def dingtalk_connect_callback(request):
if not ENABLE_DINGTALK:
return render_error(request, _('Error, please contact administrator.'))
state = request.GET.get('state', '')
if not state or state != request.session.get('dingtalk_connect_state', ''):
logger.error('invalid state')
return render_error(request, _('Error, please contact administrator.'))
timestamp = str(int(time.time() * 1000)).encode('utf-8')
appsecret = DINGTALK_QR_CONNECT_APP_SECRET.encode('utf-8')
signature = base64.b64encode(
hmac.new(appsecret, timestamp, digestmod=sha256).digest())
parameters = {
'accessKey': DINGTALK_QR_CONNECT_APP_ID,
'timestamp': timestamp,
'signature': signature,
}
code = request.GET.get('code')
data = {"tmp_auth_code": code}
full_user_info_url = DINGTALK_QR_CONNECT_USER_INFO_URL + '?' + urllib.parse.urlencode(
parameters)
user_info_resp = requests.post(full_user_info_url, data=json.dumps(data))
user_info = user_info_resp.json()['user_info']
# seahub authenticate user
if 'unionid' not in user_info:
logger.error('Required user info not found.')
logger.error(user_info)
return render_error(request, _('Error, please contact administrator.'))
username = request.user.username
dingtalk_user_id = user_info['unionid']
auth_user = SocialAuthUser.objects.get_by_provider_and_uid(
'dingtalk', dingtalk_user_id)
if auth_user:
logger.error('dingtalk account already exists %s' % dingtalk_user_id)
return render_error(request, '出错了,此钉钉账号已被绑定')
SocialAuthUser.objects.add(username, 'dingtalk', dingtalk_user_id)
# update user's profile
name = user_info['nick'] if 'nick' in user_info else ''
if name:
profile = Profile.objects.get_profile_by_user(username)
if not profile:
profile = Profile(user=username)
profile.nickname = name.strip()
profile.save()
response = HttpResponseRedirect(
request.session['dingtalk_connect_redirect'])
return response
def _update_account_additional_info(self, request, email):
# update account profile
name = request.data.get("name", None)
if name is not None:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.nickname = name
profile.save()
# update account loginid
loginid = request.data.get("login_id", '').strip()
if loginid != '':
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.login_id = loginid
profile.save()
# update account detailed profile
department = request.data.get("department", None)
if department is not None:
d_profile = DetailedProfile.objects.get_detailed_profile_by_user(email)
if d_profile is None:
d_profile = DetailedProfile(user=email)
d_profile.department = department
d_profile.save()
# update user quota
space_quota_mb = request.data.get("storage", None)
if space_quota_mb is not None:
space_quota = int(space_quota_mb) * get_file_size_unit('MB')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.set_org_user_quota(org_id,
email, space_quota)
else:
seafile_api.set_user_quota(email, space_quota)
# update is_trial
is_trial = request.data.get("is_trial", None)
if is_trial is not None:
try:
from seahub_extra.trialaccount.models import TrialAccount
except ImportError:
pass
else:
if is_trial is True:
expire_date = timezone.now() + relativedelta(days=7)
TrialAccount.object.create_or_update(email, expire_date)
else:
TrialAccount.objects.filter(user_or_org=email).delete()
def update_user_info(request):
email = request.data.get("email")
user = User.objects.get(email=email)
# update basic user info
password = request.data.get("password")
if password:
user.set_password(password)
is_staff = request.data.get("is_staff")
if is_staff:
is_staff = to_python_boolean(is_staff)
user.is_staff = is_staff
is_active = request.data.get("is_active")
if is_active:
is_active = to_python_boolean(is_active)
user.is_active = is_active
# update user
user.save()
# update additional user info
if is_pro_version():
role = request.data.get("role")
if role:
User.objects.update_role(email, role)
name = request.data.get("name")
if name:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.nickname = name
profile.save()
department = request.data.get("department")
if department:
d_profile = DetailedProfile.objects.get_detailed_profile_by_user(email)
if d_profile is None:
d_profile = DetailedProfile(user=email)
d_profile.department = department
d_profile.save()
quota_total_mb = request.data.get("quota_total")
if quota_total_mb:
quota_total = int(quota_total_mb) * get_file_size_unit('MB')
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.set_org_user_quota(org_id, email, quota_total)
else:
seafile_api.set_user_quota(email, quota_total)
def test_updated_when_call_save(self):
username = self.tmp_user.username
assert email2nickname(username) == username.split('@')[0]
p = Profile.objects.get_profile_by_user(username)
if p is None:
p = Profile(user=username)
p.nickname = 'nickname'
p.save()
assert email2nickname(username) == 'nickname'
def _update_user_additional_info(self, request, email):
# update user list_in_address_book
list_in_address_book = request.data.get("list_in_address_book", None)
if list_in_address_book is not None:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.list_in_address_book = list_in_address_book.lower(
) == 'true'
profile.save()
def update_user_profile(self, user_info):
email = user_info.get('email', '')
if not email:
return
name = user_info.get('name', '')
institution = user_info.get('institution', '')
contact_email = user_info.get('contact_email', '')
profile = Profile.objects.get_profile_by_user(email)
if not profile:
profile = Profile(user=email)
if name.strip():
# if have 'HTTP_DISPLAYNAME' header,
# then use its value as user's name
profile.nickname = name
else:
# or use values of "HTTP_GIVENNAME" and "HTTP_SN" headers
# for shibboleth
givenname = user_info.get('givenname', '')
surname = user_info.get('surname', '')
if givenname.strip() and surname.strip():
name = "%s %s" % (givenname, surname)
profile.nickname = name
if institution:
profile.institution = institution
if contact_email:
profile.contact_email = contact_email
profile.save()
def make_profile(self, user, shib_meta):
"""
Extrat nickname(givenname surname), contact_email, institution from
Shib attributs, and add those to user profile.
