def _create_user_for_oauth_username(username): """ If any oauth wildcard match, create a *un-committed* User object """ # does this username match any globs specified by the vendor for v in db.session.query(Vendor).filter(Vendor.oauth_domain_glob != None): # pylint: disable=singleton-comparison for glob in v.oauth_domain_glob.split(','): if not fnmatch.fnmatch(username.lower(), glob): continue if v.oauth_unknown_user == 'create': return User(username, vendor_id=v.vendor_id, auth_type='oauth') if v.oauth_unknown_user == 'disabled': return User(username, vendor_id=v.vendor_id) return None
def route_user_create(vendor_id): """ Add a user to the vendor """ # check exists vendor = db.session.query(Vendor).filter(Vendor.vendor_id == vendor_id).first() if not vendor: flash('Failed to modify vendor: No a vendor with that group ID', 'warning') return redirect(url_for('vendors.route_list'), 302) # security check if not vendor.check_acl('@manage-users'): flash('Permission denied: Unable to modify vendor as non-admin', 'danger') return redirect(url_for('vendors.route_show', vendor_id=vendor_id)) if not 'username' in request.form or not request.form['username']: flash('Unable to add user as no username', 'danger') return redirect(url_for('vendors.route_show', vendor_id=vendor_id)) if not 'display_name' in request.form: flash('Unable to add user as no display_name', 'danger') return redirect(url_for('vendors.route_show', vendor_id=vendor_id)) username = request.form['username'].lower() user = db.session.query(User).filter(User.username == username).first() if user: flash('Failed to add user: Username already exists', 'warning') return redirect(url_for('vendors.route_users', vendor_id=vendor_id), 302) # verify email if not _email_check(username): flash('Failed to add user: Invalid email address', 'warning') return redirect(url_for('users.route_list'), 302) # verify the username matches the allowed vendor glob if not g.user.check_acl('@admin'): if not vendor.username_glob: flash('Failed to add user: '******'Admin has not set the account policy for this vendor', 'warning') return redirect(url_for('vendors.route_users', vendor_id=vendor_id), 302) if not _verify_username_vendor_glob(username, vendor.username_glob): flash('Failed to add user: '******'Email address does not match account policy %s' % vendor.username_glob, 'warning') return redirect(url_for('vendors.route_users', vendor_id=vendor_id), 302) # add user if g.user.vendor.oauth_domain_glob: user = User(username=username, display_name=request.form['display_name'], auth_type='oauth', vendor_id=vendor.vendor_id) else: user = User(username=username, display_name=request.form['display_name'], auth_type='local', otp_secret=_otp_hash(), vendor_id=vendor.vendor_id) # this is stored hashed password = _generate_password() user.password = password db.session.add(user) db.session.commit() # send email if user.auth_type == 'local': send_email("[LVFS] An account has been created", user.email_address, render_template('email-confirm.txt', user=user, password=password)) # done! flash('Added user %i' % user.user_id, 'info') return redirect(url_for('vendors.route_users', vendor_id=vendor_id), 302)
def route_create(): """ Add a user [ADMIN ONLY] """ # only accept form data if request.method != 'POST': return redirect(url_for('main.route_profile')) if not 'username' in request.form: flash('Unable to add user as no username', 'danger') return redirect(url_for('main.route_dashboard')) if not 'password_new' in request.form: flash('Unable to add user as no password_new', 'danger') return redirect(url_for('main.route_dashboard')) if not 'group_id' in request.form: flash('Unable to add user as no group_id', 'danger') return redirect(url_for('main.route_dashboard')) if not 'display_name' in request.form: flash('Unable to add user as no display_name', 'danger') return redirect(url_for('main.route_dashboard')) user = db.session.query(User).filter(User.username == request.form['username']).first() if user: flash('Already a user with that username!', 'danger') return redirect(url_for('main.route_dashboard'), 422) # verify password password = request.form['password_new'] if not _password_check(password): return redirect(url_for('users.route_list'), 302) # verify email username = request.form['username'].lower() if not _email_check(username): flash('Failed to add user: Invalid email address', 'warning') return redirect(url_for('users.route_list'), 302) # verify group_id group_id = request.form['group_id'] if len(group_id) < 3: flash('Failed to add user: QA group invalid', 'warning') return redirect(url_for('users.route_list'), 302) # verify name display_name = request.form['display_name'] if len(display_name) < 3: flash('Failed to add user: Name invalid', 'warning') return redirect(url_for('users.route_list'), 302) vendor = db.session.query(Vendor).filter(Vendor.group_id == group_id).first() if not vendor: remote = Remote(name='embargo-%s' % group_id) db.session.add(remote) db.session.commit() vendor = Vendor(group_id=group_id, remote_id=remote.remote_id) db.session.add(vendor) db.session.commit() user = User(username=username, auth_type='local', otp_secret=_otp_hash(), display_name=display_name, vendor_id=vendor.vendor_id) user.password = password db.session.add(user) db.session.commit() flash('Added user %i and an email has been sent to the user' % user.user_id, 'info') return redirect(url_for('users.route_list'), 302)