Example #1
0
def create_test_user(force=True):
    print 'creating test user'
    sa = get_session()

    user = sa.query(User).filter(User.username == USER).scalar()

    if force and user is not None:
        print 'removing current user'
        for repo in sa.query(Repository).filter(Repository.user == user).all():
            sa.delete(repo)
        sa.delete(user)
        sa.commit()

    if user is None or force:
        print 'creating new one'
        new_usr = User()
        new_usr.username = USER
        new_usr.password = get_crypt_password(PASS)
        new_usr.email = '*****@*****.**'
        new_usr.name = 'test'
        new_usr.lastname = 'lasttestname'
        new_usr.active = True
        new_usr.admin = True
        sa.add(new_usr)
        sa.commit()

    print 'done'
Example #2
0
    def create_for_container_auth(self, username, attrs):
        """
        Creates the given user if it's not already in the database

        :param username:
        :param attrs:
        """
        if self.get_by_username(username, case_insensitive=True) is None:

            # autogenerate email for container account without one
            generate_email = lambda usr: '******' % usr

            try:
                new_user = User()
                new_user.username = username
                new_user.password = None
                new_user.api_key = generate_api_key(username)
                new_user.email = attrs['email']
                new_user.active = attrs.get('active', True)
                new_user.name = attrs['name'] or generate_email(username)
                new_user.lastname = attrs['lastname']

                self.sa.add(new_user)
                return new_user
            except (DatabaseError, ):
                log.error(traceback.format_exc())
                self.sa.rollback()
                raise
        log.debug(
            'User %s already exists. Skipping creation of account'
            ' for container auth.', username)
        return None
Example #3
0
    def create_ldap(self, username, password, user_dn, attrs):
        """
        Checks if user is in database, if not creates this user marked
        as ldap user
        
        :param username:
        :param password:
        :param user_dn:
        :param attrs:
        """
        from rhodecode.lib.auth import get_crypt_password
        log.debug('Checking for such ldap account in RhodeCode database')
        if self.get_by_username(username, case_insensitive=True) is None:
            try:
                new_user = User()
                # add ldap account always lowercase
                new_user.username = username.lower()
                new_user.password = get_crypt_password(password)
                new_user.api_key = generate_api_key(username)
                new_user.email = attrs['email']
                new_user.active = True
                new_user.ldap_dn = safe_unicode(user_dn)
                new_user.name = attrs['name']
                new_user.lastname = attrs['lastname']

                self.sa.add(new_user)
                self.sa.commit()
                return True
            except (DatabaseError,):
                log.error(traceback.format_exc())
                self.sa.rollback()
                raise
        log.debug('this %s user exists skipping creation of ldap account',
                  username)
        return False
Example #4
0
    def create_ldap(self, username, password, user_dn, attrs, cur_user=None):
        """
        Checks if user is in database, if not creates this user marked
        as ldap user

        :param username:
        :param password:
        :param user_dn:
        :param attrs:
        :param cur_user:
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)
        from rhodecode.lib.auth import get_crypt_password
        log.debug('Checking for such ldap account in RhodeCode database')
        if self.get_by_username(username, case_insensitive=True) is None:
            # autogenerate email for container account without one
            generate_email = lambda usr: '******' % usr
            password = get_crypt_password(password)
            firstname = attrs['name']
            lastname = attrs['lastname']
            active = attrs.get('active', True)
            email = attrs['email'] or generate_email(username)

            from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
            user_data = {
                'username': username,
                'password': password,
                'email': email,
                'firstname': firstname,
                'lastname': lastname,
                'active': attrs.get('active', True),
                'admin': False
            }
            # raises UserCreationError if it's not allowed
            check_allowed_create_user(user_data, cur_user)

            try:
                new_user = User()
                username = username.lower()
                # add ldap account always lowercase
                new_user.username = username
                new_user.password = password
                new_user.api_key = generate_api_key(username)
                new_user.email = email
                new_user.active = active
                new_user.ldap_dn = safe_unicode(user_dn)
                new_user.name = firstname
                new_user.lastname = lastname
                self.sa.add(new_user)

                log_create_user(new_user.get_dict(), cur_user)
                return new_user
            except (DatabaseError, ):
                log.error(traceback.format_exc())
                self.sa.rollback()
                raise
        log.debug('this %s user exists skipping creation of ldap account',
                  username)
        return None
Example #5
0
def create_test_user(force=True):
    print 'creating test user'
    sa = get_session()

