def test_update_role(self):
if not LOCAL_PRO_DEV_ENV:
return
self.login_as(self.admin)
# change user to guest user
data = {"email": self.tmp_email, "role": GUEST_USER}
resp = self.client.put(self.url, json.dumps(data), 'application/json')
json_resp = json.loads(resp.content)
self.assertEqual(200, resp.status_code)
assert json_resp['role'] == GUEST_USER
ccnet_email = ccnet_api.get_emailuser(self.tmp_email)
assert ccnet_email.role == GUEST_USER
# change user to default user
data = {"email": self.tmp_email, "role": DEFAULT_USER}
resp = self.client.put(self.url, json.dumps(data), 'application/json')
json_resp = json.loads(resp.content)
self.assertEqual(200, resp.status_code)
assert json_resp['role'] == DEFAULT_USER
ccnet_email = ccnet_api.get_emailuser(self.tmp_email)
assert ccnet_email.role == DEFAULT_USER
def test_user_management():
email1 = '%s@%s.com' % (randstring(6), randstring(6))
email2 = '%s@%s.com' % (randstring(6), randstring(6))
passwd1 = 'randstring(6)'
passwd2 = 'randstring(6)'
ccnet_api.add_emailuser(email1, passwd1, 1, 1)
ccnet_api.add_emailuser(email2, passwd2, 0, 0)
ccnet_email1 = ccnet_api.get_emailuser(email1)
ccnet_email2 = ccnet_api.get_emailuser(email2)
assert ccnet_email1.is_active == True
assert ccnet_email1.is_staff == True
assert ccnet_email2.is_active == False
assert ccnet_email2.is_staff == False
assert ccnet_api.validate_emailuser(email1, passwd1) == 0
assert ccnet_api.validate_emailuser(email2, passwd2) == 0
users = ccnet_api.search_emailusers('DB',email1, -1, -1)
assert len(users) == 1
user_ccnet = users[0]
assert user_ccnet.email == email1
user_counts = ccnet_api.count_emailusers('DB')
user_numbers = ccnet_api.get_emailusers('DB', -1, -1)
ccnet_api.update_emailuser('DB', ccnet_email2.id, passwd2, 1, 1)
email2_new = ccnet_api.get_emailuser(email2)
assert email2_new.is_active == True
assert email2_new.is_staff == True
ccnet_api.remove_emailuser('DB', email1)
ccnet_api.remove_emailuser('DB', email2)
def test_update_is_staff(self):
self.login_as(self.admin)
# make user staff
data = {"email": self.tmp_email, "is_staff": 'true'}
resp = self.client.put(self.url, json.dumps(data),
'application/json')
json_resp = json.loads(resp.content)
self.assertEqual(200, resp.status_code)
assert json_resp['is_staff'] == True
ccnet_email = ccnet_api.get_emailuser(self.tmp_email)
assert ccnet_email.is_staff == True
# make user not staff
data = {"email": self.tmp_email, "is_staff": 'False'}
resp = self.client.put(self.url, json.dumps(data),
'application/json')
json_resp = json.loads(resp.content)
self.assertEqual(200, resp.status_code)
assert json_resp['is_staff'] == False
ccnet_email = ccnet_api.get_emailuser(self.tmp_email)
assert ccnet_email.is_staff == False
def main():
if not ccnet_api.get_emailuser('dtable@seafile'):
ccnet_api.add_emailuser('dtable@seafile', '!', 0, 1)
if not ccnet_api.get_emailuser('*****@*****.**'):
ccnet_api.add_emailuser('*****@*****.**', 'testtest', 0, 1)
if not ccnet_api.get_emailuser('*****@*****.**'):
ccnet_api.add_emailuser('*****@*****.**', 'adminadmin', 1, 1)
return
def save(self):
emailuser = ccnet_api.get_emailuser(self.username)
if emailuser and emailuser.source.lower() in ("db", "ldapimport"):
if not hasattr(self, 'password'):
self.set_unusable_password()
if emailuser.source == "DB":
source = "DB"
else:
source = "LDAP"
if not self.is_active:
# clear web api and repo sync token
# when inactive an user
try:
clear_token(self.username)
except Exception as e:
logger.error(e)
result_code = ccnet_threaded_rpc.update_emailuser(
source, emailuser.id, self.password, int(self.is_staff),
int(self.is_active))
else:
result_code = ccnet_threaded_rpc.add_emailuser(
self.username, self.password, int(self.is_staff),
int(self.is_active))
# -1 stands for failed; 0 stands for success
return result_code
def show_login_details(user):
# print(seafile_api.list_repo_tokens_by_email(user))
# print(ccnet_api.get_emailuser(user).__dict__)
# ctime, is_staff, is_active, id
print("active: %s" % ccnet_api.get_emailuser(user).is_active)
print("last login: %s" % _get_last_login(user))
v1token = _get_v1token(user)
if v1token is not None:
print("v1 token created at: %s" % v1token.created)
else:
print("no v1 token")
print("\ndevices:")
out_table = [[
'device name', 'last accessed', 'platform', 'client version',
'desktop client', 'last login ip', 'device id'
]]
for dev in _get_devices(user):
out_table.append([
dev['device_name'], dev['last_accessed'],
"%s%s" %
(dev['platform'], " (%s)" %
dev['platform_version'] if dev['platform_version'] else ''),
dev['client_version'], dev['is_desktop_client'],
dev['last_login_ip'], dev['device_id']
])
_print_table(out_table)
def test_delete_user(self):
self.login_as(self.admin)
resp = self.client.delete(self.url)
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp['success'] == True
assert ccnet_api.get_emailuser(self.tmp_email) is None
def clean_email(self):
if user_number_over_limit():
raise forms.ValidationError(
_("The number of users exceeds the limit."))
