def create_org_user(self, email=org_admin_name, password=org_user_password):
user = None
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
user = User.objects.create_user(email, password, is_staff=False, is_active=True)
ccnet_api.add_org_user(self.org.org_id, email, 0)
return user
def create_org_admin_user(self, email="*****@*****.**", password=org_admin_password):
admin = None
try:
admin = User.objects.get(email=email)
except User.DoesNotExist:
admin = User.objects.create_user(email, password, is_staff=False, is_active=True)
ccnet_api.add_org_user(self.org.org_id, email, 1)
return admin
def create_org_user(self, email=org_admin_name, password=org_user_password):
user = None
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
user = User.objects.create_user(email, password, is_staff=False, is_active=True)
ccnet_api.add_org_user(self.org.org_id, email, 0)
return user
def create_org_admin_user(self, email="*****@*****.**", password=org_admin_password):
admin = None
try:
admin = User.objects.get(email=email)
except User.DoesNotExist:
admin = User.objects.create_user(email, password, is_staff=False, is_active=True)
ccnet_api.add_org_user(self.org.org_id, email, 1)
return admin
def test_can_not_delete_if_not_admin(self):
if not LOCAL_PRO_DEV_ENV:
return
email = '%s@%s.com' % (randstring(6), randstring(6))
self.create_user(email=email)
ccnet_api.add_org_user(self.org_id, email, 0)
assert ccnet_api.org_user_exists(self.org_id, email) == 1
self.login_as(self.user)
url = reverse('api-v2.1-admin-org-user', args=[self.org_id, email])
resp = self.client.delete(url)
self.assertEqual(403, resp.status_code)
def test_update_with_invalid_args(self):
if not LOCAL_PRO_DEV_ENV:
return
email = '%s@%s.com' % (randstring(6), randstring(6))
tmp_user = self.create_user(email=email)
ccnet_api.add_org_user(self.org_id, email, 0)
assert ccnet_api.org_user_exists(self.org_id, email) == 1
assert tmp_user.is_active
self.login_as(self.admin)
url = reverse('api-v2.1-admin-org-user', args=[self.org_id, email])
status = 'fals'
data = 'active=%s' % status
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(400, resp.status_code)
def setUp(self):
self.user_name = self.user.username
self.admin_name = self.admin.username
if LOCAL_PRO_DEV_ENV:
self.org_name = randstring(6)
self.org_url_prefix = randstring(6)
tmp_user = self.create_user(email='%s@%s.com' % (randstring(6), randstring(6)))
self.org_creator = tmp_user.username
self.org_id = ccnet_api.create_org(self.org_name,
self.org_url_prefix, self.org_creator)
self.org_users_url = reverse('api-v2.1-admin-org-users',
args=[self.org_id])
email = '%s@%s.com' % (randstring(6), randstring(6))
self.create_user(email=email)
ccnet_api.add_org_user(self.org_id, email, 0)
assert ccnet_api.org_user_exists(self.org_id, email) == 1
self.org_user = email
def set_org_user(org_id, username, is_staff=False):
return ccnet_api.add_org_user(org_id, username, int(is_staff))
def post(self, request, org_id):
""" Add new user to org.
Permission checking:
1. only admin can perform this action.
"""
# argument check
org_id = int(org_id)
if org_id == 0:
error_msg = 'org_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
org = ccnet_api.get_org_by_id(org_id)
if not org:
error_msg = 'Organization %d not found.' % org_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
email = request.POST.get('email', None)
if not email or not is_valid_email(email):
error_msg = 'email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
password = request.POST.get('password', None)
if not password:
error_msg = 'password invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
User.objects.get(email=email)
user_exists = True
except User.DoesNotExist:
user_exists = False
if user_exists:
error_msg = 'User %s already exists.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# check user number limit by license
if user_number_over_limit():
error_msg = 'The number of users exceeds the limit.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check user number limit by org member quota
org_members = len(ccnet_api.get_org_emailusers(org.url_prefix, -1, -1))
if ORG_MEMBER_QUOTA_ENABLED:
from seahub_extra.organizations.models import OrgMemberQuota
org_members_quota = OrgMemberQuota.objects.get_quota(org_id)
if org_members_quota is not None and org_members >= org_members_quota:
error_msg = 'Failed. You can only invite %d members.' % org_members_quota
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# create user
try:
user = User.objects.create_user(email,
password,
is_staff=False,
is_active=True)
except User.DoesNotExist as e:
logger.error(e)
error_msg = 'Fail to add user %s.' % email
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# add user to org
# set `is_staff` parameter as `0`
try:
ccnet_api.add_org_user(org_id, email, 0)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
name = request.POST.get('name', None)
if name:
Profile.objects.add_or_update(email, name)
if config.FORCE_PASSWORD_CHANGE:
UserOptions.objects.set_force_passwd_change(email)
user_info = get_org_user_info(org_id, user)
return Response(user_info)
def post(self, request, org_id):
""" Add new user to org.