    user = sa.query(User).filter(User.username == USER).scalar()

    if force and user is not None:
        print 'removing current user'
        for repo in sa.query(Repository).filter(Repository.user == user).all():
            sa.delete(repo)
        sa.delete(user)
        sa.commit()

    if user is None or force:
        print 'creating new one'
        new_usr = User()
        new_usr.username = USER
        new_usr.password = get_crypt_password(PASS)
        new_usr.email = '*****@*****.**'
        new_usr.name = 'test'
        new_usr.lastname = 'lasttestname'
        new_usr.active = True
        new_usr.admin = True
        sa.add(new_usr)
        sa.commit()

    print 'done'
Example #6
0
    def create_for_container_auth(self, username, attrs):
        """
        Creates the given user if it's not already in the database

        :param username:
        :param attrs:
        """
        if self.get_by_username(username, case_insensitive=True) is None:

            # autogenerate email for container account without one
            generate_email = lambda usr: '******' % usr

            try:
                new_user = User()
                new_user.username = username
                new_user.password = None
                new_user.api_key = generate_api_key(username)
                new_user.email = attrs['email']
                new_user.active = attrs.get('active', True)
                new_user.name = attrs['name'] or generate_email(username)
                new_user.lastname = attrs['lastname']

                self.sa.add(new_user)
                return new_user
            except (DatabaseError,):
                log.error(traceback.format_exc())
                self.sa.rollback()
                raise
        log.debug('User %s already exists. Skipping creation of account'
                  ' for container auth.', username)
        return None
Example #7
0
    def test_forgot_password(self):
        response = self.app.get(
            url(controller='login', action='password_reset'))
        self.assertEqual(response.status, '200 OK')

        username = '******'
        password = '******'
        email = '*****@*****.**'
        name = 'passwd'
        lastname = 'reset'

        new = User()
        new.username = username
        new.password = password
        new.email = email
        new.name = name
        new.lastname = lastname
        new.api_key = generate_api_key(username)
        self.Session().add(new)
        self.Session().commit()

        response = self.app.post(
            url(controller='login', action='password_reset'), {
                'email': email,
            })

        self.checkSessionFlash(response, 'Your password reset link was sent')

        response = response.follow()

        # BAD KEY

        key = "bad"
        response = self.app.get(
            url(controller='login',
                action='password_reset_confirmation',
                key=key))
        self.assertEqual(response.status, '302 Found')
        self.assertTrue(response.location.endswith(url('reset_password')))

        # GOOD KEY

        key = User.get_by_username(username).api_key
        response = self.app.get(
            url(controller='login',
                action='password_reset_confirmation',
                key=key))
        self.assertEqual(response.status, '302 Found')
        self.assertTrue(response.location.endswith(url('login_home')))

        self.checkSessionFlash(response,
                               ('Your password reset was successful, '
                                'new password has been sent to your email'))

        response = response.follow()
Example #8
0
    def create_or_update(self,
                         username,
                         password,
                         email,
                         firstname='',
                         lastname='',
                         active=True,
                         admin=False,
                         ldap_dn=None):
        """
        Creates a new instance if not found, or updates current one

        :param username:
        :param password:
        :param email:
        :param active:
        :param firstname:
        :param lastname:
        :param active:
        :param admin:
        :param ldap_dn:
        """

        from rhodecode.lib.auth import get_crypt_password

        log.debug('Checking for %s account in RhodeCode database' % username)
        user = User.get_by_username(username, case_insensitive=True)
        if user is None:
            log.debug('creating new user %s' % username)
            new_user = User()
            edit = False
        else:
            log.debug('updating user %s' % username)
            new_user = user
            edit = True

        try:
            new_user.username = username
            new_user.admin = admin
            # set password only if creating an user or password is changed
            if not edit or user.password != password:
                new_user.password = get_crypt_password(password)
                new_user.api_key = generate_api_key(username)
            new_user.email = email
            new_user.active = active
            new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
            new_user.name = firstname
            new_user.lastname = lastname
            self.sa.add(new_user)
            return new_user
        except (DatabaseError, ):
            log.error(traceback.format_exc())
            raise
Example #9
0
    def test_forgot_password(self):
        response = self.app.get(url(controller='login',
                                    action='password_reset'))
        self.assertEqual(response.status , '200 OK')

