def get_queryset(self, request, local_site_name=None, *args, **kwargs):
search_q = request.GET.get('q', None)
for backend in get_enabled_auth_backends():
try:
backend.query_users(search_q, request)
except Exception as e:
logging.error(
'Error when calling query_users for auth '
'backend %r: %s',
backend,
e,
exc_info=1)
local_site = self._get_local_site(local_site_name)
is_list = kwargs.get('is_list', False)
# When accessing individual users (not is_list) on public local sites,
# we allow accessing any username. This is so that the links on reviews
# and review requests from non-members won't be 404. The list is still
# restricted to members of the site to avoid leaking information.
if local_site and (is_list or not local_site.public):
query = local_site.users.filter(is_active=True)
else:
query = self.model.objects.filter(is_active=True)
if search_q:
q = None
# Auth backends may have special naming conventions for users that
# they'd like to be represented in search. If any auth backends
# implement search_users, prefer that over the built-in searching.
for backend in get_enabled_auth_backends():
try:
q = backend.search_users(search_q, request)
except Exception as e:
logging.error(
'Error when calling search_users for auth '
'backend %r: %s',
backend,
e,
exc_info=1)
if q:
break
if not q:
q = Q(username__istartswith=search_q)
if request.GET.get('fullname', None):
q = q | (Q(first_name__istartswith=search_q)
| Q(last_name__istartswith=search_q))
query = query.filter(q)
return query.extra(
select={
'is_private': ('SELECT is_private FROM accounts_profile '
'WHERE accounts_profile.user_id = auth_user.id')
})
def get_queryset(self, request, local_site_name=None, *args, **kwargs):
search_q = request.GET.get('q', None)
include_inactive = \
request.GET.get('include-inactive', '0').lower() in ('1', 'true')
for backend in get_enabled_auth_backends():
try:
backend.query_users(search_q, request)
except Exception as e:
logging.error('Error when calling query_users for auth '
'backend %r: %s',
backend, e, exc_info=1)
local_site = self._get_local_site(local_site_name)
is_list = kwargs.get('is_list', False)
# When accessing individual users (not is_list) on public local sites,
# we allow accessing any username. This is so that the links on reviews
# and review requests from non-members won't be 404. The list is still
# restricted to members of the site to avoid leaking information.
if local_site and (is_list or not local_site.public):
query = local_site.users.all()
else:
query = self.model.objects.all()
if is_list and not include_inactive:
query = query.filter(is_active=True)
if search_q:
q = None
# Auth backends may have special naming conventions for users that
# they'd like to be represented in search. If any auth backends
# implement search_users, prefer that over the built-in searching.
for backend in get_enabled_auth_backends():
try:
q = backend.search_users(search_q, request)
except Exception as e:
logging.error('Error when calling search_users for auth '
'backend %r: %s',
backend, e, exc_info=1)
if q:
break
if not q:
q = Q(username__istartswith=search_q)
if request.GET.get('fullname', None):
q = q | (Q(first_name__istartswith=search_q) |
Q(last_name__istartswith=search_q))
query = query.filter(q)
return query.extra(select={
'is_private': ('SELECT is_private FROM accounts_profile '
'WHERE accounts_profile.user_id = auth_user.id')
})
def save(self):
"""Save the form."""
from reviewboard.notifications.email.signal_handlers import \
send_password_changed_mail
backend = get_enabled_auth_backends()[0]
try:
backend.update_password(self.user, self.cleaned_data['password1'])
self.user.save()
messages.add_message(self.request, messages.INFO,
_('Your password has been changed.'))
except Exception as e:
logging.error(
'Error when calling update_password for auth '
'backend %r: %s',
backend,
e,
exc_info=1)
messages.add_message(
self.request, messages.INFO,
_('Unexpected error when changing your '
'password. Please contact the '
'administrator.'))
else:
send_password_changed_mail(self.user)
def get_queryset(self, request, local_site_name=None, *args, **kwargs):
search_q = request.GET.get('q', None)
for backend in get_enabled_auth_backends():
backend.query_users(search_q, request)
local_site = self._get_local_site(local_site_name)
if local_site:
query = local_site.users.filter(is_active=True)
else:
query = self.model.objects.filter(is_active=True)
if search_q:
q = Q(username__istartswith=search_q)
if request.GET.get('fullname', None):
q = q | (Q(first_name__istartswith=search_q) |
Q(last_name__istartswith=search_q))
query = query.filter(q)
return query.extra(select={
'is_private': ('SELECT is_private FROM accounts_profile '
'WHERE accounts_profile.user_id = auth_user.id')
})
def save(self):
"""Save the form."""
