def run_csv_file(db_conn, filename, optdict):
"""Runs the appropriate actions from a CSV file.
:param db_conn: DB connection object
:param filename: CSV filename
:param optdict: Options dictionary.
:returns int: number of successful user actions.
"""
api = account_mgr.get_api(config)
log = logging.getLogger("run_csv_file")
dict_reader = csv.DictReader(filename)
if 'setpw' in optdict:
user_dicts = assure_keys(dict_reader, SETPW_REQUIRED_KEYS)
emails = (email for email in user_dicts['email_addr'])
pws = (pw for pw in user_dicts['password'])
set_multi_passwords(db_conn, emails, pws)
# All done, so leave the function here.
return len(user_dicts)
success_count = 0
if 'create' in optdict:
# Runs the creation routine for each user.
user_dicts = assure_keys(dict_reader, CREATE_REQUIRED_KEYS)
for user in user_dicts:
api.create_user(
{'name': user['given_name'] + ' ' + user['surname'],
'email': user['email_addr'],
'group_id': user['group_id'],
})
success_count += 1
elif 'set_email' in optdict:
# Sets emails for each user.
user_dicts = assure_keys(dict_reader, SET_EMAIL_REQUIRED_KEYS)
for user in user_dicts:
api.edit_user(user['email_addr'], dict(email=user['new_email']))
success_count += 1
elif 'set_group' in optdict:
# Sets groups for each user.
user_dicts = assure_keys(dict_reader, SET_GROUP_REQUIRED_KEYS)
for user in user_dicts:
api.edit_user(user['email_addr'], dict(group_id=user['group_id']))
success_count += 1
elif 'disable' in optdict:
user_dicts = assure_keys(dict_reader, frozenset(['email_addr']))
for user in user_dicts:
api.edit_user(user['email_addr'], dict(enabled=False))
success_count += 1
elif 'enable' in optdict:
user_dicts = assure_keys(dict_reader, frozenset(['email_addr']))
for user in user_dicts:
api.edit_user(user['email_addr'], dict(enabled=True))
success_count += 1
else:
raise UsersActionError("Got an action that's not accounted for!")
return success_count
def run_db_repair(config, db_conn):
"""Repairs the current user DB and billing API versus LDAP."""
# TODO: figure out what to do when email addresses *don't* match.
log = logging.getLogger("run_db_repair")
# Collect the users from LDAP, and insert into a temporary table.
ldap_conn = ldap_source.OMLDAPConnection(config["dir_uri"],
config["dir_base_dn"],
config["dir_user"],
config["dir_password"])
log.info("Collecting LDAP groups")
ldap_users = ldap_source.collect_groups(ldap_conn, config)
cur = db_conn.cursor()
cur.execute("CREATE TEMPORARY TABLE ldap_users (LIKE users) ON COMMIT DROP;")
cur.execute("ALTER TABLE ldap_users DROP COLUMN avatar_id;")
cur.execute("ALTER TABLE ldap_users DROP COLUMN enabled;")
cur.executemany("INSERT INTO ldap_users (uniqueid, email, givenname, surname, group_id) VALUES (%(uniqueid)s, %(email)s, %(firstname)s, %(lastname)s, %(group_id)s);",
ldap_users)
# Collect the users from the SpiderOak Accounts API, and insert into
# a temporary table.
log.info("Collecting SpiderOak user details")
api = account_mgr.get_api(config)
spider_users = api.list_users()
for spider_user in spider_users:
first_name, sep, last_name = spider_user['name'].strip().partition(' ')
if not last_name:
last_name = ' '
spider_user['firstname'] = first_name
spider_user['lastname'] = last_name
cur = db_conn.cursor()
cur.execute("CREATE TEMPORARY TABLE spider_users (LIKE users) ON COMMIT DROP;")
cur.execute("ALTER TABLE spider_users DROP COLUMN uniqueid;")
cur.executemany("INSERT INTO spider_users "
"(avatar_id, email, givenname, surname, group_id, enabled) VALUES "
"(%(avatar_id)s, %(email)s, %(firstname)s, %(lastname)s, "
"%(group_id)s, %(enabled)s);",
spider_users)
cur.execute("SELECT email, count(email) as occurences from ldap_users group by email having ( count(email) > 1 )")
for row in cur.fetchall():
log.error("---> Duplicate user %s found %d times in LDAP query!", row[0], row[1])
# Clear out the current database.
cur.execute("DELETE FROM users;")
log.info("Inserting joined fields into the database")
# Insert rows into users where email addresses match.
cur.execute("INSERT INTO users "
"SELECT l.uniqueid, s.email, s.avatar_id, s.givenname, "
"s.surname, s.group_id, s.enabled "
"FROM ldap_users l JOIN spider_users AS s ON l.email = s.email ")
db_conn.commit()
def run_single_command(db_conn, email_address, optdict):
log = logging.getLogger("run_single_command")
api = account_mgr.get_api(config)
if optdict['setpw']:
set_user_password(db_conn, email_address, optdict['password'])
elif optdict['create']:
api.create_user(
{'name': optdict['given_name'] + ' ' + optdict['surname'],
'email': optdict['email_addr'],
'group_id': optdict['group_id'],
})
elif optdict['set_email']:
api.edit_user(optdict['email_addr'], dict(email=optdict['new-email']))
elif optdict['set_group']:
api.edit_user(optdict['email_addr'], dict(group_id=optdict['group_id']))
elif optdict['disable']:
api.edit_user(optdict['email_addr'], dict(enabled=False))
elif optdict['enable']:
api.edit_user(optdict['email_addr'], dict(enabled=True))
else:
raise UsersActionError("Got an action that's not accounted for!")
