def search_user_from_ccnet(q):
""" Return 10 items at most.
"""
users = []
db_users = ccnet_api.search_emailusers('DB', q, 0, 10)
users.extend(db_users)
count = len(users)
if count < 10:
ldap_imported_users = ccnet_api.search_emailusers('LDAP', q, 0, 10 - count)
users.extend(ldap_imported_users)
count = len(users)
if count < 10 and ENABLE_SEARCH_FROM_LDAP_DIRECTLY:
all_ldap_users = ccnet_api.search_ldapusers(q, 0, 10 - count)
users.extend(all_ldap_users)
# `users` is already search result, no need search more
email_list = []
for user in users:
email_list.append(user.email)
return email_list
def authenticate(self, remote_user, shib_meta):
"""
The username passed as ``remote_user`` is considered trusted. This
method simply returns the ``User`` object with the given username,
creating a new ``User`` object if ``create_unknown_user`` is ``True``.
Returns None if ``create_unknown_user`` is ``False`` and a ``User``
object with the given username is not found in the database.
"""
if not remote_user:
return
username = self.clean_username(remote_user)
local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1)
if not local_ccnet_users:
local_ccnet_users = ccnet_api.search_emailusers(
'LDAP', username, -1, -1)
if not local_ccnet_users:
if self.create_unknown_user:
user = User.objects.create_user(
email=username, is_active=self.activate_after_creation)
if user and self.activate_after_creation is False:
notify_admins_on_activate_request(user.email)
# Do not send follwing registration finished email (if any)
# which will cause confusion.
return user
if user and settings.NOTIFY_ADMIN_AFTER_REGISTRATION is True:
notify_admins_on_register_complete(user.email)
else:
user = None
return user
def search_user_from_ccnet(q):
""" Return 10 items at most.
"""
users = []
db_users = ccnet_api.search_emailusers('DB', q, 0, 10)
users.extend(db_users)
count = len(users)
if count < 10:
ldap_imported_users = ccnet_api.search_emailusers('LDAP', q, 0, 10 - count)
users.extend(ldap_imported_users)
count = len(users)
if count < 10 and ENABLE_SEARCH_FROM_LDAP_DIRECTLY:
all_ldap_users = ccnet_api.search_ldapusers(q, 0, 10 - count)
users.extend(all_ldap_users)
# `users` is already search result, no need search more
email_list = []
for user in users:
email_list.append(user.email)
return email_list
def test_user_management():
email1 = '%s@%s.com' % (randstring(6), randstring(6))
email2 = '%s@%s.com' % (randstring(6), randstring(6))
passwd1 = 'randstring(6)'
passwd2 = 'randstring(6)'
ccnet_api.add_emailuser(email1, passwd1, 1, 1)
ccnet_api.add_emailuser(email2, passwd2, 0, 0)
ccnet_email1 = ccnet_api.get_emailuser(email1)
ccnet_email2 = ccnet_api.get_emailuser(email2)
assert ccnet_email1.is_active == True
assert ccnet_email1.is_staff == True
assert ccnet_email2.is_active == False
assert ccnet_email2.is_staff == False
assert ccnet_api.validate_emailuser(email1, passwd1) == 0
assert ccnet_api.validate_emailuser(email2, passwd2) == 0
users = ccnet_api.search_emailusers('DB',email1, -1, -1)
assert len(users) == 1
user_ccnet = users[0]
assert user_ccnet.email == email1
user_counts = ccnet_api.count_emailusers('DB')
user_numbers = ccnet_api.get_emailusers('DB', -1, -1)
ccnet_api.update_emailuser('DB', ccnet_email2.id, passwd2, 1, 1)
email2_new = ccnet_api.get_emailuser(email2)
assert email2_new.is_active == True
assert email2_new.is_staff == True
ccnet_api.remove_emailuser('DB', email1)
ccnet_api.remove_emailuser('DB', email2)
def get(self, request):
"""Search user from DB, LDAPImport and Profile
Permission checking:
1. only admin can perform this action.