        username = '******'
        password = '******'
        email = '*****@*****.**'
        name = 'passwd'
        lastname = 'reset'

        new = User()
        new.username = username
        new.password = password
        new.email = email
        new.name = name
        new.lastname = lastname
        new.api_key = generate_api_key(username)
        self.sa.add(new)
        self.sa.commit()

        response = self.app.post(url(controller='login',
                                     action='password_reset'),
                                 {'email':email, })

        self.checkSessionFlash(response, 'Your password reset link was sent')

        response = response.follow()

        # BAD KEY

        key = "bad"
        response = self.app.get(url(controller='login',
                                    action='password_reset_confirmation',
                                    key=key))
        self.assertEqual(response.status, '302 Found')
        self.assertTrue(response.location.endswith(url('reset_password')))

        # GOOD KEY

        key = User.get_by_username(username).api_key

        response = self.app.get(url(controller='login',
                                    action='password_reset_confirmation',
                                    key=key))
        self.assertEqual(response.status, '302 Found')
        self.assertTrue(response.location.endswith(url('login_home')))

        self.checkSessionFlash(response,
                               ('Your password reset was successful, '
                                'new password has been sent to your email'))

        response = response.follow()
Example #10
0
    def create_for_container_auth(self, username, attrs, cur_user=None):
        """
        Creates the given user if it's not already in the database

        :param username:
        :param attrs:
        :param cur_user:
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)
        if self.get_by_username(username, case_insensitive=True) is None:
            # autogenerate email for container account without one
            generate_email = lambda usr: '******' % usr
            firstname = attrs['name']
            lastname = attrs['lastname']
            active = attrs.get('active', True)
            email = attrs['email'] or generate_email(username)

            from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
            user_data = {
                'username': username,
                'password': None,
                'email': email,
                'firstname': firstname,
                'lastname': lastname,
                'active': attrs.get('active', True),
                'admin': False
            }
            # raises UserCreationError if it's not allowed
            check_allowed_create_user(user_data, cur_user)

            try:
                new_user = User()
                new_user.username = username
                new_user.password = None
                new_user.api_key = generate_api_key(username)
                new_user.email = email
                new_user.active = active
                new_user.name = firstname
                new_user.lastname = lastname

                self.sa.add(new_user)
                log_create_user(new_user.get_dict(), cur_user)
                return new_user
            except (DatabaseError, ):
                log.error(traceback.format_exc())
                self.sa.rollback()
                raise
        log.debug(
            'User %s already exists. Skipping creation of account'
            ' for container auth.', username)
        return None
Example #11
0
    def create_for_container_auth(self, username, attrs, cur_user=None):
        """
        Creates the given user if it's not already in the database

        :param username:
        :param attrs:
        :param cur_user:
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), "username", None)
        if self.get_by_username(username, case_insensitive=True) is None:
            # autogenerate email for container account without one
            generate_email = lambda usr: "******" % usr
            firstname = attrs["name"]
            lastname = attrs["lastname"]
            active = attrs.get("active", True)
            email = attrs["email"] or generate_email(username)

            from rhodecode.lib.hooks import log_create_user, check_allowed_create_user

            user_data = {
                "username": username,
                "password": None,
                "email": email,
                "firstname": firstname,
                "lastname": lastname,
                "active": attrs.get("active", True),
                "admin": False,
            }
            # raises UserCreationError if it's not allowed
            check_allowed_create_user(user_data, cur_user)

            try:
                new_user = User()
                new_user.username = username
                new_user.password = None
                new_user.api_key = generate_api_key(username)
                new_user.email = email
                new_user.active = active
                new_user.name = firstname
                new_user.lastname = lastname

                self.sa.add(new_user)
                log_create_user(new_user.get_dict(), cur_user)
                return new_user
            except (DatabaseError,):
                log.error(traceback.format_exc())
                self.sa.rollback()
                raise
        log.debug("User %s already exists. Skipping creation of account" " for container auth.", username)
        return None
    def test_forgot_password(self):
        response = self.app.get(pwd_reset_url)
        assert response.status == '200 OK'

        username = '******'
        password = '******'
        email = '*****@*****.**'
        name = 'passwd'
        lastname = 'reset'

        new = User()
        new.username = username
        new.password = password
        new.email = email
        new.name = name
        new.lastname = lastname
        new.api_key = generate_auth_token(username)
        Session().add(new)
        Session().commit()

        response = self.app.post(pwd_reset_url, {
            'email': email,
        })

        assert_session_flash(response, 'Your password reset link was sent')

        response = response.follow()

