Example #1
0
    def create_ldap(self, username, password, user_dn, attrs, cur_user=None):
        """
        Checks if user is in database, if not creates this user marked
        as ldap user

        :param username:
        :param password:
        :param user_dn:
        :param attrs:
        :param cur_user:
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)
        from rhodecode.lib.auth import get_crypt_password
        log.debug('Checking for such ldap account in RhodeCode database')
        if self.get_by_username(username, case_insensitive=True) is None:
            # autogenerate email for container account without one
            generate_email = lambda usr: '******' % usr
            password = get_crypt_password(password)
            firstname = attrs['name']
            lastname = attrs['lastname']
            active = attrs.get('active', True)
            email = attrs['email'] or generate_email(username)

            from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
            user_data = {
                'username': username,
                'password': password,
                'email': email,
                'firstname': firstname,
                'lastname': lastname,
                'active': attrs.get('active', True),
                'admin': False
            }
            # raises UserCreationError if it's not allowed
            check_allowed_create_user(user_data, cur_user)

            try:
                new_user = User()
                username = username.lower()
                # add ldap account always lowercase
                new_user.username = username
                new_user.password = password
                new_user.api_key = generate_api_key(username)
                new_user.email = email
                new_user.active = active
                new_user.ldap_dn = safe_unicode(user_dn)
                new_user.name = firstname
                new_user.lastname = lastname
                self.sa.add(new_user)

                log_create_user(new_user.get_dict(), cur_user)
                return new_user
            except (DatabaseError, ):
                log.error(traceback.format_exc())
                self.sa.rollback()
                raise
        log.debug('this %s user exists skipping creation of ldap account',
                  username)
        return None
Example #2
0
    def create(self, form_data, cur_user=None):
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)

        user_data = {
            'username': form_data['username'],
            'password': form_data['password'],
            'email': form_data['email'],
            'firstname': form_data['firstname'],
            'lastname': form_data['lastname'],
            'active': form_data['active'],
            'extern_type': form_data['extern_type'],
            'extern_name': form_data['extern_name'],
            'admin': False,
            'cur_user': cur_user
        }

        try:
            if form_data.get('create_repo_group'):
                user_data['create_repo_group'] = True
            if form_data.get('password_change'):
                user_data['force_password_change'] = True

            return UserModel().create_or_update(**user_data)
        except Exception:
            log.error(traceback.format_exc())
            raise
Example #3
0
    def delete(self, user, cur_user=None):
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), "username", None)
        user = self._get_user(user)

        try:
            if user.username == "default":
                raise DefaultUserException(
                    _(u"You can't remove this user since it's" " crucial for entire application")
                )
            if user.repositories:
                repos = [x.repo_name for x in user.repositories]
                raise UserOwnsReposException(
                    _(
                        u'user "%s" still owns %s repositories and cannot be '
                        "removed. Switch owners or remove those repositories. %s"
                    )
                    % (user.username, len(repos), ", ".join(repos))
                )
            self.sa.delete(user)

            from rhodecode.lib.hooks import log_delete_user

            log_delete_user(user.get_dict(), cur_user)
        except Exception:
            log.error(traceback.format_exc())
            raise
Example #4
0
def action_logger(user, action, repo, ipaddr='', sa=None, commit=False):
    """
    Action logger for various actions made by users

    :param user: user that made this action, can be a unique username string or
        object containing user_id attribute
    :param action: action to log, should be on of predefined unique actions for
        easy translations
    :param repo: string name of repository or object containing repo_id,
        that action was made on
    :param ipaddr: optional ip address from what the action was made
    :param sa: optional sqlalchemy session

