Exemple #1
0
    def authenticate(self, remote_user, shib_meta):
        """
        The username passed as ``remote_user`` is considered trusted.  This
        method simply returns the ``User`` object with the given username,
        creating a new ``User`` object if ``create_unknown_user`` is ``True``.

        Returns None if ``create_unknown_user`` is ``False`` and a ``User``
        object with the given username is not found in the database.
        """
        if not remote_user:
            return

        username = self.clean_username(remote_user)

        local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1)
        if not local_ccnet_users:
            local_ccnet_users = ccnet_api.search_emailusers(
                'LDAP', username, -1, -1)

        if not local_ccnet_users:
            if self.create_unknown_user:
                user = User.objects.create_user(
                    email=username, is_active=self.activate_after_creation)
                if user and self.activate_after_creation is False:
                    notify_admins_on_activate_request(user.email)
                    # Do not send follwing registration finished email (if any)
                    # which will cause confusion.
                    return user
                if user and settings.NOTIFY_ADMIN_AFTER_REGISTRATION is True:
                    notify_admins_on_register_complete(user.email)
            else:
                user = None

        return user
Exemple #2
0
    def authenticate(self, remote_user):
        """
        The username passed as ``remote_user`` is considered trusted.  This
        method simply returns the ``User`` object with the given username,
        creating a new ``User`` object if ``create_unknown_user`` is ``True``.

        Returns None if ``create_unknown_user`` is ``False`` and a ``User``
        object with the given username is not found in the database.
        """
        if not remote_user:
            return

        username = self.clean_username(remote_user)
        try:
            user = User.objects.get(email=username)
        except User.DoesNotExist:
            if self.create_unknown_user:
                user = User.objects.create_user(
                    email=username, is_active=self.activate_after_creation)
                if user and self.activate_after_creation is False:
                    notify_admins_on_activate_request(user.email)
                if user and settings.NOTIFY_ADMIN_AFTER_REGISTRATION is True:
                    notify_admins_on_register_complete(user.email)
            else:
                user = None

        return user
Exemple #3
0
def token_view(request, token):
    """Show form to let user set password.
    """
    i = get_object_or_404(Invitation, token=token)
    if i.is_expired():
        raise Http404

    if request.method == 'GET':
        try:
            user = User.objects.get(email=i.accepter)
            if user.is_active is True:
                # user is active return exist
                messages.error(request, _('A user with this email already exists.'))
        except User.DoesNotExist:
            pass

        return render(request, 'invitations/token_view.html', {'iv': i, })

    if request.method == 'POST':
        passwd = request.POST.get('password', '')
        if not passwd:
            return HttpResponseRedirect(request.META.get('HTTP_REFERER'))

        try:
            user = User.objects.get(email=i.accepter)
            if user.is_active is True:
                # user is active return exist
                messages.error(request, _('A user with this email already exists.'))
                return render(request, 'invitations/token_view.html', {'iv': i, })
            else:
                # user is inactive then set active and new password
                user.set_password(passwd)
                user.is_active = True
                user.save()
                user = authenticate(username=user.username, password=passwd)

        except User.DoesNotExist:
            # Create user, set that user as guest.
            user = User.objects.create_user(
                email=i.accepter, password=passwd, is_active=True)
            User.objects.update_role(user.username, GUEST_USER)
            for backend in get_backends():
                user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)

        # Update invitation accept time.
        i.accept()

        # login
        auth_login(request, user)

        # send signal to notify inviter
        accept_guest_invitation_successful.send(
            sender=None, invitation_obj=i)

        # send email to notify admin
        if NOTIFY_ADMIN_AFTER_REGISTRATION:
            notify_admins_on_register_complete(user.email)

        return HttpResponseRedirect(SITE_ROOT)
Exemple #4
0
    def authenticate(self, request=None, remote_user=None):
        """
        The username passed as ``remote_user`` is considered trusted.  This
        method simply returns the ``User`` object with the given username,
        creating a new ``User`` object if ``create_unknown_user`` is ``True``.