backend = get_enabled_auth_backends()[0]
if backend.supports_change_name:
self.user.first_name = self.cleaned_data['first_name']
self.user.last_name = self.cleaned_data['last_name']
try:
backend.update_name(self.user)
except Exception as e:
logging.error('Error when calling update_name for auth '
'backend %r: %s',
backend, e, exc_info=1)
if backend.supports_change_email:
new_email = self.cleaned_data['email']
if new_email != self.user.email:
self.user.email = new_email
try:
backend.update_email(self.user)
except Exception as e:
logging.error('Error when calling update_email for auth '
'backend %r: %s',
backend, e, exc_info=1)
self.user.save()
self.profile.is_private = self.cleaned_data['profile_private']
self.profile.save()
messages.add_message(self.request, messages.INFO,
_('Your profile has been saved.'))
def save(self):
backend = get_enabled_auth_backends()[0]
backend.update_password(self.user, self.cleaned_data['password1'])
self.user.save()
messages.add_message(self.request, messages.INFO,
_('Your password has been changed.'))
def process_response(self, request, response):
if BugzillaBackend not in [x.__class__ for
x in get_enabled_auth_backends()]:
return response
if not request.user.is_authenticated():
for key in ('Bugzilla_login', 'Bugzilla_logincookie'):
try:
del request.session[key]
except KeyError:
pass
return response
try:
bzlogin = getattr(request.user, 'bzlogin')
bzcookie = getattr(request.user, 'bzcookie')
except AttributeError:
return response
if not bzlogin or not bzcookie:
return response
request.session['Bugzilla_login'] = bzlogin
request.session['Bugzilla_logincookie'] = bzcookie
return response
def process_request(self, request):
if BugzillaBackend not in [x.__class__ for
x in get_enabled_auth_backends()]:
return
request.user.bzlogin = request.session.get('Bugzilla_login')
request.user.bzcookie = request.session.get('Bugzilla_logincookie')
def save(self):
"""Save the form."""
backend = get_enabled_auth_backends()[0]
try:
backend.update_password(self.user, self.cleaned_data['password1'])
self.user.save()
messages.add_message(self.request, messages.INFO,
_('Your password has been changed.'))
except Exception as e:
logging.error(
'Error when calling update_password for auth '
'backend %r: %s',
backend,
e,
exc_info=1)
messages.add_message(
self.request, messages.INFO,
_('Unexpected error when changing your '
'password. Please contact the '
'administrator.'))
siteconfig = SiteConfiguration.objects.get_current()
if siteconfig.get('mail_send_password_changed_mail'):
mail_password_changed(self.user)
def save(self):
"""Save the form."""
backend = get_enabled_auth_backends()[0]
if backend.supports_change_name:
self.user.first_name = self.cleaned_data['first_name']
self.user.last_name = self.cleaned_data['last_name']
try:
backend.update_name(self.user)
except Exception as e:
logging.error('Error when calling update_name for auth '
'backend %r: %s',
backend, e, exc_info=1)
if backend.supports_change_email:
new_email = self.cleaned_data['email']
if new_email != self.user.email:
self.user.email = new_email
try:
backend.update_email(self.user)
except Exception as e:
logging.error('Error when calling update_email for auth '
'backend %r: %s',
backend, e, exc_info=1)
self.user.save()
self.profile.is_private = self.cleaned_data['profile_private']
self.profile.save()
messages.add_message(self.request, messages.INFO,
_('Your profile has been saved.'))
def clean_old_password(self):
backend = get_enabled_auth_backends()[0]
password = self.cleaned_data['old_password']
if not backend.authenticate(self.user.username, password):
raise forms.ValidationError(_('This password is incorrect'))
def process_response(self, request, response):
if BugzillaBackend not in [
x.__class__ for x in get_enabled_auth_backends()
]:
return response
if not hasattr(request, 'user'):
return response
if not request.user.is_authenticated():
for key in ('Bugzilla_login', 'Bugzilla_logincookie'):
try:
del request.session[key]
except KeyError:
pass
return response
try:
bzlogin = getattr(request.user, 'bzlogin')
bzcookie = getattr(request.user, 'bzcookie')
except AttributeError:
return response
if not bzlogin or not bzcookie:
return response
request.session['Bugzilla_login'] = bzlogin
request.session['Bugzilla_logincookie'] = bzcookie
return response
def clean_old_password(self):
"""Validate the 'old_password' field.
This checks to make sure the old password is correct when changing the
password.
