def group(ipa, groupname):
group = Group(group_or_404(ipa, groupname))
sponsor_form = AddGroupMemberForm(groupname=groupname)
remove_form = RemoveGroupMemberForm(groupname=groupname)
members = [User(u) for u in ipa.user_find(in_group=groupname)['result']]
batch_methods = [
{"method": "user_find", "params": [[], {"uid": sponsorname, 'all': True}]}
for sponsorname in group.sponsors
]
sponsors = [
User(u['result'][0]) for u in ipa.batch(methods=batch_methods)['results']
]
# We can safely assume g.current_user exists after @with_ipa
current_user_is_sponsor = g.current_user.username in group.sponsors
return render_template(
'group.html',
group=group,
members=members,
sponsors=sponsors,
sponsor_form=sponsor_form,
remove_form=remove_form,
current_user_is_sponsor=current_user_is_sponsor,
)
def test_user_no_displayname_no_gcos(dummy_user_dict):
"""Test that we fallback to cn if there is no displayname nor gcos"""
del dummy_user_dict["displayname"]
del dummy_user_dict["gecos"]
dummy_user_dict["cn"] = ["CN"]
user = User(dummy_user_dict)
assert user.name == "CN"
def search_json(ipa):
username = request.args.get('username')
groupname = request.args.get('group')
res = []
if username:
users_ = [User(u) for u in ipa.user_find(username)['result']]
for user_ in users_:
uid = user_.username
cn = user_.name
if uid is not None:
# If the cn is None, who cares?
res.append({ 'uid': uid, 'cn': cn })
if groupname:
groups_ = [Group(g) for g in ipa.group_find(groupname)['result']]
for group_ in groups_:
cn = group_.name
description = group_.description
if cn is not None:
# If the description is None, who cares?
res.append({ 'cn': cn, 'description': description })
return jsonify(res)
def fn(*args, **kwargs):
ipa = maybe_ipa_session(app, session)
if ipa:
g.ipa = ipa
g.current_user = User(
g.ipa.user_find(whoami=True)['result'][0])
return f(*args, **kwargs, ipa=ipa)
flash('Please log in to continue.', 'orange')
return redirect(url_for('root'))
def user(ipa, username):
user = User(user_or_404(ipa, username))
# As a speed optimization, we make two separate calls.
# Just doing a group_find (with all=True) is super slow here, with a lot of
# groups.
groups = [Group(g) for g in ipa.group_find(user=username, all=False)['result']]
managed_groups = [
Group(g)
for g in ipa.group_find(membermanager_user=username, all=False)['result']
]
return render_template(
'user.html', user=user, groups=groups, managed_groups=managed_groups
)
def user_edit(ipa, username):
# TODO: Maybe make this a decorator some day?
if session.get('securitas_username') != username:
flash('You do not have permission to edit this account.', 'danger')
return redirect(url_for('user', username=username))
user = User(user_or_404(ipa, username))
form = EditUserForm(obj=user)
if form.validate_on_submit():
try:
ipa.user_mod(
username,
first_name=form.firstname.data,
last_name=form.lastname.data,
full_name='%s %s' % (form.firstname.data, form.lastname.data),
display_name='%s %s' % (form.firstname.data, form.lastname.data),
mail=form.mail.data,
ipasshpubkey=form.sshpubkeys.data,
fasircnick=form.ircnick.data,
faslocale=form.locale.data,
fastimezone=form.timezone.data,
fasgpgkeyid=form.gpgkeys.data,
fasgithubusername=form.github.data.lstrip('@'),
fasgitlabusername=form.gitlab.data.lstrip('@'),
fasrhbzemail=form.rhbz_mail.data,
)
except python_freeipa.exceptions.BadRequest as e:
if e.message == 'no modifications to be performed':
form.errors['non_field_errors'] = [e.message]
else:
app.logger.error(
f'An error happened while editing user {username}: {e.message}'
)
form.errors['non_field_errors'] = [e.message]
else:
flash('Profile has been succesfully updated.', 'success')
return redirect(url_for('user', username=username))
# if the form has errors, we don't want to add new fields. otherwise,
# more fields will show up with every validation error
if not form.errors:
# Append 2 empty entries at the bottom of the gpgkeys fieldlist
for i in range(2):
form.gpgkeys.append_entry()
form.sshpubkeys.append_entry()
return render_template('user-edit.html', user=user, form=form)
def search_json(ipa):
username = request.args.get('username')
groupname = request.args.get('group')
res = []
if username:
users_ = [User(u) for u in ipa.user_find(username)['result']]
