def create_org_user(self, email=org_admin_name, password=org_user_password): user = None try: user = User.objects.get(email=email) except User.DoesNotExist: user = User.objects.create_user(email, password, is_staff=False, is_active=True) ccnet_api.add_org_user(self.org.org_id, email, 0) return user
def create_org_admin_user(self, email="*****@*****.**", password=org_admin_password): admin = None try: admin = User.objects.get(email=email) except User.DoesNotExist: admin = User.objects.create_user(email, password, is_staff=False, is_active=True) ccnet_api.add_org_user(self.org.org_id, email, 1) return admin
def create_org_user(self, email=org_admin_name, password=org_user_password): user = None try: user = User.objects.get(email=email) except User.DoesNotExist: user = User.objects.create_user(email, password, is_staff=False, is_active=True) ccnet_api.add_org_user(self.org.org_id, email, 0) return user
def create_org_admin_user(self, email="*****@*****.**", password=org_admin_password): admin = None try: admin = User.objects.get(email=email) except User.DoesNotExist: admin = User.objects.create_user(email, password, is_staff=False, is_active=True) ccnet_api.add_org_user(self.org.org_id, email, 1) return admin
def test_can_not_delete_if_not_admin(self): if not LOCAL_PRO_DEV_ENV: return email = '%s@%s.com' % (randstring(6), randstring(6)) self.create_user(email=email) ccnet_api.add_org_user(self.org_id, email, 0) assert ccnet_api.org_user_exists(self.org_id, email) == 1 self.login_as(self.user) url = reverse('api-v2.1-admin-org-user', args=[self.org_id, email]) resp = self.client.delete(url) self.assertEqual(403, resp.status_code)
def test_update_with_invalid_args(self): if not LOCAL_PRO_DEV_ENV: return email = '%s@%s.com' % (randstring(6), randstring(6)) tmp_user = self.create_user(email=email) ccnet_api.add_org_user(self.org_id, email, 0) assert ccnet_api.org_user_exists(self.org_id, email) == 1 assert tmp_user.is_active self.login_as(self.admin) url = reverse('api-v2.1-admin-org-user', args=[self.org_id, email]) status = 'fals' data = 'active=%s' % status resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(400, resp.status_code)
def setUp(self): self.user_name = self.user.username self.admin_name = self.admin.username if LOCAL_PRO_DEV_ENV: self.org_name = randstring(6) self.org_url_prefix = randstring(6) tmp_user = self.create_user(email='%s@%s.com' % (randstring(6), randstring(6))) self.org_creator = tmp_user.username self.org_id = ccnet_api.create_org(self.org_name, self.org_url_prefix, self.org_creator) self.org_users_url = reverse('api-v2.1-admin-org-users', args=[self.org_id]) email = '%s@%s.com' % (randstring(6), randstring(6)) self.create_user(email=email) ccnet_api.add_org_user(self.org_id, email, 0) assert ccnet_api.org_user_exists(self.org_id, email) == 1 self.org_user = email
def set_org_user(org_id, username, is_staff=False): return ccnet_api.add_org_user(org_id, username, int(is_staff))
def post(self, request, org_id): """ Add new user to org. Permission checking: 1. only admin can perform this action. """ # argument check org_id = int(org_id) if org_id == 0: error_msg = 'org_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) org = ccnet_api.get_org_by_id(org_id) if not org: error_msg = 'Organization %d not found.' % org_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) email = request.POST.get('email', None) if not email or not is_valid_email(email): error_msg = 'email invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) password = request.POST.get('password', None) if not password: error_msg = 'password invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=email) user_exists = True except User.DoesNotExist: user_exists = False if user_exists: error_msg = 'User %s already exists.' % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # check user number limit by license if user_number_over_limit(): error_msg = 'The number of users exceeds the limit.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check user number limit by org member quota org_members = len(ccnet_api.get_org_emailusers(org.url_prefix, -1, -1)) if ORG_MEMBER_QUOTA_ENABLED: from seahub_extra.organizations.models import OrgMemberQuota org_members_quota = OrgMemberQuota.objects.get_quota(org_id) if org_members_quota is not None and org_members >= org_members_quota: error_msg = 'Failed. You can only invite %d members.' % org_members_quota return api_error(status.HTTP_403_FORBIDDEN, error_msg) # create user try: user = User.objects.create_user(email, password, is_staff=False, is_active=True) except User.DoesNotExist as e: logger.error(e) error_msg = 'Fail to add user %s.' % email return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # add user to org # set `is_staff` parameter as `0` try: ccnet_api.add_org_user(org_id, email, 0) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) name = request.POST.get('name', None) if name: Profile.objects.add_or_update(email, name) if config.FORCE_PASSWORD_CHANGE: UserOptions.objects.set_force_passwd_change(email) user_info = get_org_user_info(org_id, user) return Response(user_info)