        # BAD KEY

        key = "bad"
        confirm_url = '{}?key={}'.format(pwd_reset_confirm_url, key)
        response = self.app.get(confirm_url)
        assert response.status == '302 Found'
        assert response.location.endswith(pwd_reset_url)

        # GOOD KEY

        key = User.get_by_username(username).api_key
        confirm_url = '{}?key={}'.format(pwd_reset_confirm_url, key)
        response = self.app.get(confirm_url)
        assert response.status == '302 Found'
        assert response.location.endswith(login_url)

        assert_session_flash(
            response, 'Your password reset was successful, '
            'a new password has been sent to your email')

        response = response.follow()
Example #13
0
    def create_or_update(
        self, username, password, email, firstname="", lastname="", active=True, admin=False, ldap_dn=None
    ):
        """
        Creates a new instance if not found, or updates current one

        :param username:
        :param password:
        :param email:
        :param active:
        :param firstname:
        :param lastname:
        :param active:
        :param admin:
        :param ldap_dn:
        """

        from rhodecode.lib.auth import get_crypt_password

        log.debug("Checking for %s account in RhodeCode database" % username)
        user = User.get_by_username(username, case_insensitive=True)
        if user is None:
            log.debug("creating new user %s" % username)
            new_user = User()
            edit = False
        else:
            log.debug("updating user %s" % username)
            new_user = user
            edit = True

        try:
            new_user.username = username
            new_user.admin = admin
            # set password only if creating an user or password is changed
            if not edit or user.password != password:
                new_user.password = get_crypt_password(password)
                new_user.api_key = generate_api_key(username)
            new_user.email = email
            new_user.active = active
            new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
            new_user.name = firstname
            new_user.lastname = lastname
            self.sa.add(new_user)
            return new_user
        except (DatabaseError,):
            log.error(traceback.format_exc())
            raise
Example #14
0
    def test_forgot_password(self):
        response = self.app.get(url(controller="login", action="password_reset"))
        self.assertEqual(response.status, "200 OK")

        username = "******"
        password = "******"
        email = "*****@*****.**"
        name = "passwd"
        lastname = "reset"

        new = User()
        new.username = username
        new.password = password
        new.email = email
        new.name = name
        new.lastname = lastname
        new.api_key = generate_api_key(username)
        self.Session().add(new)
        self.Session().commit()

        response = self.app.post(url(controller="login", action="password_reset"), {"email": email})

        self.checkSessionFlash(response, "Your password reset link was sent")

        response = response.follow()

        # BAD KEY

        key = "bad"
        response = self.app.get(url(controller="login", action="password_reset_confirmation", key=key))
        self.assertEqual(response.status, "302 Found")
        self.assertTrue(response.location.endswith(url("reset_password")))

        # GOOD KEY

        key = User.get_by_username(username).api_key
        response = self.app.get(url(controller="login", action="password_reset_confirmation", key=key))
        self.assertEqual(response.status, "302 Found")
        self.assertTrue(response.location.endswith(url("login_home")))

        self.checkSessionFlash(
            response, ("Your password reset was successful, " "new password has been sent to your email")
        )

        response = response.follow()
Example #15
0
    def create_user(self, username, password, email='', admin=False):
        log.info('creating administrator user %s', username)
        new_user = User()
        new_user.username = username
        new_user.password = get_crypt_password(password)
        new_user.api_key = generate_api_key(username)
        new_user.name = 'RhodeCode'
        new_user.lastname = 'Admin'
        new_user.email = email
        new_user.admin = admin
        new_user.active = True

        try:
            self.sa.add(new_user)
            self.sa.commit()
        except:
            self.sa.rollback()
            raise
Example #16
0
 def create_default_user(self):
     log.info('creating default user')
     #create default user for handling default permissions.
     def_user = User()
     def_user.username = '******'
     def_user.password = get_crypt_password(str(uuid.uuid1())[:8])
     def_user.api_key = generate_api_key('default')
     def_user.name = 'Anonymous'
     def_user.lastname = 'User'
     def_user.email = '*****@*****.**'
     def_user.admin = False
     def_user.active = False
     try:
         self.sa.add(def_user)
         self.sa.commit()
     except:
         self.sa.rollback()
         raise
Example #17
0
    def create_ldap(self, username, password, user_dn, attrs):
        """
        Checks if user is in database, if not creates this user marked
        as ldap user

