def getCollectionCreationPolicyAccess(self):
cpp = Setting().get(SettingKey.COLLECTION_CREATE_POLICY)
acList = {
'users': [{
'id': x
} for x in cpp.get('users', [])],
'groups': [{
'id': x
} for x in cpp.get('groups', [])]
}
for user in acList['users'][:]:
userDoc = User().load(user['id'],
force=True,
fields=['firstName', 'login', 'email'])
if userDoc is None:
acList['users'].remove(user)
else:
user['login'] = userDoc['login']
user['name'] = userDoc['firstName']
user['email'] = userDoc['email']
for grp in acList['groups'][:]:
grpDoc = Group().load(grp['id'],
force=True,
fields=['name', 'description'])
if grpDoc is None:
acList['groups'].remove(grp)
else:
grp['name'] = grpDoc['name']
grp['description'] = grpDoc['description']
return acList
def hasCreatePrivilege(self, user):
"""
Tests whether a given user has the authority to create collections on
this instance. This is based on the collection creation policy settings.
By default, only admins are allowed to create collections.
:param user: The user to test.
:returns: bool
"""
from girderformindlogger.models.setting import Setting
if user['admin']:
return True
policy = Setting().get(SettingKey.COLLECTION_CREATE_POLICY)
if policy['open'] is True:
return True
if user['_id'] in policy.get('users', ()):
return True
if set(policy.get('groups', ())) & set(user.get('groups', ())):
return True
return False
def getSettings(self):
settings = Setting()
return {
PluginSettings.MARKDOWN: settings.get(PluginSettings.MARKDOWN),
PluginSettings.HEADER: settings.get(PluginSettings.HEADER),
PluginSettings.SUBHEADER: settings.get(PluginSettings.SUBHEADER),
PluginSettings.WELCOME_TEXT:
settings.get(PluginSettings.WELCOME_TEXT),
PluginSettings.LOGO: settings.get(PluginSettings.LOGO),
}
def _submitEmail(msg, recipients):
from girderformindlogger.models.setting import Setting
setting = Setting()
smtp = _SMTPConnection(host=setting.get(SettingKey.SMTP_HOST),
port=setting.get(SettingKey.SMTP_PORT),
encryption=setting.get(SettingKey.SMTP_ENCRYPTION),
username=setting.get(SettingKey.SMTP_USERNAME),
password=setting.get(SettingKey.SMTP_PASSWORD))
logger.info('Sending email to %s through %s', ', '.join(recipients),
smtp.host)
with smtp:
smtp.send(msg['From'], recipients, msg.as_string())
def testLdapLogin(self):
settings = Setting()
self.assertEqual(settings.get(PluginSettings.SERVERS), [])
with self.assertRaises(ValidationException):
settings.set(PluginSettings.SERVERS, {})
settings.set(PluginSettings.SERVERS, [{
'baseDn': 'cn=Users,dc=foo,dc=bar,dc=org',
'bindName': 'cn=foo,cn=Users,dc=foo,dc=bar,dc=org',
'password': '******',
'searchField': 'mail',
'uri': 'foo.bar.org:389'
}])
with mock.patch('ldap.initialize',
return_value=MockLdap()) as ldapInit:
resp = self.request('/user/authentication',
basicAuth='hello:world')
self.assertEqual(len(ldapInit.mock_calls), 1)
self.assertStatusOk(resp)
# Register a new user
user = resp.json['user']
self.assertEqual(user['email'], '*****@*****.**')
self.assertEqual(user['firstName'], 'Foo')
self.assertEqual(user['lastName'], 'Bar')
self.assertEqual(user['login'], 'foobar')
# Login as an existing user
resp = self.request('/user/authentication',
basicAuth='hello:world')
self.assertStatusOk(resp)
self.assertEqual(resp.json['user']['_id'], user['_id'])
with mock.patch('ldap.initialize',
return_value=MockLdap(bindFail=True)):
resp = self.request('/user/authentication',
basicAuth='hello:world')
self.assertStatus(resp, 401)
with mock.patch('ldap.initialize',
return_value=MockLdap(searchFail=True)):
resp = self.request('/user/authentication',
basicAuth='hello:world')
self.assertStatus(resp, 401)
# Test fallback to logging in with core auth
normalUser = User().createUser(login='******',
firstName='Normal',
lastName='User',
email='*****@*****.**',
password='******')
with mock.patch('ldap.initialize',
return_value=MockLdap(searchFail=True)):
resp = self.request('/user/authentication',
basicAuth='normal:normaluser')
self.assertStatusOk(resp)
self.assertEqual(str(normalUser['_id']), resp.json['user']['_id'])
# Test registering from a record that only has a cn, no sn/givenName
record = {
'cn': [b'Fizz Buzz'],
'mail': [b'*****@*****.**'],
'distinguishedName': [b'shouldbeignored']
}
with mock.patch('ldap.initialize',
return_value=MockLdap(record=record)):
resp = self.request('/user/authentication',
basicAuth='fizzbuzz:foo')
self.assertStatusOk(resp)
self.assertEqual(resp.json['user']['login'], 'fizz')
self.assertEqual(resp.json['user']['firstName'], 'Fizz')
self.assertEqual(resp.json['user']['lastName'], 'Buzz')
# Test falling back to other name generation behavior (first+last name)
record = {
'cn': [b'Fizz Buzz'],
'mail': [b'*****@*****.**'],
'distinguishedName': [b'shouldbeignored']
}
with mock.patch('ldap.initialize',
return_value=MockLdap(record=record)):
resp = self.request('/user/authentication',
basicAuth='fizzbuzz:foo')
self.assertStatusOk(resp)
self.assertEqual(resp.json['user']['login'], 'fizzbuzz')
self.assertEqual(resp.json['user']['firstName'], 'Fizz')
self.assertEqual(resp.json['user']['lastName'], 'Buzz')