for user_ in users_:
res.append({'uid': user_.username, 'cn': user_.name})
if groupname:
groups_ = [Group(g) for g in ipa.group_find(groupname)['result']]
for group_ in groups_:
res.append({'cn': group_.name, 'description': group_.description})
return jsonify(res)
def user(ipa, username):
user = User(user_or_404(ipa, username))
groups_member = [
Group(g) for g in ipa.group_find(user=username, all=False)['result']
]
groups_managed = [
Group(g).name for g in ipa.group_find(membermanager_user=username,
all=False)['result']
]
groups = {
'managed': groups_managed,
'member': groups_member,
}
return render_template(
'user.html',
user=user,
groups=groups,
)
def test_user(dummy_user_dict):
"""Test the User representation"""
user = User(dummy_user_dict)
assert user.username == "dummy"
assert user.firstname == "Dummy"
assert user.lastname == "User"
assert user.name == "Dummy User"
assert user.mail == "*****@*****.**"
assert user.sshpubkeys == [
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtX/SK86GrOa0xUadeZVbDXCj6wseamJQTpvjzNdKLgIBuQnA2dnR+jBS54rxUzHD1In/yI9r1VXr+KVZG4ULHmSuP3Icl0SUiVs+u+qeHP77Fa9rnQaxxCFL7uZgDSGSgMx0XtiQUrcumlD/9mrahCefU0BIKfS6e9chWwJnDnPSpyWf0y0NpaGYqPaV6Ukg2Z5tBvei6ghBb0e9Tusg9dHGvpv2B23dCzps6s5WBYY2TqjTHAEuRe6xR0agtPUE1AZ/DvSBKgwEz6RXIFOtv/fnZ0tERh238+n2nohMZNo1QAtQ6I0U9Kx2gdAgHRaMN6GzmbThji/MLgKlIJPSh', # noqa: E501
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuxGxBwWH5xMLAuIUAVU3O8ZViYWW64V3tJRob+eZngeR95PzUDeH0UlZ58bPyucpMowZNgJucsHyUjqal5bctv9Q5r224Of1R3DJqIViE16W3zncGNjbgiuc66wcO2o84HEm2Zi+v4cwU8ykM0m9zeG0257aVW4/L/fDAyR55NRJ7zLIyRmGMcjkN6j02wbGK89xXJKHMtRKa5Kg4GJx3HUae79C3B7SyoRAuyzLT6GmpMZ3XRa/khZ3t4xfUtSMV6DuvR5KJ9Wg5B20ecua1tNXOLHC3dU5L+P6Pb7+HL1sxHiYbaiBPJbosMkM2wqd3VyduQDQTO4BJyly/ruIN', # noqa: E501
]
assert user.timezone == "UTC"
assert user.locale == "en-US"
assert user.ircnick == "dummy"
assert user.gpgkeys == ["key1", "key2"]
assert user.groups == ["ipausers"]
assert user.github == "dummy"
assert user.gitlab == "dummy"
assert user.rhbz_mail == "*****@*****.**"
def user_edit(ipa, username):
# TODO: Maybe make this a decorator some day?
if session.get('securitas_username') != username:
flash('You do not have permission to edit this account.', 'red')
return redirect(url_for('user', username=username))
user = User(user_or_404(ipa, username))
form = EditUserForm()
if form.validate_on_submit():
try:
ipa.user_mod(
username,
first_name=form.firstname.data,
last_name=form.lastname.data,
full_name='%s %s' % (form.firstname.data, form.lastname.data),
display_name='%s %s' %
(form.firstname.data, form.lastname.data),
mail=form.mail.data,
fasircnick=form.ircnick.data,
faslocale=form.locale.data,
fastimezone=form.timezone.data,
fasgpgkeyid=form.gpgkeys.data,
fasgithubusername=form.github.data.lstrip('@'),
fasgitlabusername=form.gitlab.data.lstrip('@'),
fasrhbzemail=form.rhbz_mail.data,
)
except python_freeipa.exceptions.BadRequest as e:
if e.message == 'no modifications to be performed':
# Then we are ok still.
pass
else:
flash(e.message, 'red')
return redirect(url_for('user_edit', username=username))
flash('Profile has been succesfully updated.', 'green')
return redirect(url_for('user', username=username))
form.process(obj=user)
return render_template('user-edit.html', user=user, form=form)
def group(ipa, groupname):
group = Group(group_or_404(ipa, groupname))
sponsor_form = AddGroupMemberForm(groupname=groupname)
remove_form = RemoveGroupMemberForm(groupname=groupname)
sponsors = []
members = [User(u) for u in ipa.user_find(in_group=groupname)['result']]
for member in members:
if member.username in group.sponsors:
sponsors.append(member)
# We can safely assume g.current_user exists after @with_ipa
current_user_is_sponsor = g.current_user.username in group.sponsors
return render_template(
'group.html',
group=group,
members=members,
sponsors=sponsors,
sponsor_form=sponsor_form,
remove_form=remove_form,
current_user_is_sponsor=current_user_is_sponsor,
)
def test_user_no_displayname(dummy_user_dict):
"""Test that we fallback to gecos if there is no displayname"""
del dummy_user_dict["displayname"]
dummy_user_dict["gecos"] = ["GCOS"]
user = User(dummy_user_dict)
assert user.name == "GCOS"