def edit(self, id, format='html'): """GET /users/id/edit: Form to edit an existing item""" # url('edit_user', id=ID) c.user = User.get_or_404(id) if c.user.username == 'default': h.flash(_("You can't edit this user"), category='warning') return redirect(url('users')) c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr) c.user.permissions = {} c.granted_permissions = UserModel().fill_perms(c.user)\ .permissions['global'] c.user_email_map = UserEmailMap.query()\ .filter(UserEmailMap.user == c.user).all() c.user_ip_map = UserIpMap.query()\ .filter(UserIpMap.user == c.user).all() user_model = UserModel() c.ldap_dn = c.user.ldap_dn defaults = c.user.get_dict() defaults.update({ 'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'), 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'), }) return htmlfill.render( render('admin/users/user_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False )
def register(self): user_model = UserModel() c.auto_active = False for perm in user_model.get_by_username('default', cache=False).user_perms: if perm.permission.permission_name == 'hg.register.auto_activate': c.auto_active = True break if request.POST: register_form = RegisterForm()() try: form_result = register_form.to_python(dict(request.POST)) form_result['active'] = c.auto_active user_model.create_registration(form_result) h.flash(_('You have successfully registered into rhodecode'), category='success') return redirect(url('login_home')) except formencode.Invalid, errors: return htmlfill.render( render('/register.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def test_update(self, name, expected): self.log_user() uname = 'testme' usr = UserModel().create_or_update(username=uname, password='******', email='*****@*****.**') self.Session().commit() params = usr.get_api_data() params.update({name: expected}) params.update({'password_confirmation': ''}) params.update({'new_password': ''}) if name == 'email': params['emails'] = [expected] if name == 'ldap_dn': #cannot update this via form params['ldap_dn'] = None try: response = self.app.put(url('user', id=usr.user_id), params) self.checkSessionFlash(response, '''User updated successfully''') updated_user = User.get_by_username(uname) updated_params = updated_user.get_api_data() updated_params.update({'password_confirmation': ''}) updated_params.update({'new_password': ''}) self.assertEqual(params, updated_params) finally: UserModel().delete('testme')
def create(self): """POST /users: Create a new item""" # url('users') c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name user_model = UserModel() user_form = UserForm()() try: form_result = user_form.to_python(dict(request.POST)) user = user_model.create(form_result) Session().flush() username = form_result['username'] action_logger(c.rhodecode_user, 'admin_created_user:%s' % username, None, self.ip_addr, self.sa) user_link = h.link_to(h.escape(username), url('edit_user', user_id=user.user_id)) h.flash(h.literal( _('Created user %(user_link)s') % {'user_link': user_link}), category='success') Session().commit() except formencode.Invalid as errors: return htmlfill.render(render('admin/users/user_add.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8", force_defaults=False) except UserCreationError as e: h.flash(e, 'error') except Exception: log.exception("Exception creation of user") h.flash(_('Error occurred during creation of user %s') % request.POST.get('username'), category='error') return redirect(url('users'))
def __init__(self, methodName='runTest'): Session.remove() self.u1 = UserModel().create_or_update(username=u'u1', password=u'qweqwe', email=u'*****@*****.**', name=u'u1', lastname=u'u1') Session.commit() self.u1 = self.u1.user_id self.u2 = UserModel().create_or_update(username=u'u2', password=u'qweqwe', email=u'*****@*****.**', name=u'u2', lastname=u'u3') Session.commit() self.u2 = self.u2.user_id self.u3 = UserModel().create_or_update(username=u'u3', password=u'qweqwe', email=u'*****@*****.**', name=u'u3', lastname=u'u3') Session.commit() self.u3 = self.u3.user_id super(TestNotifications, self).__init__(methodName=methodName)