        :param username:
        :param password:
        :param user_dn:
        :param attrs:
        """
        from rhodecode.lib.auth import get_crypt_password
        log.debug('Checking for such ldap account in RhodeCode database')
        if self.get_by_username(username, case_insensitive=True) is None:

            # autogenerate email for ldap account without one
            generate_email = lambda usr: '******' % usr

            try:
                new_user = User()
                username = username.lower()
                # add ldap account always lowercase
                new_user.username = username
                new_user.password = get_crypt_password(password)
                new_user.api_key = generate_api_key(username)
                new_user.email = attrs['email'] or generate_email(username)
                new_user.active = attrs.get('active', True)
                new_user.ldap_dn = safe_unicode(user_dn)
                new_user.name = attrs['name']
                new_user.lastname = attrs['lastname']

                self.sa.add(new_user)
                return new_user
            except (DatabaseError, ):
                log.error(traceback.format_exc())
                self.sa.rollback()
                raise
        log.debug('this %s user exists skipping creation of ldap account',
                  username)
        return None
Example #18
0
    def create_ldap(self, username, password, user_dn, attrs):
        """
        Checks if user is in database, if not creates this user marked
        as ldap user

        :param username:
        :param password:
        :param user_dn:
        :param attrs:
        """
        from rhodecode.lib.auth import get_crypt_password

        log.debug("Checking for such ldap account in RhodeCode database")
        if self.get_by_username(username, case_insensitive=True) is None:

            # autogenerate email for ldap account without one
            generate_email = lambda usr: "******" % usr

            try:
                new_user = User()
                username = username.lower()
                # add ldap account always lowercase
                new_user.username = username
                new_user.password = get_crypt_password(password)
                new_user.api_key = generate_api_key(username)
                new_user.email = attrs["email"] or generate_email(username)
                new_user.active = attrs.get("active", True)
                new_user.ldap_dn = safe_unicode(user_dn)
                new_user.name = attrs["name"]
                new_user.lastname = attrs["lastname"]

                self.sa.add(new_user)
                return new_user
            except (DatabaseError,):
                log.error(traceback.format_exc())
                self.sa.rollback()
                raise
        log.debug("this %s user exists skipping creation of ldap account", username)
        return None
Example #19
0
    def create_or_update(
        self,
        username,
        password,
        email,
        firstname="",
        lastname="",
        active=True,
        admin=False,
        ldap_dn=None,
        cur_user=None,
    ):
        """
        Creates a new instance if not found, or updates current one

        :param username:
        :param password:
        :param email:
        :param active:
        :param firstname:
        :param lastname:
        :param active:
        :param admin:
        :param ldap_dn:
        :param cur_user:
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), "username", None)

        from rhodecode.lib.auth import get_crypt_password
        from rhodecode.lib.hooks import log_create_user, check_allowed_create_user

        user_data = {
            "username": username,
            "password": password,
            "email": email,
            "firstname": firstname,
            "lastname": lastname,
            "active": active,
            "admin": admin,
        }
        # raises UserCreationError if it's not allowed
        check_allowed_create_user(user_data, cur_user)

        log.debug("Checking for %s account in RhodeCode database" % username)
        user = User.get_by_username(username, case_insensitive=True)
        if user is None:
            log.debug("creating new user %s" % username)
            new_user = User()
            edit = False
        else:
            log.debug("updating user %s" % username)
            new_user = user
            edit = True

        try:
            new_user.username = username
            new_user.admin = admin
            # set password only if creating an user or password is changed
            if not edit or user.password != password:
                new_user.password = get_crypt_password(password) if password else None
                new_user.api_key = generate_api_key(username)
            new_user.email = email
            new_user.active = active
            new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
            new_user.name = firstname
            new_user.lastname = lastname
            self.sa.add(new_user)

            if not edit:
                log_create_user(new_user.get_dict(), cur_user)
            return new_user
        except (DatabaseError,):
            log.error(traceback.format_exc())
            raise
Example #20
0
    def create_or_update(self,
                         username,
                         password,
                         email,
                         firstname='',
                         lastname='',
                         active=True,
                         admin=False,
                         ldap_dn=None,
                         cur_user=None):
        """
        Creates a new instance if not found, or updates current one

