def get(userid=None, username=None): """Get a user. Plone provides both a unique, unchanging identifier for a user (the userid) and a username, which is the value a user types into the login form. In many cases, the values for each will be the same, but under some circumstances they will differ. Known instances of this behavior include: * using content-based members via membrane * users changing their email address when using email as login is enabled We provide the ability to look up users by either. :param userid: Userid of the user we want to get. :type userid: string :param username: Username of the user we want to get. :type username: string :returns: User :rtype: MemberData object :raises: MissingParameterError :Example: :ref:`user_get_example` """ if userid is not None: portal_membership = portal.get_tool('portal_membership') return portal_membership.getMemberById(userid) return get_member_by_login_name(portal.get(), username, raise_exceptions=False)
def get(userid=None, username=None): """Get a user. Plone provides both a unique, unchanging identifier for a user (the userid) and a username, which is the value a user types into the login form. In many cases, the values for each will be the same, but under some circumstances they will differ. Known instances of this behavior include: * using content-based members via membrane * users changing their email address when using email as login is enabled We provide the ability to look up users by either. :param userid: Userid of the user we want to get. :type userid: string :param username: Username of the user we want to get. :type username: string :returns: User :rtype: MemberData object :raises: MissingParameterError :Example: :ref:`user_get_example` """ if userid is not None: portal_membership = portal.get_tool('portal_membership') return portal_membership.getMemberById(userid) return get_member_by_login_name( portal.get(), username, raise_exceptions=False, )
def mailPassword(self, login, REQUEST): request = REQUEST or self.REQUEST portal = getToolByName(self, "portal_url").getPortalObject() member = get_member_by_login_name(self, login, raise_exceptions=False) # member.getUser gives us the wrong context for setting up a # SecurityManager. acl_users = getToolByName(portal, "acl_users") user = acl_users.getUserById(member.getId()) orig_sm = getSecurityManager() try: newSecurityManager(request, user) tmp_sm = getSecurityManager() if not tmp_sm.checkPermission(SetOwnPassword, portal): # Re-use this ready-translated message for now exc = exc_class(_(u"Mailing forgotten passwords has been disabled.")) # Work around bug in mail_password under Py>2.6 if hasattr(exc, "message"): exc.message = exc.message raise exc finally: setSecurityManager(orig_sm) return self._original_mailPassword(login, REQUEST)
def getValidUser(self, userid): """Returns the member with 'userid' if available and None otherwise.""" if get_member_by_login_name: props = getToolByName(self, 'portal_properties').site_properties if props.getProperty('use_email_as_login', False): return get_member_by_login_name( self, userid, raise_exceptions=False) membertool = getToolByName(self, 'portal_membership') return membertool.getMemberById(userid)
def getValidUser(self, userid): """Returns the member with 'userid' if available and None otherwise.""" if get_member_by_login_name: registry = getUtility(IRegistry) settings = registry.forInterface(ISecuritySchema, prefix='plone') if settings.use_email_as_login: return get_member_by_login_name( self, userid, raise_exceptions=False) membertool = getToolByName(self, 'portal_membership') return membertool.getMemberById(userid)
def getValidUser(self, userid): """Returns the member with 'userid' if available and None otherwise.""" if get_member_by_login_name: registry = getUtility(IRegistry) settings = registry.forInterface(ISecuritySchema, prefix='plone') if settings.use_email_as_login: return get_member_by_login_name(self, userid, raise_exceptions=False) membertool = getToolByName(self, 'portal_membership') return membertool.getMemberById(userid)
def get_user(user_or_username): """Return Plone User :param user_or_username: Plone user or user id :returns: Plone MemberData """ user = None if isinstance(user_or_username, MemberData): user = user_or_username if isinstance(user_or_username, basestring): user = get_member_by_login_name(get_portal(), user_or_username, False) return user
def resetPassword(self, userid, randomstring, password): """Set the password (in 'password') for the user who maps to the string in 'randomstring' iff the entered 'userid' is equal to the mapped userid. (This can be turned off with the 'toggleUserCheck' method.) Note that this method will *not* check password validity: this must be done by the caller. Throws an 'ExpiredRequestError' if request is expired. Throws an 'InvalidRequestError' if no such record exists, or 'userid' is not in the record. """ if get_member_by_login_name: found_member = get_member_by_login_name(self, userid, raise_exceptions=False) if found_member is not None: userid = found_member.getId() try: stored_user, expiry = self._requests[randomstring] except KeyError: raise InvalidRequestError if self.checkUser() and (userid != stored_user): raise InvalidRequestError if self.expired(expiry): del self._requests[randomstring] self._p_changed = 1 raise ExpiredRequestError member = self.getValidUser(stored_user) if not member: raise InvalidRequestError # actually change password user = member.getUser() uf = getToolByName(self, 'acl_users') if getattr(uf, 'userSetPassword', None) is not None: uf.userSetPassword(user.getUserId(), password) # GRUF 3 else: try: user.changePassword(password) # GRUF 2 except AttributeError: # this sets __ directly (via MemberDataTool) which is the usual # (and stupid!) way to change a password in Zope member.setSecurityProfile(password=password) member.setMemberProperties(dict(must_change_password=0)) # clean out the request del self._requests[randomstring] self._p_changed = 1