        Returns None if ``create_unknown_user`` is ``False`` and a ``User``
        object with the given username is not found in the database.
        """
        if not remote_user or not request:
            return None

        username = self.clean_username(remote_user)

        # get user from ccnet
        user = self.get_user(username)
        if not user:
            # when user doesn't exist
            if not self.create_unknown_user:
                logger.error('User %s not found.' % username)
                return None

            try:
                user = User.objects.create_user(email=username,
                                                is_active=self.auto_activate)

                if not self.auto_activate:
                    notify_admins_on_activate_request(username)
                elif settings.NOTIFY_ADMIN_AFTER_REGISTRATION:
                    notify_admins_on_register_complete(username)

            except Exception as e:
                logger.error(e)
                return None

        if not self.user_can_authenticate(user):
            logger.error('User %s is not active' % username)
            return None

        # update user info after authenticated
        try:
            self.configure_user(request, user)
        except Exception as e:
            logger.error(e)
            return None

        # get user again with updated extra info after configure
        return self.get_user(username)
Exemple #5
0
def token_view(request, token):
    """Show form to let user set password.
    """
    i = get_object_or_404(Invitation, token=token)
    if i.is_expired():
        raise Http404

    if request.method == 'POST':
        passwd = request.POST.get('password', '')
        if not passwd:
            return HttpResponseRedirect(request.META.get('HTTP_REFERER'))

        try:
            User.objects.get(email=i.accepter)
            messages.error(request, _('A user with this email already exists.'))
        except User.DoesNotExist:
            # Create user, set that user as guest, and log user in.
            u = User.objects.create_user(email=i.accepter, password=passwd,
                                         is_active=True)
            User.objects.update_role(u.username, GUEST_USER)

            i.accept()          # Update invitaion accept time.

            for backend in get_backends():
                u.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
            auth_login(request, u)

            # send signal to notify inviter
            accept_guest_invitation_successful.send(
                sender=None, invitation_obj=i)

            # send email to notify admin
            if NOTIFY_ADMIN_AFTER_REGISTRATION:
                notify_admins_on_register_complete(u.email)

            return HttpResponseRedirect(SITE_ROOT)

    return render(request, 'invitations/token_view.html', {
        'iv': i,
    })
Exemple #6
0
def token_view(request, token):
    """Show form to let user set password.
    """
    i = get_object_or_404(Invitation, token=token)
    if i.is_expired():
        raise Http404

    if request.method == 'GET':
        try:
            user = User.objects.get(email=i.accepter)
            if user.is_active is True:
                # user is active return exist
                messages.error(request,
                               _('A user with this email already exists.'))
        except User.DoesNotExist:
            pass

        return render(request, 'invitations/token_view.html', {
            'iv': i,
        })

    if request.method == 'POST':
        passwd = request.POST.get('password', '')
        if not passwd:
            return HttpResponseRedirect(request.META.get('HTTP_REFERER'))

        try:
            user = User.objects.get(email=i.accepter)
            if user.is_active is True:
                # user is active return exist
                messages.error(request,
                               _('A user with this email already exists.'))
                return render(request, 'invitations/token_view.html', {
                    'iv': i,
                })
            else:
                # user is inactive then set active and new password
                user.set_password(passwd)
                user.is_active = True
                user.save()
                user = authenticate(username=user.username, password=passwd)

        except User.DoesNotExist:
            # Create user, set that user as guest.
            user = User.objects.create_user(email=i.accepter,
                                            password=passwd,
                                            is_active=True)
            User.objects.update_role(user.username, GUEST_USER)
            for backend in get_backends():
                user.backend = "%s.%s" % (backend.__module__,
                                          backend.__class__.__name__)

        # Update invitation accept time.
        i.accept()

        # login
        auth_login(request, user)

        # send signal to notify inviter
        accept_guest_invitation_successful.send(sender=None, invitation_obj=i)

        # send email to notify admin
        if NOTIFY_ADMIN_AFTER_REGISTRATION:
            notify_admins_on_register_complete(user.email)