"""
if not request.user.admin_permissions.can_manage_user():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
query_str = request.GET.get('query', '').lower()
if not query_str:
error_msg = 'query invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
users = []
# search user from ccnet db
users += ccnet_api.search_emailusers('DB', query_str, 0, 10)
# search user from ccnet ldapimport
users += ccnet_api.search_emailusers('LDAP', query_str, 0, 10)
ccnet_user_emails = [u.email for u in users]
# get institution for user from ccnet
if getattr(settings, 'MULTI_INSTITUTION', False):
user_institution_dict = {}
profiles = Profile.objects.filter(user__in=ccnet_user_emails)
for profile in profiles:
email = profile.user
if email not in user_institution_dict:
user_institution_dict[email] = profile.institution
for user in users:
user.institution = user_institution_dict.get(user.email, '')
# search user from profile
searched_profile = Profile.objects.filter(
(Q(nickname__icontains=query_str))
| Q(contact_email__icontains=query_str))[:10]
for profile in searched_profile:
email = profile.user
institution = profile.institution
# remove duplicate emails
if email not in ccnet_user_emails:
try:
# get is_staff and is_active info
user = User.objects.get(email=email)
user.institution = institution
users.append(user)
except User.DoesNotExist:
continue
data = []
for user in users:
info = {}
info['email'] = user.email
info['name'] = email2nickname(user.email)
info['contact_email'] = email2contact_email(user.email)
info['is_staff'] = user.is_staff
info['is_active'] = user.is_active
info['source'] = user.source.lower()
orgs = ccnet_api.get_orgs_by_user(user.email)
if orgs:
org_id = orgs[0].org_id
info['org_id'] = org_id
info['org_name'] = orgs[0].org_name
info['quota_usage'] = seafile_api.get_org_user_quota_usage(
org_id, user.email)
info['quota_total'] = seafile_api.get_org_user_quota(
org_id, user.email)
else:
info['quota_usage'] = seafile_api.get_user_self_usage(
user.email)
info['quota_total'] = seafile_api.get_user_quota(user.email)
info['create_time'] = timestamp_to_isoformat_timestr(user.ctime)
last_login_obj = UserLastLogin.objects.get_by_username(user.email)
info['last_login'] = datetime_to_isoformat_timestr(
last_login_obj.last_login) if last_login_obj else ''
info['role'] = get_user_role(user)
if getattr(settings, 'MULTI_INSTITUTION', False):
info['institution'] = user.institution
data.append(info)
result = {'user_list': data}
return Response(result)
def pubuser_search(request):
can_search = False
if is_org_context(request):
can_search = True
elif request.cloud_mode:
# Users are not allowed to search public user when in cloud mode.
can_search = False
else:
can_search = True
if can_search is False:
raise Http404
email_or_nickname = request.GET.get('search', '')
if not email_or_nickname:
return HttpResponseRedirect(reverse('pubuser'))
# Get user's contacts, used in show "add to contacts" button.
username = request.user.username
contacts = Contact.objects.get_contacts_by_user(username)
contact_emails = [request.user.username]
for c in contacts:
contact_emails.append(c.contact_email)
search_result = []
# search by username
if is_org_context(request):
url_prefix = request.user.org.url_prefix
org_users = ccnet_api.get_org_users_by_url_prefix(url_prefix, -1, -1)
users = []
for u in org_users:
if email_or_nickname in u.email:
users.append(u)
else:
users = ccnet_api.search_emailusers(email_or_nickname, -1, -1)
for u in users:
can_be_contact = True if u.email not in contact_emails else False
search_result.append({
'email': u.email,
'can_be_contact': can_be_contact
})
# search by nickname
if is_org_context(request):
url_prefix = request.user.org.url_prefix
org_users = ccnet_api.get_org_users_by_url_prefix(url_prefix, -1, -1)
profile_all = Profile.objects.filter(
user__in=[u.email for u in org_users]).values('user', 'nickname')
else:
profile_all = Profile.objects.all().values('user', 'nickname')
for p in profile_all:
if email_or_nickname in p['nickname']:
can_be_contact = True if p['user'] not in contact_emails else False
search_result.append({
'email': p['user'],
'can_be_contact': can_be_contact
})
uniq_usernames = []
for res in search_result:
if res['email'] not in uniq_usernames:
uniq_usernames.append(res['email'])
else:
search_result.remove(res)
return render(request, 'pubuser.html', {
'search': email_or_nickname,
'users': search_result,
})
def authenticate(self,
session_info=None,
attribute_mapping=None,
create_unknown_user=True,
**kwargs):
if session_info is None or attribute_mapping is None:
logger.error('Session info or attribute mapping are None')
return None
if not 'ava' in session_info:
logger.error('"ava" key not found in session_info')
return None
attributes = session_info['ava']
if not attributes:
logger.error('The attributes dictionary is empty')
use_name_id_as_username = getattr(settings,
'SAML_USE_NAME_ID_AS_USERNAME',
False)
django_user_main_attribute = getattr(
settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE', 'username')
django_user_main_attribute_lookup = getattr(
settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP', '')
logger.debug('attributes: %s', attributes)
saml_user = None
if use_name_id_as_username:
if 'name_id' in session_info:
logger.debug('name_id: %s', session_info['name_id'])
saml_user = session_info['name_id'].text
else:
logger.error(
'The nameid is not available. Cannot find user without a nameid.'
