def cadmin_editgroup_addperson(course_id, group_id):
""" Add a person to the group.
"""
group = None
try:
group = Groups.Group(g_id=group_id)
except KeyError:
abort(404)
if not group:
abort(404)
if "uname" not in request.form:
abort(400)
new_uname = sanitize_username(request.form['uname'])
try:
new_uid = Users2.uid_by_uname(new_uname)
except KeyError:
flash("User '%s' Not Found" % new_uname)
else:
if not new_uid:
flash("User '%s' Not Found" % new_uname)
elif new_uid in group.members():
flash("%s is already in the group." % new_uname)
else:
group.add_member(new_uid)
flash("Added %s to group." % (new_uname,))
return redirect(url_for('cadmin_editgroup',
course_id=course_id,
group_id=group_id))
def cadmin_assign_coord(course_id):
""" Set someone as course coordinator
"""
course = Courses2.get_course(course_id)
if not course:
abort(404)
if not "coord" in request.form:
abort(400)
new_uname = request.form["coord"]
# TODO: Sanitize username
try:
new_uid = Users2.uid_by_uname(new_uname)
except KeyError:
flash("User '%s' Not Found" % new_uname)
else:
if not new_uid:
flash("User '%s' Not Found" % new_uname)
else:
Permissions.add_perm(new_uid, course_id, 3) # courseadmin
Permissions.add_perm(new_uid, course_id, 4) # coursecoord
flash("%s can now control the course." % (new_uname,))
return redirect(url_for("cadmin_config", course_id=course_id))
def cadmin_assign_coord(course_id):
""" Set someone as course coordinator
"""
cur_user = session['user_id']
course = Courses2.get_course(course_id)
if not course:
abort(404)
if "coord" not in request.form:
abort(400)
new_uname = sanitize_username(request.form['coord'])
try:
new_uid = Users2.uid_by_uname(new_uname)
except KeyError:
flash("User '%s' Not Found" % new_uname)
else:
if not new_uid:
flash("User '%s' Not Found" % new_uname)
else:
L.info("courseadmin: user %s assigned as coordinator to course %s by %s" % (new_uid, course_id, cur_user))
Permissions.add_perm(new_uid, course_id, 3) # courseadmin
Permissions.add_perm(new_uid, course_id, 4) # coursecoord
flash("%s can now control the course." % (new_uname,))
return redirect(url_for('cadmin_config', course_id=course_id))
def group_update_from_feed(group_id, refresh_users=False):
""" Update group membership from it's feed
Returns (added, removed, unknown) with usernames of users
"""
group = Groups.Group(g_id=group_id)
if not group.source == 'feed':
return
feed = Feeds.Feed(f_id=group.feed)
scriptrun = ' '.join([feed.script, group.feedargs])
try:
output = feeds_run_group_script(feed.script, args=[group.feedargs, ])
except BaseException as err:
L.error("Exception in group feed '%s': %s" % (scriptrun, err))
raise
removed = []
added = []
unknown = []
old_members = group.member_unames()
new_members = output.split()[1:]
for uname in new_members:
uid = Users2.uid_by_uname(uname)
if not uid:
users_update_from_feed([uname, ])
L.info("Group feed contained unknown user account %s" % uname)
unknown.append(uname)
continue
if uname not in old_members:
group.add_member(uid)
added.append(uname)
for uname in old_members:
if uname not in new_members:
uid = Users2.uid_by_uname(uname)
group.remove_member(uid)
removed.append(uname)
if refresh_users:
for uname in group.member_unames():
uid = Users2.uid_by_uname(uname)
user_update_details_from_feed(uid, uname)
return added, removed, unknown
def group_update_from_feed(group_id, refresh_users=False):
""" Update group membership from it's feed
Returns (added, removed, unknown) with usernames of users
"""
group = Groups.Group(g_id=group_id)
if not group.source == 'feed':
return
feed = Feeds.Feed(f_id=group.feed)
scriptrun = ' '.join([feed.script, group.feedargs])
try:
output = feeds_run_group_script(feed.script, args=[group.feedargs, ])
except BaseException as err:
L.error("Exception in group feed '%s': %s" % (scriptrun, err))
raise
removed = []
added = []
unknown = []
old_members = group.member_unames()
new_members = output.split()[1:]
for uname in new_members:
uid = Users2.uid_by_uname(uname)
if not uid:
users_update_from_feed([uname, ])
L.info("Group feed contained unknown user account %s" % uname)
unknown.append(uname)
continue
if uname not in old_members:
group.add_member(uid)
added.append(uname)
for uname in old_members:
if uname not in new_members:
uid = Users2.uid_by_uname(uname)
group.remove_member(uid)
removed.append(uname)
if refresh_users:
for uname in group.member_unames():
uid = Users2.uid_by_uname(uname)
user_update_details_from_feed(uid, uname)
return added, removed, unknown
def users_update_from_feed(upids):
""" Given a list of upids, go through and try to fetch details from
feed, updating/creating the accounts if needed.