"""
# use `display_name` as nickname in shib_meta first
nickname = shib_meta.get('display_name', None)
if nickname is None:
# otherwise, fallback to givenname plus surname in shib_meta
givenname = shib_meta.get('givenname', '')
surname = shib_meta.get('surname', '')
nickname = "%s %s" % (givenname, surname)
institution = shib_meta.get('institution', None)
contact_email = shib_meta.get('contact_email', None)
p = Profile.objects.get_profile_by_user(user.username)
if not p:
p = Profile(user=user.username)
if nickname.strip(): # set nickname when it's not empty
p.nickname = nickname
if institution:
p.institution = institution
if contact_email:
p.contact_email = contact_email
p.save()
def put(self, request, format=None):
"""Update account info.
"""
username = request.user.username
name = request.data.get("name", None)
if name is not None:
if len(name) > 64:
return api_error(
status.HTTP_400_BAD_REQUEST,
_('Name is too long (maximum is 64 characters)'))
if "/" in name:
return api_error(status.HTTP_400_BAD_REQUEST,
_("Name should not include '/'."))
email_interval = request.data.get("email_notification_interval", None)
if email_interval is not None:
try:
email_interval = int(email_interval)
except ValueError:
return api_error(status.HTTP_400_BAD_REQUEST,
'email_interval invalid')
# update user info
if name is not None:
profile = Profile.objects.get_profile_by_user(username)
if profile is None:
profile = Profile(user=username)
profile.nickname = name
profile.save()
if email_interval is not None:
if email_interval <= 0:
UserOptions.objects.unset_dtable_updates_email_interval(
username)
else:
UserOptions.objects.set_dtable_updates_email_interval(
username, email_interval)
return Response(self._get_account_info(request))
def _update_account_profile(self, request, email):
name = request.data.get("name", None)
note = request.data.get("note", None)
if name is None and note is None:
return
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
if name is not None:
# if '/' in name:
# return api_error(status.HTTP_400_BAD_REQUEST, "Nickname should not include '/'")
profile.nickname = name
if note is not None:
profile.intro = note
profile.save()
def make_profile(self, user, shib_meta):
"""
Extrat nickname(givenname surname), contact_email, institution from
Shib attributs, and add those to user profile.
"""
# use `display_name` as nickname in shib_meta first
nickname = shib_meta.get('display_name', None)
if nickname is None:
# otherwise, fallback to givenname plus surname in shib_meta
givenname = shib_meta.get('givenname', '')
surname = shib_meta.get('surname', '')
nickname = "%s %s" % (givenname, surname)
institution = shib_meta.get('institution', None)
contact_email = shib_meta.get('contact_email', None)
p = Profile.objects.get_profile_by_user(user.username)
if not p:
p = Profile(user=user.username)
if nickname.strip(): # set nickname when it's not empty
p.nickname = nickname
if institution:
p.institution = institution
if contact_email:
p.contact_email = contact_email
p.save()
def _update_account_profile(self, request, email):
name = request.DATA.get("name", None)
note = request.DATA.get("note", None)
if name is None and note is None:
return
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
if name is not None:
# if '/' in name:
# return api_error(status.HTTP_400_BAD_REQUEST, "Nickname should not include '/'")
profile.nickname = name
if note is not None:
profile.intro = note
profile.save()
def make_profile(self, user, shib_meta):
"""
Extrat nickname(givenname surname), contact_email, institution from
Shib attributs, and add those to user profile.
"""
givenname = shib_meta.get("givenname", "")
surname = shib_meta.get("surname", "")
nickname = "%s %s" % (givenname, surname)
institution = shib_meta.get("institution", None)
contact_email = shib_meta.get("contact_email", None)
p = Profile.objects.get_profile_by_user(user.username)
if not p:
p = Profile(user=user.username)
p.nickname = nickname
if institution:
p.institution = institution
if contact_email:
p.contact_email = contact_email
p.save()
def oauth_callback(request):
""" Step 3: Retrieving an access token.
