def process_login(self, username, password, **kwargs): rootURL, local = cherrypy.request.app.config['filelocker']['root_url'], False if kwargs.has_key("local") and kwargs['local'] == str(True): local = True username = strip_tags(username) if password is None or password == "": raise cherrypy.HTTPRedirect("%s/login?msg=3&local=%s" % (rootURL, str(local))) else: directory = AccountService.ExternalDirectory(local) if directory.authenticate(username, password): cherrypy.session['request-origin'] = str(os.urandom(32).encode('hex'))[0:32] currentUser = AccountService.get_user(username, True) #if they are authenticated and local, this MUST return a user object if currentUser is not None: if not currentUser.authorized: raise cherrypy.HTTPError(403, "You do not have permission to access this system") session.add(AuditLog(cherrypy.session.get("user").id, "Login", "User %s logged in successfully from IP %s" % (currentUser.id, Filelocker.get_client_address()))) session.commit() raise cherrypy.HTTPRedirect(rootURL) else: #This should only happen in the case of a user existing in the external directory, but having never logged in before try: newUser = directory.lookup_user(username) AccountService.install_user(newUser) currentUser = AccountService.get_user(username, True) if currentUser is not None and currentUser.authorized != False: raise cherrypy.HTTPRedirect(rootURL) else: raise cherrypy.HTTPError(403, "You do not have permission to access this system") except Exception, e: return "Unable to install user: %s" % str(e) else:
def update_user(self, userId, quota=None, email=None, firstName=None, lastName=None, password=None, confirmPassword=None, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: userId = strip_tags(userId) if userId == user.id or AccountService.user_has_permission(user, "admin"): updateUser = AccountService.get_user(userId) #This kind of implicitly enforces permissions updateUser.email = strip_tags(email) if strip_tags(email) is not None else updateUser.email updateUser.quota = int(strip_tags(quota)) if strip_tags(quota) is not None else updateUser.quota updateUser.first_name = strip_tags(firstName) if strip_tags(firstName) is not None else updateUser.first_name updateUser.last_name = strip_tags(lastName) if strip_tags(lastName) is not None else updateUser.last_name if password != "" and password is not None and confirmPassword != "" and confirmPassword is not None: if password == confirmPassword: updateUser.set_password(password) else: fMessages.append("Passwords do not match, password has not been reset") sMessages.append("Successfully updated user settings") session.add(AuditLog(user.id, Actions.UPDATE_USER, "%s updated user account \"%s\"" % (user.id, userId), userId)) session.commit() else: fMessages.append("You do not have permission to update this user") except Exception, e: session.rollback() cherrypy.log.error("[%s] [update_user] [Problem rupdating user: %s]" % (user.id, str(e))) fMessages.append("Problem while updating user: %s" % str(e))
def remove_users_from_group(self, userIds, groupId, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: userIds = split_list_sanitized(userIds) groupId = int(strip_tags(groupId)) group = session.query(Group).filter(Group.id == groupId).one() if group.owner_id == user.id or AccountService.user_has_permission( user, "admin"): for userId in userIds: user = AccountService.get_user(userId) group.members.remove(user) session.add( AuditLog( user.id, Actions.UPDATE_GROUP, "%s user(s) removed from group \"%s\"(%s)" % (len(userIds), group.name, group.id))) session.commit() sMessages.append("Group members removed successfully") else: fMessages.append( "You do not have permission to modify group with ID:%s" % str(groupId)) except ValueError: fMessages.append("Invalid group Id") except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Group with ID:%s could not be found" % str(groupId))