def test_update(self, name, expected): self.log_user() uname = 'testme' usr = UserModel().create_or_update(username=uname, password='******', email='*****@*****.**') Session().commit() params = usr.get_api_data() params.update({name: expected}) params.update({'password_confirmation': ''}) params.update({'new_password': ''}) if name == 'email': params['emails'] = [expected] if name == 'ldap_dn': #cannot update this via form params['ldap_dn'] = None try: response = self.app.put(url('user', id=usr.user_id), params) self.checkSessionFlash(response, '''User updated successfully''') updated_user = User.get_by_username(uname) updated_params = updated_user.get_api_data() updated_params.update({'password_confirmation': ''}) updated_params.update({'new_password': ''}) self.assertEqual(params, updated_params) finally: UserModel().delete('testme')
def test_show(self, user, password): self.log_user(user, password) cur_user = self._get_logged_user() u1 = UserModel().create_or_update(username='******', password='******', email='*****@*****.**', firstname='u1', lastname='u1') u2 = UserModel().create_or_update(username='******', password='******', email='*****@*****.**', firstname='u2', lastname='u2') self.destroy_users.add('u1') self.destroy_users.add('u2') subject = u'test' notif_body = u'hi there' notification = NotificationModel().create( created_by=cur_user, notification_subject=subject, notification_body=notif_body, recipients=[cur_user, u1, u2]) response = self.app.get( url('notification', notification_id=notification.notification_id)) response.mustcontain(subject) response.mustcontain(notif_body)
def create_users(self, request, pylonsapp): Session.remove() self.u1 = UserModel().create_or_update(username=u'u1', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u1', lastname=u'u1') Session().commit() self.u1 = self.u1.user_id self.u2 = UserModel().create_or_update(username=u'u2', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u2', lastname=u'u2') Session().commit() self.u2 = self.u2.user_id self.u3 = UserModel().create_or_update(username=u'u3', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u3', lastname=u'u3') Session().commit() self.u3 = self.u3.user_id self.destroy_users.add('u1') self.destroy_users.add('u2') self.destroy_users.add('u3')
def test_extra_email_map(self): usr = UserModel().create_or_update(username=u'test_user', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u1', lastname=u'u1') Session().commit() m = UserEmailMap() m.email = u'*****@*****.**' m.user = usr Session().add(m) Session().commit() u = User.get_by_email(email='*****@*****.**') self.assertEqual(usr.user_id, u.user_id) self.assertEqual(usr.username, u.username) u = User.get_by_email(email='*****@*****.**') self.assertEqual(usr.user_id, u.user_id) self.assertEqual(usr.username, u.username) u = User.get_by_email(email='*****@*****.**') self.assertEqual(None, u) UserModel().delete(usr.user_id) Session().commit()
def test_delete(self): self.log_user() cur_user = self._get_logged_user() u1 = UserModel().create_or_update(username='******', password='******', email='*****@*****.**', firstname='u1', lastname='u1') u2 = UserModel().create_or_update(username='******', password='******', email='*****@*****.**', firstname='u2', lastname='u2') # make notifications notification = NotificationModel().create(created_by=cur_user, subject=u'test', body=u'hi there', recipients=[cur_user, u1, u2]) Session().commit() u1 = User.get(u1.user_id) u2 = User.get(u2.user_id) # check DB get_notif = lambda un: [x.notification for x in un] self.assertEqual(get_notif(cur_user.notifications), [notification]) self.assertEqual(get_notif(u1.notifications), [notification]) self.assertEqual(get_notif(u2.notifications), [notification]) cur_usr_id = cur_user.user_id response = self.app.delete(url('notification', notification_id= notification.notification_id)) self.assertEqual(response.body, 'ok') cur_user = User.get(cur_usr_id) self.assertEqual(cur_user.notifications, [])
def update(self, id): """PUT /users/id: Update an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="PUT" /> # Or using helpers: # h.form(url('update_user', id=ID), # method='put') # url('user', id=ID) user_model = UserModel() c.user = user_model.get(id) _form = UserForm(edit=True, old_data={'user_id': id, 'email': c.user.email})() form_result = {} try: form_result = _form.to_python(dict(request.POST)) user_model.update(id, form_result) h.flash(_('User updated successfully'), category='success') Session.commit() except formencode.Invalid, errors: e = errors.error_dict or {} perm = Permission.get_by_key('hg.create.repository') e.update({'create_repo_perm': user_model.has_perm(id, perm)}) return htmlfill.render( render('admin/users/user_edit.html'), defaults=errors.value, errors=e, prefix_error=False, encoding="UTF-8")
