def test_user_management():
email1 = '%s@%s.com' % (randstring(6), randstring(6))
email2 = '%s@%s.com' % (randstring(6), randstring(6))
passwd1 = 'randstring(6)'
passwd2 = 'randstring(6)'
ccnet_api.add_emailuser(email1, passwd1, 1, 1)
ccnet_api.add_emailuser(email2, passwd2, 0, 0)
ccnet_email1 = ccnet_api.get_emailuser(email1)
ccnet_email2 = ccnet_api.get_emailuser(email2)
assert ccnet_email1.is_active == True
assert ccnet_email1.is_staff == True
assert ccnet_email2.is_active == False
assert ccnet_email2.is_staff == False
assert ccnet_api.validate_emailuser(email1, passwd1) == 0
assert ccnet_api.validate_emailuser(email2, passwd2) == 0
users = ccnet_api.search_emailusers('DB',email1, -1, -1)
assert len(users) == 1
user_ccnet = users[0]
assert user_ccnet.email == email1
user_counts = ccnet_api.count_emailusers('DB')
user_numbers = ccnet_api.get_emailusers('DB', -1, -1)
ccnet_api.update_emailuser('DB', ccnet_email2.id, passwd2, 1, 1)
email2_new = ccnet_api.get_emailuser(email2)
assert email2_new.is_active == True
assert email2_new.is_staff == True
ccnet_api.remove_emailuser('DB', email1)
ccnet_api.remove_emailuser('DB', email2)
def test_update_password(self):
self.login_as(self.admin)
# change user password
password = randstring(10)
data = {"email": self.tmp_email, "password": password}
resp = self.client.put(self.url, json.dumps(data), 'application/json')
self.assertEqual(200, resp.status_code)
assert ccnet_api.validate_emailuser(self.tmp_email, password) == 0
def basic_auth_user(self, realmname, username, password, environ):
if "'" in username:
return False
try:
ccnet_email = None
session = None
if self.session_cls:
session = self.session_cls()
user = api.get_emailuser(username)
if user:
ccnet_email = user.email
else:
if session:
profile_profile = seahub_db.Base.classes.profile_profile
q = session.query(profile_profile.user).filter(
profile_profile.contact_email == username)
res = q.first()
if res:
ccnet_email = res[0]
if not ccnet_email:
_logger.warning('User %s doesn\'t exist', username)
return False
enable_webdav_secret = False
if hasattr(seahub_settings, 'ENABLE_WEBDAV_SECRET'):
enable_webdav_secret = seahub_settings.ENABLE_WEBDAV_SECRET
enable_two_factor_auth = False
if session and enableTwoFactorAuth(session, ccnet_email):
enable_two_factor_auth = True
if not enable_webdav_secret and enable_two_factor_auth:
_logger.warning(
"Two factor auth is enabled, no access to webdav.")
return False
if enable_webdav_secret:
if not session:
return False
else:
from Crypto.Cipher import AES
secret = seahub_settings.SECRET_KEY[:BLOCK_SIZE]
cipher = AES.new(secret.encode('utf8'), AES.MODE_ECB)
encoded_str = 'aes$' + EncodeAES(
cipher, password.encode('utf8')).decode('utf8')
options_useroptions = seahub_db.Base.classes.options_useroptions
q = session.query(options_useroptions.email)
q = q.filter(options_useroptions.email == ccnet_email,
options_useroptions.option_val == encoded_str)
res = q.first()
if not res:
return False
elif api.validate_emailuser(ccnet_email, password) != 0:
return False
username = ccnet_email
except Exception as e:
_logger.warning('Failed to login: %s', e)
return False
finally:
if session:
session.close()
try:
user = api.get_emailuser_with_import(username)
if user.role == 'guest':
environ['seafile.is_guest'] = True
else:
environ['seafile.is_guest'] = False
except Exception as e:
_logger.exception('get_emailuser')
if multi_tenancy_enabled():
try:
orgs = api.get_orgs_by_user(username)
if orgs:
environ['seafile.org_id'] = orgs[0].org_id
except Exception as e:
_logger.exception('get_orgs_by_user')
pass
environ["http_authenticator.username"] = username
return True
def basic_auth_user(self, realmname, username, password, environ):
if "'" in username:
return False
try:
ccnet_email = None
session = None
if self.session_cls:
session = self.session_cls()
user = api.get_emailuser(username)
if user:
ccnet_email = user.email
else:
if session:
profile_profile = seahub_db.Base.classes.profile_profile
q = session.query(profile_profile.user).filter(profile_profile.contact_email==username)
res = q.first()
if res:
ccnet_email = res[0]
if not ccnet_email:
_logger.warning('User %s doesn\'t exist', username)
return False
enable_webdav_secret = False
if hasattr(seahub_settings, 'ENABLE_WEBDAV_SECRET'):
enable_webdav_secret = seahub_settings.ENABLE_WEBDAV_SECRET
enable_two_factor_auth = False
if session and enableTwoFactorAuth(session, ccnet_email):
enable_two_factor_auth = True
if not enable_webdav_secret and enable_two_factor_auth:
_logger.warning("Two factor auth is enabled, no access to webdav.")