Permission checking:
1. only admin can perform this action.
"""
# argument check
org_id = int(org_id)
if org_id == 0:
error_msg = 'org_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
org = ccnet_api.get_org_by_id(org_id)
if not org:
error_msg = 'Organization %d not found.' % org_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
email = request.POST.get('email', None)
if not email or not is_valid_email(email):
error_msg = 'email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
password = request.POST.get('password', None)
if not password:
error_msg = 'password invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
active = request.POST.get('active', 'true')
active = active.lower()
if active not in ('true', 'false'):
error_msg = 'active invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
is_active = active == 'true'
try:
User.objects.get(email=email)
user_exists = True
except User.DoesNotExist:
user_exists = False
if user_exists:
error_msg = 'User %s already exists.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# check user number limit by license
if user_number_over_limit():
error_msg = 'The number of users exceeds the limit.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# check user number limit by org member quota
org_members = len(ccnet_api.get_org_emailusers(org.url_prefix, -1, -1))
if ORG_MEMBER_QUOTA_ENABLED:
from seahub_extra.organizations.models import OrgMemberQuota
org_members_quota = OrgMemberQuota.objects.get_quota(org_id)
if org_members_quota is not None and org_members >= org_members_quota:
error_msg = 'Failed. You can only invite %d members.' % org_members_quota
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# create user
try:
User.objects.create_user(email, password, is_staff=False,
is_active=is_active)
except User.DoesNotExist as e:
logger.error(e)
error_msg = 'Fail to add user %s.' % email
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# add user to org
# set `is_staff` parameter as `0`
try:
ccnet_api.add_org_user(org_id, email, 0)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
name = request.POST.get('name', None)
if name:
Profile.objects.add_or_update(email, name)
if config.FORCE_PASSWORD_CHANGE:
UserOptions.objects.set_force_passwd_change(email)
user_info = get_org_user_info(org_id, email)
user_info['active'] = is_active
return Response(user_info)
def weixin_oauth_callback(request):
if not weixin_check():
return render_error(request, _('Feature is not enabled.'))
code = request.GET.get('code', None)
state = request.GET.get('state', None)
weixin_oauth_state = request.session.get('weixin_oauth_state', None)
weixin_oauth_redirect = request.session.get('weixin_oauth_redirect',
redirect_to)
org_id = request.session.get('weixin_oauth_org_id', None)
is_mobile_weixin = request.session.get('weixin_oauth_is_mobile_weixin',
False)
# clear session
try:
del request.session['weixin_oauth_state']
del request.session['weixin_oauth_redirect']
del request.session['weixin_oauth_org_id']
del request.session['weixin_oauth_is_mobile_weixin']
except Exception as e:
logger.warning(e)
# get api user info
if state != weixin_oauth_state or not code:
logger.error('can not get right code or state from weixin request')
return render_error(request, _('Error, please contact administrator.'))
access_token, openid = get_weixin_access_token_and_openid(
code, is_mobile_weixin)
if not access_token or not openid:
logger.error('can not get weixin access_token or openid')
return render_error(request, _('Error, please contact administrator.'))
weixin_api_user_info = get_weixin_api_user_info(access_token, openid)
if not weixin_api_user_info:
return render_error(request, _('Error, please contact administrator.'))
# main
user_id = weixin_api_user_info.get('unionid')
uid = WEIXIN_UID_PREFIX + user_id
weixin_user = SocialAuthUser.objects.get_by_provider_and_uid(
WEIXIN_PROVIDER, uid)
if weixin_user:
email = weixin_user.username
is_new_user = False
else:
email = None
is_new_user = True
try:
user = auth.authenticate(remote_user=email)
except User.DoesNotExist:
user = None
if not user:
return render_error(
request,
_('Error, new user registration is not allowed, please contact administrator.'
))
# bind
username = user.username
if is_new_user:
SocialAuthUser.objects.add(username, WEIXIN_PROVIDER, uid)
# org invite for new user
if org_id:
if is_new_user:
ccnet_api.add_org_user(org_id, username, int(False))
else:
return render_error(request, '仅限新用户加入机构')
# update user info
if is_new_user or WEIXIN_USER_INFO_AUTO_UPDATE:
api_user = weixin_api_user_info
api_user['username'] = username
update_weixin_user_info(api_user)
if not user.is_active:
return render_error(
request,
_('Your account is created successfully, please wait for administrator to activate your account.'
))
# User is valid. Set request.user and persist user in the session
# by logging the user in.
request.user = user
request.session['remember_me'] = REMEMBER_ME
auth.login(request, user)
# generate auth token for Seafile client
api_token = get_api_token(request)
# redirect user to page
response = HttpResponseRedirect(weixin_oauth_redirect)
response.set_cookie('seahub_auth', user.username + '@' + api_token.key)
return response