def prepare_users(self, request): # TODO: User creation is a duplicate of test_nofitications, check # if that can be unified self.u1 = UserModel().create_or_update(username=u'u1', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u1', lastname=u'u1') self.u2 = UserModel().create_or_update(username=u'u2', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u2', lastname=u'u2') self.u3 = UserModel().create_or_update(username=u'u3', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u3', lastname=u'u3') self.anon = User.get_default_user() self.a1 = UserModel().create_or_update(username=u'a1', password=u'qweqwe', email=u'*****@*****.**', firstname=u'a1', lastname=u'a1', admin=True) Session().commit() request.addfinalizer(self.cleanup)
def edit(self, id, format='html'): """GET /users/id/edit: Form to edit an existing item""" # url('edit_user', id=ID) c.user = User.get_or_404(id) if c.user.username == 'default': h.flash(_("You can't edit this user"), category='warning') return redirect(url('users')) c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr) c.user.permissions = {} c.granted_permissions = UserModel().fill_perms(c.user)\ .permissions['global'] c.user_email_map = UserEmailMap.query()\ .filter(UserEmailMap.user == c.user).all() c.user_ip_map = UserIpMap.query()\ .filter(UserIpMap.user == c.user).all() user_model = UserModel() c.ldap_dn = c.user.ldap_dn defaults = c.user.get_dict() defaults.update({ 'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'), 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'), }) return htmlfill.render(render('admin/users/user_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False)
def tearDown(self): perm = Permission.query().all() for p in perm: UserModel().revoke_perm(self.u1, p) UserModel().delete(self.u1) Session.commit()
def test_update(self, name, expected): self.log_user() uname = "testme" usr = UserModel().create_or_update(username=uname, password="******", email="*****@*****.**") self.Session().commit() params = usr.get_api_data() params.update({name: expected}) params.update({"password_confirmation": ""}) params.update({"new_password": ""}) if name == "email": params["emails"] = [expected] if name == "ldap_dn": # cannot update this via form params["ldap_dn"] = None try: response = self.app.put(url("user", id=usr.user_id), params) self.checkSessionFlash(response, """User updated successfully""") updated_user = User.get_by_username(uname) updated_params = updated_user.get_api_data() updated_params.update({"password_confirmation": ""}) updated_params.update({"new_password": ""}) self.assertEqual(params, updated_params) finally: UserModel().delete("testme")
def update_perm(self, id): """PUT /users_perm/id: Update an existing item""" # url('user_perm', id=ID, method='put') grant_perm = request.POST.get('create_repo_perm', False) user_model = UserModel() if grant_perm: perm = Permission.get_by_key('hg.create.none') user_model.revoke_perm(id, perm) perm = Permission.get_by_key('hg.create.repository') user_model.grant_perm(id, perm) h.flash(_("Granted 'repository create' permission to user"), category='success') Session.commit() else: perm = Permission.get_by_key('hg.create.repository') user_model.revoke_perm(id, perm) perm = Permission.get_by_key('hg.create.none') user_model.grant_perm(id, perm) h.flash(_("Revoked 'repository create' permission to user"), category='success') Session.commit() return redirect(url('edit_user', id=id))
def register(self): user_model = UserModel() c.auto_active = False for perm in User.get_by_username("default").user_perms: if perm.permission.permission_name == "hg.register.auto_activate": c.auto_active = True break if request.POST: register_form = RegisterForm()() try: form_result = register_form.to_python(dict(request.POST)) form_result["active"] = c.auto_active user_model.create_registration(form_result) h.flash(_("You have successfully registered into rhodecode"), category="success") return redirect(url("login_home")) except formencode.Invalid, errors: return htmlfill.render( render("/register.html"), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8", )