    """

    if not sa:
        sa = meta.Session()
    # if we don't get explicit IP address try to get one from registered user
    # in tmpl context var
    if not ipaddr:
        ipaddr = getattr(get_current_rhodecode_user(), 'ip_addr', '')

    try:
        if getattr(user, 'user_id', None):
            user_obj = User.get(user.user_id)
        elif isinstance(user, basestring):
            user_obj = User.get_by_username(user)
        else:
            raise Exception('You have to provide a user object or a username')

        if getattr(repo, 'repo_id', None):
            repo_obj = Repository.get(repo.repo_id)
            repo_name = repo_obj.repo_name
        elif isinstance(repo, basestring):
            repo_name = repo.lstrip('/')
            repo_obj = Repository.get_by_repo_name(repo_name)
        else:
            repo_obj = None
            repo_name = ''

        user_log = UserLog()
        user_log.user_id = user_obj.user_id
        user_log.username = user_obj.username
        action = safe_unicode(action)
        user_log.action = action[:1200000]

        user_log.repository = repo_obj
        user_log.repository_name = repo_name

        user_log.action_date = datetime.datetime.now()
        user_log.user_ip = ipaddr
        sa.add(user_log)

        log.info('Logging action:`%s` on repo:`%s` by user:%s ip:%s', action,
                 safe_unicode(repo), user_obj, ipaddr)
        if commit:
            sa.commit()
    except Exception:
        log.error(traceback.format_exc())
        raise
Example #5
0
def action_logger(user, action, repo, ipaddr='', sa=None, commit=False):
    """
    Action logger for various actions made by users

    :param user: user that made this action, can be a unique username string or
        object containing user_id attribute
    :param action: action to log, should be on of predefined unique actions for
        easy translations
    :param repo: string name of repository or object containing repo_id,
        that action was made on
    :param ipaddr: optional ip address from what the action was made
    :param sa: optional sqlalchemy session

    """

    if not sa:
        sa = meta.Session()
    # if we don't get explicit IP address try to get one from registered user
    # in tmpl context var
    if not ipaddr:
        ipaddr = getattr(get_current_rhodecode_user(), 'ip_addr', '')

    try:
        if hasattr(user, 'user_id'):
            user_obj = User.get(user.user_id)
        elif isinstance(user, basestring):
            user_obj = User.get_by_username(user)
        else:
            raise Exception('You have to provide a user object or a username')

        if hasattr(repo, 'repo_id'):
            repo_obj = Repository.get(repo.repo_id)
            repo_name = repo_obj.repo_name
        elif isinstance(repo, basestring):
            repo_name = repo.lstrip('/')
            repo_obj = Repository.get_by_repo_name(repo_name)
        else:
            repo_obj = None
            repo_name = ''

        user_log = UserLog()
        user_log.user_id = user_obj.user_id
        user_log.username = user_obj.username
        user_log.action = safe_unicode(action)

        user_log.repository = repo_obj
        user_log.repository_name = repo_name

        user_log.action_date = datetime.datetime.now()
        user_log.user_ip = ipaddr
        sa.add(user_log)

        log.info('Logging action:%s on %s by user:%s ip:%s' %
                 (action, safe_unicode(repo), user_obj, ipaddr))
        if commit:
            sa.commit()
    except Exception:
        log.error(traceback.format_exc())
        raise
Example #6
0
    def create_for_container_auth(self, username, attrs, cur_user=None):
        """
        Creates the given user if it's not already in the database

        :param username:
        :param attrs:
        :param cur_user:
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)
        if self.get_by_username(username, case_insensitive=True) is None:
            # autogenerate email for container account without one
            generate_email = lambda usr: '******' % usr
            firstname = attrs['name']
            lastname = attrs['lastname']
            active = attrs.get('active', True)
            email = attrs['email'] or generate_email(username)

            from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
            user_data = {
                'username': username,
                'password': None,
                'email': email,
                'firstname': firstname,
                'lastname': lastname,
                'active': attrs.get('active', True),
                'admin': False
            }
            # raises UserCreationError if it's not allowed
            check_allowed_create_user(user_data, cur_user)

            try:
                new_user = User()
                new_user.username = username
                new_user.password = None
                new_user.api_key = generate_api_key(username)
                new_user.email = email
                new_user.active = active
                new_user.name = firstname
                new_user.lastname = lastname

                self.sa.add(new_user)
                log_create_user(new_user.get_dict(), cur_user)
                return new_user
            except (DatabaseError, ):
                log.error(traceback.format_exc())
                self.sa.rollback()
                raise
        log.debug(
            'User %s already exists. Skipping creation of account'
            ' for container auth.', username)
        return None
Example #7
0
    def create_for_container_auth(self, username, attrs, cur_user=None):
        """
        Creates the given user if it's not already in the database