def upload(self, format="json", **kwargs): cherrypy.response.timeout = 86400 user, role, uploadRequest, uploadKey, config, sMessages, fMessages, uploadIndex = None, None, None, None, cherrypy.request.app.config[ 'filelocker'], [], [], None #Check Permission to upload since we can't wrap in requires login for public uploads if cherrypy.session.has_key("uploadRequest") and cherrypy.session.get( "uploadRequest") is not None and cherrypy.session.get( "uploadRequest").expired == False: uploadRequest = cherrypy.session.get("uploadRequest") user = AccountService.get_user(uploadRequest.owner_id) uploadKey = "%s:%s" % (user.id, uploadRequest.id) else: #cherrypy.tools.requires_login() user, sMessages, fMessages = cherrypy.session.get( "user"), cherrypy.session.get( "sMessages"), cherrypy.session.get("fMessages") uploadKey = user.id if cherrypy.session.get("current_role") is not None: role = cherrypy.session.get("current_role") #Check upload size lcHDRS = {} for key, val in cherrypy.request.headers.iteritems(): lcHDRS[key.lower()] = val try: fileSizeBytes = int(lcHDRS['content-length']) except KeyError, ke: fMessages.append("Request must have a valid content length") raise cherrypy.HTTPError( 411, "Request must have a valid content length")
def upload(self, format="json", **kwargs): cherrypy.response.timeout = 86400 user, role, uploadRequest, uploadKey, config, sMessages, fMessages, uploadIndex = None, None, None, None, cherrypy.request.app.config['filelocker'], [], [], None notify_user = False #Check Permission to upload since we can't wrap in requires login for public uploads if cherrypy.session.has_key("uploadRequest") and cherrypy.session.get("uploadRequest") is not None and cherrypy.session.get("uploadRequest").expired == False: uploadRequest = cherrypy.session.get("uploadRequest") user = AccountService.get_user(uploadRequest.owner_id) uploadKey = "%s:%s" % (user.id, uploadRequest.id) if uploadRequest.notify_user: notify_user = True else: #cherrypy.tools.requires_login() user, sMessages, fMessages = cherrypy.session.get("user"), cherrypy.session.get("sMessages"), cherrypy.session.get("fMessages") uploadKey = user.id if cherrypy.session.get("current_role") is not None: role = cherrypy.session.get("current_role") #Check upload size lcHDRS = {} for key, val in cherrypy.request.headers.iteritems(): lcHDRS[key.lower()] = val try: fileSizeBytes = int(lcHDRS['content-length']) except KeyError, ke: fMessages.append("Request must have a valid content length") raise cherrypy.HTTPError(411, "Request must have a valid content length")
def remove_users_from_group(self, userIds, groupId, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: userIds = split_list_sanitized(userIds) groupId = int(strip_tags(groupId)) group = session.query(Group).filter(Group.id==groupId).one() if group.owner_id == user.id or AccountService.user_has_permission(user, "admin"): for userId in userIds: user = AccountService.get_user(userId) group.members.remove(user) session.add(AuditLog(user.id, Actions.UPDATE_GROUP, "%s user(s) removed from group \"%s\"(%s)" % (len(userIds), group.name, group.id))) session.commit() sMessages.append("Group members removed successfully") else: fMessages.append("You do not have permission to modify group with ID:%s" % str(groupId)) except ValueError: fMessages.append("Invalid group Id") except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Group with ID:%s could not be found" % str(groupId)) except Exception, e: session.rollback() fMessages.append("Couldn't remove members from group: %s" % str(e)) cherrypy.log.error("[%s] [remove_users_from_group] [Couldn't remove members from group: %s]" % (user.id, str(e)))
def CLI_login(self, CLIkey, userId, format="cli", **kwargs): rootURL, local, sMessages, fMessages = cherrypy.request.app.config['filelocker']['root_url'], False, [], [] if session.query(ConfigParameter).filter(ConfigParameter.name == "cli_feature").one().value == 'Yes': userId = strip_tags(userId) CLIkey = strip_tags(CLIkey) hostIP = Filelocker.get_client_address() if(self.validIPv4.match(hostIP)): hostIPv4 = hostIP hostIPv6 = "" elif(self.validIPv6.match(hostIP)): hostIPv4 = "" hostIPv6 = hostIP self.directory = CLIDirectory.CLIDirectory() if self.directory.authenticate(userId, CLIkey, hostIPv4, hostIPv6): currentUser = AccountService.get_user(userId, True) cherrypy.session['request-origin'] = str(os.urandom(32).encode('hex'))[0:32] if currentUser is not None: session.add(AuditLog(cherrypy.session.get("user").id, "Login", "User %s logged in successfully from IP %s" % (currentUser.id, Filelocker.get_client_address()))) session.commit() sMessages.append(cherrypy.session['request-origin']) else: fMessages.append("Failure: Not Authorized!") else: fMessages.append("Failure: Not Authorized!") else: fMessages.append("Failure: CLI not supported by server!") return fl_response(sMessages, fMessages, format)