The user has been redirected back from the provider to your registered
callback URL. With this redirection comes an authorization code included
in the redirect URL. We will use that to obtain an access token.
"""
session = OAuth2Session(client_id=CLIENT_ID,
scope=SCOPE,
state=request.session.get('oauth_state', None),
redirect_uri=REDIRECT_URL)
try:
session.fetch_token(TOKEN_URL,
client_secret=CLIENT_SECRET,
authorization_response=request.get_full_path())
if session._client.__dict__['token'].has_key('user_id'):
# used for sjtu.edu.cn
# https://xjq12311.gitbooks.io/sjtu-engtc/content/
user_id = session._client.__dict__['token']['user_id']
user_info_resp = session.get(USER_INFO_URL +
'?user_id=%s' % user_id)
else:
user_info_resp = session.get(USER_INFO_URL)
except Exception as e:
logger.error(e)
return render(request, 'error.html', {
'error_msg': _('Error, please contact administrator.'),
})
def format_user_info(user_info_resp):
error = False
user_info = {}
user_info_json = user_info_resp.json()
for item, attr in ATTRIBUTE_MAP.items():
required, user_attr = attr
value = user_info_json.get(item, '')
if value:
# ccnet email
if user_attr == 'email':
user_info[user_attr] = value if is_valid_email(str(value)) else \
'%s@%s' % (str(value), PROVIDER_DOMAIN)
else:
user_info[user_attr] = value
elif required:
error = True
return user_info, error
user_info, error = format_user_info(user_info_resp)
if error:
logger.error('Required user info not found.')
logger.error(user_info)
return render(request, 'error.html', {
'error_msg': _('Error, please contact administrator.'),
})
# seahub authenticate user
email = user_info['email']
try:
User.objects.get(email=email)
except User.DoesNotExist:
if not config.ENABLE_SIGNUP:
logger.error('%s not found but user registration is disabled.' %
email)
return render(
request, 'error.html', {
'error_msg': _('Error, please contact administrator.'),
})
try:
user = auth.authenticate(remote_user=email)
except User.DoesNotExist:
user = None
if not user or not user.is_active:
logger.error('User %s not found or inactive.' % email)
# a page for authenticate user failed
return render(request, 'error.html',
{'error_msg': _(u'User %s not found.') % email})
# User is valid. Set request.user and persist user in the session
# by logging the user in.
request.user = user
auth.login(request, user)
user.set_unusable_password()
user.save()
# update user's profile
name = user_info['name'] if user_info.has_key('name') else ''
contact_email = user_info['contact_email'] if \
user_info.has_key('contact_email') else ''
profile = Profile.objects.get_profile_by_user(email)
if not profile:
profile = Profile(user=email)
if name:
profile.nickname = name.strip()
profile.save()
if contact_email:
profile.contact_email = contact_email.strip()
profile.save()
# generate auth token for Seafile client
keys = (
'platform',
'device_id',
'device_name',
'client_version',
'platform_version',
)
if all([key in request.GET for key in keys]):
platform = request.GET['platform']
device_id = request.GET['device_id']
device_name = request.GET['device_name']
client_version = request.GET['client_version']
platform_version = request.GET['platform_version']
token = get_token_v2(request, request.user.username, platform,
device_id, device_name, client_version,
platform_version)
else:
token = get_token_v1(request.user.username)
# redirect user to home page
response = HttpResponseRedirect(reverse('libraries'))
response.set_cookie('seahub_auth', email + '@' + token.key)
return response
def oauth_callback(request):
""" Step 3: Retrieving an access token.
The user has been redirected back from the provider to your registered
callback URL. With this redirection comes an authorization code included
in the redirect URL. We will use that to obtain an access token.
"""
session = OAuth2Session(client_id=CLIENT_ID,
scope=SCOPE,
state=request.session.get('oauth_state', None),
redirect_uri=REDIRECT_URL)
try:
token = session.fetch_token(
TOKEN_URL,
client_secret=CLIENT_SECRET,
authorization_response=request.get_full_path())
if session._client.__dict__['token'].has_key('user_id'):
# used for sjtu.edu.cn
# https://xjq12311.gitbooks.io/sjtu-engtc/content/
user_id = session._client.__dict__['token']['user_id']
user_info_resp = session.get(USER_INFO_URL +
'?user_id=%s' % user_id)
else:
user_info_url = USER_INFO_URL
if ACCESS_TOKEN_IN_URI:
code = request.GET.get('code')
user_info_url = USER_INFO_URL + '?access_token=%s&code=%s' % (
token['access_token'], code)
user_info_resp = session.get(user_info_url)
except Exception as e:
logger.error(e)
return render_error(request, _('Error, please contact administrator.'))
def format_user_info(user_info_resp):
logger.info('user info resp: %s' % user_info_resp.text)
error = False
user_info = {}
user_info_json = user_info_resp.json()
for item, attr in ATTRIBUTE_MAP.items():
required, user_attr = attr
value = user_info_json.get(item, '')
if value:
# ccnet email
if user_attr == 'email':
user_info[user_attr] = value if is_valid_email(str(value)) else \
'%s@%s' % (str(value), PROVIDER_DOMAIN)
else:
user_info[user_attr] = value
elif required:
error = True
return user_info, error
user_info, error = format_user_info(user_info_resp)
if error:
logger.error('Required user info not found.')
logger.error(user_info)
return render_error(request, _('Error, please contact administrator.'))
