def create_ldap(self, username, password, user_dn, attrs, cur_user=None): """ Checks if user is in database, if not creates this user marked as ldap user :param username: :param password: :param user_dn: :param attrs: :param cur_user: """ if not cur_user: cur_user = getattr(get_current_rhodecode_user(), 'username', None) from rhodecode.lib.auth import get_crypt_password log.debug('Checking for such ldap account in RhodeCode database') if self.get_by_username(username, case_insensitive=True) is None: # autogenerate email for container account without one generate_email = lambda usr: '******' % usr password = get_crypt_password(password) firstname = attrs['name'] lastname = attrs['lastname'] active = attrs.get('active', True) email = attrs['email'] or generate_email(username) from rhodecode.lib.hooks import log_create_user, check_allowed_create_user user_data = { 'username': username, 'password': password, 'email': email, 'firstname': firstname, 'lastname': lastname, 'active': attrs.get('active', True), 'admin': False } # raises UserCreationError if it's not allowed check_allowed_create_user(user_data, cur_user) try: new_user = User() username = username.lower() # add ldap account always lowercase new_user.username = username new_user.password = password new_user.api_key = generate_api_key(username) new_user.email = email new_user.active = active new_user.ldap_dn = safe_unicode(user_dn) new_user.name = firstname new_user.lastname = lastname self.sa.add(new_user) log_create_user(new_user.get_dict(), cur_user) return new_user except (DatabaseError, ): log.error(traceback.format_exc()) self.sa.rollback() raise log.debug('this %s user exists skipping creation of ldap account', username) return None
def create_for_container_auth(self, username, attrs, cur_user=None): """ Creates the given user if it's not already in the database :param username: :param attrs: :param cur_user: """ if not cur_user: cur_user = getattr(get_current_rhodecode_user(), 'username', None) if self.get_by_username(username, case_insensitive=True) is None: # autogenerate email for container account without one generate_email = lambda usr: '******' % usr firstname = attrs['name'] lastname = attrs['lastname'] active = attrs.get('active', True) email = attrs['email'] or generate_email(username) from rhodecode.lib.hooks import log_create_user, check_allowed_create_user user_data = { 'username': username, 'password': None, 'email': email, 'firstname': firstname, 'lastname': lastname, 'active': attrs.get('active', True), 'admin': False } # raises UserCreationError if it's not allowed check_allowed_create_user(user_data, cur_user) try: new_user = User() new_user.username = username new_user.password = None new_user.api_key = generate_api_key(username) new_user.email = email new_user.active = active new_user.name = firstname new_user.lastname = lastname self.sa.add(new_user) log_create_user(new_user.get_dict(), cur_user) return new_user except (DatabaseError, ): log.error(traceback.format_exc()) self.sa.rollback() raise log.debug( 'User %s already exists. Skipping creation of account' ' for container auth.', username) return None
def create_for_container_auth(self, username, attrs, cur_user=None): """ Creates the given user if it's not already in the database :param username: :param attrs: :param cur_user: """ if not cur_user: cur_user = getattr(get_current_rhodecode_user(), "username", None) if self.get_by_username(username, case_insensitive=True) is None: # autogenerate email for container account without one generate_email = lambda usr: "******" % usr firstname = attrs["name"] lastname = attrs["lastname"] active = attrs.get("active", True) email = attrs["email"] or generate_email(username) from rhodecode.lib.hooks import log_create_user, check_allowed_create_user user_data = { "username": username, "password": None, "email": email, "firstname": firstname, "lastname": lastname, "active": attrs.get("active", True), "admin": False, } # raises UserCreationError if it's not allowed check_allowed_create_user(user_data, cur_user) try: new_user = User() new_user.username = username new_user.password = None new_user.api_key = generate_api_key(username) new_user.email = email new_user.active = active new_user.name = firstname new_user.lastname = lastname self.sa.add(new_user) log_create_user(new_user.get_dict(), cur_user) return new_user except (DatabaseError,): log.error(traceback.format_exc()) self.sa.rollback() raise log.debug("User %s already exists. Skipping creation of account" " for container auth.", username) return None
def create(self, form_data, cur_user=None): if not cur_user: cur_user = getattr(get_current_rhodecode_user(), "username", None) from rhodecode.lib.hooks import log_create_user, check_allowed_create_user _fd = form_data user_data = { "username": _fd["username"], "password": _fd["password"], "email": _fd["email"], "firstname": _fd["firstname"], "lastname": _fd["lastname"], "active": _fd["active"], "admin": False, } # raises UserCreationError if it's not allowed check_allowed_create_user(user_data, cur_user) from rhodecode.lib.auth import get_crypt_password try: new_user = User() for k, v in form_data.items(): if k == "password": v = get_crypt_password(v) if k == "firstname": k = "name" setattr(new_user, k, v) new_user.api_key = generate_api_key(form_data["username"]) self.sa.add(new_user) log_create_user(new_user.get_dict(), cur_user) return new_user except Exception: log.error(traceback.format_exc()) raise