def post(self, request, org_id): """ Add new user to org. Permission checking: 1. only admin can perform this action. """ # argument check org_id = int(org_id) if org_id == 0: error_msg = 'org_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) org = ccnet_api.get_org_by_id(org_id) if not org: error_msg = 'Organization %d not found.' % org_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) email = request.POST.get('email', None) if not email or not is_valid_email(email): error_msg = 'email invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) password = request.POST.get('password', None) if not password: error_msg = 'password invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) active = request.POST.get('active', 'true') active = active.lower() if active not in ('true', 'false'): error_msg = 'active invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) is_active = active == 'true' try: User.objects.get(email=email) user_exists = True except User.DoesNotExist: user_exists = False if user_exists: error_msg = 'User %s already exists.' % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # check user number limit by license if user_number_over_limit(): error_msg = 'The number of users exceeds the limit.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # check user number limit by org member quota org_members = len(ccnet_api.get_org_emailusers(org.url_prefix, -1, -1)) if ORG_MEMBER_QUOTA_ENABLED: from seahub_extra.organizations.models import OrgMemberQuota org_members_quota = OrgMemberQuota.objects.get_quota(org_id) if org_members_quota is not None and org_members >= org_members_quota: error_msg = 'Failed. You can only invite %d members.' % org_members_quota return api_error(status.HTTP_403_FORBIDDEN, error_msg) # create user try: User.objects.create_user(email, password, is_staff=False, is_active=is_active) except User.DoesNotExist as e: logger.error(e) error_msg = 'Fail to add user %s.' % email return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # add user to org # set `is_staff` parameter as `0` try: ccnet_api.add_org_user(org_id, email, 0) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) name = request.POST.get('name', None) if name: Profile.objects.add_or_update(email, name) if config.FORCE_PASSWORD_CHANGE: UserOptions.objects.set_force_passwd_change(email) user_info = get_org_user_info(org_id, email) user_info['active'] = is_active return Response(user_info)
def weixin_oauth_callback(request): if not weixin_check(): return render_error(request, _('Feature is not enabled.')) code = request.GET.get('code', None) state = request.GET.get('state', None) weixin_oauth_state = request.session.get('weixin_oauth_state', None) weixin_oauth_redirect = request.session.get('weixin_oauth_redirect', redirect_to) org_id = request.session.get('weixin_oauth_org_id', None) is_mobile_weixin = request.session.get('weixin_oauth_is_mobile_weixin', False) # clear session try: del request.session['weixin_oauth_state'] del request.session['weixin_oauth_redirect'] del request.session['weixin_oauth_org_id'] del request.session['weixin_oauth_is_mobile_weixin'] except Exception as e: logger.warning(e) # get api user info if state != weixin_oauth_state or not code: logger.error('can not get right code or state from weixin request') return render_error(request, _('Error, please contact administrator.')) access_token, openid = get_weixin_access_token_and_openid( code, is_mobile_weixin) if not access_token or not openid: logger.error('can not get weixin access_token or openid') return render_error(request, _('Error, please contact administrator.')) weixin_api_user_info = get_weixin_api_user_info(access_token, openid) if not weixin_api_user_info: return render_error(request, _('Error, please contact administrator.')) # main user_id = weixin_api_user_info.get('unionid') uid = WEIXIN_UID_PREFIX + user_id weixin_user = SocialAuthUser.objects.get_by_provider_and_uid( WEIXIN_PROVIDER, uid) if weixin_user: email = weixin_user.username is_new_user = False else: email = None is_new_user = True try: user = auth.authenticate(remote_user=email) except User.DoesNotExist: user = None if not user: return render_error( request, _('Error, new user registration is not allowed, please contact administrator.' )) # bind username = user.username if is_new_user: SocialAuthUser.objects.add(username, WEIXIN_PROVIDER, uid) # org invite for new user if org_id: if is_new_user: ccnet_api.add_org_user(org_id, username, int(False)) else: return render_error(request, '仅限新用户加入机构') # update user info if is_new_user or WEIXIN_USER_INFO_AUTO_UPDATE: api_user = weixin_api_user_info api_user['username'] = username update_weixin_user_info(api_user) if not user.is_active: return render_error( request, _('Your account is created successfully, please wait for administrator to activate your account.' )) # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user request.session['remember_me'] = REMEMBER_ME auth.login(request, user) # generate auth token for Seafile client api_token = get_api_token(request) # redirect user to page response = HttpResponseRedirect(weixin_oauth_redirect) response.set_cookie('seahub_auth', user.username + '@' + api_token.key) return response