# seahub authenticate user
email = user_info['email']
try:
user = auth.authenticate(remote_user=email)
except User.DoesNotExist:
user = None
if not user or not user.is_active:
logger.error('User %s not found or inactive.' % email)
# a page for authenticate user failed
return render_error(request, _(u'User %s not found.') % email)
# User is valid. Set request.user and persist user in the session
# by logging the user in.
request.user = user
auth.login(request, user)
# update user's profile
name = user_info['name'] if user_info.has_key('name') else ''
contact_email = user_info['contact_email'] if \
user_info.has_key('contact_email') else ''
profile = Profile.objects.get_profile_by_user(email)
if not profile:
profile = Profile(user=email)
if name:
profile.nickname = name.strip()
profile.save()
if contact_email:
profile.contact_email = contact_email.strip()
profile.save()
# generate auth token for Seafile client
api_token = get_api_token(request)
# redirect user to home page
response = HttpResponseRedirect(request.session['oauth_redirect'])
response.set_cookie('seahub_auth', email + '@' + api_token.key)
return response
def weixin_oauth_callback(request):
if not ENABLE_WEIXIN:
return render_error(request, _('Error, please contact administrator.'))
state = request.GET.get('state', '')
if not state or state != request.session.get('weixin_oauth_login_state', ''):
logger.error('invalid state')
return render_error(request, _('Error, please contact administrator.'))
# get access_token and user openid
parameters = {
'appid': WEIXIN_OAUTH_APP_ID,
'secret': WEIXIN_OAUTH_APP_SECRET,
'code': request.GET.get('code'),
'grant_type': WEIXIN_OAUTH_GRANT_TYPE,
}
access_token_url = WEIXIN_OAUTH_ACCESS_TOKEN_URL + '?' + urllib.parse.urlencode(parameters)
access_token_json = requests.get(access_token_url).json()
openid = access_token_json.get('openid', '')
access_token = access_token_json.get('access_token', '')
if not access_token or not openid:
logger.error('invalid access_token or openid')
logger.error(access_token_url)
logger.error(access_token_json)
return render_error(request, _('Error, please contact administrator.'))
# login user in
auth_user = SocialAuthUser.objects.get_by_provider_and_uid('weixin', openid)
if auth_user:
email = auth_user.username
else:
email = gen_user_virtual_id()
SocialAuthUser.objects.add(email, 'weixin', openid)
try:
user = auth.authenticate(remote_user=email)
except User.DoesNotExist:
user = None
except Exception as e:
logger.error(e)
return render_error(request, _('Error, please contact administrator.'))
if not user or not user.is_active:
return render_error(request, _('User %s not found or inactive.') % email)
request.user = user
auth.login(request, user)
# get user profile info
parameters = {
'access_token': access_token,
'openid': openid,
}
user_info_url = WEIXIN_OAUTH_USER_INFO_URL + '?' + urllib.parse.urlencode(parameters)
user_info_resp = requests.get(user_info_url).json()
name = user_info_resp['nickname'] if 'nickname' in user_info_resp else ''
name = name.encode('raw_unicode_escape').decode('utf-8')
if name:
profile = Profile.objects.get_profile_by_user(email)
if not profile:
profile = Profile(user=email)
profile.nickname = name.strip()
profile.save()
avatar_url = user_info_resp['headimgurl'] if 'headimgurl' in user_info_resp else ''
try:
image_name = 'dingtalk_avatar'
image_file = requests.get(avatar_url).content
avatar = Avatar.objects.filter(emailuser=email, primary=True).first()
avatar = avatar or Avatar(emailuser=email, primary=True)
avatar_file = ContentFile(image_file)
avatar_file.name = image_name
avatar.avatar = avatar_file
avatar.save()
except Exception as e:
logger.error(e)
# generate auth token for Seafile client
api_token = get_api_token(request)
# redirect user to home page
response = HttpResponseRedirect(request.session['weixin_oauth_login_redirect'])
response.set_cookie('seahub_auth', email + '@' + api_token.key)
return response
def oauth_callback(request):
""" Step 3: Retrieving an access token.
The user has been redirected back from the provider to your registered
callback URL. With this redirection comes an authorization code included
in the redirect URL. We will use that to obtain an access token.
