def search_user_from_ccnet(q): """ Return 10 items at most. """ users = [] db_users = ccnet_api.search_emailusers('DB', q, 0, 10) users.extend(db_users) count = len(users) if count < 10: ldap_imported_users = ccnet_api.search_emailusers('LDAP', q, 0, 10 - count) users.extend(ldap_imported_users) count = len(users) if count < 10 and ENABLE_SEARCH_FROM_LDAP_DIRECTLY: all_ldap_users = ccnet_api.search_ldapusers(q, 0, 10 - count) users.extend(all_ldap_users) # `users` is already search result, no need search more email_list = [] for user in users: email_list.append(user.email) return email_list
def authenticate(self, remote_user, shib_meta): """ The username passed as ``remote_user`` is considered trusted. This method simply returns the ``User`` object with the given username, creating a new ``User`` object if ``create_unknown_user`` is ``True``. Returns None if ``create_unknown_user`` is ``False`` and a ``User`` object with the given username is not found in the database. """ if not remote_user: return username = self.clean_username(remote_user) local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1) if not local_ccnet_users: local_ccnet_users = ccnet_api.search_emailusers( 'LDAP', username, -1, -1) if not local_ccnet_users: if self.create_unknown_user: user = User.objects.create_user( email=username, is_active=self.activate_after_creation) if user and self.activate_after_creation is False: notify_admins_on_activate_request(user.email) # Do not send follwing registration finished email (if any) # which will cause confusion. return user if user and settings.NOTIFY_ADMIN_AFTER_REGISTRATION is True: notify_admins_on_register_complete(user.email) else: user = None return user
def test_user_management(): email1 = '%s@%s.com' % (randstring(6), randstring(6)) email2 = '%s@%s.com' % (randstring(6), randstring(6)) passwd1 = 'randstring(6)' passwd2 = 'randstring(6)' ccnet_api.add_emailuser(email1, passwd1, 1, 1) ccnet_api.add_emailuser(email2, passwd2, 0, 0) ccnet_email1 = ccnet_api.get_emailuser(email1) ccnet_email2 = ccnet_api.get_emailuser(email2) assert ccnet_email1.is_active == True assert ccnet_email1.is_staff == True assert ccnet_email2.is_active == False assert ccnet_email2.is_staff == False assert ccnet_api.validate_emailuser(email1, passwd1) == 0 assert ccnet_api.validate_emailuser(email2, passwd2) == 0 users = ccnet_api.search_emailusers('DB',email1, -1, -1) assert len(users) == 1 user_ccnet = users[0] assert user_ccnet.email == email1 user_counts = ccnet_api.count_emailusers('DB') user_numbers = ccnet_api.get_emailusers('DB', -1, -1) ccnet_api.update_emailuser('DB', ccnet_email2.id, passwd2, 1, 1) email2_new = ccnet_api.get_emailuser(email2) assert email2_new.is_active == True assert email2_new.is_staff == True ccnet_api.remove_emailuser('DB', email1) ccnet_api.remove_emailuser('DB', email2)
def get(self, request): """Search user from DB, LDAPImport and Profile Permission checking: 1. only admin can perform this action. """ if not request.user.admin_permissions.can_manage_user(): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') query_str = request.GET.get('query', '').lower() if not query_str: error_msg = 'query invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) users = [] # search user from ccnet db users += ccnet_api.search_emailusers('DB', query_str, 0, 10) # search user from ccnet ldapimport users += ccnet_api.search_emailusers('LDAP', query_str, 0, 10) ccnet_user_emails = [u.email for u in users] # get institution for user from ccnet if getattr(settings, 'MULTI_INSTITUTION', False): user_institution_dict = {} profiles = Profile.objects.filter(user__in=ccnet_user_emails) for profile in profiles: email = profile.user if email not in user_institution_dict: user_institution_dict[email] = profile.institution for user in users: user.institution = user_institution_dict.get(user.email, '') # search user from profile