def process_login(self, username, password, **kwargs): rootURL, local = cherrypy.request.app.config['filelocker'][ 'root_url'], False if kwargs.has_key("local") and kwargs['local'] == str(True): local = True username = strip_tags(username) if password is None or password == "": raise cherrypy.HTTPRedirect("%s/login?msg=3&local=%s" % (rootURL, str(local))) else: directory = AccountService.ExternalDirectory(local) if directory.authenticate(username, password): cherrypy.session['request-origin'] = str( os.urandom(32).encode('hex'))[0:32] currentUser = AccountService.get_user( username, True ) #if they are authenticated and local, this MUST return a user object if currentUser is not None: if not currentUser.authorized: raise cherrypy.HTTPError( 403, "You do not have permission to access this system") session.add( AuditLog( cherrypy.session.get("user").id, "Login", "User %s logged in successfully from IP %s" % (currentUser.id, Filelocker.get_client_address()))) session.commit() raise cherrypy.HTTPRedirect(rootURL) else: #This should only happen in the case of a user existing in the external directory, but having never logged in before try: newUser = directory.lookup_user(username) AccountService.install_user(newUser) currentUser = AccountService.get_user(username, True) if currentUser is not None and currentUser.authorized != False: raise cherrypy.HTTPRedirect(rootURL) else: raise cherrypy.HTTPError( 403, "You do not have permission to access this system" ) except Exception, e: return "Unable to install user: %s" % str(e) else:
def create_user_shares(self, fileIds, userId=None, notify="no", cc="false", format="json", requestOrigin="", **kwargs): config = cherrypy.request.app.config['filelocker'] orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all()) user, role, sMessages, fMessages = (cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: fileIds = split_list_sanitized(fileIds) userId = strip_tags(userId) if userId is not None and userId != "" else None notify = True if notify.lower() == "true" else False cc = True if cc.lower() == "true" else False sharedFiles, recipients = [], [] try: if userId is not None: shareUser = AccountService.get_user(userId) if (shareUser.email is not None and shareUser.email != ""): recipients.append(shareUser) for fileId in fileIds: flFile = session.query(File).filter(File.id==fileId).one() if (role is not None and flFile.role_owner_id == role.id) or flFile.owner_id == user.id or AccountService.user_has_permission(user, "admin"): existingShare = session.query(UserShare).filter(and_(UserShare.file_id==fileId, UserShare.user_id==userId)).scalar() if existingShare is None: flFile.user_shares.append(UserShare(user_id=userId, file_id=fileId)) session.commit() sharedFiles.append(flFile) if role is not None: session.add(AuditLog(user.id, Actions.CREATE_USER_SHARE, "Role %s shared file %s(%s) with %s" % (role.id, flFile.name, flFile.id, shareUser.id), shareUser.id, role.id)) else: session.add(AuditLog(user.id, "Create User Share", "%s shared file %s(%s) with %s" % (user.id, flFile.name, flFile.id, shareUser.id), shareUser.id)) session.commit() else: fMessages.append("You do not have permission to share file with ID: %s" % str(flFile.id)) if notify: cherrypy.session.release_lock() if cc: if (user is not None and user != ""): recipients.append(user) else: fMessages.append("You elected to receive a carbon copy of the share notification, however your account does not have an email address set.") for recipient in recipients: try: Mail.notify(get_template_file('share_notification.tmpl'),{'sender':user.email if role is None else role.email,'recipient':recipient.email, 'ownerId':user.id if role is None else role.id, 'ownerName':user.display_name if role is None else role.name, 'sharedFiles':sharedFiles, 'filelockerURL': config['root_url'], 'org_url': orgConfig['org_url'], 'org_name': orgConfig['org_name'], 'personalMessage': ""}) session.add(AuditLog(user.id, Actions.SEND_EMAIL, "%s(%s) has been notified via email that you have shared a file with him or her." % (recipient.display_name, recipient.id), None, role.id if role is not None else None)) except Exception, e: session.rollback() fMessages.append("Problem sending email notification to %s: %s" % (recipient.display_name, str(e))) session.commit() sMessages.append("Shared file(s) successfully") else: fMessages.append("You did not specify a user to share the file with")