"""
session = OAuth2Session(client_id=CLIENT_ID,
scope=SCOPE,
state=request.session.get('oauth_state', None),
redirect_uri=REDIRECT_URL)
try:
token = session.fetch_token(
TOKEN_URL,
client_secret=CLIENT_SECRET,
authorization_response=request.get_full_path())
if session._client.__dict__['token'].has_key('user_id'):
# used for sjtu.edu.cn
# https://xjq12311.gitbooks.io/sjtu-engtc/content/
user_id = session._client.__dict__['token']['user_id']
user_info_resp = session.get(USER_INFO_URL +
'?user_id=%s' % user_id)
else:
user_info_url = USER_INFO_URL
if ACCESS_TOKEN_IN_URI:
code = request.GET.get('code')
user_info_url = USER_INFO_URL + '?access_token=%s&code=%s' % (
token['access_token'], code)
user_info_resp = session.get(user_info_url)
except Exception as e:
logger.error(e)
return render_error(request, _('Error, please contact administrator.'))
def format_user_info(user_info_resp):
logger.info('user info resp: %s' % user_info_resp.text)
error = False
user_info = {}
user_info_json = user_info_resp.json()
for item, attr in ATTRIBUTE_MAP.items():
required, user_attr = attr
value = user_info_json.get(item, '')
if value:
# ccnet email
if user_attr == 'email':
user_info[user_attr] = value if is_valid_email(str(value)) else \
'%s@%s' % (str(value), PROVIDER_DOMAIN)
else:
user_info[user_attr] = value
elif required:
error = True
return user_info, error
user_info, error = format_user_info(user_info_resp)
if error:
logger.error('Required user info not found.')
logger.error(user_info)
return render_error(request, _('Error, please contact administrator.'))
# seahub authenticate user
email = user_info['email']
try:
user = auth.authenticate(remote_user=email)
except User.DoesNotExist:
user = None
if not user or not user.is_active:
logger.error('User %s not found or inactive.' % email)
# a page for authenticate user failed
return render_error(request, _(u'User %s not found.') % email)
# User is valid. Set request.user and persist user in the session
# by logging the user in.
request.user = user
auth.login(request, user)
# update user's profile
name = user_info['name'] if user_info.has_key('name') else ''
contact_email = user_info['contact_email'] if \
user_info.has_key('contact_email') else ''
profile = Profile.objects.get_profile_by_user(email)
if not profile:
profile = Profile(user=email)
if name:
profile.nickname = name.strip()
profile.save()
if contact_email:
profile.contact_email = contact_email.strip()
profile.save()
# generate auth token for Seafile client
api_token = get_api_token(request)
# redirect user to home page
response = HttpResponseRedirect(request.session['oauth_redirect'])
response.set_cookie('seahub_auth', email + '@' + api_token.key)
return response
def _update_account_additional_info(self, request, email):
# update account name
name = request.data.get("name", None)
if name is not None:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.nickname = name
profile.save()
# update account list_in_address_book
list_in_address_book = request.data.get("list_in_address_book", None)
if list_in_address_book is not None:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.list_in_address_book = list_in_address_book.lower() == 'true'
profile.save()
# update account loginid
loginid = request.data.get("login_id", '').strip()
if loginid != '':
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.login_id = loginid
profile.save()
# update account detailed profile
department = request.data.get("department", None)
if department is not None:
d_profile = DetailedProfile.objects.get_detailed_profile_by_user(email)
if d_profile is None:
d_profile = DetailedProfile(user=email)
d_profile.department = department
d_profile.save()
# update user quota
space_quota_mb = request.data.get("storage", None)
if space_quota_mb is not None:
space_quota = int(space_quota_mb) * get_file_size_unit('MB')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.set_org_user_quota(org_id,
email, space_quota)
else:
seafile_api.set_user_quota(email, space_quota)
# update user institution
institution = request.data.get("institution", None)
if institution is not None:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.institution = institution
profile.save()
# update is_trial
is_trial = request.data.get("is_trial", None)
if is_trial is not None:
try:
from seahub_extra.trialaccount.models import TrialAccount
except ImportError:
pass
else:
if is_trial is True:
expire_date = timezone.now() + relativedelta(days=7)
TrialAccount.object.create_or_update(email, expire_date)
else:
TrialAccount.objects.filter(user_or_org=email).delete()
def oauth_callback(request):
""" Step 3: Retrieving an access token.
The user has been redirected back from the provider to your registered
callback URL. With this redirection comes an authorization code included
in the redirect URL. We will use that to obtain an access token.
"""
try:
session.fetch_token(TOKEN_URL,
client_secret=CLIENT_SECRET,
authorization_response=request.get_full_path())
user_info_resp = session.get(USER_INFO_URL)
except Exception as e:
logger.error(e)
return render_to_response(
'error.html', {
'error_msg': _('Error, please contact administrator.'),
},
context_instance=RequestContext(request))
def format_user_info(user_info_resp):
error = False
user_info = {}
user_info_json = user_info_resp.json()
for item, attr in ATTRIBUTE_MAP.items():
required, user_attr = attr
value = user_info_json.get(item, '')
if value:
# ccnet email
if user_attr == 'email':
user_info[user_attr] = value if is_valid_email(str(value)) else \
'%s@%s' % (str(value), PROVIDER_DOMAIN)
else:
user_info[user_attr] = value
elif required:
error = True
return user_info, error
user_info, error = format_user_info(user_info_resp)
if error:
logger.error('Required user info not found.')
