def ChangePassword(self, new_password=None, generate=False, force_change=True):
"""
Updating a user password is a different function with extra rules,
so it's kept separate from the DBUpdate function.
You cannot explicitly change a password, AND do the Generate function,
so if a password is set it'll use it and continue, otherwise it'll generate.
"""
if not new_password and not self.Email:
raise InfoException("Unable to generate a random password - User [%s] does not have an email address defined." % (self.FullName))
if not new_password and not generate:
raise InfoException("Unable to reset password - New password is required or random generation option must be specified.")
return False
# TODO: maybe have a setting for the application url in the email?
# TODO: should have the ability to use a configurable "company" name in the email
db = catocommon.new_conn()
# only do the password if _NewPassword exists on the object.
# NOTE: no function that inits a user will set a password property, so it must've been set explicitly
if new_password:
logger.info("Updating password for User [%s]" % (self.FullName))
result, msg = User.ValidatePassword(self.ID, new_password)
if result:
sql = "update users set user_password = %s where user_id = %s"
db.exec_db(sql, (catocommon.cato_encrypt(new_password), self.ID))
# this flag can be reset from the calling function at it's discretion.
# for example, if the user making the request IS the user being changed,
# which we don't know at this point.
if not force_change:
sql = "update users set force_change = 0 where user_id = %s"
db.exec_db(sql, (self.ID))
body = """%s - your password has been reset by an Administrator.""" % (self.FullName)
if self.Email:
catocommon.send_email_via_messenger(self.Email, "Cloud Sidekick - Account Information", body)
else:
logger.warning("Attempt to send a password message failed - User [%s] has no email defined." % (self.FullName))
else:
raise InfoException(msg)
# Here's something special...
# If the arg "_NewRandomPassword" was provided and is true...
# Generate a new password and send out an email.
# IF for some reason this AND a password were provided, it means someone is hacking
# (We don't do both of them at the same time.)
# so the provided one takes precedence.
if generate:
logger.info("Generating a new password for User [%s]" % (self.FullName))
sNewPassword = catocommon.generate_password()
sql = "update users set force_change = 1, user_password = %s where user_id = %s"
db.exec_db(sql, (catocommon.cato_encrypt(sNewPassword), self.ID))
s_set = settings.settings.security()
body = s_set.NewUserMessage
if not body:
body = """%s - your password has been reset by an Administrator.\n\n
Your temporary password is: %s.""" % (self.FullName, sNewPassword)
# replace our special tokens with the values
body = body.replace("##FULLNAME##", self.FullName).replace("##USERNAME##", self.LoginID).replace("##PASSWORD##", sNewPassword)
if self.Email:
catocommon.send_email_via_messenger(self.Email, "Cloud Sidekick - Account Information", body)
else:
logger.warning("Attempt to send a password message failed - User [%s] has no email defined." % (self.FullName))
# f !uiCommon.SendEmailMessage(sEmail.strip(), ag.APP_COMPANYNAME + " Account Management", "Account Action in " + ag.APP_NAME, sBody, 0000BYREF_ARG0000sErr:
db.close()
return True
def send_message(self, args):
"""Sends a message to a registered user. Message will be 'From' the authenticated API user.
The 'to' argument accepts both email addresses AND Cloud Sidekick Users. Each item in the 'to' list
will try to look up a Cloud Sidekick User, and if it doesn't match, will assume the entry is an email address.
Required Arguments:
* `to - a single or comma-separated list of valid email addresses or Cloud Sidekick Users.
* `subject - a subject line
* `message - the message body
Optional Arguments:
* `cc - a carbon copy list of comma-separated email addresses or Cloud Sidekick Users.
* `bcc - a blind carbon copy list of comma-separated email addresses or Cloud Sidekick Users.
Returns: Success message if successful, error message on failure.
"""
required_params = ["to", "subject", "message"]
has_required, resp = api.check_required_params(required_params, args)
if not has_required:
return resp
cc = args.get("cc")
bcc = args.get("cc")
# NOTE: we're gonna spin through the to, cc and bcc lists and separate
# the CSK users from plain email addresses.
# since we'll have two sets, we'll actually make two calls to the messenger
# one will be users and the other emails.
def _reconcile_recip(recip):
# will check the recip, and return the email address
try:
u = catouser.User()
u.FromFullName(recip.strip())
if u.Email:
return u.Email
else:
logger.info("'send_message' found a User [%s] with no email address defined. Skipping..." % (u.FullName))
return None
except Exception:
# didn't find a user or something went wrong, just use this as the address
return recip
torecips = []
ccrecips = []
bccrecips = []
for to in args.get("to", "").split(","):
x = _reconcile_recip(to)
if x:
torecips.append(x)
for cc in args.get("cc", "").split(","):
x = _reconcile_recip(cc)
if x:
ccrecips.append(x)
for bcc in args.get("bcc", "").split(","):
x = _reconcile_recip(bcc)
if x:
bccrecips.append(x)
# fire and forget
catocommon.send_email_via_messenger(",".join(torecips), args["subject"], args["message"], cc=",".join(ccrecips), bcc=",".join(bccrecips))
return R(response="Message successfully queued.")
