def route_user_create(vendor_id):
""" Add a user to the vendor """
# check exists
vendor = db.session.query(Vendor).filter(Vendor.vendor_id == vendor_id).first()
if not vendor:
flash('Failed to modify vendor: No a vendor with that group ID', 'warning')
return redirect(url_for('vendors.route_list'), 302)
# security check
if not vendor.check_acl('@manage-users'):
flash('Permission denied: Unable to modify vendor as non-admin', 'danger')
return redirect(url_for('vendors.route_show', vendor_id=vendor_id))
if not 'username' in request.form or not request.form['username']:
flash('Unable to add user as no username', 'danger')
return redirect(url_for('vendors.route_show', vendor_id=vendor_id))
if not 'display_name' in request.form:
flash('Unable to add user as no display_name', 'danger')
return redirect(url_for('vendors.route_show', vendor_id=vendor_id))
username = request.form['username'].lower()
user = db.session.query(User).filter(User.username == username).first()
if user:
flash('Failed to add user: Username already exists', 'warning')
return redirect(url_for('vendors.route_users', vendor_id=vendor_id), 302)
# verify email
if not _email_check(username):
flash('Failed to add user: Invalid email address', 'warning')
return redirect(url_for('users.route_list'), 302)
# verify the username matches the allowed vendor glob
if not g.user.check_acl('@admin'):
if not vendor.username_glob:
flash('Failed to add user: '******'Admin has not set the account policy for this vendor',
'warning')
return redirect(url_for('vendors.route_users', vendor_id=vendor_id), 302)
if not _verify_username_vendor_glob(username, vendor.username_glob):
flash('Failed to add user: '******'Email address does not match account policy %s' % vendor.username_glob,
'warning')
return redirect(url_for('vendors.route_users', vendor_id=vendor_id), 302)
# add user
if g.user.vendor.oauth_domain_glob:
user = User(username=username,
display_name=request.form['display_name'],
auth_type='oauth',
vendor_id=vendor.vendor_id)
else:
user = User(username=username,
display_name=request.form['display_name'],
auth_type='local',
otp_secret=_otp_hash(),
vendor_id=vendor.vendor_id)
# this is stored hashed
password = _generate_password()
user.password = password
db.session.add(user)
db.session.commit()
# send email
if user.auth_type == 'local':
send_email("[LVFS] An account has been created",
user.email_address,
render_template('email-confirm.txt',
user=user, password=password))
# done!
flash('Added user %i' % user.user_id, 'info')
return redirect(url_for('vendors.route_users', vendor_id=vendor_id), 302)
def route_create():
""" Add a user [ADMIN ONLY] """
# only accept form data
if request.method != 'POST':
return redirect(url_for('main.route_profile'))
if not 'username' in request.form:
flash('Unable to add user as no username', 'danger')
return redirect(url_for('main.route_dashboard'))
if not 'password_new' in request.form:
flash('Unable to add user as no password_new', 'danger')
return redirect(url_for('main.route_dashboard'))
if not 'group_id' in request.form:
flash('Unable to add user as no group_id', 'danger')
return redirect(url_for('main.route_dashboard'))
if not 'display_name' in request.form:
flash('Unable to add user as no display_name', 'danger')
return redirect(url_for('main.route_dashboard'))
user = db.session.query(User).filter(User.username == request.form['username']).first()
if user:
flash('Already a user with that username!', 'danger')
return redirect(url_for('main.route_dashboard'), 422)
# verify password
password = request.form['password_new']
if not _password_check(password):
return redirect(url_for('users.route_list'), 302)
# verify email
username = request.form['username'].lower()
if not _email_check(username):
flash('Failed to add user: Invalid email address', 'warning')
return redirect(url_for('users.route_list'), 302)
# verify group_id
group_id = request.form['group_id']
if len(group_id) < 3:
flash('Failed to add user: QA group invalid', 'warning')
return redirect(url_for('users.route_list'), 302)
# verify name
display_name = request.form['display_name']
if len(display_name) < 3:
flash('Failed to add user: Name invalid', 'warning')
return redirect(url_for('users.route_list'), 302)
vendor = db.session.query(Vendor).filter(Vendor.group_id == group_id).first()
if not vendor:
remote = Remote(name='embargo-%s' % group_id)
db.session.add(remote)
db.session.commit()
vendor = Vendor(group_id=group_id, remote_id=remote.remote_id)
db.session.add(vendor)
db.session.commit()
user = User(username=username,
auth_type='local',
otp_secret=_otp_hash(),
display_name=display_name,
vendor_id=vendor.vendor_id)
user.password = password
db.session.add(user)
db.session.commit()
flash('Added user %i and an email has been sent to the user' % user.user_id, 'info')
return redirect(url_for('users.route_list'), 302)