def __init__(self, config, db_conn):
self._log = logging.getLogger("AccountRunner")
self._promo_code = config.get("promo_code", None)
self._db_conn = db_conn
self._api = account_mgr.get_api(config)
self._config = config
def run_db_repair(config, db_conn):
"""Repairs the current user DB and billing API versus LDAP."""
# TODO: figure out what to do when email addresses *don't* match.
log = logging.getLogger("run_db_repair")
# Collect the users from LDAP, and insert into a temporary table.
ldap_conn = ldap_source.OMLDAPConnection(config["dir_uri"],
config["dir_base_dn"],
config["dir_user"],
config["dir_password"])
log.info("Collecting LDAP groups")
ldap_users = ldap_source.collect_groups(ldap_conn, config)
cur = db_conn.cursor()
cur.execute("CREATE TEMPORARY TABLE ldap_users (LIKE users) ON COMMIT DROP;")
cur.execute("ALTER TABLE ldap_users DROP COLUMN avatar_id;")
cur.execute("ALTER TABLE ldap_users DROP COLUMN enabled;")
cur.executemany("INSERT INTO ldap_users (uniqueid, email, givenname, surname, group_id) VALUES (%(uniqueid)s, %(email)s, %(firstname)s, %(lastname)s, %(group_id)s);",
ldap_users)
# Collect the users from the SpiderOak Accounts API, and insert into
# a temporary table.
log.info("Collecting SpiderOak user details")
api = account_mgr.get_api(config)
spider_users = api.list_users()
for spider_user in spider_users:
first_name, sep, last_name = spider_user['name'].strip().partition(' ')
if not last_name:
last_name = ' '
spider_user['firstname'] = first_name
spider_user['lastname'] = last_name
cur = db_conn.cursor()
cur.execute("CREATE TEMPORARY TABLE spider_users (LIKE users) ON COMMIT DROP;")
cur.execute("ALTER TABLE spider_users DROP COLUMN uniqueid;")
cur.executemany("INSERT INTO spider_users "
"(avatar_id, email, givenname, surname, group_id, enabled) VALUES "
"(%(avatar_id)s, %(email)s, %(firstname)s, %(lastname)s, "
"%(group_id)s, %(enabled)s);",
spider_users)
# Delete duplicate rows
cur.execute("DELETE FROM ldap_users "
"WHERE ctid NOT IN "
"(SELECT MAX(l.ctid) "
"FROM ldap_users l "
"GROUP BY l.email)"
)
# Clear out the current database.
cur.execute("DELETE FROM users;")
log.info("Inserting joined fields into the database")
# Insert rows into users where email addresses match.
cur.execute("INSERT INTO users "
"SELECT l.uniqueid, s.email, s.avatar_id, s.givenname, "
"s.surname, s.group_id, s.enabled "
"FROM ldap_users l JOIN spider_users AS s ON l.email = s.email ")
# Collect the list of users who are NOT in the LDAP
# There are two types of users not in the LDAP sync groups we're looking through:
# 1. Users who exist in the LDAP still, but not anymore in a monitored group
# 2. Users who do not at all exist in the LDAP.
#
# Users in the first group we can enter back into the user sync database as disabled,
# as we can locate some form of unique ID from the LDAP to put in the sync DB. The
# second group needs to be just disabled on the Accounts API side. Note that users
# in this second group will have to have the whole DB rebuilt if they reappear on the LDAP
# and wish to continue using the same account.
cur.execute("SELECT s.email, s.avatar_id, s.givenname, s.surname, s.group_id, s.enabled "
"FROM spider_users s "
"LEFT OUTER JOIN ldap_users l USING (email) "
"WHERE l.email IS NULL")
orphans = cur.fetchall()
# We only care about ldap users here
orphans = [x for x in orphans \
if get_config_group(config, x[4])["user_source"] == 'ldap']
# "found_orphans" are the users who exist *somewhere* in the LDAP. lost_orphans do not.
found_orphans = _run_disabled_users_for_repair(ldap_conn, config, cur.description, orphans)
found_emails = [y['email'] for y in found_orphans]
lost_orphans = [x for x in orphans if x[0] not in found_emails]
# Put the found orphans in the DB.
cur.executemany("INSERT INTO users "
"(avatar_id, email, givenname, surname, group_id, enabled, uniqueid) "
"VALUES (%(avatar_id)s, %(email)s, %(givenname)s, %(surname)s, "
" %(group_id)s, %(enabled)s, %(uniqueid)s);",
found_orphans)
db_conn.commit()
# ...and disable the lost orphans. We don't care about already disabled lost orphans,
# we want to only disable orphans who are enabled so they can be rounded up and
# deleted.
for orphan in lost_orphans:
if orphan[5]: # If the user is enabled then disable them.
api.edit_user(orphan[0], dict(enabled=False))
def __init__(self, config, db_conn):
self._log = logging.getLogger("AccountRunner")
self._promo_code = config.get("promo_code", None)
self._db_conn = db_conn
self._api = account_mgr.get_api(config)
def get_user_list():
"""Fetches the list of users from SpiderOak, returns it as JSON."""
api = account_mgr.get_api(config)
return api.list_users()
def run_db_repair(config, db_conn):
"""Repairs the current user DB and billing API versus LDAP."""
