def _create_user(session, login, role, full_name, email, password = '******', invalid_password = None, other_auths = None):
user = model.DbUser(login, full_name, email, None, role)
session.add(user)
weblab_db = session.query(model.DbAuth).filter_by(name = "WebLab DB").one()
if not invalid_password:
session.add(model.DbUserAuth(user, weblab_db, password2sha(password, 'aaaa')))
else:
session.add(model.DbUserAuth(user, weblab_db, invalid_password))
for (auth_type, value) in (other_auths or ()):
session.add(model.DbUserAuth(user, auth_type, value))
return user
def grant_external_credentials(self, username, external_id, system):
""" Given a system and an external_id, grant access with those credentials for user user_id. Before calling
this method, the system has checked that this user is the owner of external_id and of user_id"""
session = self.Session()
try:
try:
auth_type = session.query(
Model.DbAuthType).filter_by(name=system).one()
auth = auth_type.auths[0]
except (NoResultFound, KeyError):
raise DbErrors.DbUserNotFoundError(
"System '%s' not found in database" % system)
try:
user = session.query(
Model.DbUser).filter_by(login=username).one()
except NoResultFound:
raise DbErrors.DbUserNotFoundError(
"User '%s' not found in database" % user)
for user_auth in user.auths:
if user_auth.auth == auth:
raise DbErrors.DbUserNotFoundError(
"User '%s' already has credentials in system %s" %
(username, system))
user_auth = Model.DbUserAuth(user=user,
auth=auth,
configuration=str(external_id))
session.add(user_auth)
session.commit()
finally:
session.close()
def insert_user_auth(self, user, auth, configuration):
try:
user_auth = Model.DbUserAuth(user, auth, configuration)
self.session.add(user_auth)
self.session.commit()
return user_auth
except IntegrityError:
return None
def add_user(sessionmaker, login, password, user_name, mail, randomstuff = None, role = 'student'):
sessionmaker._model_changes = {}
session = sessionmaker()
role = session.query(model.DbRole).filter_by(name=role).one()
weblab_db = session.query(model.DbAuth).filter_by(name = "WebLab DB").one()
user = model.DbUser(login, user_name, mail, None, role)
session.add(user)
user_auth = model.DbUserAuth(user, weblab_db, password2sha(password, randomstuff))
session.add(user_auth)
session.commit()
session.close()
def create_external_user(self, external_user, external_id, system,
group_names):
session = self.Session()
try:
try:
auth_type = session.query(
Model.DbAuthType).filter_by(name=system).one()
auth = auth_type.auths[0]
except (NoResultFound, KeyError):
raise DbErrors.DbUserNotFoundError(
"System '%s' not found in database" % system)
groups = []
for group_name in group_names:
try:
group = session.query(
Model.DbGroup).filter_by(name=group_name).one()
except NoResultFound:
raise DbErrors.DbUserNotFoundError(
"Group '%s' not found in database" % group_name)
groups.append(group)
try:
role = session.query(Model.DbRole).filter_by(
name=external_user.role.name).one()
user = Model.DbUser(external_user.login,
external_user.full_name,
external_user.email,
role=role)
user_auth = Model.DbUserAuth(user,
auth,
configuration=external_id)
for group in groups:
group.users.append(user)
session.add(user)
session.add(user_auth)
session.commit()
except Exception as e:
log.log(AuthDatabaseGateway, log.level.Warning,
"Couldn't create user: %s" % e)
log.log_exc(AuthDatabaseGateway, log.level.Info)
raise DbErrors.DatabaseError(
"Couldn't create user! Contact administrator")
finally:
session.close()
def index(self):
login = get_app_instance(self).get_user_information().login
user = self._session.query(model.DbUser).filter_by(login=login).one()
facebook_auth_obj = self._session.query(
model.DbAuth).filter_by(name='FACEBOOK').first()
facebook_id = ''
change_password = True
password_auth = None
facebook_auth = None
for user_auth in user.auths:
if user_auth.auth.auth_type.name.lower() == 'facebook':
facebook_id = user_auth.configuration
facebook_auth = user_auth
if 'ldap' in user_auth.auth.auth_type.name.lower():
change_password = False
if user_auth.auth.auth_type.name.lower() == 'db':
password_auth = user_auth
if len(request.form):
form = ProfileEditForm(request.form)
else:
form = ProfileEditForm()
form.full_name.data = user.full_name
form.login.data = user.login
form.email.data = user.email
form.facebook.data = facebook_id
user_permissions = get_app_instance(self).get_permissions()
change_profile = True
for permission in user_permissions:
if permission.name == permissions.CANT_CHANGE_PROFILE:
change_password = False
change_profile = False
if change_profile and form.validate_on_submit():
errors = []
if change_password and password_auth is not None and form.password.data:
if len(form.password.data) < 6:
errors.append(gettext("Error: too short password"))
else:
password_auth.configuration = password2sha(
form.password.data)
user.email = form.email.data
if form.facebook.data:
if facebook_auth is None:
if facebook_auth_obj is not None:
new_auth = model.DbUserAuth(user, facebook_auth_obj,
form.facebook.data)
self._session.add(new_auth)
else:
facebook_auth.configuration = form.facebook.data
else:
if facebook_auth is not None:
self._session.delete(facebook_auth)
self._session.commit()
if errors:
for error in errors:
flash(error)
else:
flash(gettext("Saved"))
return self.render("profile/profile-edit.html",
form=form,
change_password=change_password,
change_profile=change_profile,
facebook_available=facebook_auth_obj is not None)