def create( self, trans, payload, **kwd ): """ POST /api/users Creates a new Galaxy user. """ if not trans.app.config.allow_user_creation and not trans.user_is_admin(): raise exceptions.ConfigDoesNotAllowException( 'User creation is not allowed in this Galaxy instance' ) if trans.app.config.use_remote_user and trans.user_is_admin(): user = trans.get_or_create_remote_user( remote_user_email=payload['remote_user_email'] ) elif trans.user_is_admin(): username = payload[ 'username' ] email = payload[ 'email' ] password = payload[ 'password' ] message = "\n".join( [ validate_email( trans, email ), validate_password( trans, password, password ), validate_publicname( trans, username ) ] ).rstrip() if message: raise exceptions.RequestParameterInvalidException( message ) else: user = self.create_user( trans=trans, email=email, username=username, password=password ) else: raise exceptions.NotImplemented() item = user.to_dict( view='element', value_mapper={ 'id': trans.security.encode_id, 'total_disk_usage': float } ) return item
def change_password( self, trans, token=None, **kwd): """ Provides a form with which one can change their password. If token is provided, don't require current password. """ status = None message = kwd.get( 'message', '' ) user = None if kwd.get( 'change_password_button', False ): password = kwd.get( 'password', '' ) confirm = kwd.get( 'confirm', '' ) current = kwd.get( 'current', '' ) token_result = None if token: # If a token was supplied, validate and set user token_result = trans.sa_session.query( trans.app.model.PasswordResetToken ).get(token) if token_result and token_result.expiration_time > datetime.utcnow(): user = token_result.user else: return trans.show_error_message("Invalid or expired password reset token, please request a new one.") else: # The user is changing their own password, validate their current password (ok, message) = trans.app.auth_manager.check_change_password(trans.user, current ) if ok: user = trans.user else: status = 'error' if user: # Validate the new password message = validate_password( trans, password, confirm ) if message: status = 'error' else: # Save new password user.set_password_cleartext( password ) # if we used a token, invalidate it and log the user in. if token_result: trans.handle_user_login(token_result.user) token_result.expiration_time = datetime.utcnow() trans.sa_session.add(token_result) # Invalidate all other sessions for other_galaxy_session in trans.sa_session.query( trans.app.model.GalaxySession ) \ .filter( and_( trans.app.model.GalaxySession.table.c.user_id == user.id, trans.app.model.GalaxySession.table.c.is_valid == true(), trans.app.model.GalaxySession.table.c.id != trans.galaxy_session.id ) ): other_galaxy_session.is_valid = False trans.sa_session.add( other_galaxy_session ) trans.sa_session.add( user ) trans.sa_session.flush() trans.log_event( "User change password" ) if kwd.get('display_top', False) == 'True': return trans.response.send_redirect( url_for( '/', message='Password has been changed' )) else: return trans.show_ok_message('The password has been changed and any other existing Galaxy sessions have been logged out (but jobs in histories in those sessions will not be interrupted).') return trans.fill_template( '/webapps/tool_shed/user/change_password.mako', token=token, status=status, message=message, display_top=kwd.get('redirect_home', False) )
def __validate( self, trans, email, password, confirm, username ): if not username: return "A public user name is required in the Tool Shed." if username in [ 'repos' ]: return "The term <b>%s</b> is a reserved word in the Tool Shed, so it cannot be used as a public user name." % username message = validate_email( trans, email ) if not message: message = validate_password( trans, password, confirm ) if not message and username: message = validate_publicname( trans, username ) return message
def set_password(self, trans, id, payload={}, **kwd): """ Allows to change a user password. """ password = payload.get('password') confirm = payload.get('confirm') current = payload.get('current') token = payload.get('token') token_result = None if token: # If a token was supplied, validate and set user token_result = trans.sa_session.query(trans.app.model.PasswordResetToken).get(token) if not token_result or not token_result.expiration_time > datetime.utcnow(): raise MessageException('Invalid or expired password reset token, please request a new one.') user = token_result.user else: # The user is changing their own password, validate their current password user = self._get_user(trans, id) (ok, message) = trans.app.auth_manager.check_change_password(user, current) if not ok: raise MessageException(message) if user: # Validate the new password message = validate_password(trans, password, confirm) if message: raise MessageException(message) else: # Save new password user.set_password_cleartext(password) # if we used a token, invalidate it and log the user in. if token_result: trans.handle_user_login(token_result.user) token_result.expiration_time = datetime.utcnow() trans.sa_session.add(token_result) # Invalidate all other sessions for other_galaxy_session in trans.sa_session.query(trans.app.model.GalaxySession) \ .filter(and_(trans.app.model.GalaxySession.table.c.user_id == user.id, trans.app.model.GalaxySession.table.c.is_valid == true(), trans.app.model.GalaxySession.table.c.id != trans.galaxy_session.id)): other_galaxy_session.is_valid = False trans.sa_session.add(other_galaxy_session) trans.sa_session.add(user) trans.sa_session.flush() trans.log_event('User change password') return {'message': 'Password has been saved.'} raise MessageException('Failed to determine user, access denied.')
