Esempio n. 1
0
def _create_user_for_oauth_username(username):
    """ If any oauth wildcard match, create a *un-committed* User object """

    # does this username match any globs specified by the vendor
    for v in db.session.query(Vendor).filter(Vendor.oauth_domain_glob != None):  # pylint: disable=singleton-comparison
        for glob in v.oauth_domain_glob.split(','):
            if not fnmatch.fnmatch(username.lower(), glob):
                continue
            if v.oauth_unknown_user == 'create':
                return User(username, vendor_id=v.vendor_id, auth_type='oauth')
            if v.oauth_unknown_user == 'disabled':
                return User(username, vendor_id=v.vendor_id)
    return None
Esempio n. 2
0
def route_user_create(vendor_id):
    """ Add a user to the vendor """

    # check exists
    vendor = db.session.query(Vendor).filter(Vendor.vendor_id == vendor_id).first()
    if not vendor:
        flash('Failed to modify vendor: No a vendor with that group ID', 'warning')
        return redirect(url_for('vendors.route_list'), 302)

    # security check
    if not vendor.check_acl('@manage-users'):
        flash('Permission denied: Unable to modify vendor as non-admin', 'danger')
        return redirect(url_for('vendors.route_show', vendor_id=vendor_id))

    if not 'username' in request.form or not request.form['username']:
        flash('Unable to add user as no username', 'danger')
        return redirect(url_for('vendors.route_show', vendor_id=vendor_id))
    if not 'display_name' in request.form:
        flash('Unable to add user as no display_name', 'danger')
        return redirect(url_for('vendors.route_show', vendor_id=vendor_id))
    username = request.form['username'].lower()
    user = db.session.query(User).filter(User.username == username).first()
    if user:
        flash('Failed to add user: Username already exists', 'warning')
        return redirect(url_for('vendors.route_users', vendor_id=vendor_id), 302)

    # verify email
    if not _email_check(username):
        flash('Failed to add user: Invalid email address', 'warning')
        return redirect(url_for('users.route_list'), 302)

    # verify the username matches the allowed vendor glob
    if not g.user.check_acl('@admin'):
        if not vendor.username_glob:
            flash('Failed to add user: '******'Admin has not set the account policy for this vendor',
                  'warning')
            return redirect(url_for('vendors.route_users', vendor_id=vendor_id), 302)
        if not _verify_username_vendor_glob(username, vendor.username_glob):
            flash('Failed to add user: '******'Email address does not match account policy %s' % vendor.username_glob,
                  'warning')
            return redirect(url_for('vendors.route_users', vendor_id=vendor_id), 302)

    # add user
    if g.user.vendor.oauth_domain_glob:
        user = User(username=username,
                    display_name=request.form['display_name'],
                    auth_type='oauth',
                    vendor_id=vendor.vendor_id)
    else:
        user = User(username=username,
                    display_name=request.form['display_name'],
                    auth_type='local',
                    otp_secret=_otp_hash(),
                    vendor_id=vendor.vendor_id)
        # this is stored hashed
        password = _generate_password()
        user.password = password
    db.session.add(user)
    db.session.commit()

    # send email
    if user.auth_type == 'local':
        send_email("[LVFS] An account has been created",
                   user.email_address,
                   render_template('email-confirm.txt',
                                   user=user, password=password))

    # done!
    flash('Added user %i' % user.user_id, 'info')
    return redirect(url_for('vendors.route_users', vendor_id=vendor_id), 302)
Esempio n. 3
0
def route_create():
    """ Add a user [ADMIN ONLY] """

    # only accept form data
    if request.method != 'POST':
        return redirect(url_for('main.route_profile'))

    if not 'username' in request.form:
        flash('Unable to add user as no username', 'danger')
        return redirect(url_for('main.route_dashboard'))
    if not 'password_new' in request.form:
        flash('Unable to add user as no password_new', 'danger')
        return redirect(url_for('main.route_dashboard'))
    if not 'group_id' in request.form:
        flash('Unable to add user as no group_id', 'danger')
        return redirect(url_for('main.route_dashboard'))
    if not 'display_name' in request.form:
        flash('Unable to add user as no display_name', 'danger')
        return redirect(url_for('main.route_dashboard'))
    user = db.session.query(User).filter(User.username == request.form['username']).first()
    if user:
        flash('Already a user with that username!', 'danger')
        return redirect(url_for('main.route_dashboard'), 422)

    # verify password
    password = request.form['password_new']
    if not _password_check(password):
        return redirect(url_for('users.route_list'), 302)

    # verify email
    username = request.form['username'].lower()
    if not _email_check(username):
        flash('Failed to add user: Invalid email address', 'warning')
        return redirect(url_for('users.route_list'), 302)

    # verify group_id
    group_id = request.form['group_id']
    if len(group_id) < 3:
        flash('Failed to add user: QA group invalid', 'warning')
        return redirect(url_for('users.route_list'), 302)

    # verify name
    display_name = request.form['display_name']
    if len(display_name) < 3:
        flash('Failed to add user: Name invalid', 'warning')
        return redirect(url_for('users.route_list'), 302)

    vendor = db.session.query(Vendor).filter(Vendor.group_id == group_id).first()
    if not vendor:
        remote = Remote(name='embargo-%s' % group_id)
        db.session.add(remote)
        db.session.commit()
        vendor = Vendor(group_id=group_id, remote_id=remote.remote_id)
        db.session.add(vendor)
        db.session.commit()
    user = User(username=username,
                auth_type='local',
                otp_secret=_otp_hash(),
                display_name=display_name,
                vendor_id=vendor.vendor_id)
    user.password = password
    db.session.add(user)
    db.session.commit()
    flash('Added user %i and an email has been sent to the user' % user.user_id, 'info')
    return redirect(url_for('users.route_list'), 302)