def my_account_update(self): """PUT /_admin/my_account_update: Update an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="PUT" /> # Or using helpers: # h.form(url('admin_settings_my_account_update'), # method='put') # url('admin_settings_my_account_update', id=ID) user_model = UserModel() uid = self.rhodecode_user.user_id _form = UserForm(edit=True, old_data={'user_id': uid, 'email': self.rhodecode_user.email})() form_result = {} try: form_result = _form.to_python(dict(request.POST)) user_model.update_my_account(uid, form_result) h.flash(_('Your account was updated successfully'), category='success') Session.commit() except formencode.Invalid, errors: c.user = User.get(self.rhodecode_user.user_id) all_repos = self.sa.query(Repository)\ .filter(Repository.user_id == c.user.user_id)\ .order_by(func.lower(Repository.repo_name))\ .all() c.user_repos = ScmModel().get_repos(all_repos) return htmlfill.render( render('admin/users/user_edit_my_account.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def update_user(self, apiuser, userid, username, password, email, firstname, lastname, active, admin, ldap_dn): """ Updates given user :param apiuser: :param username: :param password: :param email: :param name: :param lastname: :param active: :param admin: :param ldap_dn: """ if not UserModel().get_user(userid): raise JSONRPCError("user %s does not exist" % username) try: usr = UserModel().create_or_update( username, password, email, firstname, lastname, active, admin, ldap_dn ) Session.commit() return dict( id=usr.user_id, msg='updated user %s' % username ) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to update user %s' % username)
def my_account_emails_delete(self): email_id = request.POST.get('del_email_id') user_model = UserModel() user_model.delete_extra_email(c.rhodecode_user.user_id, email_id) Session().commit() h.flash(_("Removed email address from user account"), category='success') return redirect(url('my_account_emails'))
def delete_email(self, id): """DELETE /user_emails_delete/id: Delete an existing item""" # url('user_emails_delete', id=ID, method='delete') user_model = UserModel() user_model.delete_extra_email(id, request.POST.get('del_email')) Session().commit() h.flash(_("Removed email from user"), category='success') return redirect(url('edit_user', id=id))
def update_user(self, apiuser, userid, username=Optional(None), email=Optional(None), firstname=Optional(None), lastname=Optional(None), active=Optional(None), admin=Optional(None), ldap_dn=Optional(None), password=Optional(None)): """ Updates given user :param apiuser: :param userid: :param username: :param email: :param firstname: :param lastname: :param active: :param admin: :param ldap_dn: :param password: """ user = get_user_or_error(userid) # call function and store only updated arguments updates = {} def store_update(attr, name): if not isinstance(attr, Optional): updates[name] = attr try: store_update(username, 'username') store_update(password, 'password') store_update(email, 'email') store_update(firstname, 'name') store_update(lastname, 'lastname') store_update(active, 'active') store_update(admin, 'admin') store_update(ldap_dn, 'ldap_dn') user = UserModel().update_user(user, **updates) Session().commit() return dict(msg='updated user ID:%s %s' % (user.user_id, user.username), user=user.get_api_data()) except DefaultUserException: log.error(traceback.format_exc()) raise JSONRPCError('editing default user is forbidden') except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to update user `%s`' % userid)
def cleanup(): if UserModel().get_user(usr.user_id) is None: return perm = Permission.query().all() for p in perm: UserModel().revoke_perm(usr, p) UserModel().delete(usr.user_id) Session().commit()
def delete_ip(self, id): """DELETE /user_ips_delete/id: Delete an existing item""" # url('user_ips_delete', id=ID, method='delete') user_model = UserModel() user_model.delete_extra_ip(id, request.POST.get('del_ip')) Session().commit() h.flash(_("Removed ip from user"), category='success') if 'default_user' in request.POST: return redirect(url('edit_permission', id='default')) return redirect(url('edit_user', id=id))
def test_revoke_perm(test_user): perm = Permission.query().all()[0] UserModel().grant_perm(test_user, perm) Session().commit() assert UserModel().has_perm(test_user, perm) # revoke UserModel().revoke_perm(test_user, perm) Session().commit() assert not UserModel().has_perm(test_user, perm)
def test_api_get_user_without_giving_userid_non_admin(self): id_, params = build_data(self.apikey_regular, 'get_user') response = api_call(self.app, params) usr = UserModel().get_by_username(self.TEST_USER_LOGIN) ret = usr.get_api_data(include_secrets=True) ret['permissions'] = AuthUser(usr.user_id).permissions expected = ret assert_ok(id_, expected, given=response.body)
