def fixture_disable_restricted_access(needs_root, load_cfg):
"""Disable console login restrictions."""
restricted_access = security.get_restricted_access_enabled()
if restricted_access:
security.set_restricted_access(False)
yield
security.set_restricted_access(True)
else:
yield
def setUp(self):
"""Setup each ."""
current_directory = os.path.dirname(__file__)
self.action_file = os.path.join(current_directory, '..', '..', '..',
'..', 'actions', 'users')
self.users = set()
self.groups = set()
self.restricted_access = security.get_restricted_access_enabled()
if self.restricted_access:
security.set_restricted_access(False)
def tearDown(self):
for user in self.users:
try:
self.delete_user(user)
except Exception:
pass
for group in self.groups:
self.delete_group(group)
security.set_restricted_access(self.restricted_access)
def _apply_changes(request, old_status, new_status):
"""Apply the form changes"""
if old_status['restricted_access'] != new_status['restricted_access']:
try:
security.set_restricted_access(new_status['restricted_access'])
except Exception as exception:
messages.error(
request,
_('Error setting restricted access: {exception}')
.format(exception=exception))
else:
messages.success(request, _('Updated security configuration'))
def _apply_changes(request, old_status, new_status):
"""Apply the form changes"""
if old_status['restricted_access'] != new_status['restricted_access']:
try:
security.set_restricted_access(new_status['restricted_access'])
except Exception as exception:
messages.error(
request,
_('Error setting restricted access: {exception}').format(
exception=exception))
else:
messages.success(request, _('Updated security configuration'))
def save(self, commit=True):
"""Create and log the user in."""
user = super().save(commit=commit)
if commit:
first_boot.mark_step_done('users_firstboot')
try:
actions.superuser_run(
'users',
['create-user',
user.get_username(), '--auth-user', ''],
input=self.cleaned_data['password1'].encode())
except ActionError as error:
messages.error(
self.request,
_('Creating LDAP user failed: {error}'.format(
error=error)))
try:
actions.superuser_run(
'users',
['add-user-to-group',
user.get_username(), 'admin'])
except ActionError as error:
messages.error(
self.request,
_('Failed to add new user to admin group: {error}'.format(
error=error)))
# Create initial Django groups
for group_choice in UsersAndGroups.get_group_choices():
auth.models.Group.objects.get_or_create(name=group_choice[0])
admin_group = auth.models.Group.objects.get(name='admin')
admin_group.user_set.add(user)
self.login_user(self.cleaned_data['username'],
self.cleaned_data['password1'])
# Restrict console login to users in admin or sudo group
try:
set_restricted_access(True)
except Exception as error:
messages.error(
self.request,
_('Failed to restrict console access: {error}'.format(
error=error)))
return user
def save(self, commit=True):
"""Create and log the user in."""
user = super().save(commit=commit)
if commit:
first_boot.mark_step_done('users_firstboot')
try:
actions.superuser_run(
'ldap',
['create-user', user.get_username()],
input=self.cleaned_data['password1'].encode())
except ActionError:
messages.error(self.request,
_('Creating LDAP user failed.'))
try:
actions.superuser_run(
'ldap',
['add-user-to-group', user.get_username(), 'admin'])
except ActionError:
messages.error(self.request,
_('Failed to add new user to admin group.'))
# Create initial Django groups
for group_choice in GROUP_CHOICES:
auth.models.Group.objects.get_or_create(name=group_choice[0])
admin_group = auth.models.Group.objects.get(name='admin')
admin_group.user_set.add(user)
self.login_user(self.cleaned_data['username'],
self.cleaned_data['password1'])
# Restrict console login to users in admin or sudo group
try:
set_restricted_access(True)
message = _('Console login access restricted to users in '
'"admin" group. This can be configured in '
'security settings.')
messages.success(self.request, message)
except Exception:
messages.error(self.request,
_('Failed to restrict console access.'))
return user
def _apply_changes(request, old_status, new_status):
"""Apply the form changes"""
if old_status['restricted_access'] != new_status['restricted_access']:
try:
security.set_restricted_access(new_status['restricted_access'])
except Exception as exception:
messages.error(
request,
_('Error setting restricted access: {exception}').format(
exception=exception))
else:
messages.success(request, _('Updated security configuration'))
if old_status['fail2ban_enabled'] != new_status['fail2ban_enabled']:
if new_status['fail2ban_enabled']:
actions.superuser_run('service', ['enable', 'fail2ban'])
else:
actions.superuser_run('service', ['disable', 'fail2ban'])
def save(self, commit=True):
"""Create and log the user in."""
user = super().save(commit=commit)
if commit:
first_boot.mark_step_done('users_firstboot')
try:
actions.superuser_run(
'ldap', ['create-user', user.get_username()],
input=self.cleaned_data['password1'].encode())
except ActionError:
messages.error(self.request, _('Creating LDAP user failed.'))
try:
actions.superuser_run(
'ldap',
['add-user-to-group',
user.get_username(), 'admin'])
except ActionError:
messages.error(self.request,
_('Failed to add new user to admin group.'))
# Create initial Django groups
for group_choice in GROUP_CHOICES:
auth.models.Group.objects.get_or_create(name=group_choice[0])
admin_group = auth.models.Group.objects.get(name='admin')
admin_group.user_set.add(user)
self.login_user(self.cleaned_data['username'],
self.cleaned_data['password1'])
# Restrict console login to users in admin or sudo group
try:
set_restricted_access(True)
message = _('Console login access restricted to users in '
'"admin" group. This can be configured in '
'security settings.')
messages.success(self.request, message)
except Exception:
messages.error(self.request,
_('Failed to restrict console access.'))
return user
