def conduct_signin(username_or_email, password, invite_code=None):
needs_email_verification = False
invalid_credentials = False
(found_user, error_message) = authentication.verify_and_link_user(username_or_email, password)
if found_user:
# If there is an attached invitation code, handle it here. This will mark the
# user as verified if the code is valid.
if invite_code:
handle_invite_code(invite_code, found_user)
success, headers = common_login(found_user.uuid)
if success:
return {"success": True}, 200, headers
else:
needs_email_verification = True
else:
invalid_credentials = True
return (
{
"needsEmailVerification": needs_email_verification,
"invalidCredentials": invalid_credentials,
"message": error_message,
},
403,
None,
)
def post(self):
"""
Convert the user to an organization.
"""
user = get_authenticated_user()
convert_data = request.get_json()
# Ensure that the sign in credentials work.
admin_username = convert_data["adminUser"]
admin_password = convert_data["adminPassword"]
(admin_user, _) = authentication.verify_and_link_user(admin_username, admin_password)
if not admin_user:
raise request_error(
reason="invaliduser", message="The admin user credentials are not valid"
)
# Ensure that the new admin user is the not user being converted.
if admin_user.id == user.id:
raise request_error(reason="invaliduser", message="The admin user is not valid")
# Subscribe the organization to the new plan.
if features.BILLING:
plan = convert_data.get("plan", "free")
subscribe(user, plan, None, True) # Require business plans
# Convert the user to an organization.
model.organization.convert_user_to_organization(user, admin_user)
log_action("account_convert", user.username)
# And finally login with the admin credentials.
return conduct_signin(admin_username, admin_password)
def validate_credentials(auth_username, auth_password_or_token):
""" Validates a pair of auth username and password/token credentials. """
# Check for access tokens.
if auth_username == ACCESS_TOKEN_USERNAME:
logger.debug('Found credentials for access token')
try:
token = model.token.load_token_data(auth_password_or_token)
logger.debug(
'Successfully validated credentials for access token %s',
token.id)
return ValidateResult(AuthKind.credentials,
token=token), CredentialKind.token
except model.DataModelException:
logger.warning(
'Failed to validate credentials for access token %s',
auth_password_or_token)
return (ValidateResult(AuthKind.credentials,
error_message='Invalid access token'),
CredentialKind.token)
# Check for App Specific tokens.
if features.APP_SPECIFIC_TOKENS and auth_username == APP_SPECIFIC_TOKEN_USERNAME:
logger.debug('Found credentials for app specific auth token')
token = model.appspecifictoken.access_valid_token(
auth_password_or_token)
if token is None:
logger.debug(
'Failed to validate credentials for app specific token: %s',
auth_password_or_token)
return (ValidateResult(AuthKind.credentials,
error_message='Invalid token'),
CredentialKind.app_specific_token)
if not token.user.enabled:
logger.debug(
'Tried to use an app specific token for a disabled user: %s',
token.uuid)
return (ValidateResult(
AuthKind.credentials,
error_message=
'This user has been disabled. Please contact your administrator.'
), CredentialKind.app_specific_token)
logger.debug(
'Successfully validated credentials for app specific token %s',
token.id)
return (ValidateResult(AuthKind.credentials, appspecifictoken=token),
CredentialKind.app_specific_token)
# Check for OAuth tokens.
if auth_username == OAUTH_TOKEN_USERNAME:
return validate_oauth_token(
auth_password_or_token), CredentialKind.oauth_token
# Check for robots and users.
is_robot = parse_robot_username(auth_username)
if is_robot:
logger.debug('Found credentials header for robot %s', auth_username)
try:
robot = model.user.verify_robot(auth_username,
auth_password_or_token)
logger.debug('Successfully validated credentials for robot %s',
auth_username)
return ValidateResult(AuthKind.credentials,
robot=robot), CredentialKind.robot
except model.InvalidRobotException as ire:
logger.warning('Failed to validate credentials for robot %s: %s',
auth_username, ire)
return ValidateResult(AuthKind.credentials,
error_message=str(ire)), CredentialKind.robot
# Otherwise, treat as a standard user.
(authenticated,
err) = authentication.verify_and_link_user(auth_username,
auth_password_or_token,
basic_auth=True)
if authenticated:
logger.debug('Successfully validated credentials for user %s',
authenticated.username)
return ValidateResult(AuthKind.credentials,
user=authenticated), CredentialKind.user
else:
logger.warning('Failed to validate credentials for user %s: %s',
auth_username, err)
return ValidateResult(AuthKind.credentials,
error_message=err), CredentialKind.user