def _users_handle_action(self, action, username, email, password,
user_root, is_admin):
success = ""
# We need to change values. Change them, then give back that main
# page again, with a message
if username == self.app.currentuser.username:
# Don't allow the user to changes it's "admin" state.
is_admin = self.app.currentuser.is_admin
is_admin = str(is_admin).lower() in ['on', 'true', '1']
# Fork the behaviour according to the action.
if action == "edit":
user = self.app.store.get_user(username)
logger.info("updating user [%s] info", user)
if password:
user.set_password(password, old_password=None)
user.user_root = user_root
user.is_admin = is_admin
# Avoid updating the email fields is it didn'T changed. see pdsl/minarca#187
if email != user.email:
user.email = email
success = _("User information modified successfully.")
# Check and update user directory
if user.user_root:
self._check_user_root_dir(user.user_root)
rdw_spider_repos.find_repos_for_user(user)
elif action == "add":
if username == "":
raise RdiffWarning(_("The username is invalid."))
logger.info("adding user [%s]", username)
user = self.app.store.add_user(username, password)
if user_root:
user.user_root = user_root
user.is_admin = is_admin
user.email = email
# Check and update user directory
if user.user_root:
self._check_user_root_dir(user.user_root)
rdw_spider_repos.find_repos_for_user(user)
success = _("User added successfully.")
if action == "delete":
if username == self.app.currentuser.username:
raise RdiffWarning(_("You cannot remove your own account!"))
user = self.app.store.get_user(username)
if not user:
raise RdiffWarning(_("User doesn't exists!"))
user.delete()
success = _("User account removed.")
# Return messages
return {'success': success}
def _handle_set_password(self, **kwargs):
"""
Called when changing user password.
"""
if 'current' not in kwargs or not kwargs['current']:
raise RdiffWarning(_("Current password is missing."))
if 'new' not in kwargs or not kwargs['new']:
raise RdiffWarning(_("New password is missing."))
if 'confirm' not in kwargs or not kwargs['confirm']:
raise RdiffWarning(_("Confirmation password is missing."))
# Check if confirmation is valid.
if kwargs['new'] != kwargs['confirm']:
return {
'error':
_("The new password and its confirmation do not match.")
}
# Update user password
user = self.app.currentuser.username
_logger.info("updating user [%s] password", user)
self.app.userdb.set_password(user,
kwargs['new'],
old_password=kwargs['current'])
return {'success': _("Password updated successfully.")}
def _handle_set_profile_info(self, **kwargs):
"""
Called when changing user profile.
"""
# Check data.
if 'email' not in kwargs:
raise RdiffWarning(_("Email is undefined."))
# Check if email update is supported
if not self.app.userdb.supports('set_email'):
return {'error': _("Email update is not supported.")}
# Parse the email value to extract a valid email. The following method
# return an empty string if the email is not valid. This RFC also accept
# local email address without '@'. So we add verification for '@'
if not PATTERN_EMAIL.match(kwargs['email'].lower()):
raise RdiffWarning(_("Invalid email."))
# Update the user's email
assert self.app.currentuser
username = self.app.currentuser.username
email = kwargs['email']
_logger.info("updating user [%s] email [%s]", username, email)
self.app.currentuser.email = kwargs['email']
return {'success': _("Profile updated successfully.")}
def _handle_set_password(self, **kwargs):
"""
Called when changing user password.
"""
if 'current' not in kwargs or not kwargs['current']:
raise RdiffWarning(_("Current password is missing."))
if 'new' not in kwargs or not kwargs['new']:
raise RdiffWarning(_("New password is missing."))
if 'confirm' not in kwargs or not kwargs['confirm']:
raise RdiffWarning(_("Confirmation password is missing."))
# Check if confirmation is valid.
if kwargs['new'] != kwargs['confirm']:
return {
'error':
_("The new password and its confirmation do not match.")
}
# Update user password
try:
self.app.currentuser.set_password(kwargs['new'],
old_password=kwargs['current'])
return {'success': _("Password updated successfully.")}
except ValueError as e:
return {'warning': str(e)}
def _handle_add(self, filename, **kwargs):
"""
Called to add a new key to an authorized_keys file.