searched_profile = Profile.objects.filter( (Q(nickname__icontains=query_str)) | Q(contact_email__icontains=query_str))[:10] for profile in searched_profile: email = profile.user institution = profile.institution # remove duplicate emails if email not in ccnet_user_emails: try: # get is_staff and is_active info user = User.objects.get(email=email) user.institution = institution users.append(user) except User.DoesNotExist: continue data = [] for user in users: info = {} info['email'] = user.email info['name'] = email2nickname(user.email) info['contact_email'] = email2contact_email(user.email) info['is_staff'] = user.is_staff info['is_active'] = user.is_active info['source'] = user.source.lower() orgs = ccnet_api.get_orgs_by_user(user.email) if orgs: org_id = orgs[0].org_id info['org_id'] = org_id info['org_name'] = orgs[0].org_name info['quota_usage'] = seafile_api.get_org_user_quota_usage( org_id, user.email) info['quota_total'] = seafile_api.get_org_user_quota( org_id, user.email) else: info['quota_usage'] = seafile_api.get_user_self_usage( user.email) info['quota_total'] = seafile_api.get_user_quota(user.email) info['create_time'] = timestamp_to_isoformat_timestr(user.ctime) last_login_obj = UserLastLogin.objects.get_by_username(user.email) info['last_login'] = datetime_to_isoformat_timestr( last_login_obj.last_login) if last_login_obj else '' info['role'] = get_user_role(user) if getattr(settings, 'MULTI_INSTITUTION', False): info['institution'] = user.institution data.append(info) result = {'user_list': data} return Response(result)
def pubuser_search(request): can_search = False if is_org_context(request): can_search = True elif request.cloud_mode: # Users are not allowed to search public user when in cloud mode. can_search = False else: can_search = True if can_search is False: raise Http404 email_or_nickname = request.GET.get('search', '') if not email_or_nickname: return HttpResponseRedirect(reverse('pubuser')) # Get user's contacts, used in show "add to contacts" button. username = request.user.username contacts = Contact.objects.get_contacts_by_user(username) contact_emails = [request.user.username] for c in contacts: contact_emails.append(c.contact_email) search_result = [] # search by username if is_org_context(request): url_prefix = request.user.org.url_prefix org_users = ccnet_api.get_org_users_by_url_prefix(url_prefix, -1, -1) users = [] for u in org_users: if email_or_nickname in u.email: users.append(u) else: users = ccnet_api.search_emailusers(email_or_nickname, -1, -1) for u in users: can_be_contact = True if u.email not in contact_emails else False search_result.append({ 'email': u.email, 'can_be_contact': can_be_contact }) # search by nickname if is_org_context(request): url_prefix = request.user.org.url_prefix org_users = ccnet_api.get_org_users_by_url_prefix(url_prefix, -1, -1) profile_all = Profile.objects.filter( user__in=[u.email for u in org_users]).values('user', 'nickname') else: profile_all = Profile.objects.all().values('user', 'nickname') for p in profile_all: if email_or_nickname in p['nickname']: can_be_contact = True if p['user'] not in contact_emails else False search_result.append({ 'email': p['user'], 'can_be_contact': can_be_contact }) uniq_usernames = [] for res in search_result: if res['email'] not in uniq_usernames: uniq_usernames.append(res['email']) else: search_result.remove(res) return render(request, 'pubuser.html', { 'search': email_or_nickname, 'users': search_result, })
