def handle(self, *args, **options):
"""command handle function. reads tag names, decodes
them using the standard input encoding and attempts to find
the matching tags
"""
if options['username'] is None:
raise CommandError('the --username argument is required')
if options['first'] is None:
raise CommandError('the --first argument is required')
if options['last'] is None:
raise CommandError('the --last argument is required')
if options['email'] is None:
raise CommandError('the --email argument is required')
username = options['username'].lower()
user = util.setup_new_user(username, options['first'], options['last'],options['email'])
assoc = UserAssociation(openid_url = username, user=user, provider_name = "Wind River LDAP")
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
print "Added User %s - %s %s - %s" % (username, options['first'], options['last'],
options['email'])
def authenticate(
self,
username = None,#for 'password'
password = None,#for 'password'
user_id = None,#for 'force'
provider_name = None,#required with all except email_key
openid_url = None,
email_key = None,
oauth_user_id = None,#used with oauth
facebook_user_id = None,#user with facebook
ldap_user_id = None,#for ldap
method = None,#requried parameter
):
"""this authentication function supports many login methods
just which method it is going to use it determined
from the signature of the function call
"""
login_providers = util.get_enabled_login_providers()
if method == 'password':
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
#logging.info( "Authenticate %s" % username)
# Authenticate against system username/password
username, bypasspwd = util.check_pwd_bypass(username)
if bypasspwd == False:
try:
p = pwd.getpwnam(username)
except KeyError:
return None
if(crypt.crypt(password, p.pw_passwd) != p.pw_passwd):
return None
# If user is not in Askbot, create it.
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
first, last, email = util.get_user_info(method, username)
if first == None:
return None
user = util.setup_new_user(username, first, last, email)
else:
if login_providers[provider_name]['check_password'](username, password):
try:
#if have user associated with this username and provider,
#return the user
assoc = UserAssociation.objects.get(
openid_url = username + '@' + provider_name,#a hack - par name is bad
provider_name = provider_name
)
return assoc.user
except UserAssociation.DoesNotExist:
#race condition here a user with this name may exist
user, created = User.objects.get_or_create(username = username)
if created:
user.set_password(password)
user.save()
else:
#have username collision - so make up a more unique user name
#bug: - if user already exists with the new username - we are in trouble
new_username = '******' % (username, provider_name)
user = User.objects.create_user(new_username, '', password)
message = _(
'Welcome! Please set email address (important!) in your '
'profile and adjust screen name, if necessary.'
)
user.message_set.create(message = message)
else:
return None
#this is a catch - make login token a little more unique
#for the cases when passwords are the same for two users
#from the same provider
try:
assoc = UserAssociation.objects.get(
user = user,
provider_name = provider_name
)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(
user = user,
provider_name = provider_name
)
assoc.openid_url = username + '@' + provider_name#has to be this way for external pw logins
elif method == 'openid':
provider_name = util.get_provider_name(openid_url)
try:
assoc = UserAssociation.objects.get(
openid_url = openid_url,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'email':
#with this method we do no use user association
try:
#todo: add email_key_timestamp field
#and check key age
user = User.objects.get(email_key = email_key)
user.email_key = None #one time key so delete it
user.email_isvalid = True
user.save()
return user
except User.DoesNotExist:
return None
elif method == 'oauth':
if login_providers[provider_name]['type'] == 'oauth':
try:
assoc = UserAssociation.objects.get(
openid_url = oauth_user_id,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
else:
return None
elif method == 'facebook':
try:
#assert(provider_name == 'facebook')
assoc = UserAssociation.objects.get(
openid_url = facebook_user_id,
provider_name = 'facebook'
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'ldap':
try:
assoc = UserAssociation.objects.get(
openid_url = ldap_user_id,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
first, last, email = util.get_user_info(method, ldap_user_id)
if(first == None):
return None
user = util.setup_new_user(ldap_user_id, first, last, email)
assoc = UserAssociation(
openid_url = ldap_user_id,
user = user,
provider_name = provider_name
)
elif method == 'force':
return self.get_user(user_id)
else:
raise TypeError('only openid and password supported')
#update last used time
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
return user