return False
elif enable_webdav_secret and enable_two_factor_auth:
if not validateSecret(session, password, ccnet_email):
return False
elif not enable_webdav_secret and not enable_two_factor_auth:
if api.validate_emailuser(ccnet_email, password) != 0:
return False
else:
if not validateSecret(session, password, ccnet_email) and \
api.validate_emailuser(ccnet_email, password) != 0:
return False
username = ccnet_email
except Exception as e:
_logger.warning('Failed to login: %s', e)
return False
finally:
if session:
session.close()
try:
user = api.get_emailuser_with_import(username)
if user.role == 'guest':
environ['seafile.is_guest'] = True
else:
environ['seafile.is_guest'] = False
except Exception as e:
_logger.exception('get_emailuser')
if multi_tenancy_enabled():
try:
orgs = api.get_orgs_by_user(username)
if orgs:
environ['seafile.org_id'] = orgs[0].org_id
except Exception as e:
_logger.exception('get_orgs_by_user')
pass
environ["http_authenticator.username"] = username
return True
def test_user_management(repo):
email1 = '%s@%s.com' % (randstring(6), randstring(6))
email2 = '%s@%s.com' % (randstring(6), randstring(6))
passwd1 = 'randstring(6)'
passwd2 = 'randstring(6)'
ccnet_api.add_emailuser(email1, passwd1, 1, 1)
ccnet_api.add_emailuser(email2, passwd2, 0, 0)
ccnet_email1 = ccnet_api.get_emailuser(email1)
ccnet_email2 = ccnet_api.get_emailuser(email2)
assert ccnet_email1.is_active == True
assert ccnet_email1.is_staff == True
assert ccnet_email2.is_active == False
assert ccnet_email2.is_staff == False
assert ccnet_api.validate_emailuser(email1, passwd1) == 0
assert ccnet_api.validate_emailuser(email2, passwd2) == 0
users = ccnet_api.search_emailusers('DB', email1, -1, -1)
assert len(users) == 1
user_ccnet = users[0]
assert user_ccnet.email == email1
user_counts = ccnet_api.count_emailusers('DB')
user_numbers = ccnet_api.get_emailusers('DB', -1, -1)
ccnet_api.update_emailuser('DB', ccnet_email2.id, passwd2, 1, 1)
email2_new = ccnet_api.get_emailuser(email2)
assert email2_new.is_active == True
assert email2_new.is_staff == True
#test group when update user id
id1 = ccnet_api.create_group('group1', email1, parent_group_id=-1)
assert id1 != -1
group1 = ccnet_api.get_group(id1)
assert group1.parent_group_id == -1
# test shared repo when update user id
api.share_repo(repo.id, USER, email1, "rw")
assert api.repo_has_been_shared(repo.id)
new_email1 = '%s@%s.com' % (randstring(6), randstring(6))
assert ccnet_api.update_emailuser_id(email1, new_email1) == 0
shared_users = api.list_repo_shared_to(USER, repo.id)
assert len(shared_users) == 1
assert shared_users[0].repo_id == repo.id
assert shared_users[0].user == new_email1
assert shared_users[0].perm == "rw"
api.remove_share(repo.id, USER, new_email1)
email1_groups = ccnet_api.get_groups(new_email1)
assert len(email1_groups) == 1
assert email1_groups[0].id == id1
rm1 = ccnet_api.remove_group(id1)
assert rm1 == 0
ccnet_api.remove_emailuser('DB', new_email1)
ccnet_api.remove_emailuser('DB', email2)