"""
for upid in upids:
user_id = Users2.uid_by_uname(upid)
if not user_id: # we don't know who they are, so create them.
for feed in UFeeds.all_list():
try:
out = feeds_run_user_script(feed.script, args=[upid, ])
except BaseException as err:
L.error("Exception in user feed '%s': %s" % (feed.script, err))
continue
res = out.splitlines()
if res[0].startswith("ERROR"):
L.error("Error running user feed '%s': %s" % (feed.script, res))
continue
line = res[1]
studentid = ""
try:
(upid, name, email, studentid) = line.split(',')
except ValueError:
try:
(upid, name, email) = line.split(',')
except ValueError:
continue
given = name.split(" ")[0]
try:
family = " ".join(name.split(" ")[1:])
except ValueError:
family = ""
Users2.create(upid,
'',
given,
family,
2,
studentid,
email,
None,
'feed',
'',
True)
break
else:
L.error("Error running user feed for existing account %s" % user_id)
return
def users_update_from_feed(upids):
""" Given a list of upids, go through and try to fetch details from
feed, updating/creating the accounts if needed.
"""
for upid in upids:
user_id = Users2.uid_by_uname(upid)
if not user_id: # we don't know who they are, so create them.
for feed in UFeeds.all_list():
try:
out = feeds_run_user_script(feed.script, args=[upid, ])
except BaseException as err:
L.error("Exception in user feed '%s': %s" % (feed.script, err))
continue
res = out.splitlines()
if res[0].startswith("ERROR"):
L.error("Error running user feed '%s': %s" % (feed.script, res))
continue
line = res[1]
studentid = ""
try:
(upid, name, email, studentid) = line.split(',')
except ValueError:
try:
(upid, name, email) = line.split(',')
except ValueError:
continue
given = name.split(" ")[0]
try:
family = " ".join(name.split(" ")[1:])
except ValueError:
family = ""
Users2.create(upid,
'',
given,
family,
2,
studentid,
email,
None,
'feed',
'',
True)
break
else:
L.error("Error running user feed for existing account %s" % user_id)
return
def login_webauth_submit():
""" The web server should have verified their credentials and
provide it in env['REMOTE_USER']
Check them, then set up the session or redirect back with an error.
If we haven't seen them before, check with our user account feed(s)
to see if we can find them.
"""
if 'REMOTE_USER' not in request.environ:
L.error("REMOTE_USER not provided by web server and 'webauth' is being attempted.")
return redirect(url_for("login_webauth_error"))
username = request.environ['REMOTE_USER']
if '@' in username and OaConfig.webauth_ignore_domain:
username = username.split('@')[0]
user_id = Users2.uid_by_uname(username)
if not user_id:
Users2.create(username, '', '', '', 1, '', '', None, 'unknown', '', True)
user_id = Users2.uid_by_uname(username)
user = Users2.get_user(user_id)
session['username'] = username
session['user_id'] = user_id
session['user_givenname'] = user['givenname']
session['user_familyname'] = user['familyname']
session['user_fullname'] = user['fullname']
session['user_authtype'] = "httpauth"
audit(1, user_id, user_id, "UserAuth",
"%s successfully logged in via webauth" % session['username'])
if 'redirect' in session:
target = OaConfig.parentURL + session['redirect']
del session['redirect']
return redirect(target)
return redirect(url_for("main_top"))
def login_forgot_pass_submit():
""" Forgot their password. Grab their username and send them a reset email.