def add_user_to_group(self, userId, groupId, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: userId = strip_tags(userId) groupId = int(strip_tags(groupId)) group = session.query(Group).filter(Group.id == groupId).one() if group.owner_id == user.id or AccountService.user_has_permission(user, "admin"): try: user = AccountService.get_user(userId) group.members.append(user) session.add(AuditLog(user.id, Actions.UPDATE_GROUP, "User %s added to group \"%s\"(%s)" % (user.id, group.name, group.id))) session.commit() except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Invalid user ID: %s, not added to group" % str(userId)) else:
def remove_users_from_role(self, roleId, userIds, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: roleId = strip_tags(roleId) userIds = split_list_sanitized(userIds) if userIds is not None and roleId is not None: role = session.query(Role).filter(Role.id == roleId).one() for userId in userIds: try: user = AccountService.get_user(userId) role.members.remove(user) session.commit() except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("User with ID:%s could not be found" % str(roleId)) sMessages.append("Removed user(s) from role: %s" % str(roleId)) except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Role with ID:%s could not be found" % str(roleId))
def remove_users_from_role(self, roleId, userIds, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: roleId = strip_tags(roleId) userIds = split_list_sanitized(userIds) if userIds is not None and roleId is not None: role = session.query(Role).filter(Role.id==roleId).one() for userId in userIds: try: user = AccountService.get_user(userId) role.members.remove(user) session.commit() except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("User with ID:%s could not be found" % str(roleId)) sMessages.append("Removed user(s) from role: %s" % str(roleId)) except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Role with ID:%s could not be found" % str(roleId)) except Exception, e: fMessages.append("Unable to remove users from roles: %s" % str(e)) cherrypy.log.error("[%s] [remove_users_from_role] [Unable to remove users from roles: %s]" % (userIds, str(e)))
def create_message(self, subject, body, recipientIds, expiration, format="json", **kwargs): user, sMessages, fMessages = cherrypy.session.get("user"), [], [] try: maxDays = int(session.query(ConfigParameter).filter(ConfigParameter.name=='max_file_life_days').one().value) maxExpiration = datetime.datetime.today() + datetime.timedelta(days=maxDays) expiration = datetime.datetime(*time.strptime(strip_tags(expiration), "%m/%d/%Y")[0:5]) if (kwargs.has_key('expiration') and strip_tags(expiration) is not None and expiration.lower() != "never") else maxExpiration recipientIdList = split_list_sanitized(recipientIds) subject = strip_tags(subject) if subject is None or subject.strip()=="": raise Exception("Subject cannot be blank") #Process the expiration data for the file if expiration is None and (AccountService.user_has_permission(user, "expiration_exempt") == False and AccountService.user_has_permission(user, "admin")==False): #Check permission before allowing a non-expiring upload expiration = maxExpiration else: if maxExpiration < expiration and AccountService.user_has_permission(user, "expiration_exempt")==False: raise Exception("Expiration date must be between now and %s." % maxExpiration.strftime("%m/%d/%Y")) if body is None or body.strip()=="": raise Exception("Message body cannot be blank") newMessage = Message(subject=subject, body=body, date_sent=datetime.datetime.now(), owner_id=user.id, date_expires=expiration, encryption_key=Encryption.generatePassword()) session.add(newMessage) session.commit() encrypt_message(newMessage) for