def agree_with_tos(username, **kwargs): """ Specified user send agreement to Terms of Service Variables: username => Name of the user that agrees with tos Arguments: None Data Block: None Result example: { "success": true # Saving the user info succeded } """ logged_in_user = kwargs['user'] if logged_in_user['uname'] != username: return make_api_response( {"success": False}, "You can't agree to Terms Of Service on behalf of someone else!", 400) user = STORAGE.user.get(username) if not user: return make_api_response({"success": False}, "User %s does not exist." % username, 403) else: user.agrees_with_tos = now_as_iso() if config.ui.tos_lockout: user.is_active = False if config.ui.tos_lockout and config.ui.tos_lockout_notify: # noinspection PyBroadException try: for adr in config.ui.tos_lockout_notify: send_authorize_email(adr, username, user.email or "") except Exception as e: LOGGER.error( f"An error occurred while sending confirmation emails: {str(e)}" ) return make_api_response( {"success": False}, "The system was unable to send confirmation emails " "to the administrators. Retry again later...", 400) STORAGE.user.save(username, user) return make_api_response({"success": True})
def set_user_account(username, **kwargs): """ Save the user account information. Variables: username => Name of the user to get the account info Arguments: None Data Block: { "name": "Test user", # Name of the user "is_active": true, # Is the user active? "classification": "", # Max classification for user "uname": "usertest", # Username "type": ['user'], # List of all types the user is member of "avatar": null, # Avatar of the user "groups": ["TEST"] # Groups the user is member of } Result example: { "success": true # Saving the user info succeded } """ try: data = request.json new_pass = data.pop('new_pass', None) old_user = STORAGE.user.get(username, as_obj=False) if not old_user: return make_api_response({"success": False}, "User %s does not exists" % username, 404) if not data['name']: return make_api_response({"success": False}, "Full name of the user cannot be empty", 400) data['apikeys'] = old_user.get('apikeys', []) data['otp_sk'] = old_user.get('otp_sk', None) data['security_tokens'] = old_user.get('security_tokens', {}) or {} if new_pass: password_requirements = config.auth.internal.password_requirements.as_primitives() if not check_password_requirements(new_pass, **password_requirements): error_msg = get_password_requirement_message(**password_requirements) return make_api_response({"success": False}, error_msg, 469) data['password'] = get_password_hash(new_pass) data.pop('new_pass_confirm', None) else: data['password'] = old_user.get('password', "__NO_PASSWORD__") or "__NO_PASSWORD__" # Apply dynamic classification data['classification'] = get_dynamic_classification(data['classification'], data['email']) ret_val = save_user_account(username, data, kwargs['user']) if ret_val and \ not old_user['is_active'] \ and data['is_active'] \ and config.ui.tos_lockout \ and config.ui.tos_lockout_notify: try: email = data['email'] or "" for adr in config.ui.tos_lockout_notify: send_activated_email(adr, username, email, kwargs['user']['uname']) if email: send_activated_email(email, username, email, kwargs['user']['uname']) except Exception as e: # We can't send confirmation email, Rollback user change and mark this a failure STORAGE.user.save(username, old_user) LOGGER.error(f"An error occured while sending confirmation emails: {str(e)}") return make_api_response({"success": False}, "The system was unable to send confirmation emails. " "Retry again later...", 404) return make_api_response({"success": ret_val}) except AccessDeniedException as e: return make_api_response({"success": False}, str(e), 403) except InvalidDataException as e: return make_api_response({"success": False}, str(e), 400)