def create( self, trans, payload, **kwd ):
"""
POST /api/users
Creates a new Galaxy user.
"""
if not trans.app.config.allow_user_creation and not trans.user_is_admin():
raise exceptions.ConfigDoesNotAllowException( 'User creation is not allowed in this Galaxy instance' )
if trans.app.config.use_remote_user and trans.user_is_admin():
user = trans.get_or_create_remote_user( remote_user_email=payload['remote_user_email'] )
elif trans.user_is_admin():
username = payload[ 'username' ]
email = payload[ 'email' ]
password = payload[ 'password' ]
message = "\n".join( [ validate_email( trans, email ),
validate_password( trans, password, password ),
validate_publicname( trans, username ) ] ).rstrip()
if message:
raise exceptions.RequestParameterInvalidException( message )
else:
user = self.create_user( trans=trans, email=email, username=username, password=password )
else:
raise exceptions.NotImplemented()
item = user.to_dict( view='element', value_mapper={ 'id': trans.security.encode_id,
'total_disk_usage': float } )
return item
def change_password( self, trans, token=None, **kwd):
"""
Provides a form with which one can change their password. If token is
provided, don't require current password.
"""
status = None
message = kwd.get( 'message', '' )
user = None
if kwd.get( 'change_password_button', False ):
password = kwd.get( 'password', '' )
confirm = kwd.get( 'confirm', '' )
current = kwd.get( 'current', '' )
token_result = None
if token:
# If a token was supplied, validate and set user
token_result = trans.sa_session.query( trans.app.model.PasswordResetToken ).get(token)
if token_result and token_result.expiration_time > datetime.utcnow():
user = token_result.user
else:
return trans.show_error_message("Invalid or expired password reset token, please request a new one.")
else:
# The user is changing their own password, validate their current password
(ok, message) = trans.app.auth_manager.check_change_password(trans.user, current )
if ok:
user = trans.user
else:
status = 'error'
if user:
# Validate the new password
message = validate_password( trans, password, confirm )
if message:
status = 'error'
else:
# Save new password
user.set_password_cleartext( password )
# if we used a token, invalidate it and log the user in.
if token_result:
trans.handle_user_login(token_result.user)
token_result.expiration_time = datetime.utcnow()
trans.sa_session.add(token_result)
# Invalidate all other sessions
for other_galaxy_session in trans.sa_session.query( trans.app.model.GalaxySession ) \
.filter( and_( trans.app.model.GalaxySession.table.c.user_id == user.id,
trans.app.model.GalaxySession.table.c.is_valid == true(),
trans.app.model.GalaxySession.table.c.id != trans.galaxy_session.id ) ):
other_galaxy_session.is_valid = False
trans.sa_session.add( other_galaxy_session )
trans.sa_session.add( user )
trans.sa_session.flush()
trans.log_event( "User change password" )
if kwd.get('display_top', False) == 'True':
return trans.response.send_redirect( url_for( '/', message='Password has been changed' ))
else:
return trans.show_ok_message('The password has been changed and any other existing Galaxy sessions have been logged out (but jobs in histories in those sessions will not be interrupted).')
return trans.fill_template( '/webapps/tool_shed/user/change_password.mako',
token=token,
status=status,
message=message,
display_top=kwd.get('redirect_home', False)
)
def __validate( self, trans, email, password, confirm, username ):
if not username:
return "A public user name is required in the Tool Shed."
if username in [ 'repos' ]:
return "The term <b>%s</b> is a reserved word in the Tool Shed, so it cannot be used as a public user name." % username
message = validate_email( trans, email )
if not message:
message = validate_password( trans, password, confirm )
if not message and username:
message = validate_publicname( trans, username )
return message
def set_password(self, trans, id, payload={}, **kwd):
"""
Allows to change a user password.
"""
password = payload.get('password')
confirm = payload.get('confirm')
current = payload.get('current')
token = payload.get('token')
token_result = None
if token:
# If a token was supplied, validate and set user
token_result = trans.sa_session.query(trans.app.model.PasswordResetToken).get(token)
if not token_result or not token_result.expiration_time > datetime.utcnow():
raise MessageException('Invalid or expired password reset token, please request a new one.')
user = token_result.user
else:
# The user is changing their own password, validate their current password
user = self._get_user(trans, id)
(ok, message) = trans.app.auth_manager.check_change_password(user, current)
if not ok:
raise MessageException(message)
if user:
# Validate the new password
message = validate_password(trans, password, confirm)
if message:
raise MessageException(message)
else:
# Save new password
user.set_password_cleartext(password)
# if we used a token, invalidate it and log the user in.
if token_result:
trans.handle_user_login(token_result.user)
token_result.expiration_time = datetime.utcnow()
trans.sa_session.add(token_result)
# Invalidate all other sessions
for other_galaxy_session in trans.sa_session.query(trans.app.model.GalaxySession) \
.filter(and_(trans.app.model.GalaxySession.table.c.user_id == user.id,
trans.app.model.GalaxySession.table.c.is_valid == true(),
trans.app.model.GalaxySession.table.c.id != trans.galaxy_session.id)):
other_galaxy_session.is_valid = False
trans.sa_session.add(other_galaxy_session)
trans.sa_session.add(user)
trans.sa_session.flush()
trans.log_event('User change password')
return {'message': 'Password has been saved.'}
raise MessageException('Failed to determine user, access denied.')
def register(self,
trans,
email=None,
username=None,
password=None,
confirm=None,
subscribe=False):
"""
Register a new user.
