def agree_with_tos(username, **kwargs):
"""
Specified user send agreement to Terms of Service
Variables:
username => Name of the user that agrees with tos
Arguments:
None
Data Block:
None
Result example:
{
"success": true # Saving the user info succeded
}
"""
logged_in_user = kwargs['user']
if logged_in_user['uname'] != username:
return make_api_response(
{"success": False},
"You can't agree to Terms Of Service on behalf of someone else!",
400)
user = STORAGE.user.get(username)
if not user:
return make_api_response({"success": False},
"User %s does not exist." % username, 403)
else:
user.agrees_with_tos = now_as_iso()
if config.ui.tos_lockout:
user.is_active = False
if config.ui.tos_lockout and config.ui.tos_lockout_notify:
# noinspection PyBroadException
try:
for adr in config.ui.tos_lockout_notify:
send_authorize_email(adr, username, user.email or "")
except Exception as e:
LOGGER.error(
f"An error occurred while sending confirmation emails: {str(e)}"
)
return make_api_response(
{"success": False},
"The system was unable to send confirmation emails "
"to the administrators. Retry again later...", 400)
STORAGE.user.save(username, user)
return make_api_response({"success": True})
def set_user_account(username, **kwargs):
"""
Save the user account information.
Variables:
username => Name of the user to get the account info
Arguments:
None
Data Block:
{
"name": "Test user", # Name of the user
"is_active": true, # Is the user active?
"classification": "", # Max classification for user
"uname": "usertest", # Username
"type": ['user'], # List of all types the user is member of
"avatar": null, # Avatar of the user
"groups": ["TEST"] # Groups the user is member of
}
Result example:
{
"success": true # Saving the user info succeded
}
"""
try:
data = request.json
new_pass = data.pop('new_pass', None)
old_user = STORAGE.user.get(username, as_obj=False)
if not old_user:
return make_api_response({"success": False}, "User %s does not exists" % username, 404)
if not data['name']:
return make_api_response({"success": False}, "Full name of the user cannot be empty", 400)
data['apikeys'] = old_user.get('apikeys', [])
data['otp_sk'] = old_user.get('otp_sk', None)
data['security_tokens'] = old_user.get('security_tokens', {}) or {}
if new_pass:
password_requirements = config.auth.internal.password_requirements.as_primitives()
if not check_password_requirements(new_pass, **password_requirements):
error_msg = get_password_requirement_message(**password_requirements)
return make_api_response({"success": False}, error_msg, 469)
data['password'] = get_password_hash(new_pass)
data.pop('new_pass_confirm', None)
else:
data['password'] = old_user.get('password', "__NO_PASSWORD__") or "__NO_PASSWORD__"
# Apply dynamic classification
data['classification'] = get_dynamic_classification(data['classification'], data['email'])
ret_val = save_user_account(username, data, kwargs['user'])
if ret_val and \
not old_user['is_active'] \
and data['is_active'] \
and config.ui.tos_lockout \
and config.ui.tos_lockout_notify:
try:
email = data['email'] or ""
for adr in config.ui.tos_lockout_notify:
send_activated_email(adr, username, email, kwargs['user']['uname'])
if email:
send_activated_email(email, username, email, kwargs['user']['uname'])
except Exception as e:
# We can't send confirmation email, Rollback user change and mark this a failure
STORAGE.user.save(username, old_user)
LOGGER.error(f"An error occured while sending confirmation emails: {str(e)}")
return make_api_response({"success": False}, "The system was unable to send confirmation emails. "
"Retry again later...", 404)
return make_api_response({"success": ret_val})
except AccessDeniedException as e:
return make_api_response({"success": False}, str(e), 403)
except InvalidDataException as e:
return make_api_response({"success": False}, str(e), 400)
