""
Syncs the Hue database with the underlying Unix system, by importing users and
groups from 'getent passwd' and 'getent groups'. This should also pull in
users who are accessible via NSS.
"""
global __users_lock, __groups_lock
hadoop_groups = dict((group.gr_name, group) for group in grp.getgrall() \
if (group.gr_gid >= min_gid and group.gr_gid < max_gid) or group.gr_name == 'hadoop')
user_groups = dict()
__users_lock.acquire()
__groups_lock.acquire()
# Import groups
for name, group in hadoop_groups.iteritems():
try:
if len(group.gr_mem) != 0:
hue_group = Group.objects.get(name=name)
except Group.DoesNotExist:
hue_group = Group(name=name)
hue_group.save()
LOG.info("Created group %s" % (hue_group.name,))
# Build a map of user to groups that the user is a member of
members = group.gr_mem
for member in members:
if member not in user_groups:
user_groups[member] = [ hue_group ]
else:
user_groups[member].append(hue_group)
# Now let's import the users
hadoop_users = dict((user.pw_name, user) for user in pwd.getpwall() \
if (user.pw_uid >= min_uid and user.pw_uid < max_uid) or user.pw_name in grp.getgrnam('hadoop').gr_mem)
for username, user in hadoop_users.iteritems():
try:
if check_shell:
pw_shell = user.pw_shell
if subprocess.call([pw_shell, "-c", "echo"], stdout=subprocess.PIPE) != 0:
continue
hue_user = User.objects.get(username=username)
except User.DoesNotExist:
hue_user = User(username=username, password='******', is_active=True, is_superuser=False)
hue_user.set_unusable_password()
# We have to do a save here, because the user needs to exist before we can
# access the associated list of groups
hue_user.save()
if username not in user_groups:
hue_user.groups = []
else:
# Here's where that user to group map we built comes in handy
hue_user.groups = user_groups[username]
hue_user.save()
LOG.info(_("Synced user %s from Unix") % hue_user.username)
__users_lock.release()
__groups_lock.release()
def sync_unix_users_and_groups(min_uid, max_uid, min_gid, max_gid, check_shell):
"""
Syncs the Hue database with the underlying Unix system, by importing users and
groups from 'getent passwd' and 'getent groups'. This should also pull in
users who are accessible via NSS.
"""
global __users_lock, __groups_lock
hadoop_groups = dict((group.gr_name, group) for group in grp.getgrall() \
if (group.gr_gid >= min_gid and group.gr_gid < max_gid) or group.gr_name == 'hadoop')
user_groups = dict()
__users_lock.acquire()
__groups_lock.acquire()
# Import groups
for name, group in hadoop_groups.iteritems():
try:
if len(group.gr_mem) != 0:
hue_group = Group.objects.get(name=name)
except Group.DoesNotExist:
hue_group = Group(name=name)
hue_group.save()
LOG.info("Created group %s" % (hue_group.name,))
# Build a map of user to groups that the user is a member of
members = group.gr_mem
for member in members:
if member not in user_groups:
user_groups[member] = [ hue_group ]
else:
user_groups[member].append(hue_group)
# Now let's import the users
hadoop_users = dict((user.pw_name, user) for user in pwd.getpwall() \
if (user.pw_uid >= min_uid and user.pw_uid < max_uid) or user.pw_name in grp.getgrnam('hadoop').gr_mem)
for username, user in hadoop_users.iteritems():
try:
if check_shell:
pw_shell = user.pw_shell
if subprocess.call([pw_shell, "-c", "echo"], stdout=subprocess.PIPE) != 0:
continue
hue_user = User.objects.get(username=username)
except User.DoesNotExist:
hue_user = User(username=username, password='******', is_active=True, is_superuser=False)
hue_user.set_unusable_password()
# We have to do a save here, because the user needs to exist before we can
# access the associated list of groups
hue_user.save()
if username not in user_groups:
hue_user.groups = []
else:
# Here's where that user to group map we built comes in handy
hue_user.groups = user_groups[username]
hue_user.save()
LOG.info(_("Synced user %s from Unix") % hue_user.username)
__users_lock.release()
__groups_lock.release()
def save_user(request):
if request.method == 'POST':
form = UserForm(request.POST)
if form.is_valid():
user = User()
user.first_name = request.POST['name']
user.username = request.POST['username']
user.set_password(request.POST['password'])
user.save()
user.groups = request.POST.getlist('groups')
user.save()
return redirect('/permissions/user/')
else:
form = UserForm()
return render(request, 'permissions/user/save.html', {
'form':form
})
def create(self, validated_data):
emp_name = validated_data['emp_name']
username = validated_data['emp_email']
email = validated_data['emp_email']