"""
backend = get_enabled_auth_backends()[0]
password = self.cleaned_data['old_password']
try:
is_authenticated = backend.authenticate(self.user.username,
password)
except Exception as e:
logging.error(
'Error when calling authenticate for auth backend '
'%r: %s',
backend,
e,
exc_info=1)
raise forms.ValidationError(
_('Unexpected error when validating '
'the password. Please contact the '
'administrator.'))
if not is_authenticated:
raise forms.ValidationError(_('This password is incorrect'))
def process_request(self, request):
if BugzillaBackend not in [
x.__class__ for x in get_enabled_auth_backends()
]:
return
request.user.bzlogin = request.session.get('Bugzilla_login')
request.user.bzcookie = request.session.get('Bugzilla_logincookie')
def is_visible(self):
"""Return whether or not the "change password" form should be shown.
Returns:
bool:
Whether or not the form will be rendered.
"""
return (super(ChangePasswordForm, self).is_visible() and
get_enabled_auth_backends()[0].supports_change_password)
def is_visible(self):
"""Return whether or not the "change password" form should be shown.
Returns:
bool:
Whether or not the form will be rendered.
"""
return (super(ChangePasswordForm, self).is_visible()
and get_enabled_auth_backends()[0].supports_change_password)
def _get_standard_auth_backend(self):
backend = None
for backend in get_enabled_auth_backends():
# We do not use isinstance here because we specifically want a
# StandardAuthBackend and not an instance of a subclass of it.
if type(backend) is StandardAuthBackend:
break
self.assertIs(type(backend), StandardAuthBackend)
return backend
def get_queryset(self, request, local_site_name=None, *args, **kwargs):
search_q = request.GET.get('q', None)
for backend in get_enabled_auth_backends():
backend.query_users(search_q, request)
local_site = self._get_local_site(local_site_name)
if local_site:
query = local_site.users.filter(is_active=True)
else:
query = self.model.objects.filter(is_active=True)
if search_q:
q = None
# Auth backends may have special naming conventions for users that
# they'd like to be represented in search. If any auth backends
# implement search_users, prefer that over the built-in searching.
for backend in get_enabled_auth_backends():
q = backend.search_users(search_q, request)
if q:
break
if not q:
q = Q(username__istartswith=search_q)
if request.GET.get('fullname', None):
q = q | (Q(first_name__istartswith=search_q)
| Q(last_name__istartswith=search_q))
query = query.filter(q)
return query.extra(
select={
'is_private': ('SELECT is_private FROM accounts_profile '
'WHERE accounts_profile.user_id = auth_user.id')
})
def get_queryset(self, request, local_site_name=None, *args, **kwargs):
search_q = request.GET.get('q', None)
for backend in get_enabled_auth_backends():
backend.query_users(search_q, request)
local_site = self._get_local_site(local_site_name)
if local_site:
query = local_site.users.filter(is_active=True)
else:
query = self.model.objects.filter(is_active=True)
if search_q:
q = None
# Auth backends may have special naming conventions for users that
# they'd like to be represented in search. If any auth backends
# implement search_users, prefer that over the built-in searching.
for backend in get_enabled_auth_backends():
q = backend.search_users(search_q, request)
if q:
break
if not q:
q = Q(username__istartswith=search_q)
if request.GET.get('fullname', None):
q = q | (Q(first_name__istartswith=search_q) |
Q(last_name__istartswith=search_q))
query = query.filter(q)
return query.extra(select={
'is_private': ('SELECT is_private FROM accounts_profile '
'WHERE accounts_profile.user_id = auth_user.id')
})
def load(self):
self.set_initial({
'first_name': self.user.first_name,
'last_name': self.user.last_name,
'email': self.user.email,
'profile_private': self.profile.is_private,
})
backend = get_enabled_auth_backends()[0]
if not backend.supports_change_name:
del self.fields['first_name']
del self.fields['last_name']
if not backend.supports_change_email:
del self.fields['email']
def account_register(request, next_url='dashboard'):
"""
Handles redirection to the appropriate registration page, depending
on the authentication type the user has configured.
"""
siteconfig = SiteConfiguration.objects.get_current()
auth_backends = get_enabled_auth_backends()
if (auth_backends[0].supports_registration
and siteconfig.get("auth_enable_registration")):
response = register(request,
next_page=reverse(next_url),
form_class=RegistrationForm)
return response
return HttpResponseRedirect(reverse("login"))
def account_register(request, next_url='dashboard'):
"""Display the appropriate registration page.
If registration is enabled and the selected authentication backend supports
creation of users, this will return the appropriate registration page. If
registration is not supported, this will redirect to the login view.