def authenticate(self, session_info=None, attribute_mapping=None, create_unknown_user=True, **kwargs): if session_info is None or attribute_mapping is None: logger.error('Session info or attribute mapping are None') return None if not 'ava' in session_info: logger.error('"ava" key not found in session_info') return None attributes = session_info['ava'] if not attributes: logger.error('The attributes dictionary is empty') use_name_id_as_username = getattr(settings, 'SAML_USE_NAME_ID_AS_USERNAME', False) django_user_main_attribute = getattr( settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE', 'username') django_user_main_attribute_lookup = getattr( settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP', '') logger.debug('attributes: %s', attributes) saml_user = None if use_name_id_as_username: if 'name_id' in session_info: logger.debug('name_id: %s', session_info['name_id']) saml_user = session_info['name_id'].text else: logger.error( 'The nameid is not available. Cannot find user without a nameid.' ) else: logger.debug('attribute_mapping: %s', attribute_mapping) for saml_attr, django_fields in attribute_mapping.items(): if (django_user_main_attribute in django_fields and saml_attr in attributes): saml_user = attributes[saml_attr][0] if saml_user is None: logger.error('Could not find saml_user value') return None if not self.is_authorized(attributes, attribute_mapping): return None main_attribute = self.clean_user_main_attribute(saml_user) user_query_args = { django_user_main_attribute + django_user_main_attribute_lookup: main_attribute } user_create_defaults = {django_user_main_attribute: main_attribute} # Note that this could be accomplished in one try-except clause, but # instead we use get_or_create when creating unknown users since it has # built-in safeguards for multiple threads. # check if user exist in local ccnet db/ldapimport database username = main_attribute local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1) if not local_ccnet_users: local_ccnet_users = ccnet_api.search_emailusers( 'LDAP', username, -1, -1) if not local_ccnet_users: if create_unknown_user: user = User.objects.create_user(email=username, is_active=True) else: user = None else: user = User.objects.get(email=username) if user: self.make_profile(user, attributes, attribute_mapping) return user
def test_user_management(repo): email1 = '%s@%s.com' % (randstring(6), randstring(6)) email2 = '%s@%s.com' % (randstring(6), randstring(6)) passwd1 = 'randstring(6)' passwd2 = 'randstring(6)' ccnet_api.add_emailuser(email1, passwd1, 1, 1) ccnet_api.add_emailuser(email2, passwd2, 0, 0) ccnet_email1 = ccnet_api.get_emailuser(email1) ccnet_email2 = ccnet_api.get_emailuser(email2) assert ccnet_email1.is_active == True assert ccnet_email1.is_staff == True assert ccnet_email2.is_active == False assert ccnet_email2.is_staff == False assert ccnet_api.validate_emailuser(email1, passwd1) == 0 assert ccnet_api.validate_emailuser(email2, passwd2) == 0 users = ccnet_api.search_emailusers('DB', email1, -1, -1) assert len(users) == 1 user_ccnet = users[0] assert user_ccnet.email == email1 user_counts = ccnet_api.count_emailusers('DB') user_numbers = ccnet_api.get_emailusers('DB', -1, -1) ccnet_api.update_emailuser('DB', ccnet_email2.id, passwd2, 1, 1) email2_new = ccnet_api.get_emailuser(email2) assert email2_new.is_active == True assert email2_new.is_staff == True #test group when update user id id1 = ccnet_api.create_group('group1', email1, parent_group_id=-1) assert id1 != -1 group1 = ccnet_api.get_group(id1) assert group1.parent_group_id == -1 # test shared repo when update user id api.share_repo(repo.id, USER, email1, "rw") assert api.repo_has_been_shared(repo.id) new_email1 = '%s@%s.com' % (randstring(6), randstring(6)) assert ccnet_api.update_emailuser_id(email1, new_email1) == 0 shared_users = api.list_repo_shared_to(USER, repo.id) assert len(shared_users) == 1 assert shared_users[0].repo_id == repo.id assert shared_users[0].user == new_email1 assert shared_users[0].perm == "rw" api.remove_share(repo.id, USER, new_email1) email1_groups = ccnet_api.get_groups(new_email1) assert len(email1_groups) == 1 assert email1_groups[0].id == id1 rm1 = ccnet_api.remove_group(id1) assert rm1 == 0 ccnet_api.remove_emailuser('DB', new_email1) ccnet_api.remove_emailuser('DB', email2)