def test_revoke_perm(self): perm = Permission.query().all()[0] UserModel().grant_perm(self.u1, perm) Session.commit() self.assertEqual(UserModel().has_perm(self.u1, perm), True) #revoke UserModel().revoke_perm(self.u1, perm) Session.commit() self.assertEqual(UserModel().has_perm(self.u1, perm), False)
def test_api_get_user(self): id_, params = _build_data(self.apikey, 'get_user', userid=TEST_USER_ADMIN_LOGIN) response = api_call(self, params) usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN) ret = usr.get_api_data() ret['permissions'] = AuthUser(usr.user_id).permissions expected = ret self._compare_ok(id_, expected, given=response.body)
def create_user(self, username, password, email='', admin=False, strict_creation_check=True, api_key=None): log.info('creating user %s' % username) user = UserModel().create_or_update( username, password, email, firstname='RhodeCode', lastname='Admin', active=True, admin=admin, extern_type="rhodecode", strict_creation_check=strict_creation_check) if api_key: log.info('setting a provided api key for the user %s', username) user.api_key = api_key
def test_api_update_user_when_exception_happens(self): usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN) ret = jsonify(usr.get_api_data()) id_, params = _build_data(self.apikey, 'update_user', userid=usr.user_id) response = api_call(self, params) ret = 'failed to update user `%s`' % usr.user_id expected = ret self._compare_error(id_, expected, given=response.body)
def test_api_update_user_when_exception_happens(self): usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN) ret = jsonify(usr.get_api_data(include_secrets=True)) id_, params = build_data(self.apikey, 'update_user', userid=usr.user_id) response = api_call(self.app, params) ret = 'failed to update user `%s`' % (usr.user_id, ) expected = ret assert_error(id_, expected, given=response.body)
def delete_email(self, user_id): """DELETE /user_emails_delete/user_id: Delete an existing item""" # url('user_emails_delete', user_id=ID, method='delete') user_id = safe_int(user_id) c.user = User.get_or_404(user_id) email_id = request.POST.get('del_email_id') user_model = UserModel() user_model.delete_extra_email(user_id, email_id) Session().commit() h.flash(_("Removed email address from user account"), category='success') return redirect(url('edit_user_emails', user_id=user_id))
def test_api_get_user(self): id_, params = build_data(self.apikey, 'get_user', userid=TEST_USER_ADMIN_LOGIN) response = api_call(self.app, params) usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN) ret = usr.get_api_data(include_secrets=True) ret['permissions'] = AuthUser(usr.user_id).permissions expected = ret assert_ok(id_, expected, given=response.body)
def action_logger(user, action, repo, ipaddr='', sa=None): """ Action logger for various actions made by users :param user: user that made this action, can be a unique username string or object containing user_id attribute :param action: action to log, should be on of predefined unique actions for easy translations :param repo: string name of repository or object containing repo_id, that action was made on :param ipaddr: optional ip address from what the action was made :param sa: optional sqlalchemy session """ if not sa: sa = meta.Session() try: um = UserModel() if hasattr(user, 'user_id'): user_obj = user elif isinstance(user, basestring): user_obj = um.get_by_username(user, cache=False) else: raise Exception('You have to provide user object or username') rm = RepoModel() if hasattr(repo, 'repo_id'): repo_obj = rm.get(repo.repo_id, cache=False) repo_name = repo_obj.repo_name elif isinstance(repo, basestring): repo_name = repo.lstrip('/') repo_obj = rm.get_by_repo_name(repo_name, cache=False) else: raise Exception('You have to provide repository to action logger') user_log = UserLog() user_log.user_id = user_obj.user_id user_log.action = action user_log.repository_id = repo_obj.repo_id user_log.repository_name = repo_name user_log.action_date = datetime.datetime.now() user_log.user_ip = ipaddr sa.add(user_log) sa.commit() log.info('Adding user %s, action %s on %s', user_obj, action, repo) except: log.error(traceback.format_exc()) sa.rollback()