"""
siteconfig = SiteConfiguration.objects.get_current()
auth_backends = get_enabled_auth_backends()
if (auth_backends[0].supports_registration and
siteconfig.get("auth_enable_registration")):
response = register(request, next_page=reverse(next_url),
form_class=RegistrationForm)
return response
return HttpResponseRedirect(reverse("login"))
def clean_old_password(self):
backend = get_enabled_auth_backends()[0]
password = self.cleaned_data['old_password']
try:
is_authenticated = backend.authenticate(self.user.username,
password)
except Exception as e:
logging.error('Error when calling authenticate for auth backend '
'%r: %s',
backend, e, exc_info=1)
raise forms.ValidationError(_('Unexpected error when validating '
'the password. Please contact the '
'administrator.'))
if not is_authenticated:
raise forms.ValidationError(_('This password is incorrect'))
def save(self):
backend = get_enabled_auth_backends()[0]
try:
backend.update_password(self.user, self.cleaned_data['password1'])
self.user.save()
messages.add_message(self.request, messages.INFO,
_('Your password has been changed.'))
except Exception as e:
logging.error('Error when calling update_password for auth '
'backend %r: %s',
backend, e, exc_info=1)
messages.add_message(self.request, messages.INFO,
_('Unexpected error when changing your '
'password. Please contact the '
'administrator.'))
def get_user_from_reviewer(request, reviewer):
for backend in get_enabled_auth_backends():
backend.query_users(reviewer, request)
q = Q(username__icontains=reviewer)
q = q | Q(is_active=True)
users = User.objects.filter(q).all()
# Try exact username match.
for user in users:
if user.username == reviewer:
return user
# Try case insensitive username match.
for user in users:
if user.username.lower() == reviewer.lower():
return user
return None
def account_register(request, next_url='dashboard'):
"""Display the appropriate registration page.
If registration is enabled and the selected authentication backend supports
creation of users, this will return the appropriate registration page. If
registration is not supported, this will redirect to the login view.
"""
siteconfig = SiteConfiguration.objects.get_current()
auth_backends = get_enabled_auth_backends()
if (auth_backends[0].supports_registration
and siteconfig.get("auth_enable_registration")):
response = register(request,
next_page=reverse(next_url),
form_class=RegistrationForm)
return response
return HttpResponseRedirect(reverse("login"))
def get_user_from_reviewer(request, reviewer):
for backend in get_enabled_auth_backends():
backend.query_users(reviewer, request)
q = Q(username__icontains=reviewer)
q = q | Q(is_active=True)
users = User.objects.filter(q).all()
# Try exact username match.
for user in users:
if user.username == reviewer:
return user
# Try case insensitive username match.
for user in users:
if user.username.lower() == reviewer.lower():
return user
return None
def account_register(request, next_url='dashboard'):
"""
Handles redirection to the appropriate registration page, depending
on the authentication type the user has configured.
"""
siteconfig = SiteConfiguration.objects.get_current()
auth_backends = get_enabled_auth_backends()
if (auth_backends[0].supports_registration and
siteconfig.get("auth_enable_registration")):
response = register(request, next_page=reverse(next_url),
form_class=RegistrationForm)
if request.user.is_authenticated():
# This will trigger sending an e-mail notification for
# user registration, if enabled.
user_registered.send(sender=None, user=request.user)
return response
return HttpResponseRedirect(reverse("login"))
def account_register(request, next_url='dashboard'):
"""
Handles redirection to the appropriate registration page, depending
on the authentication type the user has configured.
"""
siteconfig = SiteConfiguration.objects.get_current()
auth_backends = get_enabled_auth_backends()
if (auth_backends[0].supports_registration and
siteconfig.get("auth_enable_registration")):
response = register(request, next_page=reverse(next_url),
form_class=RegistrationForm)
if request.user.is_authenticated():
# This will trigger sending an e-mail notification for
# user registration, if enabled.
user_registered.send(sender=None, user=request.user)
return response
return HttpResponseRedirect(reverse("login"))
def save(self):
backend = get_enabled_auth_backends()[0]
if backend.supports_change_name:
self.user.first_name = self.cleaned_data['first_name']
self.user.last_name = self.cleaned_data['last_name']
backend.update_name(self.user)
if backend.supports_change_email:
new_email = self.cleaned_data['email']
if new_email != self.user.email:
self.user.email = new_email
backend.update_email(self.user)
self.user.save()
self.profile.is_private = self.cleaned_data['profile_private']
self.profile.save()
messages.add_message(self.request, messages.INFO,
_('Your profile has been saved.'))
def save(self):
backend = get_enabled_auth_backends()[0]
try:
backend.update_password(self.user, self.cleaned_data['password1'])
self.user.save()
messages.add_message(self.request, messages.INFO,
_('Your password has been changed.'))