groups = validated_data['emp_role']
password = validated_data['password1']
emp_code = validated_data['emp_code']
emp_role = validated_data['emp_role']
emp_report = validated_data['emp_report']
emp_datejoin = validated_data['emp_datejoin']
user_obj = User(
username = username,
email = email,
)
user_obj.save()
users_group = Group.objects.get(name=groups)
user_obj.groups = [users_group]
employee_obj = EmployeeEntryData(
emp_name = emp_name,
emp_email = email,
emp_code = emp_code,
emp_role = users_group,
emp_report = emp_report,
emp_datejoin = emp_datejoin,
)
user_obj.set_password(password)
employee_obj.save()
user_obj.save()
activate_obj = ActivateModel(
emp_email = email
)
activate_obj.save()
data = Emailcustomclass('http://192.168.0.11:8000/employee/activate/'+str(activate_obj.id)+'/',str(email))
return validated_data
def activate(request, token=None):
data, timestamp = _registration_token_factory.parse_token_or_404(token)
try:
existing_user = User.objects.get(email__iexact=data['email'])
return render(request, 'users/registration/already_activated.html', {
'existing_user': existing_user,
})
except User.DoesNotExist:
pass
form = ActivationForm(request.POST or None)
if form.is_valid():
user = User(
username=form.cleaned_data['username'],
first_name=data['first_name'],
last_name=data['last_name'],
email=data['email']
)
user.set_password(form.cleaned_data['password'])
user.save()
user.groups = Group.objects.filter(name__in=settings.DEFAULT_USER_GROUPS)
# the userprofile is auto-created, we only have to update some fields.
UserProfile.objects.filter(user=user).update(gender=data['gender'])
return render(request, 'users/registration/activation_complete.html', {
'activated_user': user,
})
return render(request, 'users/registration/activation_form.html', {
'form': form,
'data': data,
})
def operating_create(request):
permissionss = Permissions.objects.filter(is_del=False)
if request.method == "POST":
username = request.POST.get('username', '')
password = request.POST.get('password', '')
permissions = request.POST.get('permissions', 0)
joint_venture_account = JointVentureAccount()
group_id_list = request.POST.getlist('group_id', '')
group_list = Group.objects.filter(id__in=group_id_list)
user = User()
user.username = username
user.set_password(password)
user.is_staff = True
user.groups = list(group_list)
user.save()
joint_venture_account.user = user
if permissions:
ps = Permissions.objects.filter(pk=permissions).first()
joint_venture_account.permissions = ps
joint_venture_account.save()
return HttpResponseRedirect(reverse('web:operating_list'))
groups = Group.objects.all()
context = {
'module': 'operating',
'permissionss': permissionss,
'DOMAIN': DOMAIN,
'groups': groups,
}
return render(request, 'super/settings/operating/create.html', context)
def create_user(**kwargs):
global counter
counter = counter + 1
defaults = {
"username": "******" % counter,
"first_name": "user%d" % counter,
"last_name": "luser%d" % counter,
"email": "user%d@luser%d.com" % (counter, counter),
"password": "******" % counter,
}
groups = []
if "groups" in kwargs:
groups = kwargs["groups"]
del kwargs["groups"]
user_permissions = []
if "user_permissions" in kwargs:
user_permissions = kwargs["user_permissions"]
del kwargs["user_permissions"]
defaults.update(kwargs)
u = User(**defaults)
u.save()
u.groups = groups
u.user_permissions = user_permissions
u.save()
return u
def run(self, params, args):
# Get Username
if len(args) != 1:
raise ArgRequired(self, "username")
username = args[0]
if not username.isalnum():
raise ArgError(self, "username", "must be alphanumeric")
# Get Groups that you want the user to belong to
(g, admin) = self.fillParams([
("group", "default"),
("admin", "False"),
])
group_list = g.split(',')
# Check to see if username is taken
try:
u = User.objects.get(username = username)
except User.DoesNotExist:
u = None
if u:
raise CommandError(self,
"Username %s is already in use"
% username)
admin = self.str2bool(admin)
passwd = self.gen_random_pw()
groups = []
for group in group_list:
try:
g = Group.objects.get(name = group)
groups.append(g)
except Group.DoesNotExist:
raise CommandError(self, "Group %s does not exist." % group )
u = User(username = username)
u.set_password(passwd)
u.is_superuser = admin
u.save()
u.groups = groups
u.save()
hostname = self.getHostnames(['localhost'])[0]
domainname = self.getHostAttr('localhost','domainname')
if domainname and domainname != '':
hostname = "%s.%s" % (hostname, domainname)
self.beginOutput()