def update_user(self, apiuser, userid, username=Optional(None), email=Optional(None), firstname=Optional(None), lastname=Optional(None), active=Optional(None), admin=Optional(None), ldap_dn=Optional(None), password=Optional(None)): """ Updates given user :param apiuser: :param userid: :param username: :param email: :param firstname: :param lastname: :param active: :param admin: :param ldap_dn: :param password: """ user = get_user_or_error(userid) # call function and store only updated arguments updates = {} def store_update(attr, name): if not isinstance(attr, Optional): updates[name] = attr try: store_update(username, 'username') store_update(password, 'password') store_update(email, 'email') store_update(firstname, 'name') store_update(lastname, 'lastname') store_update(active, 'active') store_update(admin, 'admin') store_update(ldap_dn, 'ldap_dn') user = UserModel().update_user(user, **updates) Session().commit() return dict( msg='updated user ID:%s %s' % (user.user_id, user.username), user=user.get_api_data() ) except DefaultUserException: log.error(traceback.format_exc()) raise JSONRPCError('editing default user is forbidden') except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to update user `%s`' % userid)
def test_api_update_user_by_user_id(self): usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN) ret = jsonify(usr.get_api_data()) id_, params = _build_data(self.apikey, 'update_user', userid=usr.user_id) response = api_call(self, params) ret = { 'msg': 'updated user ID:%s %s' % (usr.user_id, TEST_USER_ADMIN_LOGIN), 'user': ret } expected = ret self._compare_ok(id_, expected, given=response.body)
def testuser_api(request, pylonsapp): cls = request.cls cls.usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN) cls.apikey = cls.usr.api_key cls.test_user = UserModel().create_or_update( username='******', password='******', email='*****@*****.**', firstname='first', lastname='last') Session().commit() cls.TEST_USER_LOGIN = cls.test_user.username cls.apikey_regular = cls.test_user.api_key
def test_api_create_user_group_regular_user(self): group_name = 'some_new_group' usr = UserModel().get_by_username(self.TEST_USER_LOGIN) usr.inherit_default_permissions = False Session().add(usr) UserModel().grant_perm(self.TEST_USER_LOGIN, 'hg.usergroup.create.true') Session().commit() id_, params = build_data(self.apikey_regular, 'create_user_group', group_name=group_name) response = api_call(self.app, params) expected = { 'msg': 'created new user group `%s`' % (group_name, ), 'user_group': jsonify(UserGroupModel().get_by_name(group_name).get_api_data()) } try: assert_ok(id_, expected, given=response.body) finally: self.fixture.destroy_user_group(group_name) UserModel().revoke_perm(self.TEST_USER_LOGIN, 'hg.usergroup.create.true') usr = UserModel().get_by_username(self.TEST_USER_LOGIN) usr.inherit_default_permissions = True Session().add(usr) Session().commit()
def add_ip(self, id): """POST /user_ips:Add an existing item""" # url('user_ips', id=ID, method='put') ip = request.POST.get('new_ip') user_model = UserModel() try: user_model.add_extra_ip(id, ip) Session().commit() h.flash(_("Added ip %s to user") % ip, category='success') except formencode.Invalid, error: msg = error.error_dict['ip'] h.flash(msg, category='error')
def add_email(self, id): """POST /user_emails:Add an existing item""" # url('user_emails', id=ID, method='put') email = request.POST.get('new_email') user_model = UserModel() try: user_model.add_extra_email(id, email) Session().commit() h.flash(_("Added email %s to user") % email, category='success') except formencode.Invalid, error: msg = error.error_dict['email'] h.flash(msg, category='error')
def delete(self, id): """DELETE /users/id: Delete an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="DELETE" /> # Or using helpers: # h.form(url('delete_user', id=ID), # method='delete') # url('user', id=ID) user_model = UserModel() try: user_model.delete(id) h.flash(_('successfully deleted user'), category='success') except (UserOwnsReposException, DefaultUserException), e: h.flash(str(e), category='warning')
def password_reset_confirmation(self): if request.GET and request.GET.get('key'): try: user_model = UserModel() user = User.get_by_api_key(request.GET.get('key')) data = dict(email=user.email) user_model.reset_password(data) h.flash(_('Your password reset was successful, ' 'new password has been sent to your email'), category='success') except Exception, e: log.error(e) return redirect(url('reset_password'))
