def post(self, login):
"""
---
summary: Accept a pending registration
description: |
Accepts pending user registration.
Requires `manage_users` capability.
security:
- bearerAuth: []
tags:
- user
parameters:
- in: path
name: login
schema:
type: string
description: Login of pending account
responses:
200:
description: When user is successfully accepted
content:
application/json:
schema: UserSuccessResponseSchema
400:
description: When invalid login is provided.
403:
description: When user doesn't have `manage_users` capability.
500:
description: When SMTP server is unavailable or not properly configured on the server.
"""
user_login_obj = load_schema({"login": login}, UserLoginSchemaBase())
user = db.session.query(User).filter(User.login == login,
User.pending == true()).first()
user.pending = False
user.registered_on = datetime.datetime.now()
user.registered_by = g.auth_user.id
db.session.add(user)
try:
send_email_notification(
"register",
"New account registered in MWDB",
user.email,
base_url=app_config.mwdb.base_url,
login=user.login,
set_password_token=user.generate_set_password_token().decode(
"utf-8"))
except MailError:
logger.exception("Can't send e-mail notification")
raise InternalServerError(
"SMTP server needed to fulfill this request is not configured or unavailable."
)
db.session.commit()
logger.info('User accepted', extra={'user': user.login})
schema = UserSuccessResponseSchema()
return schema.dump({"login": user.login})
def post(self):
"""
---
summary: Get password change link for the current user
description: |
Requests password change link for currently authenticated user.
Link expires after setting a new password or after 14 days.
Link is sent to the e-mail address set in user's profile.
Requires `manage_profile` capability.
security:
- bearerAuth: []
tags:
- auth
responses:
200:
description: |
When password change link was successfully sent to the user's e-mail
content:
application/json:
schema: UserSuccessResponseSchema
403:
description: |
When user doesn't have required capability
500:
description: |
When SMTP server is unavailable or not properly configured
on the server.
"""
login = g.auth_user.login
email = g.auth_user.email
try:
send_email_notification(
"recover",
"Change password in MWDB",
email,
base_url=app_config.mwdb.base_url,
login=login,
set_password_token=g.auth_user.generate_set_password_token(),
)
except MailError:
logger.exception("Can't send e-mail notification")
raise InternalServerError(
"SMTP server needed to fulfill this request is"
" not configured or unavailable.")
schema = UserSuccessResponseSchema()
logger.info("Requested password change token", extra={"user": login})
return schema.dump({"login": login})
def delete(self, login):
"""
---
summary: Delete user
description: |
Remove user from database.
Requires `manage_users` capability.
security:
- bearerAuth: []
tags:
- user
parameters:
- in: path
name: login
schema:
type: string
description: User login
responses:
200:
description: When user was removed successfully
content:
application/json:
schema: UserSuccessResponseSchema
403:
description: When user doesn't have `manage_users` capability.
404:
description: When user doesn't exist.
503:
description: |
Request canceled due to database statement timeout.
"""
if g.auth_user.login == login:
raise Forbidden("You can't remove yourself from the database.")
user = db.session.query(User).filter(User.login == login).first()
if user is None:
raise NotFound("No such user")
group = (db.session.query(Group).filter(Group.name == login)).first()
db.session.delete(user)
db.session.delete(group)
db.session.commit()
hooks.on_removed_user(user)
hooks.on_removed_group(group)
logger.info("User was deleted", extra={"user": login})
schema = UserSuccessResponseSchema()
return schema.dump({"login": login})
def delete(self, login):
"""
---
summary: Reject a pending registration
description: |
Rejects pending user registration.
Requires `manage_users` capability.
security:
- bearerAuth: []
tags:
- user
parameters:
- in: path
name: login
schema:
type: string
description: Login of pending account
responses:
200:
description: When user is successfully rejected
content:
application/json:
schema: UserSuccessResponseSchema
400:
description: When invalid login is provided.
403:
description: When user doesn't have `manage_users` capability.
404:
description: When user doesn't exist or is already accepted/rejected.
500:
description: |
When SMTP server is unavailable or not properly configured
on the server.
"""
user_login_obj = load_schema({"login": login}, UserLoginSchemaBase())
obj = load_schema(request.args, UserRejectRequestArgsSchema())
user = (db.session.query(User).filter(
User.login == user_login_obj["login"],
User.pending == true()).first())
if not user:
raise NotFound("User doesn't exist or is already rejected")
group = (db.session.query(Group).filter(
Group.name == user_login_obj["login"]).first())
user.groups.remove(group)
db.session.delete(group)
db.session.delete(user)
db.session.commit()
if obj["send_email"]:
try:
send_email_notification(
"rejection",
"MWDB account request has been rejected",
user.email,
base_url=app_config.mwdb.base_url,
login=user.login,
set_password_token=user.generate_set_password_token().
decode("utf-8"),
)
except MailError:
logger.exception("Can't send e-mail notification")
raise InternalServerError(
"SMTP server needed to fulfill this request "
"is not configured or unavailable.")
logger.info(
"User rejected with notification",
extra={"user": user_login_obj["login"]},
)
else:
logger.info(
"User rejected without notification",
extra={"user": user_login_obj["login"]},
)
schema = UserSuccessResponseSchema()
return schema.dump({"login": user_login_obj["login"]})
def post(self, login):
"""
---
summary: Get password change link for specific user
description: |
Requests password change link for specific user.
Link expires after setting a new password or after 14 days.
Link is sent to the e-mail address set in user's profile.
Requires `manage_users` capability.
security:
- bearerAuth: []
tags:
- user
parameters:
- in: path
name: login
required: true
schema:
type: string
description: Login of specific user
responses:
200:
description: |
When password change link was successfully sent to the user's e-mail
content:
application/json:
schema: UserSuccessResponseSchema
403:
description: |
When user doesn't have required capability
404:
description: |
When user doesn't exists.
500:
description: |
When SMTP server is unavailable or not properly configured
on the server.
503:
description: |
Request canceled due to database statement timeout.
"""
user_login_obj = load_schema({"login": login}, UserLoginSchemaBase())
user = (db.session.query(User).filter(
User.login == user_login_obj["login"]).first())
if not user:
raise NotFound("User doesn't exist")
try:
send_email_notification(
"recover",
"Change password in MWDB",
recipient_email=user.email,
base_url=app_config.mwdb.base_url,
login=user.login,
set_password_token=user.generate_set_password_token(),
)
except MailError:
logger.exception("Can't send e-mail notification")
raise InternalServerError(
"SMTP server needed to fulfill this request is"
" not configured or unavailable.")
schema = UserSuccessResponseSchema()
logger.info("Requested password change token", extra={"user": login})
return schema.dump({"login": login})