def register(self, trans, email=None, username=None, password=None, confirm=None, subscribe=False): """ Register a new user. """ if not trans.app.config.allow_user_creation and not trans.user_is_admin: message = "User registration is disabled. Please contact your local Galaxy administrator for an account." if trans.app.config.error_email_to is not None: message += " Contact: %s" % trans.app.config.error_email_to return None, message if not email or not username or not password or not confirm: return None, "Please provide email, username and password." message = "\n".join([ validate_email(trans, email), validate_password(trans, password, confirm), validate_publicname(trans, username) ]).rstrip() if message: return None, message email = util.restore_text(email) username = util.restore_text(username) message, status = trans.app.auth_manager.check_registration_allowed( email, username, password) if message: return None, message if subscribe: message = self.send_subscription_email(email) if message: return None, message user = self.create(email=email, username=username, password=password) if self.app.config.user_activation_on: self.send_activation_email(trans, email, username) return user, None
def create(self, trans, payload, **kwd): """ POST /api/users Creates a new Galaxy user. """ if not trans.app.config.allow_user_creation and not trans.user_is_admin( ): raise exceptions.ConfigDoesNotAllowException( 'User creation is not allowed in this Galaxy instance') if trans.app.config.use_remote_user and trans.user_is_admin(): user = trans.get_or_create_remote_user( remote_user_email=payload['remote_user_email']) elif trans.user_is_admin(): username = payload['username'] email = payload['email'] password = payload['password'] message = "\n".join([ validate_email(trans, email), validate_password(trans, password, password), validate_publicname(trans, username) ]).rstrip() if message: raise exceptions.RequestParameterInvalidException(message) else: user = self.create_user(trans=trans, email=email, username=username, password=password) else: raise exceptions.NotImplemented() item = user.to_dict(view='element', value_mapper={ 'id': trans.security.encode_id, 'total_disk_usage': float }) return item
def __set_password(self, trans, user, password, confirm): if not password: return "Please provide a new password." if user: # Validate the new password message = validate_password(trans, password, confirm) if message: return message else: # Save new password user.set_password_cleartext(password) # Invalidate all other sessions if trans.galaxy_session: for other_galaxy_session in trans.sa_session.query(self.app.model.GalaxySession) \ .filter(and_(self.app.model.GalaxySession.table.c.user_id == user.id, self.app.model.GalaxySession.table.c.is_valid == true(), self.app.model.GalaxySession.table.c.id != trans.galaxy_session.id)): other_galaxy_session.is_valid = False trans.sa_session.add(other_galaxy_session) trans.sa_session.add(user) trans.sa_session.flush() trans.log_event("User change password") else: return "Failed to determine user, access denied."
def change_password(self, trans, token=None, **kwd): """ Provides a form with which one can change their password. If token is provided, don't require current password. """ status = None message = kwd.get('message', '') user = None if kwd.get('change_password_button', False): password = kwd.get('password', '') confirm = kwd.get('confirm', '') current = kwd.get('current', '') token_result = None if token: # If a token was supplied, validate and set user token_result = trans.sa_session.query( trans.app.model.PasswordResetToken).get(token) if token_result and token_result.expiration_time > datetime.utcnow( ): user = token_result.user else: return trans.show_error_message( "Invalid or expired password reset token, please request a new one." ) else: # The user is changing their own password, validate their current password (ok, message) = trans.app.auth_manager.check_change_password( trans.user, current) if ok: user = trans.user else: status = 'error' if user: # Validate the new password message = validate_password(trans, password, confirm) if message: status = 'error' else: # Save new password user.set_password_cleartext(password) # if we used a token, invalidate it and log the user in. if token_result: trans.handle_user_login(token_result.user) token_result.expiration_time = datetime.utcnow() trans.sa_session.add(token_result) # Invalidate all other sessions for other_galaxy_session in trans.sa_session.query(trans.app.model.GalaxySession) \ .filter(and_(trans.app.model.GalaxySession.table.c.user_id == user.id, trans.app.model.GalaxySession.table.c.is_valid == true(), trans.app.model.GalaxySession.table.c.id != trans.galaxy_session.id)): other_galaxy_session.is_valid = False trans.sa_session.add(other_galaxy_session) trans.sa_session.add(user) trans.sa_session.flush() trans.log_event("User change password") if kwd.get('display_top', False) == 'True': return trans.response.send_redirect( url_for('/', message='Password has been changed')) else: return trans.show_ok_message( 'The password has been changed and any other existing Galaxy sessions have been logged out (but jobs in histories in those sessions will not be interrupted).' ) return trans.fill_template( '/webapps/tool_shed/user/change_password.mako', token=token, status=status, message=message, display_top=kwd.get('redirect_home', False))
def __validate(self, trans, email, password, confirm, username): message = "\n".join([validate_email(trans, email), validate_password(trans, password, confirm), validate_publicname(trans, username)]).rstrip() return message