def create(self, form_data, cur_user=None): if not cur_user: cur_user = getattr(get_current_rhodecode_user(), 'username', None) from rhodecode.lib.hooks import log_create_user, check_allowed_create_user _fd = form_data user_data = { 'username': _fd['username'], 'password': _fd['password'], 'email': _fd['email'], 'firstname': _fd['firstname'], 'lastname': _fd['lastname'], 'active': _fd['active'], 'admin': False } # raises UserCreationError if it's not allowed check_allowed_create_user(user_data, cur_user) from rhodecode.lib.auth import get_crypt_password try: new_user = User() for k, v in form_data.items(): if k == 'password': v = get_crypt_password(v) if k == 'firstname': k = 'name' setattr(new_user, k, v) new_user.api_key = generate_api_key(form_data['username']) self.sa.add(new_user) log_create_user(new_user.get_dict(), cur_user) return new_user except Exception: log.error(traceback.format_exc()) raise
def create_ldap(self, username, password, user_dn, attrs, cur_user=None): """ Checks if user is in database, if not creates this user marked as ldap user :param username: :param password: :param user_dn: :param attrs: :param cur_user: """ if not cur_user: cur_user = getattr(get_current_rhodecode_user(), "username", None) from rhodecode.lib.auth import get_crypt_password log.debug("Checking for such ldap account in RhodeCode database") if self.get_by_username(username, case_insensitive=True) is None: # autogenerate email for container account without one generate_email = lambda usr: "******" % usr password = get_crypt_password(password) firstname = attrs["name"] lastname = attrs["lastname"] active = attrs.get("active", True) email = attrs["email"] or generate_email(username) from rhodecode.lib.hooks import log_create_user, check_allowed_create_user user_data = { "username": username, "password": password, "email": email, "firstname": firstname, "lastname": lastname, "active": attrs.get("active", True), "admin": False, } # raises UserCreationError if it's not allowed check_allowed_create_user(user_data, cur_user) try: new_user = User() username = username.lower() # add ldap account always lowercase new_user.username = username new_user.password = password new_user.api_key = generate_api_key(username) new_user.email = email new_user.active = active new_user.ldap_dn = safe_unicode(user_dn) new_user.name = firstname new_user.lastname = lastname self.sa.add(new_user) log_create_user(new_user.get_dict(), cur_user) return new_user except (DatabaseError,): log.error(traceback.format_exc()) self.sa.rollback() raise log.debug("this %s user exists skipping creation of ldap account", username) return None
def create_or_update( self, username, password, email, firstname="", lastname="", active=True, admin=False, ldap_dn=None, cur_user=None, ): """ Creates a new instance if not found, or updates current one :param username: :param password: :param email: :param active: :param firstname: :param lastname: :param active: :param admin: :param ldap_dn: :param cur_user: """ if not cur_user: cur_user = getattr(get_current_rhodecode_user(), "username", None) from rhodecode.lib.auth import get_crypt_password from rhodecode.lib.hooks import log_create_user, check_allowed_create_user user_data = { "username": username, "password": password, "email": email, "firstname": firstname, "lastname": lastname, "active": active, "admin": admin, } # raises UserCreationError if it's not allowed check_allowed_create_user(user_data, cur_user) log.debug("Checking for %s account in RhodeCode database" % username) user = User.get_by_username(username, case_insensitive=True) if user is None: log.debug("creating new user %s" % username) new_user = User() edit = False else: log.debug("updating user %s" % username) new_user = user edit = True try: new_user.username = username new_user.admin = admin # set password only if creating an user or password is changed if not edit or user.password != password: new_user.password = get_crypt_password(password) if password else None new_user.api_key = generate_api_key(username) new_user.email = email new_user.active = active new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None new_user.name = firstname new_user.lastname = lastname self.sa.add(new_user) if not edit: log_create_user(new_user.get_dict(), cur_user) return new_user except (DatabaseError,): log.error(traceback.format_exc()) raise
def create_or_update( self, username, password, email, firstname='', lastname='', active=True, admin=False, extern_type=None, extern_name=None, cur_user=None, plugin=None, force_password_change=False, allow_to_create_user=True, create_repo_group=False, updating_user_id=None, language=None, strict_creation_check=True): """ Creates a new instance if not found, or updates current one :param username: :param password: :param email: :param firstname: :param lastname: :param active: :param admin: :param extern_type: :param extern_name: :param cur_user: :param plugin: optional plugin this method was called from :param force_password_change: toggles new or existing user flag for password change :param allow_to_create_user: Defines if the method can actually create new users :param create_repo_group: Defines if the method should also create an repo group with user name, and owner :param updating_user_id: if we set it up this is the user we want to update this allows to editing username. :param language: language of user from interface. :returns: new User object with injected `is_new_user` attribute. """ if not cur_user: cur_user = getattr(get_current_rhodecode_user(), 'username', None) from rhodecode.lib.auth