def authenticate(self, remote_user, shib_meta): """ The username passed as ``remote_user`` is considered trusted. This method simply returns the ``User`` object with the given username, creating a new ``User`` object if ``create_unknown_user`` is ``True``. Returns None if ``create_unknown_user`` is ``False`` and a ``User`` object with the given username is not found in the database. """ if not remote_user: return username = self.clean_username(remote_user) local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1) if not local_ccnet_users: local_ccnet_users = ccnet_api.search_emailusers( 'LDAP', username, -1, -1) if not local_ccnet_users: if self.create_unknown_user: user = User.objects.create_user( email=username, is_active=self.activate_after_creation) if user and self.activate_after_creation is False: notify_admins_on_activate_request(user.email) # Do not send follwing registration finished email (if any) # which will cause confusion. return user if user and settings.NOTIFY_ADMIN_AFTER_REGISTRATION is True: notify_admins_on_register_complete(user.email) else: user = None return user
def authenticate(self, remote_user): """ The username passed as ``remote_user`` is considered trusted. This method simply returns the ``User`` object with the given username, creating a new ``User`` object if ``create_unknown_user`` is ``True``. Returns None if ``create_unknown_user`` is ``False`` and a ``User`` object with the given username is not found in the database. """ if not remote_user: return username = self.clean_username(remote_user) try: user = User.objects.get(email=username) except User.DoesNotExist: if self.create_unknown_user: user = User.objects.create_user( email=username, is_active=self.activate_after_creation) if user and self.activate_after_creation is False: notify_admins_on_activate_request(user.email) if user and settings.NOTIFY_ADMIN_AFTER_REGISTRATION is True: notify_admins_on_register_complete(user.email) else: user = None return user
def token_view(request, token): """Show form to let user set password. """ i = get_object_or_404(Invitation, token=token) if i.is_expired(): raise Http404 if request.method == 'GET': try: user = User.objects.get(email=i.accepter) if user.is_active is True: # user is active return exist messages.error(request, _('A user with this email already exists.')) except User.DoesNotExist: pass return render(request, 'invitations/token_view.html', {'iv': i, }) if request.method == 'POST': passwd = request.POST.get('password', '') if not passwd: return HttpResponseRedirect(request.META.get('HTTP_REFERER')) try: user = User.objects.get(email=i.accepter) if user.is_active is True: # user is active return exist messages.error(request, _('A user with this email already exists.')) return render(request, 'invitations/token_view.html', {'iv': i, }) else: # user is inactive then set active and new password user.set_password(passwd) user.is_active = True user.save() user = authenticate(username=user.username, password=passwd) except User.DoesNotExist: # Create user, set that user as guest. user = User.objects.create_user( email=i.accepter, password=passwd, is_active=True) User.objects.update_role(user.username, GUEST_USER) for backend in get_backends(): user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) # Update invitation accept time. i.accept() # login auth_login(request, user) # send signal to notify inviter accept_guest_invitation_successful.send( sender=None, invitation_obj=i) # send email to notify admin if NOTIFY_ADMIN_AFTER_REGISTRATION: notify_admins_on_register_complete(user.email) return HttpResponseRedirect(SITE_ROOT)
def authenticate(self, request=None, remote_user=None): """ The username passed as ``remote_user`` is considered trusted. This method simply returns the ``User`` object with the given username, creating a new ``User`` object if ``create_unknown_user`` is ``True``. Returns None if ``create_unknown_user`` is ``False`` and a ``User`` object with the given username is not found in the database. """ if not remote_user or not request: return None username = self.clean_username(remote_user) # get user from ccnet user = self.get_user(username) if not user: # when user doesn't exist if not self.create_unknown_user: logger.error('User %s not found.' % username) return None try: user = User.objects.create_user(email=username, is_active=self.auto_activate) if not self.auto_activate: notify_admins_on_activate_request(username) elif settings.NOTIFY_ADMIN_AFTER_REGISTRATION: notify_admins_on_register_complete(username) except Exception as e: logger.error(e) return None if not self.user_can_authenticate(user): logger.error('User %s is not active' % username) return None # update user info after authenticated try: self.configure_user(request, user) except Exception as e: logger.error(e) return None # get user again with updated extra info after configure return self.get_user(username)
def token_view(request, token): """Show form to let user set password. """ i = get_object_or_404(Invitation, token=token) if i.is_expired(): raise Http404 if request.method == 'POST': passwd = request.POST.get('password', '') if not passwd: return HttpResponseRedirect(request.META.get('HTTP_REFERER')) try: User.objects.get(email=i.accepter) messages.error(request, _('A user with this email already exists.')) except User.DoesNotExist: # Create user, set that user as guest, and log user in. u = User.objects.create_user(email=i.accepter, password=passwd, is_active=True) User.objects.update_role(u.username, GUEST_USER) i.accept() # Update invitaion accept time. for backend in get_backends(): u.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) auth_login(request, u) # send signal to notify inviter accept_guest_invitation_successful.send( sender=None, invitation_obj=i) # send email to notify admin if NOTIFY_ADMIN_AFTER_REGISTRATION: notify_admins_on_register_complete(u.email) return HttpResponseRedirect(SITE_ROOT) return render(request, 'invitations/token_view.html', { 'iv': i, })