recipientId in recipientIdList: rUser = AccountService.get_user(recipientId) if rUser is not None: newMessage.message_shares.append(MessageShare(message_id=newMessage.id, recipient_id=rUser.id)) session.add(AuditLog(user.id, "Send Message", "%s sent a message with subject: \"%s\" to %s(%s)" % (user.id, newMessage.subject, rUser.display_name, rUser.id), rUser.id, None)) else: fMessages.append("Could not send to user with ID:%s - Invalid user ID" % str(recipientId)) session.commit() sMessages.append("Message \"%s\" sent." % subject) except ValueError: fMessages.append("Invalid expiration date format. Date must be in mm/dd/yyyy format.") except Exception, e: cherrypy.log.error("[%s] [create_message] [Could not create message: %s]" % (user.id, str(e))) fMessages.append("Could not send message: %s" % str(e))
else: pass else: authType = None try: authType = session.query(ConfigParameter).filter( ConfigParameter.name == "auth_type").one().value if authType == "cas": casUrl = session.query(ConfigParameter).filter( ConfigParameter.name == "cas_url").one().value casConnector = CAS(casUrl) if cherrypy.request.params.has_key("ticket"): valid_ticket, userId = casConnector.validate_ticket( rootURL, cherrypy.request.params['ticket']) if valid_ticket: currentUser = AccountService.get_user(userId, True) cherrypy.session['request-origin'] = str( os.urandom(32).encode('hex'))[0:32] if currentUser is None: currentUser = User(id=userId, display_name="Guest user", first_name="Unknown", last_name="Unknown") cherrypy.log.error( "[%s] [requires_login] [User authenticated, but not found in directory - installing with defaults]" % str(userId)) AccountService.install_user(currentUser) currentUser = AccountService.get_user( currentUser.id, True) #To populate attributes if not currentUser.authorized: raise cherrypy.HTTPError(
def create_message(self, subject, body, recipientIds, expiration, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = cherrypy.session.get("user"), [], [] if requestOrigin != cherrypy.session["request-origin"]: fMessages.append("Missing request key!!") else: try: maxDays = int( session.query(ConfigParameter).filter(ConfigParameter.name == "max_file_life_days").one().value ) maxExpiration = datetime.datetime.today() + datetime.timedelta(days=maxDays) expiration = ( datetime.datetime(*time.strptime(strip_tags(expiration), "%m/%d/%Y")[0:5]) if ( kwargs.has_key("expiration") and strip_tags(expiration) is not None and expiration.lower() != "never" ) else maxExpiration ) recipientIdList = split_list_sanitized(recipientIds) subject = strip_tags(subject) if subject is None or subject.strip() == "": raise Exception("Subject cannot be blank") # Process the expiration data for the file if expiration is None and ( AccountService.user_has_permission(user, "expiration_exempt") == False and AccountService.user_has_permission(user, "admin") == False ): # Check permission before allowing a non-expiring upload expiration = maxExpiration else: if ( maxExpiration < expiration and AccountService.user_has_permission(user, "expiration_exempt") == False ): raise Exception( "Expiration date must be between now and %s." % maxExpiration.strftime("%m/%d/%Y") ) if body is None or body.strip() == "": raise Exception("Message body cannot be blank") newMessage = Message( subject=subject, body=body, date_sent=datetime.datetime.now(), owner_id=user.id, date_expires=expiration, encryption_key=Encryption.generatePassword(), ) session.add(newMessage) session.commit() encrypt_message(newMessage) for recipientId in recipientIdList: rUser = AccountService.get_user(recipientId) if rUser is not None: newMessage.message_shares.append(MessageShare(message_id=newMessage.id, recipient_id=rUser.id)) session.add( AuditLog( user.id, "Send Message", '%s sent a message with subject: "%s" to %s(%s)' % (user.id, newMessage.subject, rUser.display_name, rUser.id), rUser.id, None, ) ) else: fMessages.append("Could not send to user with ID:%s - Invalid user ID" % str(recipientId)) session.commit() sMessages.append('Message "%s" sent.' % subject) except ValueError: fMessages.append("Invalid expiration date format. Date must be in mm/dd/yyyy format.") except Exception, e: cherrypy.log.error("[%s] [create_message] [Could not create message: %s]" % (user.id, str(e))) fMessages.append("Could not send message: %s" % str(e))