def create_user(self, apiuser, username, email, password=Optional(None), firstname=Optional(None), lastname=Optional(None), active=Optional(True), admin=Optional(False), ldap_dn=Optional(None)): """ Create new user :param apiuser: :param username: :param email: :param password: :param firstname: :param lastname: :param active: :param admin: :param ldap_dn: """ if UserModel().get_by_username(username): raise JSONRPCError("user `%s` already exist" % username) if UserModel().get_by_email(email, case_insensitive=True): raise JSONRPCError("email `%s` already exist" % email) if Optional.extract(ldap_dn): # generate temporary password if ldap_dn password = PasswordGenerator().gen_password(length=8) try: user = UserModel().create_or_update( username=Optional.extract(username), password=Optional.extract(password), email=Optional.extract(email), firstname=Optional.extract(firstname), lastname=Optional.extract(lastname), active=Optional.extract(active), admin=Optional.extract(admin), ldap_dn=Optional.extract(ldap_dn)) Session().commit() return dict(msg='created new user `%s`' % username, user=user.get_api_data()) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to create user `%s`' % username)
def tearDown(self): if hasattr(self, 'test_repo'): RepoModel().delete(repo=self.test_repo) UserModel().delete(self.u1) UserModel().delete(self.u2) UserModel().delete(self.a1) if hasattr(self, 'g1'): ReposGroupModel().delete(self.g1.group_id) if hasattr(self, 'g2'): ReposGroupModel().delete(self.g2.group_id) if hasattr(self, 'ug1'): UsersGroupModel().delete(self.ug1, force=True) Session.commit()
def create_default_user(self): log.info('creating default user') # create default user for handling default permissions. user = UserModel().create_or_update(username=User.DEFAULT_USER, password=str(uuid.uuid1())[:20], email='*****@*****.**', firstname='Anonymous', lastname='User') # based on configuration options activate/deactive this user which # controlls anonymous access if self.cli_args.get('public_access') is False: log.info('Public access disabled') user.active = False Session().add(user) Session().commit()
def create_user(self, apiuser, username, email, password, firstname=Optional(None), lastname=Optional(None), active=Optional(True), admin=Optional(False), ldap_dn=Optional(None)): """ Create new user :param apiuser: :param username: :param email: :param password: :param firstname: :param lastname: :param active: :param admin: :param ldap_dn: """ if UserModel().get_by_username(username): raise JSONRPCError("user `%s` already exist" % username) if UserModel().get_by_email(email, case_insensitive=True): raise JSONRPCError("email `%s` already exist" % email) if Optional.extract(ldap_dn): # generate temporary password if ldap_dn password = PasswordGenerator().gen_password(length=8) try: user = UserModel().create_or_update( username=Optional.extract(username), password=Optional.extract(password), email=Optional.extract(email), firstname=Optional.extract(firstname), lastname=Optional.extract(lastname), active=Optional.extract(active), admin=Optional.extract(admin), ldap_dn=Optional.extract(ldap_dn) ) Session().commit() return dict( msg='created new user `%s`' % username, user=user.get_api_data() ) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to create user `%s`' % username)
def password_reset(self): user_model = UserModel() if request.POST: password_reset_form = PasswordResetForm()() try: form_result = password_reset_form.to_python(dict(request.POST)) user_model.reset_password_link(form_result) h.flash(_('Your password reset link was sent'), category='success') return redirect(url('login_home')) except formencode.Invalid, errors: return htmlfill.render( render('/password_reset.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def create(self): """POST /users: Create a new item""" # url('users') user_model = UserModel() login_form = UserForm()() try: form_result = login_form.to_python(dict(request.POST)) user_model.create(form_result) h.flash(_('created user %s') % form_result['username'], category='success') #action_logger(self.rhodecode_user, 'new_user', '', '', self.sa) except formencode.Invalid, errors: return htmlfill.render( render('admin/users/user_add.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def test_my_account_update(self, name, expected): uname = 'testme' usr = UserModel().create_or_update(username=uname, password='******', email='*****@*****.