def handle(self, *args, **kwargs): """ Run our custom management command. """ for user in User.objects.all(): user.uses_identity_api = False if user.ad_hoc or user.username in ["", None]: user.save() continue success,response = identity_api.create(user.username, password="******") if success: user.identity_api_hash = None # Not known yet. user.identity_api_salt = response['server_salt'] print "Successfully created 3taps identity for "+user.username else: user.identity_api_hash = None # Not known yet. user.identity_api_salt = None # Not known yet. print "Uable to create identity for "+user.username print " " + response user.save()
def update(session, username=None, password=None, phone_number=None): """ Update the details of the currently logged-in user. """ raise UnauthorizedException() # Disable for now. logger.debug("in core.api.users.update(" + "session=%s, username=%s, password=%s, phone_number=%s)" % (repr(session), repr(username), repr(password), repr(phone_number))) if session == None: raise InvalidParametersException() sessionHandler.validate(session) user = sessionHandler.get_user(session) # Remember if the user had a username or password. if user.username not in ["", None]: had_username = True else: had_username = False if user.password_salt not in ["", None]: had_password = True else: had_password = False # If we're setting a username and password for this user, and we didn't # have one previously, create a 3taps Identity for this user. Note that # this may fail, if the username is already in use. if not had_username and username != None: if password == None: raise InvalidParametersException() _check_username(username) _check_password(password) # Try creating this user within the 3taps Identity API. success,response = identity_api.create(username, password) if not success: if response.startswith("403 error"): raise DuplicateUsernameException() else: raise InvalidParametersException() # Check that we don't have a local user with that username. try: existing_user = User.objects.get(username__iexact=username) except User.DoesNotExist: existing_user = None if existing_user != None: raise DuplicateUsernameException() # Finally, save the updated user details into our database. salt = response['server_salt'] hash = hashlib.md5(password + salt).hexdigest() user.uses_identity_api = True user.username = username user.identity_api_salt = salt user.identity_api_hash = hash user.save() # If we're changing the username for this user, ask the 3taps Identity API # to change the username. Note that this may fail, if the new username is # already in use. if had_username and username != None and username != user.username: success,response = identity_api.login(user.username, pass_hash=user.identity_api_hash) if not success: raise UnauthorizedException() session = response success,response = identity_api.update(session, {'username' : username}) if not success: if response.startswith("403 error"): raise DuplicateUsernameException() else: raise InvalidParametersException() identity_api.logout(session) # Check that we don't have a local user with that username. try: existing_user = User.objects.get(username__iexact=username) except User.DoesNotExist: existing_user = None if existing_user != None: raise DuplicateUsernameException() # Finally, save the updated user details into our database. user.username = username user.save() # If we're changing the password for this user, ask the 3taps Identity API # to change the password. if password != None: if user.username in ["", None]: # We can't change the password if we don't have a username. raise InvalidParametersException() if user.uses_identity_api: success,response = \ identity_api.login(user.username, pass_hash=user.identity_api_hash) else: success,response = \ identity_api.login(user.username, password="******") if not success: raise UnauthorizedException() session = response success,response = identity_api.update(session, {'username' : username}) if not success: if response.startswith("403 error"): raise DuplicateUsernameException() else: raise InvalidParametersException() identity_api.logout(session) salt = response['server_salt'] hash = hashlib.md5(password + salt).hexdigest() user.uses_identity_api = True user.identity_api_salt = salt user.identity_api_hash = hash user.save() # If we've been asked to update the user's phone number, do so. # NOTE: someone was using this to hack our system, so I've disabled it. if False: # phone_number != None: if phone_number == "": user.phone_number = None # Remove current phone number. else: phone_number = utils.format_phone_number(phone_number) try: existing_user = User.objects.get(phone_number=phone_number) except User.DoesNotExist: existing_user = None if existing_user != None and user.id != existing_user.id: raise DuplicatePhoneNumberException() user.phone_number = phone_number # If this was an ad hoc user who we're now making permanent, change their # "ad hoc" status, and create a new default topic for the user. if user.ad_hoc and (username != None or password != None or phone_number != None): user.ad_hoc = False _create_default_topic(user) # If we have been given a username and password for this user, record them # as signing up. if not had_username and not had_password: if username not in ["", None] and password not in ["", None]: eventRecorder.record_event(eventRecorder.EVENT_TYPE_NEW_USER_SIGNUP) # Finally, save the updated user and return a copy of it back to the # caller. user.updated_at = datetime.datetime.utcnow() user.save() return user.to_dict()
def create(username=None, password=None, phone_number=None): """ Create a new User within the system. """ raise UnauthorizedException() # Disable for now. logger.debug("in core.api.users.create(" + "username=%s, password=%s, phone_number=%s)" % (repr(username), repr(password), repr(phone_number))) if username == "": username = None if password == "": password = None if phone_number == "": phone_number = None if username == None and password == None and phone_number == None: ad_hoc = True else: ad_hoc = False if username != None: _check_username(username) if password != None: _check_password(password) if username != None or password != None: if username == None or password == None: # username and password must both be set at the same time. raise InvalidParametersException() if phone_number != None: phone_number = utils.format_phone_number(phone_number) try: existing_user = User.objects.get(phone_number=phone_number) except User.DoesNotExist: existing_user = None if existing_user != None: raise DuplicatePhoneNumberException() if username != None: # The user is attempting to create a new user with a username and # password. Try to create the 3taps identity for this new user, and # raise a DuplicateUsernameException if the user already exists. success,response = identity_api.create(username, password) if not success: if response.startswith("403 error"): raise DuplicateUsernameException() else: raise InvalidParametersException() user = User() user.ad_hoc = ad_hoc user.username = username if username != None: salt = response['server_salt'] hash = hashlib.md5(password + salt).hexdigest() user.uses_identity_api = True user.identity_api_salt = salt user.identity_api_hash = hash else: user.uses_identity_api = False user.identity_api_hash = None user.identity_api_salt = None user.phone_number = phone_number user.verification_code = None user.verified = False user.created_at = datetime.datetime.utcnow() user.updated_at = datetime.datetime.utcnow() user.save() # If the new user has a username and password, record it as a new user # signup. if username != None and password != None: eventRecorder.record_event(eventRecorder.EVENT_TYPE_NEW_USER_SIGNUP) # While we're at it, create a default topic for the new user if they're not # an ad hoc user. if not ad_hoc: _create_default_topic(user) # Finally, return the new user's details to the caller. return user.to_dict()