def resetPassword(self, userid, randomstring, password): """Set the password (in 'password') for the user who maps to the string in 'randomstring' iff the entered 'userid' is equal to the mapped userid. (This can be turned off with the 'toggleUserCheck' method.) Note that this method will *not* check password validity: this must be done by the caller. Throws an 'ExpiredRequestError' if request is expired. Throws an 'InvalidRequestError' if no such record exists, or 'userid' is not in the record. """ if get_member_by_login_name: props = getToolByName(self, 'portal_properties').site_properties if props.getProperty('use_email_as_login', False): found_member = get_member_by_login_name(self, userid) if found_member is not None: userid = found_member.getId() try: stored_user, expiry = self._requests[randomstring] except KeyError: raise InvalidRequestError if self.checkUser() and (userid != stored_user): raise InvalidRequestError if self.expired(expiry): del self._requests[randomstring] self._p_changed = 1 raise ExpiredRequestError member = self.getValidUser(stored_user) if not member: raise InvalidRequestError # actually change password user = member.getUser() uf = getToolByName(self, 'acl_users') if getattr(uf, 'userSetPassword', None) is not None: uf.userSetPassword(user.getUserId(), password) # GRUF 3 else: try: user.changePassword(password) # GRUF 2 except AttributeError: # this sets __ directly (via MemberDataTool) which is the usual # (and stupid!) way to change a password in Zope member.setSecurityProfile(password=password) member.setMemberProperties(dict(must_change_password=0)) # clean out the request del self._requests[randomstring] self._p_changed = 1
def test_get_member_by_login_name(self): memship = self.portal.portal_membership context = self.portal member = memship.getMemberById(PloneTestCase.default_user) # Login name and user name start out the same found = get_member_by_login_name(context, PloneTestCase.default_user) self.assertEqual(member, found) # Change the login name: set_own_login_name(member, 'vanrees') # A member with this user name is still returned: found = get_member_by_login_name(context, PloneTestCase.default_user) self.assertEqual(member, found) # With the changed login name we can find the member: found = get_member_by_login_name(context, 'vanrees') self.assertEqual(member, found) # Demonstrate that we can find other members than just the # default user: found = get_member_by_login_name(context, SITE_OWNER_NAME) member = memship.getMemberById(SITE_OWNER_NAME) self.assertEqual(member, found)
def validate_userid_pwreset(context, userid, randomstring): pwt = getToolByName(context, 'portal_password_reset') found_member = get_member_by_login_name( context, userid, raise_exceptions=False) if found_member is not None: userid = found_member.getId() else: return False try: stored_user, expiry = pwt._requests[randomstring] except KeyError: return False if userid != stored_user: return False member = pwt.getValidUser(stored_user) if not member: return False return True
def get_user(user=None): """Get the user object :param user: A user id, memberdata object or None for the current user :returns: Plone User (PlonePAS) / Propertied User (PluggableAuthService) """ if user is None: # Return the current authenticated user user = getSecurityManager().getUser() elif isinstance(user, MemberData): # MemberData wrapped user -> get the user object user = user.getUser() elif isinstance(user, basestring): # User ID -> get the user user = get_member_by_login_name(get_portal(), user, False) if user: user = user.getUser() return user
def resetPassword(self, userid, randomstring, password): """Set the password (in 'password') for the user who maps to the string in 'randomstring' iff the entered 'userid' is equal to the mapped userid. (This can be turned off with the 'toggleUserCheck' method.) Note that this method will *not* check password validity: this must be done by the caller. Throws an 'ExpiredRequestError' if request is expired. Throws an 'InvalidRequestError' if no such record exists, or 'userid' is not in the record. """ if get_member_by_login_name: found_member = get_member_by_login_name( self, userid, raise_exceptions=False) if found_member is not None: userid = found_member.getId() try: stored_user, expiry = self._requests[randomstring] except KeyError: raise InvalidRequestError if self.checkUser() and (userid != stored_user): raise InvalidRequestError if self.expired(expiry): del self._requests[randomstring] self._p_changed = 1 raise ExpiredRequestError member = self.getValidUser(stored_user) if not member: raise InvalidRequestError # actually change password user = member.getUser() uf = getToolByName(self, 'acl_users') uf.userSetPassword(user.getUserId(), password) member.setMemberProperties(dict(must_change_password=0)) # clean out the request del self._requests[randomstring] self._p_changed = 1
def _auto_login(self, userid, password): context = self.context aclu = getToolByName(context, 'acl_users') for name, plugin in aclu.plugins.listPlugins(ICredentialsUpdatePlugin): plugin.updateCredentials( self.request, self.request.response, userid, password ) member = get_member_by_login_name(context, userid, False) if member: user = member.getUser() else: # Fallback in case we cannot find a user # with the given userid user = getSecurityManager().getUser() login_time = user.getProperty('login_time', None) if login_time is None: notify(UserInitialLoginInEvent(user)) else: notify(UserLoggedInEvent(user)) IStatusMessage(self.request).addStatusMessage( _( 'password_reset_successful', default='Password reset successful, ' 'you are logged in now!', ), 'info', ) url = INavigationRoot(self.context).absolute_url() self.request.response.redirect(url) return
def _get_user_by_login_name(self, user_id): return get_member_by_login_name(self.context, user_id, raise_exceptions=False)