def post(self):
if current_user.role == current_user.SYSTEM_ADMIN:
args = request.values
org_id = create_organization(args['full_name'], args['folder_name'])
return {'status': 'ok', 'organization_id': org_id}
else: # for now we require non-system-admins to create organizations through sign-up process
abort(403)
def _bootstrap_controller_auth(app_config: Dict[str, str]):
"""Create an organization, controller folder, and API key."""
org_name = app_config.get('TERRAWARE_ORGANIZATION_NAME')
org_folder = app_config.get('TERRAWARE_ORGANIZATION_FOLDER')
folder_name = app_config.get('TERRAWARE_CONTROLLER_FOLDER')
secret_key = app_config.get('TERRAWARE_CONTROLLER_SECRET_KEY')
if org_name and org_folder and folder_name and secret_key:
org_resource = Resource.query.filter(
Resource.name == org_folder,
Resource.type == Resource.ORGANIZATION_FOLDER).one_or_none()
if org_resource is not None:
org_id = org_resource.id
else:
logger.info('Creating organization %s', org_name)
org_id = create_organization(org_name, org_folder)
controller_resource = Resource.query.filter(
Resource.name == folder_name,
Resource.type == Resource.CONTROLLER_FOLDER).one_or_none()
if controller_resource is None:
logger.info('Creating controller folder %s', folder_name)
controller_resource = Resource(name=folder_name,
type=Resource.CONTROLLER_FOLDER,
parent_id=org_id)
db.session.add(controller_resource)
key_resource = find_key(secret_key)
if key_resource is None:
logger.info('Creating secret key for controller')
admin_user_id = db.session.query(User.id).order_by(
User.id).limit(1).scalar()
(key_resource, _) = create_key(admin_user_id, org_id, None,
controller_resource.id, secret_key)
db.session.commit()
def create_account(access_code):
try:
ar = AccountRequest.query.filter(
AccountRequest.access_code == access_code).one()
except NoResultFound:
return Response('Sign-up code not found.')
if ar.redeemed_timestamp:
return Response('Sign-up code already redeemed.')
if datetime.datetime.utcnow() - ar.creation_timestamp > datetime.timedelta(
days=7):
return Response(
'Sign-up code has expired (must be used within one week).')
# handle form post case
if request.method == 'POST':
# get parameters
email_address = request.form['email_address']
password = request.form['pw1']
user_name = request.form.get('user_name', None)
full_name = request.form.get('full_name', None)
# verify user doesn't already exist with this email address
try:
user = User.query.filter(User.email_address == email_address).one()
return Response(
'An account with that email address already exists.')
except NoResultFound:
pass
# verify user doesn't already exist with this user name
if user_name:
try:
user = User.query.filter(User.user_name == user_name).one()
return Response('User name already in use.')
except NoResultFound:
pass
# create user
user_id = create_user(email_address, user_name, password, full_name,
User.STANDARD_USER)
ar.redeemed_timestamp = datetime.datetime.utcnow()
# create organization (unless invitation to join existing)
org_id = ar.organization_id
new_org = not org_id
if new_org:
org_id = create_organization(request.form['orgName'],
request.form['orgFolderName'])
# assign user to organization
org_user = OrganizationUser()
org_user.user_id = user_id
org_user.organization_id = org_id
org_user.is_admin = new_org
db.session.add(org_user)
db.session.commit()
return render_template('users/account-creation-complete.html',
hide_loc_nav=True)
# handle GET case
else:
if ar.organization_id:
return render_template(
'users/user-invitation.html',
organization_full_name=json.loads(
ar.organization.system_attributes)['full_name'],
email_address=ar.email_address,
access_code=access_code,
hide_loc_nav=True,
)
else:
return render_template(
'users/account-creation.html',
organization_name=ar.organization_name,
email_address=ar.email_address,
access_code=access_code,
hide_loc_nav=True,
)