def get_user(self,
request,
user_id=None,
token_id=None,
username=None,
email=None,
auth_key=None,
**kw):
"""Securely fetch a user by id, username, email or auth key
Returns user or nothing
"""
models = request.app.models
odm = request.app.odm()
now = datetime.utcnow()
if token_id:
with odm.begin(request=request) as session:
query = session.query(odm.token)
query = query.filter_by(id=token_id)
query.update({'last_access': now}, synchronize_session=False)
try:
return query.one().user
except NoResultFound:
return None
users = models.get('users')
with users.session(request) as session:
if auth_key:
query = models.get('registrations').get_query(session)
try:
reg = query.filter(id=auth_key).one()
except NoResultFound:
return
if reg.expiry > now:
user_id = reg.user_id
else:
return
query = users.get_query(session)
try:
if user_id:
user = query.filter(id=user_id).one()
elif username:
user = query.filter(username=username).one()
elif email:
user = query.filter(email=normalise_email(email)).one()
else:
return
except Http404:
return
return user.obj
def get_user(self, request, user_id=None, token_id=None, username=None,
email=None, auth_key=None, **kw):
"""Securely fetch a user by id, username, email or auth key
Returns user or nothing
"""
models = request.app.models
odm = request.app.odm()
now = datetime.utcnow()
if token_id:
with odm.begin(request=request) as session:
query = session.query(odm.token)
query = query.filter_by(id=token_id)
query.update({'last_access': now},
synchronize_session=False)
try:
return query.one().user
except NoResultFound:
return None
users = models.get('users')
with users.session(request) as session:
if auth_key:
query = models.get('registrations').get_query(session)
try:
reg = query.filter(id=auth_key).one()
except NoResultFound:
return
if reg.expiry > now:
user_id = reg.user_id
else:
return
query = users.get_query(session)
try:
if user_id:
user = query.filter(id=user_id).one()
elif username:
user = query.filter(username=username).one()
elif email:
user = query.filter(email=normalise_email(email)).one()
else:
return
except Http404:
return
return user.obj
def create_user(self,
request,
username=None,
password=None,
email=None,
first_name=None,
last_name=None,
active=False,
superuser=False,
session=None,
**kw):
"""Create a new user.
Either ``username`` or ``email`` must be provided.
"""
odm = request.app.odm()
email = normalise_email(email)
assert username or email
if username:
validate_username(request, username)
with odm.begin(session=session) as session:
if not username:
username = email
if session.query(odm.user).filter_by(username=username).count():
raise ValueError('Username not available')
if (email and session.query(
odm.user).filter_by(email=email).count()):
raise ValueError('Email not available')
user = odm.user(username=username,
password=self.password(request, password),
email=email,
first_name=first_name,
last_name=last_name,
active=active,
superuser=superuser,
**kw)
session.add(user)
return user
def create_user(self, request, username=None, password=None, email=None,
first_name=None, last_name=None, active=False,
superuser=False, session=None, **kw):
"""Create a new user.
Either ``username`` or ``email`` must be provided.
"""
odm = request.app.odm()
email = normalise_email(email)
assert username or email
if username:
validate_username(request, username)
with odm.begin(session=session) as session:
if not username:
username = email
if session.query(odm.user).filter_by(username=username).count():
raise ValueError('Username not available')
if (email and
session.query(odm.user).filter_by(email=email).count()):
raise ValueError('Email not available')
user = odm.user(username=username,
password=self.password(request, password),
email=email,
first_name=first_name,
last_name=last_name,
active=active,
superuser=superuser,
**kw)
session.add(user)
return user
def run(self, options, interactive=False):
username = options.username
password = options.password
email = options.email
if not username or not password or not email:
interactive = True
request = self.app.wsgi_request()
auth_backend = self.app.auth_backend
auth_backend.request(request.environ)
if interactive: # pragma nocover
def_username = get_def_username(request, auth_backend)
input_msg = 'Username'
if def_username:
input_msg += ' (Leave blank to use %s)' % def_username
username = None
email = None
password = None
try:
# Get a username
while not username:
username = input(input_msg + ': ')
if def_username and username == '':
username = def_username
if not RE_VALID_USERNAME.match(username):
self.write_err('Error: That username is invalid. Use '
'only letters, digits and underscores.')
username = None
else:
user = auth_backend.get_user(request,
username=username)
if user is not None:
self.write_err(
"Error: That username is already taken.\n")
username = None
while not email:
email = input('Email: ')
try:
email = normalise_email(email)
except Exception:
self.write_err('Error: That email is invalid.')
email = None
else:
user = auth_backend.get_user(request, email=email)
if user is not None:
self.write_err(
"Error: That email is already taken.")
email = None
# Get a password
while 1:
if not password:
password = getpass.getpass()
password2 = getpass.getpass('Password (again): ')
if password != password2:
self.write_err(
"Error: Your passwords didn't match.")
password = None
continue
if password.strip() == '':
self.write_err(
"Error: Blank passwords aren't allowed.")
password = None
continue
break
except KeyboardInterrupt:
self.write_err('\nOperation cancelled.')
return
user = auth_backend.create_superuser(request,
username=username,
email=normalise_email(email),
password=password)
if user:
self.write("Superuser %s created successfully.\n" % user.username)
else:
self.write_err("ERROR: could not create superuser")
return user
def run(self, options, interactive=False):
username = options.username
password = options.password
email = options.email
if not username or not password or not email:
interactive = True
request = self.app.wsgi_request()
auth_backend = self.app.auth_backend
auth_backend.request(request.environ)
if interactive: # pragma nocover
def_username = get_def_username(request, auth_backend)
input_msg = 'Username'
if def_username:
input_msg += ' (Leave blank to use %s)' % def_username
username = None
email = None
password = None
try:
# Get a username
while not username:
username = input(input_msg + ': ')
if def_username and username == '':
username = def_username
if not RE_VALID_USERNAME.match(username):
self.write_err('Error: That username is invalid. Use '
'only letters, digits and underscores.')
username = None
else:
user = auth_backend.get_user(request,
username=username)
if user is not None:
self.write_err(
"Error: That username is already taken.\n")
username = None
while not email:
email = input('Email: ')
try:
email = normalise_email(email)
except Exception:
self.write_err('Error: That email is invalid.')
email = None
else:
user = auth_backend.get_user(request, email=email)
if user is not None:
self.write_err(
"Error: That email is already taken.")
email = None
# Get a password
while 1:
if not password:
password = getpass.getpass()
password2 = getpass.getpass('Password (again): ')
if password != password2:
self.write_err(
"Error: Your passwords didn't match.")
password = None
continue
if password.strip() == '':
self.write_err(
"Error: Blank passwords aren't allowed.")
password = None
continue
break
except KeyboardInterrupt:
self.write_err('\nOperation cancelled.')
return
user = auth_backend.create_superuser(request,
username=username,
email=normalise_email(email),
password=password)
if user:
self.write("Superuser %s created successfully.\n" % user.username)
else:
self.write_err("ERROR: could not create superuser")
return user