self.addOutput(username, [hostname, passwd])
self.endOutput(header=["username", "hostname","key"])
def create(self, validated_data):
groups = validated_data.pop('groups')
password = validated_data.pop('password')
user = User(**validated_data)
if user:
user.set_password(password)
user.save()
Token.objects.create(user=user)
if groups:
user.groups = groups
user.save()
return user
def userIntoCaliperDB(request):
# create admin user
user = User()
user.username = '******'
user.set_password('zhangxj@123')
user.save()
admin_group = Group.objects.get(name="admin user")
user.groups=[admin_group]
# create com user
user = User()
user.username = '******'
user.set_password('123456')
user.save()
com_group = Group.objects.get(name="com user")
user.groups=[com_group]
user = User()
user.username = '******'
user.set_password('hsp')
user.save()
com_group = Group.objects.get(name="com user")
user.groups=[com_group]
return HttpResponse("success")
def insert_group(request):
if request.method == 'POST':
groupname = request.POST.get('name')
segment = request.POST.get('segment')
if not segment:
return render(request, 'passet/insert_group.html', locals())
result = check_ip(segment.split(','))
if result == False:
error = "维护标准格式不正确,请输入网段或IP"
return render(request, 'passet/insert_group.html', locals())
department = request.POST.get('department')
env = request.POST.get('env')
manager_str = request.POST.get('manager')
managers = manager_str.split(',')
if not PGroup.objects.filter(name=groupname):
if not Group.objects.filter(name=department):
group = Group(name=department)
group.save()
pgroup = PGroup(name=groupname,
segment=segment,
department=department,
env=env,
gtype=1)
pgroup.save()
for manager in managers:
if not User.objects.filter(username=manager):
user = User(username=manager)
user.save()
group_obj = Group.objects.filter(name=department)
user.groups = group_obj
user.save()
else:
user = User.objects.get(username=manager)
group_obj = Group.objects.get(name=department)
user.groups.add(group_obj)
user.save()
pgroup.manager.add(user)
initialise_new()
msg = "%s 新建了资产组 %s ,维护标准为 %s ,部门为 %s ,环境为 %s ,管理员为 %s ." % (
request.user, groupname.encode("utf-8"), segment.encode("utf-8"),
department.encode("utf-8"), env.encode("utf-8"),
manager_str.encode("utf-8"))
set_action_log(msg)
response = HttpResponseRedirect('/passet')
return response
return render(request, 'passet/insert_group.html', locals())
def add_user_default_password(crate_user, username, email, is_superuser,
is_staff, group_list):
user = User()
user.username = username
user.set_password('LeDao;123')
user.email = email
user.is_superuser = int(is_superuser)
user.is_staff = int(is_staff)
user.save()
user.groups = Group.objects.filter(name__in=group_list)
########################################## 添加堡垒机用户任务 ##########################################
# try:
# AddFortressUserTask().addTask(crate_user, username=username, email=email)
# except:
# pass
########################################## 添加堡垒机用户任务 ##########################################
return user
def make_user(name, staff, admin, groups=[]):
for k in User.objects.filter(username=name):
print 'Deleting user "%s"' % k.username
k.delete()
user = User()
user.username = name
user.first_name = name.capitalize()
user.last_name = name.capitalize() + 'ston'
user.email = '*****@*****.**' % name
user.is_staff = staff
user.is_active = True
user.is_superuser = admin
user.set_password(user.username)
user.save()
user.groups = groups
user.save()
print 'Created user "%s" with password "%s"' % (name, name)
def new_user(request):
if request.method == "POST":
data = json.loads(request.POST.get('result'))
if not data:
return HttpResponseRedirect(reverse('bhoma_admin'))
user = User()
# HACK: all usernames and passwords are lowercased going into the db
user.username = data.get("username").lower()
user.set_password(data.get("password").lower())
user.first_name = data.get("fname")
user.last_name = data.get("lname")
user.email = ""
user.is_staff = False # Can't log in to admin site
user.is_active = True # Activated upon receipt of confirmation
user.is_superuser = False # Certainly not
user.last_login = datetime(1970,1,1)
user.date_joined = datetime.utcnow()
user.save()
# have to have an object before you're allowed to edit M2M fields
# so do groups/roles last
role = data.get("role")
if role:
try:
user.groups = [Group.objects.get(name=role)]
except Group.DoesNotExist:
logging.error("Unable to give role %s to %s -- permissions may "
"not work. Did you forget to run syncdb recently?")