"""
if not trans.app.config.allow_user_creation and not trans.user_is_admin:
message = "User registration is disabled. Please contact your local Galaxy administrator for an account."
if trans.app.config.error_email_to is not None:
message += " Contact: %s" % trans.app.config.error_email_to
return None, message
if not email or not username or not password or not confirm:
return None, "Please provide email, username and password."
message = "\n".join([
validate_email(trans, email),
validate_password(trans, password, confirm),
validate_publicname(trans, username)
]).rstrip()
if message:
return None, message
email = util.restore_text(email)
username = util.restore_text(username)
message, status = trans.app.auth_manager.check_registration_allowed(
email, username, password)
if message:
return None, message
if subscribe:
message = self.send_subscription_email(email)
if message:
return None, message
user = self.create(email=email, username=username, password=password)
if self.app.config.user_activation_on:
self.send_activation_email(trans, email, username)
return user, None
def create(self, trans, payload, **kwd):
"""
POST /api/users
Creates a new Galaxy user.
"""
if not trans.app.config.allow_user_creation and not trans.user_is_admin(
):
raise exceptions.ConfigDoesNotAllowException(
'User creation is not allowed in this Galaxy instance')
if trans.app.config.use_remote_user and trans.user_is_admin():
user = trans.get_or_create_remote_user(
remote_user_email=payload['remote_user_email'])
elif trans.user_is_admin():
username = payload['username']
email = payload['email']
password = payload['password']
message = "\n".join([
validate_email(trans, email),
validate_password(trans, password, password),
validate_publicname(trans, username)
]).rstrip()
if message:
raise exceptions.RequestParameterInvalidException(message)
else:
user = self.create_user(trans=trans,
email=email,
username=username,
password=password)
else:
raise exceptions.NotImplemented()
item = user.to_dict(view='element',
value_mapper={
'id': trans.security.encode_id,
'total_disk_usage': float
})
return item
def __set_password(self, trans, user, password, confirm):
if not password:
return "Please provide a new password."
if user:
# Validate the new password
message = validate_password(trans, password, confirm)
if message:
return message
else:
# Save new password
user.set_password_cleartext(password)
# Invalidate all other sessions
if trans.galaxy_session:
for other_galaxy_session in trans.sa_session.query(self.app.model.GalaxySession) \
.filter(and_(self.app.model.GalaxySession.table.c.user_id == user.id,
self.app.model.GalaxySession.table.c.is_valid == true(),
self.app.model.GalaxySession.table.c.id != trans.galaxy_session.id)):
other_galaxy_session.is_valid = False
trans.sa_session.add(other_galaxy_session)
trans.sa_session.add(user)
trans.sa_session.flush()
trans.log_event("User change password")
else:
return "Failed to determine user, access denied."
def change_password(self, trans, token=None, **kwd):
"""
Provides a form with which one can change their password. If token is
provided, don't require current password.
"""
status = None
message = kwd.get('message', '')
user = None
if kwd.get('change_password_button', False):
password = kwd.get('password', '')
confirm = kwd.get('confirm', '')
current = kwd.get('current', '')
token_result = None
if token:
# If a token was supplied, validate and set user
token_result = trans.sa_session.query(
trans.app.model.PasswordResetToken).get(token)
if token_result and token_result.expiration_time > datetime.utcnow(
):
user = token_result.user
else:
return trans.show_error_message(
"Invalid or expired password reset token, please request a new one."
)
else:
# The user is changing their own password, validate their current password
(ok, message) = trans.app.auth_manager.check_change_password(
trans.user, current)
if ok:
user = trans.user
else:
status = 'error'
if user:
# Validate the new password
message = validate_password(trans, password, confirm)
if message:
status = 'error'
else:
# Save new password
user.set_password_cleartext(password)
# if we used a token, invalidate it and log the user in.
if token_result:
trans.handle_user_login(token_result.user)
token_result.expiration_time = datetime.utcnow()
trans.sa_session.add(token_result)
# Invalidate all other sessions
for other_galaxy_session in trans.sa_session.query(trans.app.model.GalaxySession) \
.filter(and_(trans.app.model.GalaxySession.table.c.user_id == user.id,
trans.app.model.GalaxySession.table.c.is_valid == true(),
trans.app.model.GalaxySession.table.c.id != trans.galaxy_session.id)):
other_galaxy_session.is_valid = False
trans.sa_session.add(other_galaxy_session)
trans.sa_session.add(user)
trans.sa_session.flush()
trans.log_event("User change password")
if kwd.get('display_top', False) == 'True':
return trans.response.send_redirect(
url_for('/', message='Password has been changed'))
else:
return trans.show_ok_message(
'The password has been changed and any other existing Galaxy sessions have been logged out (but jobs in histories in those sessions will not be interrupted).'
)
return trans.fill_template(
'/webapps/tool_shed/user/change_password.mako',
token=token,
status=status,
message=message,
display_top=kwd.get('redirect_home', False))
def __validate(self, trans, email, password, confirm, username):
message = "\n".join([validate_email(trans, email),
validate_password(trans, password, confirm),
validate_publicname(trans, username)]).rstrip()
return message