        :param username:
        :param attrs:
        :param cur_user:
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), "username", None)
        if self.get_by_username(username, case_insensitive=True) is None:
            # autogenerate email for container account without one
            generate_email = lambda usr: "******" % usr
            firstname = attrs["name"]
            lastname = attrs["lastname"]
            active = attrs.get("active", True)
            email = attrs["email"] or generate_email(username)

            from rhodecode.lib.hooks import log_create_user, check_allowed_create_user

            user_data = {
                "username": username,
                "password": None,
                "email": email,
                "firstname": firstname,
                "lastname": lastname,
                "active": attrs.get("active", True),
                "admin": False,
            }
            # raises UserCreationError if it's not allowed
            check_allowed_create_user(user_data, cur_user)

            try:
                new_user = User()
                new_user.username = username
                new_user.password = None
                new_user.api_key = generate_api_key(username)
                new_user.email = email
                new_user.active = active
                new_user.name = firstname
                new_user.lastname = lastname

                self.sa.add(new_user)
                log_create_user(new_user.get_dict(), cur_user)
                return new_user
            except (DatabaseError,):
                log.error(traceback.format_exc())
                self.sa.rollback()
                raise
        log.debug("User %s already exists. Skipping creation of account" " for container auth.", username)
        return None
Example #8
0
    def _log_user_changes(self, action, user_group, user_or_users):
        users = user_or_users
        if not isinstance(users, (list, tuple)):
            users = [users]
        rhodecode_user = get_current_rhodecode_user()
        ipaddr = getattr(rhodecode_user, 'ip_addr', '')
        group_name = user_group.users_group_name

        for user_or_user_id in users:
            user = self._get_user(user_or_user_id)
            log_text = 'User {user} {action} {group}'.format(
                action=action, user=user.username, group=group_name)
            log.info('Logging action: {0} by {1} ip:{2}'.format(
                log_text, rhodecode_user, ipaddr))
Example #9
0
    def delete(self, user, cur_user=None, handle_repos=None,
               handle_repo_groups=None, handle_user_groups=None):
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)
        user = self._get_user(user)

        try:
            if user.username == User.DEFAULT_USER:
                raise DefaultUserException(
                    _(u"You can't remove this user since it's"
                      u" crucial for entire application"))

            left_overs = self._handle_user_repos(
                user.username, user.repositories, handle_repos)
            if left_overs and user.repositories:
                repos = [x.repo_name for x in user.repositories]
                raise UserOwnsReposException(
                    _(u'user "%s" still owns %s repositories and cannot be '
                      u'removed. Switch owners or remove those repositories:%s')
                    % (user.username, len(repos), ', '.join(repos)))

            left_overs = self._handle_user_repo_groups(
                user.username, user.repository_groups, handle_repo_groups)
            if left_overs and user.repository_groups:
                repo_groups = [x.group_name for x in user.repository_groups]
                raise UserOwnsRepoGroupsException(
                    _(u'user "%s" still owns %s repository groups and cannot be '
                      u'removed. Switch owners or remove those repository groups:%s')
                    % (user.username, len(repo_groups), ', '.join(repo_groups)))

            left_overs = self._handle_user_user_groups(
                user.username, user.user_groups, handle_user_groups)
            if left_overs and user.user_groups:
                user_groups = [x.users_group_name for x in user.user_groups]
                raise UserOwnsUserGroupsException(
                    _(u'user "%s" still owns %s user groups and cannot be '
                      u'removed. Switch owners or remove those user groups:%s')
                    % (user.username, len(user_groups), ', '.join(user_groups)))