return render_to_response(request, "auth/user_reg_complete.html",
{"new_user": user,
"options": TouchscreenOptions.admin() })
return render_to_response(request, "bhoma_touchscreen.html",
{'form': {'name': 'add user',
'wfobj': 'wfNewUser'},
'mode': 'workflow',
'dynamic_scripts': ["%swebapp/javascripts/user_reg.js" %\
settings.STATIC_URL,] })
def _get_updated_user(login, email, firstname, lastname,
groups):
"""Get an updated instance of a user. The following fields are updated:
username, email, first_name, last_name, password (to '(not used)') and
is_active. Group list are reset, only groups that exist on the Group
table are set for the user. If the user does not exist in the database,
a new instance is created.
Parameters:
login: login of the authenticated user (str).
email: email of the authenticated user (str).
firstname: firstname of the authenticated user (str).
lastname: lastname of the authenticated user (str).
groups: group list of the authenticated user (list<str>).
Returns an instance of the authenticated user (User).
"""
try:
user = User.objects.get(username=login)
except User.DoesNotExist:
user = User()
user.username = login
user.is_active = settings.SHIB_SSO_CREATE_ACTIVE
user.is_staff = settings.SHIB_SSO_CREATE_STAFF
user.is_superuser = settings.SHIB_SSO_CREATE_SUPERUSER
user.save()
user.email = email
user.first_name = firstname
user.last_name = lastname
user.password = '******'
user.groups = filter(None, map(get_group, groups))
user.save()
return user
def change_group_info(request):
gid = request.GET.get('id')
group = PGroup.objects.get(id=gid)
depart_group = Group.objects.get(name=group.department)
if request.method == 'POST':
manager_all_old = [m for m in group.manager.all()]
new_managers_str = request.POST.get('manager')
segment = request.POST.get('segment')
if not segment:
return render(request, 'passet/insert_group.html', locals())
result = check_ip(segment.split(','))
if result == False:
error = "维护标准格式不正确,请输入网段或IP"
return render(request, 'passet/insert_group.html', locals())
group.segment = segment
group.save()
new_managers = new_managers_str.split(',')
for mao in manager_all_old:
if mao.username not in new_managers:
group.manager.remove(mao)
for nm in new_managers:
if not User.objects.filter(username=nm):
user = User(username=nm)
user.save()
user.groups = depart_group
user.save()
else:
user = User.objects.get(username=nm)
user.groups.add(depart_group)
user.save()
group.manager.add(user)
initialise_new()
response = HttpResponseRedirect('/passet')
msg = "%s 编辑了资产组 %s ,将管理员改为 %s ." % (request.user, group,
new_managers_str.encode("utf-8"))
set_action_log(msg)
return response
return render(request, 'passet/change_group_info.html', locals())
def import_users():
"""
Import des utilisateurs.
