def required_email(request=None, action=None):
"""
This precondition checks if the "email" parameter matches the regular
expression in the policy scope=register, action=requiredemail.
See :ref:`policy_requiredemail`.
Check ACTION.REQUIREDEMAIL
This decorator should wrap POST /register
:param request: The Request Object
:param action: An optional Action
:return: Modifies the request paramters or raises an Exception
"""
email = getParam(request.all_data, "email")
email_found = False
email_pols = g.policy_object.\
get_action_values(ACTION.REQUIREDEMAIL, scope=SCOPE.REGISTER,
client=g.client_ip)
if email and email_pols:
for email_pol in email_pols:
# The policy is only "/regularexpr/".
search = email_pol.strip("/")
if re.findall(search, email):
email_found = True
if not email_found:
raise RegistrationError("This email address is not allowed to "
"register!")
return True
def register_post():
"""
Register a new user in the realm/userresolver. To do so, the user
resolver must be writeable like an SQLResolver.
Registering a user in fact creates a new user and also creates the first
token for the user. The following values are needed to register the user:
* username (mandatory)
* givenname (mandatory)
* surname (mandatory)
* email address (mandatory)
* password (mandatory)
* mobile phone (optional)
* telephone (optional)
The user receives a registration token via email to be able to login with
his self chosen password and the registration token.
:jsonparam username: The login name of the new user. Check if it already
exists
:jsonparam givenname: The givenname of the new user
:jsonparam surname: The surname of the new user
:jsonparam email: The email address of the new user
:jsonparam password: The password of the new user. This is the resolver
password of the new user.
:jsonparam mobile: The mobile phone number
:jsonparam phone: The phone number (land line) of the new user
:return: a json result with a boolean "result": true
"""
username = getParam(request.all_data, "username", required)
surname = getParam(request.all_data, "surname", required)
givenname = getParam(request.all_data, "givenname", required)
email = getParam(request.all_data, "email", required)
password = getParam(request.all_data, "password", required)
mobile = getParam(request.all_data, "mobile")
phone = getParam(request.all_data, "phone")
options = {"g": g, "clientip": request.remote_addr}
g.audit_object.log({"info": username})
# Add all params to the options
for key, value in request.all_data.items():
if value and key not in ["g", "clientip"]:
options[key] = value
# 1. determine, in which resolver/realm the user should be created
realm = g.policy_object.get_action_values(ACTION.REALM,
scope=SCOPE.REGISTER,
unique=True)
if not realm:
# No policy for realm, so we use the default realm
realm = get_default_realm
else:
# we use the first realm in the list
realm = realm[0]
resolvername = g.policy_object.get_action_values(ACTION.RESOLVER,
scope=SCOPE.REGISTER,
unique=True)
if not resolvername:
raise RegistrationError("No resolver specified to register in!")
resolvername = resolvername[0]
# Check if the user exists
user = User(username, realm=realm, resolver=resolvername)
if user.exist():
raise RegistrationError("The username is already registered!")
# Create user
uid = create_user(
resolvername, {
"username": username,
"email": email,
"phone": phone,
"mobile": mobile,
"surname": surname,
"givenname": givenname,
"password": password
})
# 3. create a registration token for this user
user = User(username, realm=realm, resolver=resolvername)
token = init_token({"type": "registration"}, user=user)
# 4. send the registration token to the users email
registration_key = token.init_details.get("otpkey")
smtpconfig = g.policy_object.get_action_values(ACTION.EMAILCONFIG,
scope=SCOPE.REGISTER,
unique=True)
if not smtpconfig:
raise RegistrationError("No SMTP server configuration specified!")
smtpconfig = smtpconfig[0]
# Send the registration key via email
r = send_email_identifier(
smtpconfig, email, "Your privacyIDEA registration",
"Your registration token is %s" % registration_key)
log.debug("Registration email sent to %s" % email)
g.audit_object.log({"success": r})
return send_result(r)