def test_user(session):
user = User(login="******", pwdhash=generate_password_hash("password"))
session.add(user)
session.commit()
assert user.is_admin is False
assert user.is_api is False
assert user.is_api is False
assert user.public_profile is True
assert user.check_password("password") is True
assert user.apikey != ''
def test_user(session):
user = User(
login="******",
pwdhash=generate_password_hash("password"),
email="*****@*****.**",
)
session.add(user)
session.commit()
assert user.is_admin is False
assert user.is_api is False
assert user.is_api is False
assert user.check_password("password") is True
assert user.apikey != ""
def post(self):
"""Create, without authentication, a new deactivated user."""
if not application.config["SELF_REGISTRATION"]:
abort(400, "Self-registration is disabled.")
org_id_auto_join = user_ns.payload.pop("org_id", None)
new_user = None
try:
new_user = User(
**user_ns.payload,
pwdhash=generate_password_hash(""),
is_active=False,
is_admin=False,
)
db.session.add(new_user)
db.session.commit()
except sqlalchemy.exc.IntegrityError:
db.session.rollback()
return abort(409, "Login already used.")
except Exception:
db.session.rollback()
return abort(403)
# when creating an account, a user can directly join an organization
# which has no membership restriction
if new_user and org_id_auto_join:
# check if the organization exists and is without membership
# restriction
org_object = (
Organization.query.filter(
Organization.is_membership_restricted == False # noqa
).filter(Organization.id == org_id_auto_join).first())
if org_object:
new_user.organizations.append(org_object)
db.session.commit()
if new_user:
try:
notifications.confirm_account(new_user)
except Exception as e:
print(e)
# marshalling will skip none values and we do not want to return the API key
new_user.apikey = None
return [new_user], 201
def process_user_form(user_id=None):
"""Edit a user."""
form = UserForm()
if not form.validate():
return render_template("admin/edit_user.html", form=form)
if user_id is not None:
user = User.query.filter(User.id == user_id).first()
# Linked organizations
linked_organizations = []
for organization_id in form.organizations.data:
organization = Organization.query.filter(
Organization.id == organization_id).first()
linked_organizations.append(organization)
user.organizations = linked_organizations
del form.organizations
form.populate_obj(user)
if form.password.data:
user.pwdhash = generate_password_hash(form.password.data)
db.session.commit()
flash(
gettext("User %(user_login)s successfully updated.",
user_login=form.login.data),
"success",
)
return redirect(url_for("admin_bp.form_user", user_id=user.id))
# Create a new user
new_user = User(
login=form.login.data,
email=form.email.data,
public_profile=form.public_profile.data,
is_active=form.is_active.data,
is_admin=form.is_admin.data,
is_api=form.is_api.data,
pwdhash=generate_password_hash(form.password.data),
)
# Linked organizations
linked_organizations = []
for organization_id in form.organizations.data:
organization = Organization.query.filter(
Organization.id == organization_id).first()
linked_organizations.append(organization)
new_user.organizations.extend(linked_organizations)
del form.organizations
db.session.add(new_user)
db.session.commit()
flash(
gettext("User %(user_login)s successfully created.",
user_login=new_user.login),
"success",
)
return redirect(url_for("admin_bp.form_user", user_id=new_user.id))
def create_user(login, password, is_admin):
"""Creates a normal user or an administrator.
"""
user = User(
login=login,
pwdhash=generate_password_hash(password),
is_active=True,
is_admin=is_admin,
)
db.session.add(user)
db.session.commit()
def validate(self):
validated = super().validate()
if User.query.filter(User.login == self.login.data).count():
self.login.errors.append(lazy_gettext("Login already taken"))
validated = False
if self.login.data != User.make_valid_login(self.login.data):
self.login.errors.append(
lazy_gettext(
"This login has invalid characters. "
"Please use letters, numbers, hyphens and underscores only."
))
validated = False
return validated
def create_user(login, email, password, is_active, is_admin):
"""Creates a normal user or an administrator."""
user = User(
login=login,
email=email,
pwdhash=generate_password_hash(password),
is_active=is_active,
is_admin=is_admin,
)
try:
db.session.add(user)
db.session.commit()
return user
except Exception:
db.session.rollback()
def signup():
if not application.config["SELF_REGISTRATION"]:
flash(gettext("Self-registration is disabled."), "warning")
return redirect(url_for("index"))
if current_user.is_authenticated:
return redirect(url_for("index"))
form = SignupForm()
if form.validate_on_submit():
try:
new_user = User(
login=form.login.data,
email=form.email.data,
pwdhash="",
is_active=False,
is_admin=False,
)
db.session.add(new_user)
db.session.commit()
except sqlalchemy.exc.IntegrityError:
db.session.rollback()
# Send the confirmation email
try:
notifications.confirm_account(new_user)
except Exception as error:
flash(
gettext("Problem while sending activation email: %(error)s",
error=error),
"danger",
)
flash(
gettext(
"Your account has been created. Check your mail to confirm it."
),
"success",
)
return redirect(url_for("index"))
return render_template("signup.html", form=form)