"""
cursor.execute(
"""
SELECT u.login, u.email, g.nom
FROM Utilisateur u, Groupe g
WHERE u.idGroupe = g.idGroupe
"""
)
for row in cursor:
if verbose:
print("Import de l’utilisateur : {0}".format(row[0]))
# Generates a new password
password = User.objects.make_random_password()
# Creates and saves the new user
new_user = User(username=row[0], email=row[1], password=password)
new_user.save()
# Assigns the right group by filtering on the "groups" list
new_user.groups = [Group.objects.get(name=row[2])]
new_user.save()
email = sys.argv[1]
name = sys.argv[2].title()
group = Group.objects.get(name="Redactor")
# create user
u = User(username=username,email=email,first_name=name)
# set staff
u.is_staff = True
u.is_superuser = False
# set password
u.set_password(passwd)
u.save()
# set group
u.groups = [group]
u.save()
# send email
# render template
content = render_to_string('emails/first_email.html', { 'user': u , 'passwd':passwd})
# send email
send_mail('Bienvenido a TheChurchofHorrors', content, u'Rubén Dugo <*****@*****.**>', [email], fail_silently=False)
def initialise():
# 从zeus数据库获取所有asset列表 asset_all
# 读config 匹配对应的每个部门分组的网段进行更新
#
error = check_conf()
if not error:
print 'good'
else:
print error
print 'start initialise'
cf = ConfigParser.ConfigParser()
config = os.path.join(BASE_DIR, 'group.conf')
cf.read(config)
groups = cf.sections()
pgroups = PGroup.objects.filter(gtype=1)
for pg in pgroups:
if pg.name not in groups:
pg.delete()
asset_all = get_all_asset_info()
delete_user_department()
for group in groups:
ip_group = []
segments = cf.get(group,"segment").split(",")
managers = cf.get(group,"manager").split(",")
department = cf.get(group,"department")
env = cf.get(group,"env")
if not Group.objects.filter(name=department):
dgroup = Group(name=department)
dgroup.save()
for manager in managers:
if not User.objects.filter(username=manager):
user = User(username=manager)
user.save()
obj_group = Group.objects.filter(name=department)
user.groups = obj_group
user.save()
else:
user = User.objects.get(username=manager)
obj_group = Group.objects.get(name=department)
user.groups.add(obj_group)
user.save()
if PGroup.objects.filter(name=group):
PGS = PGroup.objects.get(name=group)
PGS.department = department
PGS.env = env
old_manager_users = PGS.manager.all()
for o in old_manager_users:
if o.username not in managers:
PGS.manager.remove(o)
for manager in managers:
m_user = User.objects.get(username=manager)
PGS.manager.add(m_user)
PGS.save()
group_id = PGS.id
else:
addpgroup = PGroup(name=group,department=department,env=env,gtype=1)
addpgroup.save()
for manager in managers:
m_user = User.objects.get(username=manager)
addpgroup.manager.add(m_user)
addpgroup.save()
group_id = addpgroup.id
###删除多余ip
delete_ip(group_id, segments)
###1.在Zeus中不存在的;2.在网段中不存在的
for segment in segments:
for asset in asset_all:#asset (ip,port,hostname)
if asset[0] in IPy.IP(segment):
if Asset.objects.filter(ip=asset[0]):
asset = Asset.objects.get(ip=asset[0])
asset_groups_obj = PGroup.objects.filter(id=group_id)
asset.group = asset_groups_obj
asset.save()
continue
new_asset = Asset(ip=asset[0], port=asset[1],hostname=asset[2])
new_asset.save()
asset_groups_obj = PGroup.objects.filter(id=group_id)
new_asset.group = asset_groups_obj
new_asset.save()
ip_group.append(asset[0])
print 'initialise finished'
return True
def get_or_create_user(self, username, password):
"""
Функция принимает имя пользователя и пароль. Если на LDAP сервере существует
подходящий пользователь - проверяется его наличие в локальной базе, если в
базе его не оказалось, то пользователь создается в локальной базе(синхронизация
с LDAP пользователем) и возвращается как User, попутно присваивая ему группу
для доступа к функциям сайта.
Если пользователя не существует в LDAP, но существует в локальной базе,
проверяем его на принадлежность к супер админу, если супер админ, то логиними
если не супер админ - удаляем.