        :param username:
        :param password:
        :param email:
        :param active:
        :param firstname:
        :param lastname:
        :param active:
        :param admin:
        :param ldap_dn:
        :param cur_user:
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)

        from rhodecode.lib.auth import get_crypt_password
        from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
        user_data = {
            'username': username,
            'password': password,
            'email': email,
            'firstname': firstname,
            'lastname': lastname,
            'active': active,
            'admin': admin
        }
        # raises UserCreationError if it's not allowed
        check_allowed_create_user(user_data, cur_user)

        log.debug('Checking for %s account in RhodeCode database' % username)
        user = User.get_by_username(username, case_insensitive=True)
        if user is None:
            log.debug('creating new user %s' % username)
            new_user = User()
            edit = False
        else:
            log.debug('updating user %s' % username)
            new_user = user
            edit = True

        try:
            new_user.username = username
            new_user.admin = admin
            # set password only if creating an user or password is changed
            if not edit or user.password != password:
                new_user.password = get_crypt_password(
                    password) if password else None
                new_user.api_key = generate_api_key(username)
            new_user.email = email
            new_user.active = active
            new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
            new_user.name = firstname
            new_user.lastname = lastname
            self.sa.add(new_user)

            if not edit:
                log_create_user(new_user.get_dict(), cur_user)
            return new_user
        except (DatabaseError, ):
            log.error(traceback.format_exc())
            raise
Example #21
0
    def create_or_update(
            self, username, password, email, firstname='', lastname='',
            active=True, admin=False, extern_type=None, extern_name=None,
            cur_user=None, plugin=None, force_password_change=False,
            allow_to_create_user=True, create_repo_group=False,
            updating_user_id=None, language=None, strict_creation_check=True):
        """
        Creates a new instance if not found, or updates current one

        :param username:
        :param password:
        :param email:
        :param firstname:
        :param lastname:
        :param active:
        :param admin:
        :param extern_type:
        :param extern_name:
        :param cur_user:
        :param plugin: optional plugin this method was called from
        :param force_password_change: toggles new or existing user flag
            for password change
        :param allow_to_create_user: Defines if the method can actually create
            new users
        :param create_repo_group: Defines if the method should also
            create an repo group with user name, and owner
        :param updating_user_id: if we set it up this is the user we want to
            update this allows to editing username.
        :param language: language of user from interface.

        :returns: new User object with injected `is_new_user` attribute.
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), 'username', None)

        from rhodecode.lib.auth import (
            get_crypt_password, check_password, generate_auth_token)
        from rhodecode.lib.hooks_base import (
            log_create_user, check_allowed_create_user)

        def _password_change(new_user, password):
            # empty password
            if not new_user.password:
                return False

            # password check is only needed for RhodeCode internal auth calls
            # in case it's a plugin we don't care
            if not plugin:

                # first check if we gave crypted password back, and if it matches
                # it's not password change
                if new_user.password == password:
                    return False

                password_match = check_password(password, new_user.password)
                if not password_match:
                    return True

            return False

        user_data = {
            'username': username,
            'password': password,
            'email': email,
            'firstname': firstname,
            'lastname': lastname,
            'active': active,
            'admin': admin
        }

        if updating_user_id:
            log.debug('Checking for existing account in RhodeCode '
                      'database with user_id `%s` ' % (updating_user_id,))
            user = User.get(updating_user_id)
        else:
            log.debug('Checking for existing account in RhodeCode '
                      'database with username `%s` ' % (username,))
            user = User.get_by_username(username, case_insensitive=True)

        if user is None:
            # we check internal flag if this method is actually allowed to
            # create new user
            if not allow_to_create_user:
                msg = ('Method wants to create new user, but it is not '
                       'allowed to do so')
                log.warning(msg)
                raise NotAllowedToCreateUserError(msg)

            log.debug('Creating new user %s', username)

