def _action(self) -> None:
assert config.user.id is not None
users = userdb.load_users(lock=True)
user = users[config.user.id]
language = html.request.get_ascii_input_mandatory('language', "")
# Set the users language if requested to set it explicitly
if language != "_default_":
user['language'] = language
config.user.language = language
html.set_language_cookie(language)
else:
if 'language' in user:
del user['language']
config.user.reset_language()
# load the new language
cmk.gui.i18n.localize(config.user.language)
if config.user.may('general.edit_notifications') and user.get(
"notifications_enabled"):
value = forms.get_input(watolib.get_vs_flexible_notifications(),
"notification_method")
user["notification_method"] = value
# Custom attributes
if config.user.may('general.edit_user_attributes'):
for name, attr in userdb.get_user_attributes():
if not attr.user_editable():
continue
if attr.permission() and not config.user.may(
attr.permission()):
continue
vs = attr.valuespec()
value = vs.from_html_vars('ua_' + name)
vs.validate_value(value, "ua_" + name)
user[name] = value
userdb.save_users(users)
flash(_("Successfully updated user profile."))
# In distributed setups with remote sites where the user can login, start the
# user profile replication now which will redirect the user to the destination
# page after completion. Otherwise directly open up the destination page.
if config.user.authorized_login_sites():
back_url = "user_profile_replicate.py?back=user_profile.py"
else:
back_url = "user_profile.py"
# Ensure theme changes are applied without additional user interaction
html.reload_whole_page(back_url)
html.footer()
raise FinalizeRequest(code=200)
def _localize_request() -> None:
previous_language = cmk.gui.i18n.get_current_language()
user_language = html.request.get_ascii_input("lang", config.user.language)
html.set_language_cookie(user_language)
cmk.gui.i18n.localize(user_language)
# All plugins might have to be reloaded due to a language change. Only trigger
# a second plugin loading when the user is really using a custom localized GUI.
# Otherwise the load_all_plugins() at the beginning of the request is sufficient.
if cmk.gui.i18n.get_current_language() != previous_language:
load_all_plugins()
def _action(self) -> bool:
assert config.user.id is not None
users = userdb.load_users(lock=True)
user = users[config.user.id]
language = html.request.get_ascii_input_mandatory('language', "")
# Set the users language if requested to set it explicitly
if language != "_default_":
user['language'] = language
config.user.language = language
html.set_language_cookie(language)
else:
if 'language' in user:
del user['language']
config.user.reset_language()
# load the new language
cmk.gui.i18n.localize(config.user.language)
if config.user.may('general.edit_notifications') and user.get(
"notifications_enabled"):
value = forms.get_input(watolib.get_vs_flexible_notifications(),
"notification_method")
user["notification_method"] = value
# Custom attributes
if config.user.may('general.edit_user_attributes'):
for name, attr in userdb.get_user_attributes():
if not attr.user_editable():
continue
if attr.permission() and not config.user.may(
attr.permission()):
continue
vs = attr.valuespec()
value = vs.from_html_vars('ua_' + name)
vs.validate_value(value, "ua_" + name)
user[name] = value
userdb.save_users(users)
return True
def _show_page_user_profile(change_pw):
start_async_replication = False
if not config.user.id:
raise MKUserError(None, _('Not logged in.'))
if not config.user.may('general.edit_profile') and not config.user.may(
'general.change_password'):
raise MKAuthException(
_("You are not allowed to edit your user profile."))
if not config.wato_enabled:
raise MKAuthException(
_('User profiles can not be edited (WATO is disabled).'))
success = None
if html.request.has_var('_save') and html.check_transaction():
users = userdb.load_users(lock=True)
try:
# Profile edit (user options like language etc.)
if config.user.may('general.edit_profile'):
if not change_pw:
set_lang = html.get_checkbox('_set_lang')
language = html.request.var('language')
# Set the users language if requested
if set_lang:
if language == '':
language = None
# Set custom language
users[config.user.id]['language'] = language
config.user.language = language
html.set_language_cookie(language)
else:
# Remove the customized language
if 'language' in users[config.user.id]:
del users[config.user.id]['language']
config.user.reset_language()
# load the new language
cmk.gui.i18n.localize(config.user.language)
user = users.get(config.user.id)
if config.user.may('general.edit_notifications'
) and user.get("notifications_enabled"):
value = forms.get_input(
watolib.get_vs_flexible_notifications(),
"notification_method")
users[config.user.id]["notification_method"] = value
# Custom attributes
if config.user.may('general.edit_user_attributes'):
for name, attr in userdb.get_user_attributes():
if attr.user_editable():
if not attr.permission() or config.user.may(
attr.permission()):
vs = attr.valuespec()
value = vs.from_html_vars('ua_' + name)
vs.validate_value(value, "ua_" + name)
users[config.user.id][name] = value
# Change the password if requested
password_changed = False
if config.user.may('general.change_password'):
cur_password = html.request.var('cur_password')
password = html.request.var('password')
password2 = html.request.var('password2', '')
if change_pw:
# Force change pw mode
if not cur_password:
raise MKUserError(
"cur_password",
_("You need to provide your current password."))
if not password:
raise MKUserError(
"password", _("You need to change your password."))
if cur_password == password:
raise MKUserError(
"password",
_("The new password must differ from your current one."