        # repo share invitation
        try:
            shared_queryset = RepoShareInvitation.objects.list_by_invitation(
                invitation=i)
            accepter = i.accepter

            for shared_obj in shared_queryset:
                repo_id = shared_obj.repo_id
                path = shared_obj.path
                permission = shared_obj.permission
                inviter = shared_obj.invitation.inviter

                # recourse check
                repo = seafile_api.get_repo(repo_id)
                if not repo:
                    logger.warning(
                        '[ %s ] repo not found when [ %s ] accepts the invitation to share repo'
                    ) % (repo_id, accepter)
                    continue
                if seafile_api.get_dir_id_by_path(repo.id, path) is None:
                    logger.warning(
                        '[ %s ][ %s ] dir not found when [ %s ] accepts the invitation to share repo'
                    ) % (repo_id, path, accepter)
                    continue

                repo_owner = seafile_api.get_repo_owner(repo_id)
                share_dir_to_user(repo, path, repo_owner, inviter, accepter,
                                  permission, None)

                send_perm_audit_msg('modify-repo-perm', inviter, accepter,
                                    repo_id, path, permission)

            # delete
            shared_queryset.delete()
        except Exception as e:
            logger.error(e)

        return HttpResponseRedirect(SITE_ROOT)
Exemple #7
0
    def authenticate(self,
                     session_info=None,
                     attribute_mapping=None,
                     create_unknown_user=True,
                     **kwargs):
        if session_info is None or attribute_mapping is None:
            logger.error('Session info or attribute mapping are None')
            return None

        if 'ava' not in session_info:
            logger.error('"ava" key not found in session_info')
            return None

        attributes = session_info['ava']
        if not attributes:
            logger.error('The attributes dictionary is empty')

        use_name_id_as_username = getattr(settings,
                                          'SAML_USE_NAME_ID_AS_USERNAME',
                                          False)

        django_user_main_attribute = getattr(
            settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE', 'username')
        django_user_main_attribute_lookup = getattr(
            settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP', '')

        logger.debug('attributes: %s', attributes)
        saml_user = None
        if use_name_id_as_username:
            if 'name_id' in session_info:
                logger.debug('name_id: %s', session_info['name_id'])
                saml_user = session_info['name_id'].text
            else:
                logger.error(
                    'The nameid is not available. Cannot find user without a nameid.'
                )
        else:
            logger.debug('attribute_mapping: %s', attribute_mapping)
            for saml_attr, django_fields in list(attribute_mapping.items()):
                if (django_user_main_attribute in django_fields
                        and saml_attr in attributes):
                    saml_user = attributes[saml_attr][0]

        if saml_user is None:
            logger.error('Could not find saml_user value')
            return None

        if not self.is_authorized(attributes, attribute_mapping):
            return None

        main_attribute = self.clean_user_main_attribute(saml_user)

        user_query_args = {
            django_user_main_attribute + django_user_main_attribute_lookup:
            main_attribute
        }
        user_create_defaults = {django_user_main_attribute: main_attribute}

        # Note that this could be accomplished in one try-except clause, but
        # instead we use get_or_create when creating unknown users since it has
        # built-in safeguards for multiple threads.

        # check if user exist in local ccnet db/ldapimport database
        username = main_attribute
        local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1)
        if not local_ccnet_users:
            local_ccnet_users = ccnet_api.search_emailusers(
                'LDAP', username, -1, -1)

        if not local_ccnet_users:
            if create_unknown_user:
                activate_after_creation = getattr(
                    settings, 'SAML_ACTIVATE_USER_AFTER_CREATION', True)
                user = User.objects.create_user(
                    email=username, is_active=activate_after_creation)
                if not activate_after_creation:
                    notify_admins_on_activate_request(username)
                elif settings.NOTIFY_ADMIN_AFTER_REGISTRATION:
                    notify_admins_on_register_complete(username)

            else:
                user = None
        else:
            user = User.objects.get(email=username)

        if user:
            self.make_profile(user, attributes, attribute_mapping)

        return user