def wrapped(*args, **kwargs):
user = get_authenticated_user()
if not user or user.robot:
raise Unauthorized()
if get_validated_oauth_token():
return func(*args, **kwargs)
last_login = session.get("login_time", datetime.datetime.min)
valid_span = datetime.datetime.now() - FRESH_LOGIN_TIMEOUT
logger.debug("Checking fresh login for user %s: Last login at %s",
user.username, last_login)
if (last_login >= valid_span or not authentication.supports_fresh_login
or not authentication.has_password_set(user.username)):
return func(*args, **kwargs)
raise FreshLoginRequired()
def user_view(user, previous_username=None):
def org_view(o, user_admin=True):
admin_org = AdministerOrganizationPermission(o.username)
org_response = {
"name": o.username,
"avatar": avatar.get_data_for_org(o),
"can_create_repo": CreateRepositoryPermission(o.username).can(),
"public": o.username in app.config.get("PUBLIC_NAMESPACES", []),
}
if user_admin:
org_response.update(
{
"is_org_admin": admin_org.can(),
"preferred_namespace": not (o.stripe_id is None),
}
)
return org_response
# Retrieve the organizations for the user.
organizations = {
o.username: o for o in model.organization.get_user_organizations(user.username)
}
# Add any public namespaces.
public_namespaces = app.config.get("PUBLIC_NAMESPACES", [])
if public_namespaces:
organizations.update({ns: model.user.get_namespace_user(ns) for ns in public_namespaces})
def login_view(login):
try:
metadata = json.loads(login.metadata_json)
except:
metadata = {}
return {
"service": login.service.name,
"service_identifier": login.service_ident,
"metadata": metadata,
}
logins = model.user.list_federated_logins(user)
user_response = {
"anonymous": False,
"username": user.username,
"avatar": avatar.get_data_for_user(user),
}
user_admin = UserAdminPermission(previous_username if previous_username else user.username)
if user_admin.can():
user_response.update(
{
"can_create_repo": True,
"is_me": True,
"verified": user.verified,
"email": user.email,
"logins": [login_view(login) for login in logins],
"invoice_email": user.invoice_email,
"invoice_email_address": user.invoice_email_address,
"preferred_namespace": not (user.stripe_id is None),
"tag_expiration_s": user.removed_tag_expiration_s,
"prompts": model.user.get_user_prompts(user),
"company": user.company,
"family_name": user.family_name,
"given_name": user.given_name,
"location": user.location,
"is_free_account": user.stripe_id is None,
"has_password_set": authentication.has_password_set(user.username),
}
)
if features.QUOTA_MANAGEMENT:
quotas = model.namespacequota.get_namespace_quota_list(user.username)
user_response["quotas"] = [quota_view(quota) for quota in quotas] if quotas else []
user_response["quota_report"] = model.namespacequota.get_quota_for_view(user.username)
user_view_perm = UserReadPermission(user.username)
if user_view_perm.can():
user_response.update(
{
"organizations": [
org_view(o, user_admin=user_admin.can()) for o in list(organizations.values())
],
}
)
if features.SUPER_USERS and SuperUserPermission().can():
user_response.update(
{
"super_user": user
and user == get_authenticated_user()
and SuperUserPermission().can()
}
)
return user_response
def user_view(user, previous_username=None):
def org_view(o, user_admin=True):
admin_org = AdministerOrganizationPermission(o.username)
org_response = {
'name': o.username,
'avatar': avatar.get_data_for_org(o),
'can_create_repo': CreateRepositoryPermission(o.username).can(),
'public': o.username in app.config.get('PUBLIC_NAMESPACES', []),
}
if user_admin:
org_response.update({
'is_org_admin':
admin_org.can(),
'preferred_namespace':
not (o.stripe_id is None),
})
return org_response
# Retrieve the organizations for the user.
organizations = {
o.username: o
for o in model.organization.get_user_organizations(user.username)
}
# Add any public namespaces.
public_namespaces = app.config.get('PUBLIC_NAMESPACES', [])
if public_namespaces:
organizations.update({
ns: model.user.get_namespace_user(ns)
for ns in public_namespaces
})
def login_view(login):
try:
metadata = json.loads(login.metadata_json)
except:
metadata = {}
return {
'service': login.service.name,
'service_identifier': login.service_ident,
'metadata': metadata
}
logins = model.user.list_federated_logins(user)
user_response = {
'anonymous': False,
'username': user.username,
'avatar': avatar.get_data_for_user(user),
}
user_admin = UserAdminPermission(
previous_username if previous_username else user.username)
if user_admin.can():
user_response.update({
'can_create_repo':
True,
'is_me':
True,
'verified':
user.verified,
'email':
user.email,
'logins': [login_view(login) for login in logins],
'invoice_email':
user.invoice_email,
'invoice_email_address':
user.invoice_email_address,
'preferred_namespace':
not (user.stripe_id is None),
'tag_expiration_s':
user.removed_tag_expiration_s,
'prompts':
model.user.get_user_prompts(user),
'company':
user.company,
'family_name':
user.family_name,
'given_name':
user.given_name,
'location':
user.location,
'is_free_account':
user.stripe_id is None,
'has_password_set':
authentication.has_password_set(user.username),
})
analytics_metadata = user_analytics.get_user_analytics_metadata(user)
# This is a sync call, but goes through the async wrapper interface and
# returns a Future. By calling with timeout 0 immediately after the method
# call, we ensure that if it ever accidentally becomes async it will raise
# a TimeoutError.
user_response.update(analytics_metadata.result(timeout=0))
user_view_perm = UserReadPermission(user.username)
if user_view_perm.can():
user_response.update({
'organizations': [
org_view(o, user_admin=user_admin.can())
for o in organizations.values()
],
})
if features.SUPER_USERS and SuperUserPermission().can():
user_response.update({
'super_user':
user and user == get_authenticated_user()
and SuperUserPermission().can()
})
return user_response