logger.error(user_info)
return render_to_response(
'error.html', {
'error_msg': _('Error, please contact administrator.'),
},
context_instance=RequestContext(request))
# seahub authenticate user
email = user_info['email']
try:
User.objects.get(email=email)
except User.DoesNotExist:
if not config.ENABLE_SIGNUP:
logger.error('%s not found but user registration is disabled.' %
email)
return render_to_response(
'error.html', {
'error_msg': _('Error, please contact administrator.'),
},
context_instance=RequestContext(request))
try:
user = auth.authenticate(remote_user=email)
except User.DoesNotExist:
user = None
if not user or not user.is_active:
logger.error('User %s not found or inactive.' % email)
# a page for authenticate user failed
return render_to_response(
'error.html', {'error_msg': _(u'User %s not found.') % email},
context_instance=RequestContext(request))
# User is valid. Set request.user and persist user in the session
# by logging the user in.
request.user = user
auth.login(request, user)
user.set_unusable_password()
user.save()
# update user's profile
name = user_info['name'] if user_info.has_key('name') else ''
contact_email = user_info['contact_email'] if \
user_info.has_key('contact_email') else ''
profile = Profile.objects.get_profile_by_user(email)
if not profile:
profile = Profile(user=email)
if name:
profile.nickname = name.strip()
profile.save()
if contact_email:
profile.contact_email = contact_email.strip()
profile.save()
# redirect user to home page
return HttpResponseRedirect(reverse('libraries'))
def update_user_info(request, user):
# update basic user info
password = request.data.get("password")
if password:
user.set_password(password)
is_staff = request.data.get("is_staff")
if is_staff:
is_staff = to_python_boolean(is_staff)
user.is_staff = is_staff
is_active = request.data.get("is_active")
if is_active:
is_active = to_python_boolean(is_active)
user.is_active = is_active
# update user
user.save()
email = user.username
# update additional user info
if is_pro_version():
role = request.data.get("role")
if role:
User.objects.update_role(email, role)
name = request.data.get("name")
if name:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.nickname = name
profile.save()
# update account login_id
login_id = request.data.get("login_id", None)
if login_id is not None:
login_id = login_id.strip()
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.login_id = None if login_id == "" else login_id
profile.save()
reference_id = request.data.get("reference_id", None)
if reference_id is not None:
reference_id = reference_id.strip()
ccnet_api.set_reference_id(email, reference_id)
department = request.data.get("department")
if department:
d_profile = DetailedProfile.objects.get_detailed_profile_by_user(email)
if d_profile is None:
d_profile = DetailedProfile(user=email)
d_profile.department = department
d_profile.save()
quota_total_mb = request.data.get("quota_total")
if quota_total_mb:
quota_total = int(quota_total_mb) * get_file_size_unit('MB')
if is_org_context(request):
org_id = request.user.org.org_id
seafile_api.set_org_user_quota(org_id, email, quota_total)
else:
seafile_api.set_user_quota(email, quota_total)
def put(self, request, org_id, email):
""" update base info of a org user
Permission checking:
1. only admin can perform this action.
"""
if not request.user.admin_permissions.other_permission():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# update active
active = request.data.get('active', None)
if active:
active = active.lower()
if active not in ('true', 'false'):
error_msg = "active invalid, should be 'true' or 'false'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if active == 'true':
user.is_active = True
else:
user.is_active = False
try:
# update user status
result_code = user.save()
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
if result_code == -1:
error_msg = 'Fail to update user %s.' % email
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# update name
name = request.data.get('name', None)
if name:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.nickname = name
profile.save()
# update contact_email
contact_email = request.data.get('contact_email', None)
if contact_email:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.contact_email = contact_email
profile.save()
# update user quota
user_quota_mb = request.data.get("quota_total", None)
if user_quota_mb:
try:
user_quota_mb = int(user_quota_mb)
except Exception as e:
logger.error(e)
error_msg = "quota_total invalid."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
user_quota = int(user_quota_mb) * get_file_size_unit('MB')
org_quota = seafile_api.get_org_quota(org_id)
# -1 means org has unlimited quota
if org_quota > 0:
org_quota_mb = org_quota / get_file_size_unit('MB')
if user_quota_mb > org_quota_mb:
error_msg = 'Failed to set quota: maximum quota is %d MB' % org_quota_mb
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
seafile_api.set_org_user_quota(org_id, email, user_quota)
user_info = get_org_user_info(org_id, user)
user_info['active'] = user.is_active
return Response(user_info)
def _update_account_additional_info(self, request, email):
# update account name
name = request.data.get("name", None)
if name is not None:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.nickname = name
profile.save()
# update account list_in_address_book
list_in_address_book = request.data.get("list_in_address_book", None)
if list_in_address_book is not None:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.list_in_address_book = list_in_address_book.lower(
) == 'true'
profile.save()
# update account loginid
loginid = request.data.get("login_id", '').strip()
if loginid != '':
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.login_id = loginid
profile.save()
# update account detailed profile
department = request.data.get("department", None)
if department is not None:
d_profile = DetailedProfile.objects.get_detailed_profile_by_user(
email)
if d_profile is None:
d_profile = DetailedProfile(user=email)
d_profile.department = department
d_profile.save()
# update user quota
space_quota_mb = request.data.get("storage", None)
if space_quota_mb is not None:
space_quota = int(space_quota_mb) * get_file_size_unit('MB')
if is_org_context(request):
org_id = request.user.org.org_id
seaserv.seafserv_threaded_rpc.set_org_user_quota(
org_id, email, space_quota)
else:
seafile_api.set_user_quota(email, space_quota)
# update user institution
institution = request.data.get("institution", None)
if institution is not None:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.institution = institution
profile.save()
def put(self, request, org_id, email):
""" update base info of a org user
Permission checking:
1. only admin can perform this action.
