def connect_to_db(**kwargs):
fame_init()
from fame.core.user import User
worker_user = User.get(email="worker@fame")
if worker_user:
fame_config.api_key = worker_user['api_key']
def create_user(name,
email,
groups,
default_sharing,
permissions,
password=None):
user = User.get(email=email.lower())
if user:
print "/!\ User with this email address already exists."
else:
user = User({
'name': name,
'email': email.lower(),
'groups': groups,
'default_sharing': default_sharing,
'permissions': permissions,
'enabled': True
})
if password:
user['pwd_hash'] = generate_password_hash(password)
user.save()
print "[+] User created."
user.generate_avatar()
print "[+] Downloaded avatar."
return user
def password_reset_form():
email_server = EmailServer(TEMPLATES_DIR)
if email_server.is_connected:
if request.method == 'POST':
email = request.form.get('email')
if not email:
flash('You have to specify an email address', 'danger')
else:
user = User.get(email=email)
if user:
token = password_reset_token(user)
reset_url = urljoin(fame_config.fame_url, url_for('auth.password_reset', token=token))
msg = email_server.new_message_from_template("Reset your FAME account's password.", 'mail_reset_password.html', {'user': user, 'url': reset_url})
msg.send([user['email']])
flash('A password reset link was sent.')
return redirect('/login')
return render_template('password_reset_form.html')
else:
flash('Functionnality unavailable. Contact your administrator', 'danger')
return redirect('/login')
def get_or_create_user(saml_name_id, saml_user_data):
user = User.get(saml_name_id=saml_name_id)
if user:
return user_if_enabled(user)
return create_user(saml_name_id, saml_user_data)
def api_auth(request):
api_key = request.headers.get('X-API-KEY')
user = User.get(api_key=api_key)
if user:
user.is_api = True
return user_if_enabled(user)
def create_user_for_worker(context):
from fame.core.user import User
from web.auth.user_password.user_management import create_user
worker_user = User.get(email="worker@fame")
if worker_user:
print "[+] User for worker already created."
else:
print "[+] Creating user for worker ..."
worker_user = create_user("FAME Worker", "worker@fame", ["*"], ["*"], ["worker"])
context['api_key'] = worker_user['api_key']
def authenticate(email, password):
user = User.get(email=email.lower())
if user_if_enabled(user):
if 'pwd_hash' in user:
if check_password_hash(user['pwd_hash'], password):
if 'auth_token' not in user:
user.update_value('auth_token', auth_token(user))
login_user(user)
return user
return None
def get_or_create_user():
user = User.get(email="admin@fame")
if not user:
user = User({
'name': "admin",
'email': "admin@fame",
'groups': ['admin', '*'],
'default_sharing': ['admin'],
'permissions': ['*'],
'enabled': True
})
user.save()
user.generate_avatar()
return user
def authenticate(email, password):
ldap_user = ldap_authenticate(email, password)
if not ldap_user:
# user not found in LDAP, update local user object accordingly (if existent)
user = User.get(email=email)
if user:
print(("Disabling user {}: not available in LDAP".format(email)))
user.update_value('enabled', False)
return user
user = update_or_create_user(ldap_user)
if user:
login_user(user)
return user
def update_or_create_user(ldap_user):
user = User.get(email=ldap_user['mail'])
if user:
# update groups
groups = get_mapping(ldap_user['groups'], "groups")
user.update_value('groups', groups)
# update default sharings
default_sharing = get_mapping(ldap_user['groups'], "default_sharing")
user.update_value('default_sharing', default_sharing)
# update permissions
permissions = get_mapping(ldap_user["groups"], "permissions")
user.update_value('permissions', permissions)
# enable/disable user
user.update_value('enabled', ldap_user['enabled'])
return user_if_enabled(user)
return create_user(ldap_user)
def load_user(token):
return user_if_enabled(User.get(auth_token=token))
def load_user(user_id):
return user_if_enabled(User.get(_id=ObjectId(user_id)))
