def post(self, org_id):
args = request.values
# check that user is an org admin or system admin
if current_user.role != current_user.SYSTEM_ADMIN:
try:
current_org_user = (
OrganizationUser.query
.filter(OrganizationUser.organization_id == org_id, OrganizationUser.user_id == current_user.id)
.one()
)
if not current_org_user.is_admin:
abort(403)
current_org_user = None
except NoResultFound:
abort(403)
# case 1: inviting a new user by email
if 'email_address' in args:
email_address = args['email_address']
if not ('.' in email_address and '@' in email_address): # fix(later): better validation
abort(405)
ar = AccountRequest()
ar.organization_id = org_id
ar.inviter_id = current_user.id
ar.creation_timestamp = datetime.datetime.utcnow()
ar.email_address = email_address
ar.email_sent = True
ar.email_failed = False
ar.access_code = make_code(30)
ar.attributes = '{}'
db.session.add(ar)
db.session.commit()
# send an email to the user
# fix(later): add error handling/retry
sys_name = current_app.config['SYSTEM_NAME']
org_full_name = json.loads(ar.organization.system_attributes)['full_name']
subject = '%s invitation from %s' % (sys_name, org_full_name)
message_body = '''You have been invited to join %s on %s.
Follow this link to create an account:
%screate-account/%s
''' % (org_full_name, sys_name, request.url_root, ar.access_code)
try:
send_email(email_address, subject, message_body, current_app.config)
except SMTPException:
return {'status': 'error'}
return {'status': 'ok'}
# case 2: assigning an existing user to be a member of this organization
else:
org_user = OrganizationUser() # fix(later): prevent duplicates
org_user.organization_id = org_id
org_user.user_id = args['user_id']
org_user.is_admin = bool(int(args['is_admin'])) # fix(later): make conversion safe
db.session.add(org_user)
db.session.commit()
return {'status': 'ok'}
def create_flow_user(email, username, password, fullname, is_sso, is_admin):
#
# Check if user exists
#
user = User.query.filter(User.user_name == username).first()
if user is not None:
print("User %s exists." % (username))
return
user_type = User.STANDARD_USER
if is_admin:
user_type = User.SYSTEM_ADMIN
#
# Create user
#
print("Creating user %s" % (username))
user_id = create_user(email, username, password, fullname, user_type)
#
# Add user to flow organization
#
print("Creating organization user.")
org_user = OrganizationUser()
org_user.organization_id = find_resource('/testing').id
org_user.user_id = user_id
org_user.is_admin = is_admin
db.session.add(org_user)
db.session.commit()
#
# Create a folder for this user to store their programs
# and a folder for recorded datasets (sequences)
#
folders = [
'testing/student-folders/%s/programs' % (username),
'testing/student-folders/%s/datasets' % (username)
]
for folder in folders:
print("Creating student folder %s." % (folder))
_create_folders(folder)
#
# Add some user metadata
#
path = '%s/%s/%s/userinfo' % ('testing', 'student-folders', username)
content = json.dumps({'is_sso': is_sso})
now = datetime.datetime.now()
resource = _create_file(path, now, now, content)
# print('Created flow user: %s' % (email))
user = User.query.filter(User.id == user_id).first()
return user
def create_admin_user(email_address, password):
"""Create a new system administrator user."""
assert '.' in email_address and '@' in email_address
user_id = create_user(email_address, '', password, 'System Admin',
User.SYSTEM_ADMIN)
org_user = OrganizationUser() # add to system organization
org_user.organization_id = find_resource('/system').id
org_user.user_id = user_id
org_user.is_admin = True
db.session.add(org_user)
db.session.commit()
default=False)
(options, args) = parser.parse_args()
# DB operations
if options.init_db:
print('creating/updating database')
db.create_all()
create_system_resources()
elif options.create_admin:
parts = options.create_admin.split(':')
email_address = parts[0]
password = parts[1]
assert '.' in email_address and '@' in email_address
user_id = create_user(email_address, '', password, 'System Admin',
User.SYSTEM_ADMIN)
org_user = OrganizationUser() # add to system organization
org_user.organization_id = find_resource('/system').id
org_user.user_id = user_id
org_user.is_admin = True
db.session.add(org_user)
db.session.commit()
print('created system admin: %s' % email_address)
elif options.migrate_db:
migrate_keys()
# start the debug server
else:
if options.enable_web_sockets:
print('running with websockets')
run_with_web_sockets()
else:
def create_account(access_code):
try:
ar = AccountRequest.query.filter(
AccountRequest.access_code == access_code).one()
except NoResultFound:
return Response('Sign-up code not found.')
if ar.redeemed_timestamp:
return Response('Sign-up code already redeemed.')
if datetime.datetime.utcnow() - ar.creation_timestamp > datetime.timedelta(
days=7):
return Response(
'Sign-up code has expired (must be used within one week).')
# handle form post case
if request.method == 'POST':
# get parameters
email_address = request.form['email_address']
password = request.form['pw1']
user_name = request.form.get('user_name', None)
full_name = request.form.get('full_name', None)
# verify user doesn't already exist with this email address
try:
user = User.query.filter(User.email_address == email_address).one()
return Response(
'An account with that email address already exists.')
except NoResultFound:
pass
# verify user doesn't already exist with this user name
if user_name:
try:
user = User.query.filter(User.user_name == user_name).one()
return Response('User name already in use.')
except NoResultFound:
pass
# create user
user_id = create_user(email_address, user_name, password, full_name,
User.STANDARD_USER)
ar.redeemed_timestamp = datetime.datetime.utcnow()
# create organization (unless invitation to join existing)
org_id = ar.organization_id
new_org = not org_id
if new_org:
org_id = create_organization(request.form['orgName'],
request.form['orgFolderName'])
# assign user to organization
org_user = OrganizationUser()
org_user.user_id = user_id
org_user.organization_id = org_id
org_user.is_admin = new_org
db.session.add(org_user)
db.session.commit()
return render_template('users/account-creation-complete.html',
hide_loc_nav=True)
# handle GET case
else:
if ar.organization_id:
return render_template(
'users/user-invitation.html',
organization_full_name=json.loads(
ar.organization.system_attributes)['full_name'],
email_address=ar.email_address,
access_code=access_code,
hide_loc_nav=True,
)
else:
return render_template(
'users/account-creation.html',
organization_name=ar.organization_name,
email_address=ar.email_address,
access_code=access_code,
hide_loc_nav=True,
)