except Exception as e:
logging.error(
'Error when calling update_password for auth '
'backend %r: %s',
backend,
e,
exc_info=1)
messages.add_message(
self.request, messages.INFO,
_('Unexpected error when changing your '
'password. Please contact the '
'administrator.'))
def save(self):
"""Save the form."""
from reviewboard.notifications.email.signal_handlers import \
send_password_changed_mail
backend = get_enabled_auth_backends()[0]
try:
backend.update_password(self.user, self.cleaned_data['password1'])
self.user.save()
messages.add_message(self.request, messages.INFO,
_('Your password has been changed.'))
except Exception as e:
logging.error('Error when calling update_password for auth '
'backend %r: %s',
backend, e, exc_info=1)
messages.add_message(self.request, messages.INFO,
_('Unexpected error when changing your '
'password. Please contact the '
'administrator.'))
else:
send_password_changed_mail(self.user)
def auth_backends(request):
"""Add the enabled authentication backends to the template context."""
return {
'auth_backends': get_enabled_auth_backends(),
}
def update(self, request, local_site=None, *args, **kwargs):
"""Update information on a user.
Users can update their own ``email``, ``first_name``, and ``last_name``
information.
Administrators or those with the ``auth.change_user`` permission can
update those along with ``is_active``. When setting ``is_active`` to
``False``, the user will not be able to log in through standard
credentials or API tokens. (Note that this does not delete their
password or API tokens. It simply blocks the ability to log in.)
.. note::
This API cannot be used on :term:`Local Sites`.
Version Added::
3.0.16
"""
if local_site:
return PERMISSION_DENIED.with_message(
'This API is not available for local sites.')
try:
user = self.get_object(request, *args, **kwargs)
except ObjectDoesNotExist:
return DOES_NOT_EXIST
if not self.has_modify_permissions(request, user):
return self.get_no_access_error(request)
has_global_modify_permissions = \
self.has_global_modify_permissions(request.user)
backend = get_enabled_auth_backends()[0]
updated_fields = set()
invalid_fields = {}
# Validate the fields that the user wants to set.
if 'email' in kwargs:
if backend.supports_change_email:
email = kwargs['email']
try:
validate_email(email)
except ValidationError as e:
invalid_fields['email'] = e.messages
else:
invalid_fields['email'] = [
'The configured auth backend does not allow e-mail '
'addresses to be changed.'
]
if not backend.supports_change_name:
for field in ('first_name', 'last_name'):
if field in kwargs:
invalid_fields[field] = [
'The configured auth backend does not allow names '
'to be changed.'
]
if 'is_active' in kwargs and not has_global_modify_permissions:
invalid_fields['is_active'] = [
'This field can only be set by administrators and users '
'with the auth.change_user permission.'
]
if invalid_fields:
return INVALID_FORM_DATA, {
'fields': invalid_fields,
}
# Set any affected fields.
for field in ('first_name', 'last_name', 'email', 'is_active'):
value = kwargs.get(field)
if value is not None:
old_value = getattr(user, field)
if old_value != value:
setattr(user, field, value)
updated_fields.add(field)
# Notify the auth backend, so any server-side state can be changed.
if updated_fields:
if ('first_name' in updated_fields
or 'last_name' in updated_fields):
try:
backend.update_name(user)
except Exception as e:
logger.exception(
'Error when calling update_name for auth backend '
'%r for user ID %s: %s', backend, user.pk, e)
if 'email' in updated_fields:
try:
backend.update_email(user)
except Exception as e:
logger.exception(
'Error when calling update_email for auth backend '
'%r for user ID %s: %s', backend, user.pk, e)
user.save(update_fields=updated_fields)
return 200, {
self.item_result_key: user,
}
def auth_backends(request):
return {
'auth_backends': get_enabled_auth_backends(),
}
def is_visible(self):
backend = get_enabled_auth_backends()[0]
return backend.supports_change_password
def is_visible(self):
"""Get whether or not the "change password" form should be shown."""
backend = get_enabled_auth_backends()[0]
return backend.supports_change_password
def is_visible(self):
"""Get whether or not the "change password" form should be shown."""
backend = get_enabled_auth_backends()[0]
return backend.supports_change_password
def _get_standard_auth_backend(self):
# The StandardAuthBackend **SHOULD** be the last backend in the list.
backend = get_enabled_auth_backends()[-1]
self.assertIsInstance(backend, StandardAuthBackend)
return backend
def auth_backends(request):
"""Add the enabled authentication backends to the template context."""
return {
'auth_backends': get_enabled_auth_backends(),
}