))
if cur_password and password:
if userdb.hook_login(config.user.id,
cur_password) is False:
raise MKUserError("cur_password",
_("Your old password is wrong."))
if password2 and password != password2:
raise MKUserError(
"password2",
_("The both new passwords do not match."))
watolib.verify_password_policy(password)
users[config.user.id]['password'] = hash_password(password)
users[config.user.id]['last_pw_change'] = int(time.time())
if change_pw:
# Has been changed, remove enforcement flag
del users[config.user.id]['enforce_pw_change']
# Increase serial to invalidate old cookies
if 'serial' not in users[config.user.id]:
users[config.user.id]['serial'] = 1
else:
users[config.user.id]['serial'] += 1
password_changed = True
# Now, if in distributed environment where users can login to remote sites,
# set the trigger for pushing the new auth information to the slave sites
# asynchronous
if config.user.authorized_login_sites():
start_async_replication = True
userdb.save_users(users)
if password_changed:
# Set the new cookie to prevent logout for the current user
login.set_auth_cookie(config.user.id)
success = True
except MKUserError as e:
html.add_user_error(e.varname, e)
else:
users = userdb.load_users()
watolib.init_wato_datastructures(with_wato_lock=True)
# When in distributed setup, display the replication dialog instead of the normal
# profile edit dialog after changing the password.
if start_async_replication:
user_profile_async_replication_page()
return
if change_pw:
title = _("Change Password")
else:
title = _("Edit User Profile")
html.header(title)
# Rule based notifications: The user currently cannot simply call the according
# WATO module due to WATO permission issues. So we cannot show this button
# right now.
if not change_pw:
rulebased_notifications = watolib.load_configuration_settings().get(
"enable_rulebased_notifications")
if rulebased_notifications and config.user.may(
'general.edit_notifications'):
html.begin_context_buttons()
url = "wato.py?mode=user_notifications_p"
html.context_button(_("Notifications"), url, "notifications")
html.end_context_buttons()
else:
reason = html.request.var('reason')
if reason == 'expired':
html.p(
_('Your password is too old, you need to choose a new password.'
))
else:
html.p(
_('You are required to change your password before proceeding.'
))
if success:
html.reload_sidebar()
if change_pw:
html.show_message(_("Your password has been changed."))
raise HTTPRedirect(html.request.var('_origtarget', 'index.py'))
else:
html.show_message(_("Successfully updated user profile."))
# Ensure theme changes are applied without additional user interaction
html.immediate_browser_redirect(0.5, html.makeuri([]))
if html.has_user_errors():
html.show_user_errors()
user = users.get(config.user.id)
if user is None:
html.show_warning(_("Sorry, your user account does not exist."))
html.footer()
return
# Returns true if an attribute is locked and should be read only. Is only
# checked when modifying an existing user
locked_attributes = userdb.locked_attributes(user.get('connector'))
def is_locked(attr):
return attr in locked_attributes
html.begin_form("profile", method="POST")
html.prevent_password_auto_completion()
html.open_div(class_="wato")
forms.header(_("Personal Settings"))
if not change_pw:
forms.section(_("Name"), simple=True)
html.write_text(user.get("alias", config.user.id))
if config.user.may(
'general.change_password') and not is_locked('password'):
forms.section(_("Current Password"))
html.password_input('cur_password', autocomplete="new-password")
forms.section(_("New Password"))
html.password_input('password', autocomplete="new-password")
forms.section(_("New Password Confirmation"))
html.password_input('password2', autocomplete="new-password")
if not change_pw and config.user.may('general.edit_profile'):
select_language(user)
# Let the user configure how he wants to be notified
if not rulebased_notifications \
and config.user.may('general.edit_notifications') \
and user.get("notifications_enabled"):
forms.section(_("Notifications"))
html.help(
_("Here you can configure how you want to be notified about host and service problems and "
"other monitoring events."))
watolib.get_vs_flexible_notifications().render_input(
"notification_method", user.get("notification_method"))
if config.user.may('general.edit_user_attributes'):
for name, attr in userdb.get_user_attributes():
if attr.user_editable():
vs = attr.valuespec()
forms.section(_u(vs.title()))
value = user.get(name, vs.default_value())
if not attr.permission() or config.user.may(
attr.permission()):
vs.render_input("ua_" + name, value)
html.help(_u(vs.help()))
else:
html.write(vs.value_to_text(value))
# Save button
forms.end()
html.button("_save", _("Save"))
html.close_div()
html.hidden_fields()
html.end_form()
html.footer()