"""
if "cancel" in request.form:
flash("Password reset cancelled.")
return redirect(url_for("login_local"))
username = sanitize_username(request.form.get('username', None))
if username == "admin":
flash("""The admin account cannot do an email password reset,
please see the Installation instructions.""")
return redirect(url_for("login_forgot_pass"))
if username:
user_id = Users2.uid_by_uname(username)
else:
user_id = None
if not user_id:
flash("Unknown username ")
return redirect(url_for("login_forgot_pass"))
user = Users2.get_user(user_id)
if not user['source'] == "local":
flash("Your password is not managed by OASIS, "
"please contact IT Support.")
return redirect(url_for("login_forgot_pass"))
code = Users.gen_confirm_code()
Users.set_confirm_code(user_id, code)
email = user['email']
if not email:
flash("We do not appear to have an email address on file for "
"that account.")
return redirect(url_for("login_forgot_pass"))
text_body = render_template(os.path.join("email", "forgot_pass.txt"), code=code)
html_body = render_template(os.path.join("email", "forgot_pass.html"), code=code)
send_email(user['email'],
from_addr=None,
subject="OASIS Password Reset",
text_body=text_body,
html_body=html_body)
return render_template("login_forgot_pass_submit.html")
def cadmin_remove_coord(course_id, coordname):
""" Remove someone as course coordinator
"""
course = Courses2.get_course(course_id)
if not course:
abort(404)
try:
new_uid = Users2.uid_by_uname(coordname)
except KeyError:
flash("User '%s' Not Found" % coordname)
else:
if not new_uid:
flash("User '%s' Not Found" % coordname)
else:
Permissions.delete_perm(new_uid, course_id, 3) # courseadmin
Permissions.delete_perm(new_uid, course_id, 4) # coursecoord
flash("%s can no longer control the course." % (coordname,))
return redirect(url_for('cadmin_config', course_id=course_id))
def setup_usercreate():
""" Show a page allowing the admin to enter user details
to create an account.
"""
user_id = session['user_id']
if not check_perm(user_id, -1, "useradmin"):
flash("You do not have User Administration access.")
return redirect(url_for('setup_top'))
new_uname = ""
new_fname = ""
new_sname = ""
new_email = ""
new_pass = ""
new_confirm = ""
error = None
if request.method == "POST":
form = request.form
if "usercreate_cancel" in form:
flash("User Account Creation Cancelled")
return redirect(url_for('setup_usersearch'))
if "usercreate_save" in form:
new_uname = form.get('new_uname', "")
new_fname = form.get('new_fname', "")
new_sname = form.get('new_sname', "")
new_email = form.get('new_email', "")
new_pass = form.get('new_pass', "")
new_confirm = form.get('new_confirm', "")
if not all((new_uname, new_email, new_pass, new_confirm)):
error = "Please fill in all fields."