def create_user_shares(self, fileIds, userId=None, notify="no", cc="false", format="json", **kwargs): config = cherrypy.request.app.config['filelocker'] orgConfig = get_config_dict_from_objects( session.query(ConfigParameter).filter( ConfigParameter.name.like('org_%')).all()) user, role, sMessages, fMessages = ( cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], []) fileIds = split_list_sanitized(fileIds) userId = strip_tags( userId) if userId is not None and userId != "" else None notify = True if notify.lower() == "true" else False cc = True if cc.lower() == "true" else False sharedFiles, recipients = [], [] try: if userId is not None: shareUser = AccountService.get_user(userId) if (shareUser.email is not None and shareUser.email != ""): recipients.append(shareUser) for fileId in fileIds: flFile = session.query(File).filter( File.id == fileId).one() if ( role is not None and flFile.role_owner_id == role.id ) or flFile.owner_id == user.id or AccountService.user_has_permission( user, "admin"): existingShare = session.query(UserShare).filter( and_(UserShare.file_id == fileId, UserShare.user_id == userId)).scalar() if existingShare is None: flFile.user_shares.append( UserShare(user_id=userId, file_id=fileId)) session.commit() sharedFiles.append(flFile) if role is not None: session.add( AuditLog( user.id, Actions.CREATE_USER_SHARE, "Role %s shared file %s(%s) with %s" % (role.id, flFile.name, flFile.id, shareUser.id), shareUser.id, role.id)) else: session.add( AuditLog( user.id, "Create User Share", "%s shared file %s(%s) with %s" % (user.id, flFile.name, flFile.id, shareUser.id), shareUser.id)) session.commit() else: fMessages.append( "You do not have permission to share file with ID: %s" % str(flFile.id)) if notify: cherrypy.session.release_lock() if cc: if (user is not None and user != ""): recipients.append(user) else: fMessages.append( "You elected to receive a carbon copy of the share notification, however your account does not have an email address set." ) for recipient in recipients: try: Mail.notify( get_template_file('share_notification.tmpl'), { 'sender': user.email if role is None else role.email, 'recipient': recipient.email, 'ownerId': user.id if role is None else role.id, 'ownerName': user.display_name if role is None else role.name, 'sharedFiles': sharedFiles, 'filelockerURL': config['root_url'], 'org_url': orgConfig['org_url'], 'org_name': orgConfig['org_name'], 'personalMessage': "" }) session.add( AuditLog( user.id, Actions.SEND_EMAIL, "%s(%s) has been notified via email that you have shared a file with him or her." % (recipient.display_name, recipient.id), None, role.id if role is not None else None)) except Exception, e: session.rollback() fMessages.append( "Problem sending email notification to %s: %s" % (recipient.display_name, str(e))) session.commit() sMessages.append("Shared file(s) successfully") else:
500, "The server is having problems communicating with the database server. Please try again in a few minutes.", ) else: pass else: authType = None try: authType = session.query(ConfigParameter).filter(ConfigParameter.name == "auth_type").one().value if authType == "cas": casUrl = session.query(ConfigParameter).filter(ConfigParameter.name == "cas_url").one().value casConnector = CAS(casUrl) if cherrypy.request.params.has_key("ticket"): valid_ticket, userId = casConnector.validate_ticket(rootURL, cherrypy.request.params["ticket"]) if valid_ticket: currentUser = AccountService.get_user(userId, True) cherrypy.session["request-origin"] = str(os.urandom(32).encode("hex"))[0:32] if currentUser is None: currentUser = User( id=userId, display_name="Guest user", first_name="Unknown", last_name="Unknown" ) cherrypy.log.error( "[%s] [requires_login] [User authenticated, but not found in directory - installing with defaults]" % str(userId) ) AccountService.install_user(currentUser) currentUser = AccountService.get_user(currentUser.id, True) # To populate attributes if not currentUser.authorized: raise cherrypy.HTTPError(403, "Your user account does not have access to this system.") session.add( AuditLog(