# TODO: figure out what to do when email addresses *don't* match.
log = logging.getLogger("run_db_repair")
# Collect the users from LDAP, and insert into a temporary table.
ldap_conn = ldap_source.OMLDAPConnection(config["dir_uri"],
config["dir_base_dn"],
config["dir_user"],
config["dir_password"])
log.info("Collecting LDAP groups")
ldap_users = ldap_source.collect_groups(ldap_conn, config)
cur = db_conn.cursor()
cur.execute("CREATE TEMPORARY TABLE ldap_users (LIKE users) ON COMMIT DROP;")
cur.execute("ALTER TABLE ldap_users DROP COLUMN avatar_id;")
cur.execute("ALTER TABLE ldap_users DROP COLUMN enabled;")
cur.executemany("INSERT INTO ldap_users (uniqueid, email, givenname, surname, group_id) VALUES (%(uniqueid)s, %(email)s, %(firstname)s, %(lastname)s, %(group_id)s);",
ldap_users)
# Collect the users from the SpiderOak Accounts API, and insert into
# a temporary table.
log.info("Collecting SpiderOak user details")
api = account_mgr.get_api(config)
spider_users = api.list_users()
for spider_user in spider_users:
first_name, sep, last_name = spider_user['name'].strip().partition(' ')
if not last_name:
last_name = ' '
spider_user['firstname'] = first_name
spider_user['lastname'] = last_name
cur = db_conn.cursor()
cur.execute("CREATE TEMPORARY TABLE spider_users (LIKE users) ON COMMIT DROP;")
cur.execute("ALTER TABLE spider_users DROP COLUMN uniqueid;")
cur.executemany("INSERT INTO spider_users "
"(avatar_id, email, givenname, surname, group_id, enabled) VALUES "
"(%(avatar_id)s, %(email)s, %(firstname)s, %(lastname)s, "
"%(group_id)s, %(enabled)s);",
spider_users)
# Delete duplicate rows
cur.execute("DELETE FROM ldap_users "
"WHERE ctid NOT IN "
"(SELECT MAX(l.ctid) "
"FROM ldap_users l "
"GROUP BY l.email)"
)
# Clear out the current database.
cur.execute("DELETE FROM users;")
log.info("Inserting joined fields into the database")
# Insert rows into users where email addresses match.
cur.execute("INSERT INTO users "
"SELECT l.uniqueid, s.email, s.avatar_id, s.givenname, "
"s.surname, s.group_id, s.enabled "
"FROM ldap_users l JOIN spider_users AS s ON l.email = s.email ")
# Collect the list of users who are NOT in the LDAP
# There are two types of users not in the LDAP sync groups we're looking through:
# 1. Users who exist in the LDAP still, but not anymore in a monitored group
# 2. Users who do not at all exist in the LDAP.
#
# Users in the first group we can enter back into the user sync database as disabled,
# as we can locate some form of unique ID from the LDAP to put in the sync DB. The
# second group needs to be just disabled on the Accounts API side. Note that users
# in this second group will have to have the whole DB rebuilt if they reappear on the LDAP
# and wish to continue using the same account.
cur.execute("SELECT s.email, s.avatar_id, s.givenname, s.surname, s.group_id, s.enabled "
"FROM spider_users s "
"LEFT OUTER JOIN ldap_users l USING (email) "
"WHERE l.email IS NULL")
orphans = cur.fetchall()
# We only care about ldap users here
orphans = [x for x in orphans \
if get_config_group(config, x[4])["user_source"] == 'ldap']
# "found_orphans" are the users who exist *somewhere* in the LDAP. lost_orphans do not.
found_orphans = _run_disabled_users_for_repair(ldap_conn, config, cur.description, orphans)
found_emails = [y['email'] for y in found_orphans]
lost_orphans = [x for x in orphans if x[0] not in found_emails]
# Put the found orphans in the DB.
cur.executemany("INSERT INTO users "
"(avatar_id, email, givenname, surname, group_id, enabled, uniqueid) "
"VALUES (%(avatar_id)s, %(email)s, %(givenname)s, %(surname)s, "
" %(group_id)s, %(enabled)s, %(uniqueid)s);",
found_orphans)
db_conn.commit()
# ...and disable the lost orphans. We don't care about already disabled lost orphans,
# we want to only disable orphans who are enabled so they can be rounded up and
# deleted.
for orphan in lost_orphans:
if orphan[5]: # If the user is enabled then disable them.
api.edit_user(orphan[0], dict(enabled=False))