elif Users2.uid_by_uname(new_uname):
error = "ERROR: An account already exists with that name"
elif new_confirm == "" or not new_confirm == new_pass:
error = "Passwords don't match (or are empty)"
else: # yaay, it's ok
# uname, passwd, givenname, familyname, acctstatus,
# studentid, email=None, expiry=None, source="local"
Users2.create(new_uname,
"nologin-creation",
new_fname,
new_sname,
2,
'',
new_email)
Users2.set_password(Users2.uid_by_uname(new_uname), new_pass)
flash("New User Account Created for %s" % new_uname)
new_uname = ""
new_fname = ""
new_sname = ""
new_email = ""
new_pass = ""
new_confirm = ""
if error:
flash(error)
return render_template(
'setup_usercreate.html',
new_uname=new_uname,
new_fname=new_fname,
new_sname=new_sname,
new_email=new_email,
new_pass=new_pass,
new_confirm=new_confirm
)
def save_perms(request, cid, user_id):
""" Save permission changes
"""
permlist = get_course_perms(cid)
perms = {}
users = {}
for perm in permlist:
u = Users2.get_user(perm[0])
uname = u['uname']
if not uname in users:
users[uname] = {}
users[uname]['fullname'] = u['fullname']
if not uname in perms:
perms[uname] = []
perms[uname].append(int(perm[1]))
form = request.form
if form: # we received a form submission, work out changes and save them
fields = [field for field in form.keys() if field[:5] == "perm_"]
newperms = {}
for field in fields:
uname = field.split('_')[1]
perm = int(field.split('_')[2])
if not uname in newperms:
newperms[uname] = []
newperms[uname].append(perm)
for uname in users:
uid = Users2.uid_by_uname(uname)
for perm in [2, 5, 10, 14, 11, 8, 9, 15]:
if uname in newperms and perm in newperms[uname]:
if not perm in perms[uname]:
add_perm(uid, cid, perm)
audit(
1,
user_id,
uid,
"CourseAdmin",
"%s given %s permission by %s" % (uname, get_perm_short(perm), user_id,)
)
else:
if uname in perms and perm in perms[uname]:
delete_perm(uid, cid, perm)
audit(
1,
user_id,
uid,
"CourseAdmin",
"%s had %s permission revoked by %s" % (uname, get_perm_short(perm), user_id,)
)
for uname in newperms:
uid = Users2.uid_by_uname(uname)
if not uname in perms:
# We've added a user
for perm in [2, 5, 10, 14, 11, 8, 9, 15]:
if perm in newperms[uname]:
add_perm(uid, cid, perm)
audit(
1,
user_id,
uid,
"CourseAdmin",
"%s given %s permission by %s" % (uname, get_perm_short(perm), user_id,)
)
if "adduser" in form:
newuname = form['adduser']
newuid = Users2.uid_by_uname(newuname)
if newuid:
add_perm(newuid, cid, 10)
audit(
1,
user_id,
newuid,
"CourseAdmin",
"%s given '%s' permission by %s" % (newuname, get_perm_short(10), user_id,)
)
return
def login_signup_submit():
""" They've entered some information and want an account.
Do some checks and send them a confirmation email if all looks good.
"""
# TODO: How do we stop someone using this to spam someone?
if not OaConfig.open_registration:
abort(404)
form = request.form
if not ('username' in form
and 'password' in form
and 'confirm' in form
and 'email' in form):
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
username = sanitize_username(form['username'])
password = form['password']
confirm = form['confirm']
email = form['email']
if username == "" or password == "" or confirm == "" or email == "":
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
if not confirm == password:
flash("Passwords don't match")
return redirect(url_for("login_signup"))
# basic checks in case they entered their street address or something
# a fuller check is too hard or prone to failure
if "@" not in email or "." not in email:
flash("Email address doesn't appear to be valid")
return redirect(url_for("login_signup"))
existing = Users2.uid_by_uname(username)
if existing:
flash("An account with that name already exists, "
"please try another username.")
return redirect(url_for("login_signup"))
code = Users.gen_confirm_code()
newuid = Users.create(uname=username,
passwd="NOLOGIN",
email=email,
givenname=username,
familyname="",
acctstatus=1,
studentid="",
source="local",
confirm_code=code,
confirm=False)
Users2.set_password(newuid, password)
text_body = render_template(os.path.join("email", "confirmation.txt"), code=code)
html_body = render_template(os.path.join("email", "confirmation.html"), code=code)
send_email(email,
from_addr=None,
subject="OASIS Signup Confirmation",
text_body=text_body,
html_body=html_body)
return render_template("login_signup_submit.html", email=email)