"""
assert 'key' in kwargs, "key is missing"
# Validate the content of the key.
try:
key = authorizedkeys.check_publickey(kwargs['key'])
except:
raise RdiffWarning(_("Invalid SSH key."))
# Check if already exists
if authorizedkeys.exists(filename, key):
raise RdiffWarning(_("SSH key already exists."))
# Check size.
if key.size and key.size < 2048:
raise RdiffWarning(_("SSH key is too short. RSA key of at least 2048 bits is required."))
# Add comment to the key.
comment = key.comment
if 'title' in kwargs:
comment = kwargs['title'].strip()
key = authorizedkeys.KeySplit(
lineno=key.lineno,
options=key.options,
keytype=key.keytype,
key=key.key,
comment=comment)
# Add key to file
_logger.info("add key [%s] to [%s]", key, filename)
authorizedkeys.add(filename, key)
def check_username_and_password(self, username, password):
"""Validate user credentials."""
logger.info("check credentials for [%s]", username)
try:
userobj = cherrypy.request.app.userdb.login(
username, password) # @UndefinedVariable
except:
logger.exception("fail to validate user credential")
raise RdiffWarning(_("Fail to validate user credential."))
if not userobj:
logger.warning("invalid username [%s] or password", username)
raise RdiffWarning(_("Invalid username or password."))
return userobj
def _handle_add(self, **kwargs):
"""
Called to add a new key to an authorized_keys file.
"""
assert 'key' in kwargs, "key is missing"
# Add the key to the current user.
try:
self.app.currentuser.add_authorizedkey(key=kwargs['key'], comment=kwargs.get('title', None))
except ValueError as e:
_logger.warn("error adding ssh key", exc_info=1)
raise RdiffWarning(str(e))
except:
_logger.error("error adding ssh key", exc_info=1)
raise RdiffWarning(_("Unknown error while adding the SSH Key"))
def _handle_delete(self, **kwargs):
"""
Called for delete a key from an authorized_keys file.
"""
assert kwargs.get('key') , "key is missing"
try:
self.app.currentuser.remove_authorizedkey(kwargs['key'])
except:
_logger.warn("error removing ssh key", exc_info=1)
raise RdiffWarning(_("Unknown error while removing the SSH Key"))
def _check_user_root_dir(self, directory):
"""Raised an exception if the directory is not valid."""
if not os.access(directory, os.F_OK) or not os.path.isdir(directory):
raise RdiffWarning(
_("User root directory %s is not accessible!") % directory)
def _users_handle_action(self, action, username, email, password,
user_root, role):
success = ""
# We need to change values. Change them, then give back that main
# page again, with a message
if username == self.app.currentuser.username:
# Don't allow the user to changes it's "role" state.
role = self.app.currentuser.role
# Fork the behaviour according to the action.
if action == "edit":
# Validation
validate_int(role, 'role should be an integer')
validate(int(role) in ROLES, 'invalid role')
user = self.app.store.get_user(username)
logger.info("updating user [%s] info", user)
if password:
user.set_password(password, old_password=None)
user.user_root = user_root
user.role = role
# Avoid updating the email fields is it didn'T changed. see pdsl/minarca#187
if email != user.email:
user.email = email
success = _("User information modified successfully.")
# Check and update user directory
if user.user_root:
self._check_user_root_dir(user.user_root)
user.update_repos()
elif action == "add":
# Validation
validate_int(role, 'role should be an integer')
validate(int(role) in ROLES, 'invalid role')
if username == "":
raise RdiffWarning(_("The username is invalid."))
logger.info("adding user [%s]", username)
user = self.app.store.add_user(username, password)
if user_root:
user.user_root = user_root
user.role = role
user.email = email
# Check and update user directory
if user.user_root:
self._check_user_root_dir(user.user_root)
user.update_repos()
success = _("User added successfully.")
if action == "delete":
if username == self.app.currentuser.username:
raise RdiffWarning(_("You cannot remove your own account!"))
user = self.app.store.get_user(username)
if not user:
raise RdiffWarning(_("User doesn't exists!"))
try:
user.delete()
except ValueError as e:
raise RdiffWarning(e)
success = _("User account removed.")
# Return messages
return {'success': success}