            # we might change the user data with detach/delete, make sure
            # the object is marked as expired before actually deleting !
            self.sa.expire(user)
            self.sa.delete(user)
            from rhodecode.lib.hooks_base import log_delete_user
            log_delete_user(deleted_by=cur_user, **user.get_dict())
        except Exception:
            log.error(traceback.format_exc())
            raise
Example #10
0
    def delete(self, repo, forks=None, fs_remove=True, cur_user=None):
        """
        Delete given repository, forks parameter defines what do do with
        attached forks. Throws AttachedForksError if deleted repo has attached
        forks

        :param repo:
        :param forks: str 'delete' or 'detach'
        :param fs_remove: remove(archive) repo from filesystem
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)
        repo = self._get_repo(repo)
        if repo:
            if forks == 'detach':
                for r in repo.forks:
                    r.fork = None
                    self.sa.add(r)
            elif forks == 'delete':
                for r in repo.forks:
                    self.delete(r, forks='delete')
            elif [f for f in repo.forks]:
                raise AttachedForksError()

            old_repo_dict = repo.get_dict()
            try:
                self.sa.delete(repo)
                if fs_remove:
                    self._delete_filesystem_repo(repo)
                else:
                    log.debug('skipping removal from filesystem')
                old_repo_dict.update({
                    'deleted_by': cur_user,
                    'deleted_on': time.time(),
                })
                log_delete_repository(**old_repo_dict)
            except Exception:
                log.error(traceback.format_exc())
                raise
Example #11
0
    def create(self, form_data, cur_user=None):
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), "username", None)

        from rhodecode.lib.hooks import log_create_user, check_allowed_create_user

        _fd = form_data
        user_data = {
            "username": _fd["username"],
            "password": _fd["password"],
            "email": _fd["email"],
            "firstname": _fd["firstname"],
            "lastname": _fd["lastname"],
            "active": _fd["active"],
            "admin": False,
        }
        # raises UserCreationError if it's not allowed
        check_allowed_create_user(user_data, cur_user)

        from rhodecode.lib.auth import get_crypt_password

        try:
            new_user = User()
            for k, v in form_data.items():
                if k == "password":
                    v = get_crypt_password(v)
                if k == "firstname":
                    k = "name"
                setattr(new_user, k, v)

            new_user.api_key = generate_api_key(form_data["username"])
            self.sa.add(new_user)

            log_create_user(new_user.get_dict(), cur_user)
            return new_user
        except Exception:
            log.error(traceback.format_exc())
            raise
Example #12
0
    def delete(self, user, cur_user=None):
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)
        user = self._get_user(user)

        try:
            if user.username == 'default':
                raise DefaultUserException(
                    _(u"You can't remove this user since it's"
                      " crucial for entire application"))
            if user.repositories:
                repos = [x.repo_name for x in user.repositories]
                raise UserOwnsReposException(
                    _(u'user "%s" still owns %s repositories and cannot be '
                      'removed. Switch owners or remove those repositories. %s'
                      ) % (user.username, len(repos), ', '.join(repos)))
            self.sa.delete(user)

            from rhodecode.lib.hooks import log_delete_user
            log_delete_user(user.get_dict(), cur_user)
        except Exception:
            log.error(traceback.format_exc())
            raise
Example #13
0
    def delete(self, repo, forks=None, fs_remove=True, cur_user=None):
        """
        Delete given repository, forks parameter defines what do do with
        attached forks. Throws AttachedForksError if deleted repo has attached
        forks

        :param repo:
        :param forks: str 'delete' or 'detach'
        :param fs_remove: remove(archive) repo from filesystem
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)
        repo = self._get_repo(repo)
        if repo:
            if forks == 'detach':
                for r in repo.forks:
                    r.fork = None
                    self.sa.add(r)
            elif forks == 'delete':
                for r in repo.forks:
                    self.delete(r, forks='delete')
            elif [f for f in repo.forks]:
                raise AttachedForksError()

            old_repo_dict = repo.get_dict()
            owner = repo.user
            try:
                self.sa.delete(repo)
                if fs_remove:
                    self.__delete_repo(repo)
                else:
                    log.debug('skipping removal from filesystem')
                log_delete_repository(old_repo_dict,
                                      deleted_by=cur_user)
            except Exception:
                log.error(traceback.format_exc())
                raise
Example #14
0
    def create(self, form_data, cur_user=None):
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)