"""
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# update active
active = request.data.get('active', None)
if active:
active = active.lower()
if active not in ('true', 'false'):
error_msg = "active invalid, should be 'true' or 'false'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if active == 'true':
user.is_active = True
else:
user.is_active = False
try:
# update user status
result_code = user.save()
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
if result_code == -1:
error_msg = 'Fail to update user %s.' % email
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# update name
name = request.data.get('name', None)
if name:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.nickname = name
profile.save()
# update contact_email
contact_email = request.data.get('contact_email', None)
if contact_email:
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.contact_email = contact_email
profile.save()
# update user quota
user_quota_mb = request.data.get("quota_total", None)
if user_quota_mb:
try:
user_quota_mb = int(user_quota_mb)
except Exception as e:
logger.error(e)
error_msg = "quota_total invalid."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
user_quota = int(user_quota_mb) * get_file_size_unit('MB')
org_quota = seafile_api.get_org_quota(org_id)
# -1 means org has unlimited quota
if org_quota > 0:
org_quota_mb = org_quota / get_file_size_unit('MB')
if user_quota_mb > org_quota_mb:
error_msg = 'Failed to set quota: maximum quota is %d MB' % org_quota_mb
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
seafile_api.set_org_user_quota(org_id, email, user_quota)
user_info = get_org_user_info(org_id, email)
user_info['active'] = user.is_active
return Response(user_info)
def dingtalk_callback(request):
if not ENABLE_DINGTALK:
return render_error(request, _('Error, please contact administrator.'))
state = request.GET.get('state', '')
if not state or state != request.session.get('dingtalk_login_state', ''):
logger.error('invalid state')
return render_error(request, _('Error, please contact administrator.'))
timestamp = str(int(time.time() * 1000)).encode('utf-8')
appsecret = DINGTALK_QR_CONNECT_APP_SECRET.encode('utf-8')
signature = base64.b64encode(
hmac.new(appsecret, timestamp, digestmod=sha256).digest())
parameters = {
'accessKey': DINGTALK_QR_CONNECT_APP_ID,
'timestamp': timestamp,
'signature': signature,
}
code = request.GET.get('code')
data = {"tmp_auth_code": code}
full_user_info_url = DINGTALK_QR_CONNECT_USER_INFO_URL + '?' + urllib.parse.urlencode(
parameters)
user_info_resp = requests.post(full_user_info_url, data=json.dumps(data))
user_info = user_info_resp.json()['user_info']
# seahub authenticate user
if 'unionid' not in user_info:
logger.error('Required user info not found.')
logger.error(user_info)
return render_error(request, _('Error, please contact administrator.'))
auth_user = SocialAuthUser.objects.get_by_provider_and_uid(
'dingtalk', user_info['unionid'])
if auth_user:
email = auth_user.username
else:
email = gen_user_virtual_id()
SocialAuthUser.objects.add(email, 'dingtalk', user_info['unionid'])
try:
user = auth.authenticate(remote_user=email)
except User.DoesNotExist:
user = None
except Exception as e:
logger.error(e)
return render_error(request, _('Error, please contact administrator.'))
if not user or not user.is_active:
return render_error(request,
_('User %s not found or inactive.') % email)
# User is valid. Set request.user and persist user in the session
# by logging the user in.
request.user = user
request.session['remember_me'] = DINGTALK_QR_CONNECT_LOGIN_REMEMBER_ME
auth.login(request, user)
# update user's profile
name = user_info['nick'] if 'nick' in user_info else ''
if name:
profile = Profile.objects.get_profile_by_user(email)
if not profile:
profile = Profile(user=email)
profile.nickname = name.strip()
profile.save()
user_detail_info = dingtalk_get_detailed_user_info(user_info['unionid'])
contact_email = user_detail_info.get('email', '')
if contact_email:
profile.contact_email = contact_email
profile.save()
# generate auth token for Seafile client
api_token = get_api_token(request)
# redirect user to home page
response = HttpResponseRedirect(
request.session.get('dingtalk_login_redirect', '/'))
response.set_cookie('seahub_auth', email + '@' + api_token.key)
return response
def post(self, request):
""" Set user quota, set user institution, delete users, in batch.