            # only if we create user that is active
            new_active_user = active
            if new_active_user and strict_creation_check:
                # raises UserCreationError if it's not allowed for any reason to
                # create new active user, this also executes pre-create hooks
                check_allowed_create_user(user_data, cur_user, strict_check=True)
            self.send_event(UserPreCreate(user_data))
            new_user = User()
            edit = False
        else:
            log.debug('updating user %s', username)
            self.send_event(UserPreUpdate(user, user_data))
            new_user = user
            edit = True

            # we're not allowed to edit default user
            if user.username == User.DEFAULT_USER:
                raise DefaultUserException(
                    _("You can't edit this user (`%(username)s`) since it's "
                      "crucial for entire application") % {'username': user.username})

        # inject special attribute that will tell us if User is new or old
        new_user.is_new_user = not edit
        # for users that didn's specify auth type, we use RhodeCode built in
        from rhodecode.authentication.plugins import auth_rhodecode
        extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.name
        extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.name

        try:
            new_user.username = username
            new_user.admin = admin
            new_user.email = email
            new_user.active = active
            new_user.extern_name = safe_unicode(extern_name)
            new_user.extern_type = safe_unicode(extern_type)
            new_user.name = firstname
            new_user.lastname = lastname

            if not edit:
                new_user.api_key = generate_auth_token(username)

            # set password only if creating an user or password is changed
            if not edit or _password_change(new_user, password):
                reason = 'new password' if edit else 'new user'
                log.debug('Updating password reason=>%s', reason)
                new_user.password = get_crypt_password(password) if password else None

            if force_password_change:
                new_user.update_userdata(force_password_change=True)
            if language:
                new_user.update_userdata(language=language)

            self.sa.add(new_user)

            if not edit and create_repo_group:
                # create new group same as username, and make this user an owner
                desc = RepoGroupModel.PERSONAL_GROUP_DESC % {'username': username}
                RepoGroupModel().create(group_name=username,
                                        group_description=desc,
                                        owner=username, commit_early=False)
            if not edit:
                # add the RSS token
                AuthTokenModel().create(username,
                                        description='Generated feed token',
                                        role=AuthTokenModel.cls.ROLE_FEED)
                log_create_user(created_by=cur_user, **new_user.get_dict())
            return new_user
        except (DatabaseError,):
            log.error(traceback.format_exc())
            raise
Example #22
0
    def create_ldap(self, username, password, user_dn, attrs, cur_user=None):
        """
        Checks if user is in database, if not creates this user marked
        as ldap user

        :param username:
        :param password:
        :param user_dn:
        :param attrs:
        :param cur_user:
        """
        if not cur_user:
            cur_user = getattr(get_current_rhodecode_user(), "username", None)
        from rhodecode.lib.auth import get_crypt_password

        log.debug("Checking for such ldap account in RhodeCode database")
        if self.get_by_username(username, case_insensitive=True) is None:
            # autogenerate email for container account without one
            generate_email = lambda usr: "******" % usr
            password = get_crypt_password(password)
            firstname = attrs["name"]
            lastname = attrs["lastname"]
            active = attrs.get("active", True)
            email = attrs["email"] or generate_email(username)

            from rhodecode.lib.hooks import log_create_user, check_allowed_create_user

            user_data = {
                "username": username,
                "password": password,
                "email": email,
                "firstname": firstname,
                "lastname": lastname,
                "active": attrs.get("active", True),
                "admin": False,
            }
            # raises UserCreationError if it's not allowed
            check_allowed_create_user(user_data, cur_user)

            try:
                new_user = User()
                username = username.lower()
                # add ldap account always lowercase
                new_user.username = username
                new_user.password = password
                new_user.api_key = generate_api_key(username)
                new_user.email = email
                new_user.active = active
                new_user.ldap_dn = safe_unicode(user_dn)
                new_user.name = firstname
                new_user.lastname = lastname
                self.sa.add(new_user)

                log_create_user(new_user.get_dict(), cur_user)
                return new_user
            except (DatabaseError,):
                log.error(traceback.format_exc())
                self.sa.rollback()
                raise
        log.debug("this %s user exists skipping creation of ldap account", username)
        return None