def token_view(request, token): """Show form to let user set password. """ i = get_object_or_404(Invitation, token=token) if i.is_expired(): raise Http404 if request.method == 'GET': try: user = User.objects.get(email=i.accepter) if user.is_active is True: # user is active return exist messages.error(request, _('A user with this email already exists.')) except User.DoesNotExist: pass return render(request, 'invitations/token_view.html', { 'iv': i, }) if request.method == 'POST': passwd = request.POST.get('password', '') if not passwd: return HttpResponseRedirect(request.META.get('HTTP_REFERER')) try: user = User.objects.get(email=i.accepter) if user.is_active is True: # user is active return exist messages.error(request, _('A user with this email already exists.')) return render(request, 'invitations/token_view.html', { 'iv': i, }) else: # user is inactive then set active and new password user.set_password(passwd) user.is_active = True user.save() user = authenticate(username=user.username, password=passwd) except User.DoesNotExist: # Create user, set that user as guest. user = User.objects.create_user(email=i.accepter, password=passwd, is_active=True) User.objects.update_role(user.username, GUEST_USER) for backend in get_backends(): user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) # Update invitation accept time. i.accept() # login auth_login(request, user) # send signal to notify inviter accept_guest_invitation_successful.send(sender=None, invitation_obj=i) # send email to notify admin if NOTIFY_ADMIN_AFTER_REGISTRATION: notify_admins_on_register_complete(user.email) # repo share invitation try: shared_queryset = RepoShareInvitation.objects.list_by_invitation( invitation=i) accepter = i.accepter for shared_obj in shared_queryset: repo_id = shared_obj.repo_id path = shared_obj.path permission = shared_obj.permission inviter = shared_obj.invitation.inviter # recourse check repo = seafile_api.get_repo(repo_id) if not repo: logger.warning( '[ %s ] repo not found when [ %s ] accepts the invitation to share repo' ) % (repo_id, accepter) continue if seafile_api.get_dir_id_by_path(repo.id, path) is None: logger.warning( '[ %s ][ %s ] dir not found when [ %s ] accepts the invitation to share repo' ) % (repo_id, path, accepter) continue repo_owner = seafile_api.get_repo_owner(repo_id) share_dir_to_user(repo, path, repo_owner, inviter, accepter, permission, None) send_perm_audit_msg('modify-repo-perm', inviter, accepter, repo_id, path, permission) # delete shared_queryset.delete() except Exception as e: logger.error(e) return HttpResponseRedirect(SITE_ROOT)
def authenticate(self, session_info=None, attribute_mapping=None, create_unknown_user=True, **kwargs): if session_info is None or attribute_mapping is None: logger.error('Session info or attribute mapping are None') return None if 'ava' not in session_info: logger.error('"ava" key not found in session_info') return None attributes = session_info['ava'] if not attributes: logger.error('The attributes dictionary is empty') use_name_id_as_username = getattr(settings, 'SAML_USE_NAME_ID_AS_USERNAME', False) django_user_main_attribute = getattr( settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE', 'username') django_user_main_attribute_lookup = getattr( settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP', '') logger.debug('attributes: %s', attributes) saml_user = None if use_name_id_as_username: if 'name_id' in session_info: logger.debug('name_id: %s', session_info['name_id']) saml_user = session_info['name_id'].text else: logger.error( 'The nameid is not available. Cannot find user without a nameid.' ) else: logger.debug('attribute_mapping: %s', attribute_mapping) for saml_attr, django_fields in list(attribute_mapping.items()): if (django_user_main_attribute in django_fields and saml_attr in attributes): saml_user = attributes[saml_attr][0] if saml_user is None: logger.error('Could not find saml_user value') return None if not self.is_authorized(attributes, attribute_mapping): return None main_attribute = self.clean_user_main_attribute(saml_user) user_query_args = { django_user_main_attribute + django_user_main_attribute_lookup: main_attribute } user_create_defaults = {django_user_main_attribute: main_attribute} # Note that this could be accomplished in one try-except clause, but # instead we use get_or_create when creating unknown users since it has # built-in safeguards for multiple threads. # check if user exist in local ccnet db/ldapimport database username = main_attribute local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1) if not local_ccnet_users: local_ccnet_users = ccnet_api.search_emailusers( 'LDAP', username, -1, -1) if not local_ccnet_users: if create_unknown_user: activate_after_creation = getattr( settings, 'SAML_ACTIVATE_USER_AFTER_CREATION', True) user = User.objects.create_user( email=username, is_active=activate_after_creation) if not activate_after_creation: notify_admins_on_activate_request(username) elif settings.NOTIFY_ADMIN_AFTER_REGISTRATION: notify_admins_on_register_complete(username) else: user = None else: user = User.objects.get(email=username) if user: self.make_profile(user, attributes, attribute_mapping) return user