)
else:
logger.debug('attribute_mapping: %s', attribute_mapping)
for saml_attr, django_fields in attribute_mapping.items():
if (django_user_main_attribute in django_fields
and saml_attr in attributes):
saml_user = attributes[saml_attr][0]
if saml_user is None:
logger.error('Could not find saml_user value')
return None
if not self.is_authorized(attributes, attribute_mapping):
return None
main_attribute = self.clean_user_main_attribute(saml_user)
user_query_args = {
django_user_main_attribute + django_user_main_attribute_lookup:
main_attribute
}
user_create_defaults = {django_user_main_attribute: main_attribute}
# Note that this could be accomplished in one try-except clause, but
# instead we use get_or_create when creating unknown users since it has
# built-in safeguards for multiple threads.
# check if user exist in local ccnet db/ldapimport database
username = main_attribute
local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1)
if not local_ccnet_users:
local_ccnet_users = ccnet_api.search_emailusers(
'LDAP', username, -1, -1)
if not local_ccnet_users:
if create_unknown_user:
user = User.objects.create_user(email=username, is_active=True)
else:
user = None
else:
user = User.objects.get(email=username)
if user:
self.make_profile(user, attributes, attribute_mapping)
return user
def test_user_management(repo):
email1 = '%s@%s.com' % (randstring(6), randstring(6))
email2 = '%s@%s.com' % (randstring(6), randstring(6))
passwd1 = 'randstring(6)'
passwd2 = 'randstring(6)'
ccnet_api.add_emailuser(email1, passwd1, 1, 1)
ccnet_api.add_emailuser(email2, passwd2, 0, 0)
ccnet_email1 = ccnet_api.get_emailuser(email1)
ccnet_email2 = ccnet_api.get_emailuser(email2)
assert ccnet_email1.is_active == True
assert ccnet_email1.is_staff == True
assert ccnet_email2.is_active == False
assert ccnet_email2.is_staff == False
assert ccnet_api.validate_emailuser(email1, passwd1) == 0
assert ccnet_api.validate_emailuser(email2, passwd2) == 0
users = ccnet_api.search_emailusers('DB', email1, -1, -1)
assert len(users) == 1
user_ccnet = users[0]
assert user_ccnet.email == email1
user_counts = ccnet_api.count_emailusers('DB')
user_numbers = ccnet_api.get_emailusers('DB', -1, -1)
ccnet_api.update_emailuser('DB', ccnet_email2.id, passwd2, 1, 1)
email2_new = ccnet_api.get_emailuser(email2)
assert email2_new.is_active == True
assert email2_new.is_staff == True
#test group when update user id
id1 = ccnet_api.create_group('group1', email1, parent_group_id=-1)
assert id1 != -1
group1 = ccnet_api.get_group(id1)
assert group1.parent_group_id == -1
# test shared repo when update user id
api.share_repo(repo.id, USER, email1, "rw")
assert api.repo_has_been_shared(repo.id)
new_email1 = '%s@%s.com' % (randstring(6), randstring(6))
assert ccnet_api.update_emailuser_id(email1, new_email1) == 0
shared_users = api.list_repo_shared_to(USER, repo.id)
assert len(shared_users) == 1
assert shared_users[0].repo_id == repo.id
assert shared_users[0].user == new_email1
assert shared_users[0].perm == "rw"
api.remove_share(repo.id, USER, new_email1)
email1_groups = ccnet_api.get_groups(new_email1)
assert len(email1_groups) == 1
assert email1_groups[0].id == id1
rm1 = ccnet_api.remove_group(id1)
assert rm1 == 0
ccnet_api.remove_emailuser('DB', new_email1)
ccnet_api.remove_emailuser('DB', email2)
