def handle(self, *args, **options): """command handle function. reads tag names, decodes them using the standard input encoding and attempts to find the matching tags """ if options['username'] is None: raise CommandError('the --username argument is required') if options['first'] is None: raise CommandError('the --first argument is required') if options['last'] is None: raise CommandError('the --last argument is required') if options['email'] is None: raise CommandError('the --email argument is required') username = options['username'].lower() user = util.setup_new_user(username, options['first'], options['last'],options['email']) assoc = UserAssociation(openid_url = username, user=user, provider_name = "Wind River LDAP") assoc.last_used_timestamp = datetime.datetime.now() assoc.save() print "Added User %s - %s %s - %s" % (username, options['first'], options['last'], options['email'])
def authenticate( self, username = None,#for 'password' password = None,#for 'password' user_id = None,#for 'force' provider_name = None,#required with all except email_key openid_url = None, email_key = None, oauth_user_id = None,#used with oauth facebook_user_id = None,#user with facebook ldap_user_id = None,#for ldap method = None,#requried parameter ): """this authentication function supports many login methods just which method it is going to use it determined from the signature of the function call """ login_providers = util.get_enabled_login_providers() if method == 'password': if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': #logging.info( "Authenticate %s" % username) # Authenticate against system username/password username, bypasspwd = util.check_pwd_bypass(username) if bypasspwd == False: try: p = pwd.getpwnam(username) except KeyError: return None if(crypt.crypt(password, p.pw_passwd) != p.pw_passwd): return None # If user is not in Askbot, create it. try: user = User.objects.get(username=username) except User.DoesNotExist: first, last, email = util.get_user_info(method, username) if first == None: return None user = util.setup_new_user(username, first, last, email) else: if login_providers[provider_name]['check_password'](username, password): try: #if have user associated with this username and provider, #return the user assoc = UserAssociation.objects.get( openid_url = username + '@' + provider_name,#a hack - par name is bad provider_name = provider_name ) return assoc.user except UserAssociation.DoesNotExist: #race condition here a user with this name may exist user, created = User.objects.get_or_create(username = username) if created: user.set_password(password) user.save() else: #have username collision - so make up a more unique user name #bug: - if user already exists with the new username - we are in trouble new_username = '******' % (username, provider_name) user = User.objects.create_user(new_username, '', password) message = _( 'Welcome! Please set email address (important!) in your ' 'profile and adjust screen name, if necessary.' ) user.message_set.create(message = message) else: return None #this is a catch - make login token a little more unique #for the cases when passwords are the same for two users #from the same provider try: assoc = UserAssociation.objects.get( user = user, provider_name = provider_name ) except UserAssociation.DoesNotExist: assoc = UserAssociation( user = user, provider_name = provider_name ) assoc.openid_url = username + '@' + provider_name#has to be this way for external pw logins elif method == 'openid': provider_name = util.get_provider_name(openid_url) try: assoc = UserAssociation.objects.get( openid_url = openid_url, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'email': #with this method we do no use user association try: #todo: add email_key_timestamp field #and check key age user = User.objects.get(email_key = email_key) user.email_key = None #one time key so delete it user.email_isvalid = True user.save() return user except User.DoesNotExist: return None elif method == 'oauth': if login_providers[provider_name]['type'] == 'oauth': try: assoc = UserAssociation.objects.get( openid_url = oauth_user_id, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None else: return None elif method == 'facebook': try: #assert(provider_name == 'facebook') assoc = UserAssociation.objects.get( openid_url = facebook_user_id, provider_name = 'facebook' ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'ldap': try: assoc = UserAssociation.objects.get( openid_url = ldap_user_id, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: first, last, email = util.get_user_info(method, ldap_user_id) if(first == None): return None user = util.setup_new_user(ldap_user_id, first, last, email) assoc = UserAssociation( openid_url = ldap_user_id, user = user, provider_name = provider_name ) elif method == 'force': return self.get_user(user_id) else: raise TypeError('only openid and password supported') #update last used time assoc.last_used_timestamp = datetime.datetime.now() assoc.save() return user