def user_settings_profile(ipa, username):
user = User(user_or_404(ipa, username))
form = UserSettingsProfileForm(obj=user)
if form.validate_on_submit():
result = _user_mod(
ipa,
form,
user,
{
'first_name': form.firstname.data,
'last_name': form.lastname.data,
'full_name': '%s %s' %
(form.firstname.data, form.lastname.data),
'display_name': '%s %s' %
(form.firstname.data, form.lastname.data),
'mail': form.mail.data,
'fasircnick': form.ircnick.data,
'faslocale': form.locale.data,
'fastimezone': form.timezone.data,
'fasgithubusername': form.github.data.lstrip('@'),
'fasgitlabusername': form.gitlab.data.lstrip('@'),
'fasrhbzemail': form.rhbz_mail.data,
'faswebsiteurl': form.website_url.data,
},
"user_settings_profile",
)
if result:
return result
return render_template('user-settings-profile.html',
user=user,
form=form,
activetab="profile")
def user_settings_keys(ipa, username):
user = User(user_or_404(ipa, username))
form = UserSettingsKeysForm(obj=user)
if form.validate_on_submit():
result = _user_mod(
ipa,
form,
user,
{
'ipasshpubkey': form.sshpubkeys.data,
'fasgpgkeyid': form.gpgkeys.data
},
"user_settings_keys",
)
if result:
return result
# if the form has errors, we don't want to add new fields. otherwise,
# more fields will show up with every validation error
if not form.errors:
# Append 2 empty entries at the bottom of the gpgkeys fieldlist
for i in range(2):
form.gpgkeys.append_entry()
form.sshpubkeys.append_entry()
return render_template('user-settings-keys.html',
user=user,
form=form,
activetab="keys")
def user_settings_otp(ipa, username):
addotpform = UserSettingsAddOTPForm()
user = User(user_or_404(ipa, username))
if addotpform.validate_on_submit():
try:
maybe_ipa_login(app, session, username, addotpform.password.data)
result = ipa.otptoken_add(
o_ipatokenowner=username,
o_ipatokenotpalgorithm='sha512',
o_description=addotpform.description.data,
)['result']
uri = urlparse(result['uri'])
# Use the provided description in the token, so it shows up in the user's app instead of
# the token's UUID
principal = uri.path.split(":", 1)[0]
new_uri = uri._replace(
path=f"{principal.lower()}:{quote(addotpform.description.data)}"
)
session['otp_uri'] = new_uri.geturl()
except python_freeipa.exceptions.InvalidSessionPassword:
addotpform.password.errors.append(_("Incorrect password"))
except python_freeipa.exceptions.FreeIPAError as e:
app.logger.error(
f'An error happened while creating an OTP token for user {username}: {e.message}'
)
addotpform.non_field_errors.errors.append(
_('Cannot create the token.'))
else:
return redirect(url_for('user_settings_otp', username=username))
otp_uri = session.get('otp_uri')
session['otp_uri'] = None
tokens = [
OTPToken(t)
for t in ipa.otptoken_find(o_ipatokenowner=username)["result"]
]
tokens.sort(key=lambda t: t.description or "")
return render_template(
'user-settings-otp.html',
addotpform=addotpform,
user=user,
activetab="otp",
tokens=tokens,
otp_uri=otp_uri,
)
def user(ipa, username):
user = User(user_or_404(ipa, username))
# As a speed optimization, we make two separate calls.
# Just doing a group_find (with all=True) is super slow here, with a lot of
# groups.
groups = [
Group(g) for g in ipa.group_find(
user=username, all=False, fasgroup=True)['result']
]
managed_groups = [
Group(g) for g in ipa.group_find(
membermanager_user=username, all=False, fasgroup=True)['result']
]
return render_template('user.html',
user=user,
groups=groups,
managed_groups=managed_groups)
def user_settings_agreements(ipa, username):
user = User(user_or_404(ipa, username))
agreements = [
Agreement(a) for a in ipa.fasagreement_find(all=False)
if Agreement(a).enabled
]
form = UserSettingsAgreementSign()
if form.validate_on_submit():
agreement_name = form.agreement.data
if agreement_name not in [a.name for a in agreements]:
flash(_("Unknown agreement: %(name)s.", name=agreement_name),
"warning")
return redirect(
url_for('user_settings_agreements', username=username))
try:
ipa.fasagreement_add_user(agreement_name, user=user.username)
except python_freeipa.exceptions.BadRequest as e:
app.logger.error(
f"Cannot sign the agreement {agreement_name!r}: {e}")
flash(
_(
'Cannot sign the agreement "%(name)s": %(error)s',
name=agreement_name,
error=e,
),
'danger',
)
else:
flash(
_('You signed the "%(name)s" agreement.', name=agreement_name),
"success",
)
return redirect(url_for('user_settings_agreements', username=username))
return render_template(
'user-settings-agreements.html',
user=user,
activetab="agreements",
agreementslist=agreements,
raw=ipa.fasagreement_find(all=True),
)
def user_settings_password(ipa, username):
user = User(user_or_404(ipa, username))
form = PasswordResetForm()
# check if an OTP token exists. If so, the user is using OTP.
using_otp = bool(ipa.otptoken_find(ipatokenowner=username))
if not using_otp:
form.current_password.description = ""
if form.validate_on_submit():
res = _validate_change_pw_form(form, username, ipa)
if res and res.ok:
return redirect(url_for('root'))
return render_template(
'user-settings-password.html',
user=user,
password_reset_form=form,
activetab="password",
using_otp=using_otp,
)
def test_user_or_404_unknown(client, logged_in_dummy_user):
"""Test the user_or_404 method on an unknown user"""
with pytest.raises(NotFound):
user_or_404(logged_in_dummy_user, "unknown")
def test_user_or_404(client, logged_in_dummy_user):
"""Test the user_or_404 method"""
result = user_or_404(logged_in_dummy_user, "dummy")
assert result is not None
assert result["uid"] == ["dummy"]