email = self.cleaned_data['email']
if not self.allow_register(email):
raise forms.ValidationError(_("Enter a valid email address."))
if Profile.objects.filter(contact_email=email).exists():
raise forms.ValidationError(_("User %s already exists.") % email)
emailuser = ccnet_api.get_emailuser(email)
if not emailuser:
return self.cleaned_data['email']
else:
raise forms.ValidationError(_("User %s already exists.") % email)
def test_create_user(self):
self.login_as(self.admin)
data = {
"email": self.tmp_email,
"password": '******',
}
resp = self.client.post(self.url, json.dumps(data), 'application/json')
json_resp = json.loads(resp.content)
self.assertEqual(200, resp.status_code)
assert json_resp['email'] == self.tmp_email
ccnet_email = ccnet_api.get_emailuser(self.tmp_email)
assert ccnet_email.email == self.tmp_email
self.remove_user(self.tmp_email)
def basic_auth_user(self, realmname, username, password, environ):
if "'" in username:
return False
try:
ccnet_email = None
session = None
if self.session_cls:
session = self.session_cls()
user = api.get_emailuser(username)
if user:
ccnet_email = user.email
else:
if session:
profile_profile = seahub_db.Base.classes.profile_profile
q = session.query(profile_profile.user).filter(profile_profile.contact_email==username)
res = q.first()
if res:
ccnet_email = res[0]
if not ccnet_email:
_logger.warning('User %s doesn\'t exist', username)
return False
enable_webdav_secret = False
if hasattr(seahub_settings, 'ENABLE_WEBDAV_SECRET'):
enable_webdav_secret = seahub_settings.ENABLE_WEBDAV_SECRET
enable_two_factor_auth = False
if session and enableTwoFactorAuth(session, ccnet_email):
enable_two_factor_auth = True
if not enable_webdav_secret and enable_two_factor_auth:
_logger.warning("Two factor auth is enabled, no access to webdav.")
return False
elif enable_webdav_secret and enable_two_factor_auth:
if not validateSecret(session, password, ccnet_email):
return False
elif not enable_webdav_secret and not enable_two_factor_auth:
if api.validate_emailuser(ccnet_email, password) != 0:
return False
else:
if not validateSecret(session, password, ccnet_email) and \
api.validate_emailuser(ccnet_email, password) != 0:
return False
username = ccnet_email
except Exception as e:
_logger.warning('Failed to login: %s', e)
return False
finally:
if session:
session.close()
try:
user = api.get_emailuser_with_import(username)
if user.role == 'guest':
environ['seafile.is_guest'] = True
else:
environ['seafile.is_guest'] = False
except Exception as e:
_logger.exception('get_emailuser')
if multi_tenancy_enabled():
try:
orgs = api.get_orgs_by_user(username)
if orgs:
environ['seafile.org_id'] = orgs[0].org_id
except Exception as e:
_logger.exception('get_orgs_by_user')
pass
environ["http_authenticator.username"] = username
return True
def basic_auth_user(self, realmname, username, password, environ):
if "'" in username:
return False
try:
ccnet_email = None
session = None
if self.session_cls:
session = self.session_cls()
user = api.get_emailuser(username)
if user:
ccnet_email = user.email
else:
if session:
profile_profile = seahub_db.Base.classes.profile_profile
q = session.query(profile_profile.user).filter(
profile_profile.contact_email == username)
res = q.first()
if res:
ccnet_email = res[0]
if not ccnet_email:
_logger.warning('User %s doesn\'t exist', username)
return False
enable_webdav_secret = False
if hasattr(seahub_settings, 'ENABLE_WEBDAV_SECRET'):
enable_webdav_secret = seahub_settings.ENABLE_WEBDAV_SECRET
enable_two_factor_auth = False
if session and enableTwoFactorAuth(session, ccnet_email):
enable_two_factor_auth = True
if not enable_webdav_secret and enable_two_factor_auth:
_logger.warning(
"Two factor auth is enabled, no access to webdav.")
