def password_reset(email, password, actor):
"""Reset given user's password """
try:
acting_user = User.query.filter(User.email == actor).one()
except NoResultFound:
raise ValueError("email for acting user not found")
try:
target_user = User.query.filter(User.email == email).one()
except NoResultFound:
raise ValueError("email for target user not found")
if not acting_user.has_role(ROLE.ADMIN.value):
raise ValueError("Actor must be an admin")
if not password or len(str(password)) < 8:
raise ValueError("requires a valid password")
target_user.password = user_manager.hash_password(password)
db.session.commit()
auditable_event("cli password reset for {}".format(target_user),
user_id=acting_user.id,
subject_id=target_user.id,
context='account')
def add_user(email, role, password):
"""Add new user as specified """
validate_email(email)
if not password or len(str(password)) < 5:
raise ValueError("requires a password")
pw = user_manager.hash_password(password)
user = User(email=email, password=pw)
db.session.add(user)
roles = role.split(',') if role else []
try:
role_list = [Role.query.filter_by(name=r).one() for r in roles]
user.update_roles(role_list, acting_user=user)
except NoResultFound:
raise ValueError("one or more roles ill defined {}".format(roles))
db.session.commit()
auditable_event("new account generated (via cli) for {}".format(user),
user_id=user.id,
subject_id=user.id,
context='account')
def password_reset(email, password, actor):
"""Reset given user's password """
try:
acting_user = User.query.filter(
func.lower(User.email) == actor.lower()).one()
except NoResultFound:
raise ValueError("email for acting user <{}> not found".format(actor))
try:
target_user = User.query.filter(
func.lower(User.email) == email.lower()).one()
except NoResultFound:
raise ValueError("email for target user not found")
if not acting_user.has_role(ROLE.ADMIN.value):
raise ValueError("Actor must be an admin")
if not password or len(str(password)) < 8:
raise ValueError("requires a valid password")
target_user.password = user_manager.hash_password(password)
db.session.commit()
auditable_event(
"cli password reset for {}".format(target_user),
user_id=acting_user.id, subject_id=target_user.id, context='account')
def add_user(email, role, password):
"""Add new user as specified """
validate_email(email)
if not password or len(str(password)) < 5:
raise ValueError("requires a password")
pw = user_manager.hash_password(password)
user = User(email=email, password=pw)
db.session.add(user)
roles = role.split(',') if role else []
try:
role_list = [
Role.query.filter_by(name=r).one() for r in roles]
user.update_roles(role_list, acting_user=user)
except NoResultFound:
raise ValueError(
"one or more roles ill defined {}".format(roles))
db.session.commit()
auditable_event(
"new account generated (via cli) for {}".format(user),
user_id=user.id, subject_id=user.id, context='account')