        from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
        _fd = form_data
        user_data = {
            'username': _fd['username'],
            'password': _fd['password'],
            'email': _fd['email'],
            'firstname': _fd['firstname'],
            'lastname': _fd['lastname'],
            'active': _fd['active'],
            'admin': False
        }
        # raises UserCreationError if it's not allowed
        check_allowed_create_user(user_data, cur_user)

        from rhodecode.lib.auth import get_crypt_password
        try:
            new_user = User()
            for k, v in form_data.items():
                if k == 'password':
                    v = get_crypt_password(v)
                if k == 'firstname':
                    k = 'name'
                setattr(new_user, k, v)

            new_user.api_key = generate_api_key(form_data['username'])
            self.sa.add(new_user)

            log_create_user(new_user.get_dict(), cur_user)
            return new_user
        except Exception:
            log.error(traceback.format_exc())
            raise
Example #15
0
    def get_accounts_in_creation_order(self, current_user=None):
        """
        Get accounts in order of creation for deactivation for license limits

        pick currently logged in user, and append to the list in position 0
        pick all super-admins in order of creation date and add it to the list
        pick all other accounts in order of creation and add it to the list.

        Based on that list, the last accounts can be disabled as they are
        created at the end and don't include any of the super admins as well
        as the current user.

        :param current_user: optionally current user running this operation
        """

        if not current_user:
            current_user = get_current_rhodecode_user()
        active_super_admins = [
            x.user_id for x in User.query()
            .filter(User.user_id != current_user.user_id)
            .filter(User.active == true())
            .filter(User.admin == true())
            .order_by(User.created_on.asc())]

        active_regular_users = [
            x.user_id for x in User.query()
            .filter(User.user_id != current_user.user_id)
            .filter(User.active == true())
            .filter(User.admin == false())
            .order_by(User.created_on.asc())]

        list_of_accounts = [current_user.user_id]
        list_of_accounts += active_super_admins
        list_of_accounts += active_regular_users

        return list_of_accounts
Example #16
0
    def create_or_update(
            self, username, password, email, firstname='', lastname='',
            active=True, admin=False, extern_type=None, extern_name=None,
            cur_user=None, plugin=None, force_password_change=False,
            allow_to_create_user=True, create_repo_group=False,
            updating_user_id=None, language=None, strict_creation_check=True):
        """
        Creates a new instance if not found, or updates current one

        :param username:
        :param password:
        :param email:
        :param firstname:
        :param lastname:
        :param active:
        :param admin:
        :param extern_type:
        :param extern_name:
        :param cur_user:
        :param plugin: optional plugin this method was called from
        :param force_password_change: toggles new or existing user flag
            for password change
        :param allow_to_create_user: Defines if the method can actually create
            new users
        :param create_repo_group: Defines if the method should also
            create an repo group with user name, and owner
        :param updating_user_id: if we set it up this is the user we want to
            update this allows to editing username.
        :param language: language of user from interface.

        :returns: new User object with injected `is_new_user` attribute.
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)

        from rhodecode.lib.auth import (
            get_crypt_password, check_password, generate_auth_token)
        from rhodecode.lib.hooks_base import (
            log_create_user, check_allowed_create_user)

        def _password_change(new_user, password):
            # empty password
            if not new_user.password:
                return False

            # password check is only needed for RhodeCode internal auth calls
            # in case it's a plugin we don't care
            if not plugin:

                # first check if we gave crypted password back, and if it matches
                # it's not password change
                if new_user.password == password:
                    return False

                password_match = check_password(password, new_user.password)
                if not password_match:
                    return True

            return False

        user_data = {
            'username': username,
            'password': password,
            'email': email,
            'firstname': firstname,
            'lastname': lastname,
            'active': active,
            'admin': admin
        }

        if updating_user_id:
            log.debug('Checking for existing account in RhodeCode '
                      'database with user_id `%s` ' % (updating_user_id,))
            user = User.get(updating_user_id)
        else:
            log.debug('Checking for existing account in RhodeCode '
                      'database with username `%s` ' % (username,))
            user = User.get_by_username(username, case_insensitive=True)

        if user is None:
            # we check internal flag if this method is actually allowed to
            # create new user
            if not allow_to_create_user:
                msg = ('Method wants to create new user, but it is not '
                       'allowed to do so')
                log.warning(msg)
                raise NotAllowedToCreateUserError(msg)

            log.debug('Creating new user %s', username)

            # only if we create user that is active
            new_active_user = active
            if new_active_user and strict_creation_check:
                # raises UserCreationError if it's not allowed for any reason to
                # create new active user, this also executes pre-create hooks
                check_allowed_create_user(user_data, cur_user, strict_check=True)
            self.send_event(UserPreCreate(user_data))
            new_user = User()
            edit = False
        else:
            log.debug('updating user %s', username)
            self.send_event(UserPreUpdate(user, user_data))
            new_user = user
            edit = True

            # we're not allowed to edit default user
            if user.username == User.DEFAULT_USER:
                raise DefaultUserException(
                    _("You can't edit this user (`%(username)s`) since it's "
                      "crucial for entire application") % {'username': user.username})

        # inject special attribute that will tell us if User is new or old
        new_user.is_new_user = not edit
        # for users that didn's specify auth type, we use RhodeCode built in
        from rhodecode.authentication.plugins import auth_rhodecode
        extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.name
        extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.name

        try:
            new_user.username = username
            new_user.admin = admin
            new_user.email = email
            new_user.active = active
            new_user.extern_name = safe_unicode(extern_name)
            new_user.extern_type = safe_unicode(extern_type)
            new_user.name = firstname
            new_user.lastname = lastname

            if not edit:
                new_user.api_key = generate_auth_token(username)

            # set password only if creating an user or password is changed
            if not edit or _password_change(new_user, password):
                reason = 'new password' if edit else 'new user'
                log.debug('Updating password reason=>%s', reason)
                new_user.password = get_crypt_password(password) if password else None

            if force_password_change:
                new_user.update_userdata(force_password_change=True)
            if language:
                new_user.update_userdata(language=language)

            self.sa.add(new_user)

            if not edit and create_repo_group:
                # create new group same as username, and make this user an owner
                desc = RepoGroupModel.PERSONAL_GROUP_DESC % {'username': username}
                RepoGroupModel().create(group_name=username,
                                        group_description=desc,
                                        owner=username, commit_early=False)
            if not edit:
                # add the RSS token
                AuthTokenModel().create(username,
                                        description='Generated feed token',
                                        role=AuthTokenModel.cls.ROLE_FEED)
                log_create_user(created_by=cur_user, **new_user.get_dict())
            return new_user
        except (DatabaseError,):
            log.error(traceback.format_exc())
            raise
Example #17
0
    def create_or_update(self,
                         username,
                         password,
                         email,
                         firstname='',
                         lastname='',
                         active=True,
                         admin=False,
                         ldap_dn=None,
                         cur_user=None):
        """
        Creates a new instance if not found, or updates current one

        :param username:
        :param password:
        :param email:
        :param active:
        :param firstname:
        :param lastname:
        :param active:
        :param admin:
        :param ldap_dn:
        :param cur_user:
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)

        from rhodecode.lib.auth import get_crypt_password
        from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
        user_data = {
            'username': username,
            'password': password,
            'email': email,
            'firstname': firstname,
            'lastname': lastname,
            'active': active,
            'admin': admin
        }
        # raises UserCreationError if it's not allowed
        check_allowed_create_user(user_data, cur_user)

        log.debug('Checking for %s account in RhodeCode database' % username)
        user = User.get_by_username(username, case_insensitive=True)
        if user is None:
            log.debug('creating new user %s' % username)
            new_user = User()
            edit = False
        else:
            log.debug('updating user %s' % username)
            new_user = user
            edit = True