return False
if enable_webdav_secret:
if not session:
return False
else:
from Crypto.Cipher import AES
secret = seahub_settings.SECRET_KEY[:BLOCK_SIZE]
cipher = AES.new(secret.encode('utf8'), AES.MODE_ECB)
encoded_str = 'aes$' + EncodeAES(
cipher, password.encode('utf8')).decode('utf8')
options_useroptions = seahub_db.Base.classes.options_useroptions
q = session.query(options_useroptions.email)
q = q.filter(options_useroptions.email == ccnet_email,
options_useroptions.option_val == encoded_str)
res = q.first()
if not res:
return False
elif api.validate_emailuser(ccnet_email, password) != 0:
return False
username = ccnet_email
except Exception as e:
_logger.warning('Failed to login: %s', e)
return False
finally:
if session:
session.close()
try:
user = api.get_emailuser_with_import(username)
if user.role == 'guest':
environ['seafile.is_guest'] = True
else:
environ['seafile.is_guest'] = False
except Exception as e:
_logger.exception('get_emailuser')
if multi_tenancy_enabled():
try:
orgs = api.get_orgs_by_user(username)
if orgs:
environ['seafile.org_id'] = orgs[0].org_id
except Exception as e:
_logger.exception('get_orgs_by_user')
pass
environ["http_authenticator.username"] = username
return True
def test_user_management(repo):
email1 = '%s@%s.com' % (randstring(6), randstring(6))
email2 = '%s@%s.com' % (randstring(6), randstring(6))
passwd1 = 'randstring(6)'
passwd2 = 'randstring(6)'
ccnet_api.add_emailuser(email1, passwd1, 1, 1)
ccnet_api.add_emailuser(email2, passwd2, 0, 0)
ccnet_email1 = ccnet_api.get_emailuser(email1)
ccnet_email2 = ccnet_api.get_emailuser(email2)
assert ccnet_email1.is_active == True
assert ccnet_email1.is_staff == True
assert ccnet_email2.is_active == False
assert ccnet_email2.is_staff == False
assert ccnet_api.validate_emailuser(email1, passwd1) == 0
assert ccnet_api.validate_emailuser(email2, passwd2) == 0
users = ccnet_api.search_emailusers('DB', email1, -1, -1)
assert len(users) == 1
user_ccnet = users[0]
assert user_ccnet.email == email1
user_counts = ccnet_api.count_emailusers('DB')
user_numbers = ccnet_api.get_emailusers('DB', -1, -1)
ccnet_api.update_emailuser('DB', ccnet_email2.id, passwd2, 1, 1)
email2_new = ccnet_api.get_emailuser(email2)
assert email2_new.is_active == True
assert email2_new.is_staff == True
#test group when update user id
id1 = ccnet_api.create_group('group1', email1, parent_group_id=-1)
assert id1 != -1
group1 = ccnet_api.get_group(id1)
assert group1.parent_group_id == -1
# test shared repo when update user id
api.share_repo(repo.id, USER, email1, "rw")
assert api.repo_has_been_shared(repo.id)
new_email1 = '%s@%s.com' % (randstring(6), randstring(6))
assert ccnet_api.update_emailuser_id(email1, new_email1) == 0
shared_users = api.list_repo_shared_to(USER, repo.id)
assert len(shared_users) == 1
assert shared_users[0].repo_id == repo.id
assert shared_users[0].user == new_email1
assert shared_users[0].perm == "rw"
api.remove_share(repo.id, USER, new_email1)
email1_groups = ccnet_api.get_groups(new_email1)
assert len(email1_groups) == 1
assert email1_groups[0].id == id1
rm1 = ccnet_api.remove_group(id1)
assert rm1 == 0
ccnet_api.remove_emailuser('DB', new_email1)
ccnet_api.remove_emailuser('DB', email2)