import ( get_crypt_password, check_password, generate_auth_token) from rhodecode.lib.hooks_base import ( log_create_user, check_allowed_create_user) def _password_change(new_user, password): # empty password if not new_user.password: return False # password check is only needed for RhodeCode internal auth calls # in case it's a plugin we don't care if not plugin: # first check if we gave crypted password back, and if it matches # it's not password change if new_user.password == password: return False password_match = check_password(password, new_user.password) if not password_match: return True return False user_data = { 'username': username, 'password': password, 'email': email, 'firstname': firstname, 'lastname': lastname, 'active': active, 'admin': admin } if updating_user_id: log.debug('Checking for existing account in RhodeCode ' 'database with user_id `%s` ' % (updating_user_id,)) user = User.get(updating_user_id) else: log.debug('Checking for existing account in RhodeCode ' 'database with username `%s` ' % (username,)) user = User.get_by_username(username, case_insensitive=True) if user is None: # we check internal flag if this method is actually allowed to # create new user if not allow_to_create_user: msg = ('Method wants to create new user, but it is not ' 'allowed to do so') log.warning(msg) raise NotAllowedToCreateUserError(msg) log.debug('Creating new user %s', username) # only if we create user that is active new_active_user = active if new_active_user and strict_creation_check: # raises UserCreationError if it's not allowed for any reason to # create new active user, this also executes pre-create hooks check_allowed_create_user(user_data, cur_user, strict_check=True) self.send_event(UserPreCreate(user_data)) new_user = User() edit = False else: log.debug('updating user %s', username) self.send_event(UserPreUpdate(user, user_data)) new_user = user edit = True # we're not allowed to edit default user if user.username == User.DEFAULT_USER: raise DefaultUserException( _("You can't edit this user (`%(username)s`) since it's " "crucial for entire application") % {'username': user.username}) # inject special attribute that will tell us if User is new or old new_user.is_new_user = not edit # for users that didn's specify auth type, we use RhodeCode built in from rhodecode.authentication.plugins import auth_rhodecode extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.name extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.name try: new_user.username = username new_user.admin = admin new_user.email = email new_user.active = active new_user.extern_name = safe_unicode(extern_name) new_user.extern_type = safe_unicode(extern_type) new_user.name = firstname new_user.lastname = lastname if not edit: new_user.api_key = generate_auth_token(username) # set password only if creating an user or password is changed if not edit or _password_change(new_user, password): reason = 'new password' if edit else 'new user' log.debug('Updating password reason=>%s', reason) new_user.password = get_crypt_password(password) if password else None if force_password_change: new_user.update_userdata(force_password_change=True) if language: new_user.update_userdata(language=language) self.sa.add(new_user) if not edit and create_repo_group: # create new group same as username, and make this user an owner desc = RepoGroupModel.PERSONAL_GROUP_DESC % {'username': username} RepoGroupModel().create(group_name=username, group_description=desc, owner=username, commit_early=False) if not edit: # add the RSS token AuthTokenModel().create(username, description='Generated feed token', role=AuthTokenModel.cls.ROLE_FEED) log_create_user(created_by=cur_user, **new_user.get_dict()) return new_user except (DatabaseError,): log.error(traceback.format_exc()) raise
def create_or_update(self, username, password, email, firstname='', lastname='', active=True, admin=False, ldap_dn=None, cur_user=None): """ Creates a new instance if not found, or updates current one :param username: :param password: :param email: :param active: :param firstname: :param lastname: :param active: :param admin: :param ldap_dn: :param cur_user: """ if not cur_user: cur_user = getattr(get_current_rhodecode_user(), 'username', None) from rhodecode.lib.auth import get_crypt_password from rhodecode.lib.hooks import log_create_user, check_allowed_create_user user_data = { 'username': username, 'password': password, 'email': email, 'firstname': firstname, 'lastname': lastname, 'active': active, 'admin': admin } # raises UserCreationError if it's not allowed check_allowed_create_user(user_data, cur_user) log.debug('Checking for %s account in RhodeCode database' % username) user = User.get_by_username(username, case_insensitive=True) if user is None: log.debug('creating new user %s' % username) new_user = User() edit = False else: log.debug('updating user %s' % username) new_user = user edit = True try: new_user.username = username new_user.admin = admin # set password only if creating an user or password is changed if not edit or user.password != password: new_user.password = get_crypt_password( password) if password else None new_user.api_key = generate_api_key(username) new_user.email = email new_user.active = active new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None new_user.name = firstname new_user.lastname = lastname self.sa.add(new_user) if not edit: log_create_user(new_user.get_dict(), cur_user) return new_user except (DatabaseError, ): log.error(traceback.format_exc()) raise