        try:
            new_user.username = username
            new_user.admin = admin
            # set password only if creating an user or password is changed
            if not edit or user.password != password:
                new_user.password = get_crypt_password(
                    password) if password else None
                new_user.api_key = generate_api_key(username)
            new_user.email = email
            new_user.active = active
            new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
            new_user.name = firstname
            new_user.lastname = lastname
            self.sa.add(new_user)

            if not edit:
                log_create_user(new_user.get_dict(), cur_user)
            return new_user
        except (DatabaseError, ):
            log.error(traceback.format_exc())
            raise
Example #18
0
    def create_ldap(self, username, password, user_dn, attrs, cur_user=None):
        """
        Checks if user is in database, if not creates this user marked
        as ldap user

        :param username:
        :param password:
        :param user_dn:
        :param attrs:
        :param cur_user:
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), "username", None)
        from rhodecode.lib.auth import get_crypt_password

        log.debug("Checking for such ldap account in RhodeCode database")
        if self.get_by_username(username, case_insensitive=True) is None:
            # autogenerate email for container account without one
            generate_email = lambda usr: "******" % usr
            password = get_crypt_password(password)
            firstname = attrs["name"]
            lastname = attrs["lastname"]
            active = attrs.get("active", True)
            email = attrs["email"] or generate_email(username)

            from rhodecode.lib.hooks import log_create_user, check_allowed_create_user

            user_data = {
                "username": username,
                "password": password,
                "email": email,
                "firstname": firstname,
                "lastname": lastname,
                "active": attrs.get("active", True),
                "admin": False,
            }
            # raises UserCreationError if it's not allowed
            check_allowed_create_user(user_data, cur_user)

            try:
                new_user = User()
                username = username.lower()
                # add ldap account always lowercase
                new_user.username = username
                new_user.password = password
                new_user.api_key = generate_api_key(username)
                new_user.email = email
                new_user.active = active
                new_user.ldap_dn = safe_unicode(user_dn)
                new_user.name = firstname
                new_user.lastname = lastname
                self.sa.add(new_user)

                log_create_user(new_user.get_dict(), cur_user)
                return new_user
            except (DatabaseError,):
                log.error(traceback.format_exc())
                self.sa.rollback()
                raise
        log.debug("this %s user exists skipping creation of ldap account", username)
        return None
Example #19
0
    def create_or_update(
        self,
        username,
        password,
        email,
        firstname="",
        lastname="",
        active=True,
        admin=False,
        ldap_dn=None,
        cur_user=None,
    ):
        """
        Creates a new instance if not found, or updates current one

        :param username:
        :param password:
        :param email:
        :param active:
        :param firstname:
        :param lastname:
        :param active:
        :param admin:
        :param ldap_dn:
        :param cur_user:
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), "username", None)

        from rhodecode.lib.auth import get_crypt_password
        from rhodecode.lib.hooks import log_create_user, check_allowed_create_user

        user_data = {
            "username": username,
            "password": password,
            "email": email,
            "firstname": firstname,
            "lastname": lastname,
            "active": active,
            "admin": admin,
        }
        # raises UserCreationError if it's not allowed
        check_allowed_create_user(user_data, cur_user)

        log.debug("Checking for %s account in RhodeCode database" % username)
        user = User.get_by_username(username, case_insensitive=True)
        if user is None:
            log.debug("creating new user %s" % username)
            new_user = User()
            edit = False
        else:
            log.debug("updating user %s" % username)
            new_user = user
            edit = True

        try:
            new_user.username = username
            new_user.admin = admin
            # set password only if creating an user or password is changed
            if not edit or user.password != password:
                new_user.password = get_crypt_password(password) if password else None
                new_user.api_key = generate_api_key(username)
            new_user.email = email
            new_user.active = active
            new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
            new_user.name = firstname
            new_user.lastname = lastname
            self.sa.add(new_user)

            if not edit:
                log_create_user(new_user.get_dict(), cur_user)
            return new_user
        except (DatabaseError,):
            log.error(traceback.format_exc())
            raise