**') self.Session().commit() params = usr.get_api_data() user_id = usr.user_id self.log_user(username=uname, password='******') params.update({name: expected}) params.update({'password_confirmation': ''}) params.update({'new_password': ''}) try: response = self.app.put(url('admin_settings_my_account_update', id=user_id), params) self.checkSessionFlash(response, 'Your account was updated successfully') updated_user = User.get_by_username(uname) updated_params = updated_user.get_api_data() updated_params.update({'password_confirmation': ''}) updated_params.update({'new_password': ''}) params['last_login'] = updated_params['last_login'] if name == 'email': params['emails'] = [expected] if name == 'ldap_dn': #cannot update this via form params['ldap_dn'] = None if name == 'active': #my account cannot deactivate account params['active'] = True if name == 'admin': #my account cannot make you an admin ! params['admin'] = False self.assertEqual(params, updated_params) finally: UserModel().delete('testme')
def test_inherited_permissions_from_default_on_user_disabled(self): user_model = UserModel() # disable fork and create on default user usr = '******' user_model.revoke_perm(usr, 'hg.create.repository') user_model.grant_perm(usr, 'hg.create.none') user_model.revoke_perm(usr, 'hg.fork.repository') user_model.grant_perm(usr, 'hg.fork.none') # make sure inherit flag is turned on self.u1.inherit_default_permissions = True Session().commit() u1_auth = AuthUser(user_id=self.u1.user_id) # this user will have inherited permissions from default user self.assertEqual(u1_auth.permissions['global'], set(['hg.create.none', 'hg.fork.none', 'hg.register.manual_activate', 'repository.read']))
def test_api_create_user(self): username = '******' email = username + "@foo.com" id_, params = _build_data(self.apikey, 'create_user', username=username, email=email, password='******') response = api_call(self, params) usr = UserModel().get_by_username(username) ret = dict( msg='created new user `%s`' % username, user=jsonify(usr.get_api_data()) ) expected = ret self._compare_ok(id_, expected, given=response.body) UserModel().delete(usr.user_id) Session().commit()
def test_ip_restriction_git(self): user_model = UserModel() try: user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32') Session().commit() clone_url = _construct_url(GIT_REPO) stdout, stderr = Command('/tmp').execute('git clone', clone_url) msg = ("""The requested URL returned error: 403""") assert msg in stderr finally: #release IP restrictions for ip in UserIpMap.getAll(): UserIpMap.delete(ip.ip_id) Session().commit() time.sleep(2) clone_url = _construct_url(GIT_REPO) stdout, stderr = Command('/tmp').execute('git clone', clone_url) assert 'Cloning into' in stdout assert stderr == ''
def propagate_data(self): user_model = UserModel() self.anonymous_user = user_model.get_by_username("default", cache=True) if self._api_key and self._api_key != self.anonymous_user.api_key: # try go get user by api key log.debug("Auth User lookup by API KEY %s", self._api_key) user_model.fill_data(self, api_key=self._api_key) else: log.debug("Auth User lookup by USER ID %s", self.user_id) if self.user_id is not None and self.user_id != self.anonymous_user.user_id: user_model.fill_data(self, user_id=self.user_id) else: if self.anonymous_user.active is True: user_model.fill_data(self, user_id=self.anonymous_user.user_id) # then we set this user is logged in self.is_authenticated = True else: self.is_authenticated = False log.debug("Auth User is now %s", self) user_model.fill_perms(self)
def create(self): """POST /users: Create a new item""" # url('users') user_model = UserModel() user_form = UserForm()() try: form_result = user_form.to_python(dict(request.POST)) user_model.create(form_result) usr = form_result['username'] action_logger(self.rhodecode_user, 'admin_created_user:%s' % usr, None, self.ip_addr, self.sa) h.flash(_('Created user %s') % usr, category='success') Session().commit() except formencode.Invalid, errors: return htmlfill.render( render('admin/users/user_add.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def login_container_auth(username): user = User.get_by_username(username) if user is None: user_attrs = { 'name': username, 'lastname': None, 'email': None, } user = UserModel().create_for_container_auth(username, user_attrs) if not user: return None log.info('User %s was created by container authentication' % username) if not user.active: return None user.update_lastlogin() Session.commit() log.debug('User %s is now logged in by container authentication', user.username) return user