"""
ldap_connection = LdapConnection(settings.LDAP)
ldap_work = LdapWork(ldap_connection)
# Филтр запроса на получение объета пользователя
# filter = '(&(uid=%s)(objectClass=RUSLANperson)(userPassword=%s))' % (username, password)
# аттрибуты, которые будут извлечены для обработки
# attrs = ['uid','sn','memberOf','userPassword','mail','telephoneNumber']
# ldap_results = ldap_connection.search_s( settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, filter, attrs )
ldap_users = ldap_work.get_users_by_attr(username=username, password=password)
# если пользователь не существет в LDAP
# проверяем, существует ли он в локальной базе
# если да, то удаляем его
if not ldap_users:
try:
user = User.objects.get(username=(username + username_postfix))
# if user.is_superuser:
if user.check_password(password):
return user
# user.delete()
except User.DoesNotExist:
pass
return None
user = None
try:
user = User.objects.get(username=(username + username_postfix))
except User.DoesNotExist:
ldap_user = ldap_users[0]
user_name = ldap_user.name.split()
first_name = u''
last_name = u''
if len(user_name) == 3:
first_name = (user_name[1] + u' ' + user_name[2])[0:30]
last_name = user_name[0][0:30]
elif len(user_name) == 2:
first_name = user_name[1][0:30]
last_name = user_name[0][0:30]
elif len(user_name) == 1:
last_name = user_name[0][0:30]
user = User(username=(ldap_user.uid + username_postfix), email=ldap_user.email, first_name=first_name, last_name=last_name)
user.is_superuser = False
user.set_password(password)
user.save()
groups = []
for member in ldap_user.member_of:
try:
group = Group.objects.get(name=(group_prefix + member.lower()))
except Group.DoesNotExist:
group = Group(name=(group_prefix + member.lower()))
group.save()
groups.append(group)
user.groups = groups
orgs = []
if len(ldap_user.dn) > 3:
orgs = ldap_work.get_org_by_attr(o=ldap_user.dn[1],node='.')
if orgs:
org = orgs[0]
try:
organistion = Organisation.objects.get(name=org.o[0:255])
except Organisation.DoesNotExist:
organistion = Organisation(name=org.o[0:255])
organistion.save()
#groups = []
for member in org.member_of:
try:
group = Group.objects.get(name=(group_prefix + member.lower()))
except Group.DoesNotExist:
group = Group(name=(group_prefix + member.lower()))
group.save()
if group not in groups:
groups.append(group)
try:
og = OrganisationGroups.objects.get(organistion=organistion, group=group)
except OrganisationGroups.DoesNotExist:
og = OrganisationGroups(organistion=organistion, group=group)
og.save()
try:
organistion_user = OrganisationUser.objects.get(organistion=organistion , user=organistion)
except OrganisationUser.DoesNotExist:
organistion_user = OrganisationUser(organistion=organistion, user=user)
organistion_user.save()
user.groups = groups
users_group = Group.objects.get_or_create(name='users')
user.groups.add(users_group[0])
return user
def _authenticate_ldap(self, username, password, user=None):
record = self.__getRecord(username)
if not record:
# wrong login
return
dn = record[0][0]
#ldap.set_option(ldap.OPT_DEBUG_LEVEL,4095)
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.certfile)
self.ldo = ldap.initialize(self.host)
self.ldo.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
try:
self.ldo.simple_bind_s(dn, password)
except ldap.INVALID_CREDENTIALS: # Bad password, credentials are bad.
return
except ldap.UNWILLING_TO_PERFORM: # Bad password, credentials are bad.
return
else:
self.ldo.unbind_s()
first_name = record[0][1]['givenName'][0]
last_name = record[0][1]['sn'][0]
email = record[0][1]['mail'][0]
first_name = force_unicode(first_name)
last_name = force_unicode(last_name)
# Because the username field on model User is capped to 30
# characters we need to assign a butchered username here.
# It's not a problem because the user can be found by email
# anyway.
# 30 is the default max length of the username field for
# django.contrib.auth.models.User
if not user:
django_username = username
if email_re.match(django_username):
if isinstance(username, unicode):
# md5 chokes on non-ascii characters
django_username = username.encode('ascii', 'ignore')
django_username = (md5_constructor(django_username)
.hexdigest()[:30])
user = User(username=django_username,
first_name=first_name,
last_name=last_name,
email=email)
user.set_unusable_password()
user.save()
if self.__isLocalizer(username):
user.groups = (Group.objects.get(name='Localizers'),)
else:
changed = False
if user.first_name != first_name:
user.first_name = first_name
changed = True
if user.last_name != last_name:
user.last_name = last_name
changed = True
if user.email != email:
user.email = email
changed = True
if changed:
user.save()
return user