Permission checking:
1. admin user.
"""
# argument check
emails = request.POST.getlist('email', None)
if not emails:
error_msg = 'email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
operation = request.POST.get('operation', None)
if operation not in ('set-quota', 'delete-user', 'set-institution'):
error_msg = "operation can only be 'set-quota', 'delete-user', or 'set-institution'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
existed_users = []
for email in emails:
try:
user = User.objects.get(email=email)
existed_users.append(user)
except User.DoesNotExist:
result['failed'].append({
'email': email,
'error_msg': 'User %s not found.' % email
})
continue
if operation == 'set-quota':
quota_total_mb = request.POST.get('quota_total', None)
if not quota_total_mb:
error_msg = 'quota_total invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
quota_total_mb = int(quota_total_mb)
except ValueError:
error_msg = _('must be an integer that is greater than or equal to 0.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if quota_total_mb < 0:
error_msg = _('Space quota is too low (minimum value is 0)')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
quota_total_byte = quota_total_mb * get_file_size_unit('MB')
for user in existed_users:
email = user.email
try:
seafile_api.set_user_quota(email, quota_total_byte)
except Exception as e:
logger.error(e)
result['failed'].append({
'email': email,
'error_msg': 'Internal Server Error'
})
continue
result['success'].append({
'email': email,
'quota_total': seafile_api.get_user_quota(email),
})
if operation == 'delete-user':
for user in existed_users:
email = user.email
try:
user.delete()
except Exception as e:
logger.error(e)
result['failed'].append({
'email': email,
'error_msg': 'Internal Server Error'
})
continue
result['success'].append({
'email': email,
})
# send admin operation log signal
admin_op_detail = {
"email": email,
}
admin_operation.send(sender=None, admin_name=request.user.username,
operation=USER_DELETE, detail=admin_op_detail)
if operation == 'set-institution':
institution = request.POST.get('institution', None)
if institution is None:
error_msg = 'Institution can not be blank.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if institution != '':
try:
obj_insti = Institution.objects.get(name=institution)
except Institution.DoesNotExist:
error_msg = 'Institution %s does not exist' % institution
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
for user in existed_users:
email = user.email
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.institution = institution
profile.save()
result['success'].append({
'email': email,
'institution': institution
})
return Response(result)
def post(self, request):
""" Set user quota, set user institution, delete users, in batch.
Permission checking:
1. admin user.
"""
# argument check
emails = request.POST.getlist('email', None)
if not emails:
error_msg = 'email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
operation = request.POST.get('operation', None)
if operation not in ('set-quota', 'delete-user', 'set-institution'):
error_msg = "operation can only be 'set-quota', 'delete-user', or 'set-institution'."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
existed_users = []
for email in emails:
try:
user = User.objects.get(email=email)
existed_users.append(user)
except User.DoesNotExist:
result['failed'].append({
'email': email,
'error_msg': 'User %s not found.' % email
})
continue
if operation == 'set-quota':
quota_total_mb = request.POST.get('quota_total', None)
if not quota_total_mb:
error_msg = 'quota_total invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
quota_total_mb = int(quota_total_mb)
except ValueError:
error_msg = _('must be an integer that is greater than or equal to 0.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if quota_total_mb < 0:
error_msg = _('Space quota is too low (minimum value is 0)')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
quota_total_byte = quota_total_mb * get_file_size_unit('MB')
for user in existed_users:
email = user.email
try:
seafile_api.set_user_quota(email, quota_total_byte)
except Exception as e:
logger.error(e)
result['failed'].append({
'email': email,
'error_msg': 'Internal Server Error'
})
continue
result['success'].append({
'email': email,
'quota_total': seafile_api.get_user_quota(email),
})
if operation == 'delete-user':
for user in existed_users:
email = user.email
try:
user.delete()
except Exception as e:
logger.error(e)
result['failed'].append({
'email': email,
'error_msg': 'Internal Server Error'
})
continue
result['success'].append({
'email': email,
})
# send admin operation log signal
admin_op_detail = {
"email": email,
}
admin_operation.send(sender=None, admin_name=request.user.username,
operation=USER_DELETE, detail=admin_op_detail)
if operation == 'set-institution':
institution = request.POST.get('institution', None)
if institution is None:
error_msg = 'Institution can not be blank.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if institution != '':
try:
obj_insti = Institution.objects.get(name=institution)
except Institution.DoesNotExist:
error_msg = 'Institution %s does not exist' % institution
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
for user in existed_users:
email = user.email
profile = Profile.objects.get_profile_by_user(email)
if profile is None:
profile = Profile(user=email)
profile.institution = institution
profile.save()
result['success'].append({
'email': email,
'institution': institution
})
return Response(result)
