def create_test_user(force=True):
print 'creating test user'
sa = get_session()
user = sa.query(User).filter(User.username == USER).scalar()
if force and user is not None:
print 'removing current user'
for repo in sa.query(Repository).filter(Repository.user == user).all():
sa.delete(repo)
sa.delete(user)
sa.commit()
if user is None or force:
print 'creating new one'
new_usr = User()
new_usr.username = USER
new_usr.password = get_crypt_password(PASS)
new_usr.email = '*****@*****.**'
new_usr.name = 'test'
new_usr.lastname = 'lasttestname'
new_usr.active = True
new_usr.admin = True
sa.add(new_usr)
sa.commit()
print 'done'
def create_for_container_auth(self, username, attrs):
"""
Creates the given user if it's not already in the database
:param username:
:param attrs:
"""
if self.get_by_username(username, case_insensitive=True) is None:
# autogenerate email for container account without one
generate_email = lambda usr: '******' % usr
try:
new_user = User()
new_user.username = username
new_user.password = None
new_user.api_key = generate_api_key(username)
new_user.email = attrs['email']
new_user.active = attrs.get('active', True)
new_user.name = attrs['name'] or generate_email(username)
new_user.lastname = attrs['lastname']
self.sa.add(new_user)
return new_user
except (DatabaseError, ):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug(
'User %s already exists. Skipping creation of account'
' for container auth.', username)
return None
def create_ldap(self, username, password, user_dn, attrs):
"""
Checks if user is in database, if not creates this user marked
as ldap user
:param username:
:param password:
:param user_dn:
:param attrs:
"""
from rhodecode.lib.auth import get_crypt_password
log.debug('Checking for such ldap account in RhodeCode database')
if self.get_by_username(username, case_insensitive=True) is None:
try:
new_user = User()
# add ldap account always lowercase
new_user.username = username.lower()
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = attrs['email']
new_user.active = True
new_user.ldap_dn = safe_unicode(user_dn)
new_user.name = attrs['name']
new_user.lastname = attrs['lastname']
self.sa.add(new_user)
self.sa.commit()
return True
except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug('this %s user exists skipping creation of ldap account',
username)
return False
def create_ldap(self, username, password, user_dn, attrs, cur_user=None):
"""
Checks if user is in database, if not creates this user marked
as ldap user
:param username:
:param password:
:param user_dn:
:param attrs:
:param cur_user:
"""
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), 'username', None)
from rhodecode.lib.auth import get_crypt_password
log.debug('Checking for such ldap account in RhodeCode database')
if self.get_by_username(username, case_insensitive=True) is None:
# autogenerate email for container account without one
generate_email = lambda usr: '******' % usr
password = get_crypt_password(password)
firstname = attrs['name']
lastname = attrs['lastname']
active = attrs.get('active', True)
email = attrs['email'] or generate_email(username)
from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
user_data = {
'username': username,
'password': password,
'email': email,
'firstname': firstname,
'lastname': lastname,
'active': attrs.get('active', True),
'admin': False
}
# raises UserCreationError if it's not allowed
check_allowed_create_user(user_data, cur_user)
try:
new_user = User()
username = username.lower()
# add ldap account always lowercase
new_user.username = username
new_user.password = password
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(user_dn)
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
log_create_user(new_user.get_dict(), cur_user)
return new_user
except (DatabaseError, ):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug('this %s user exists skipping creation of ldap account',
username)
return None
def create_test_user(force=True):
print 'creating test user'
sa = get_session()
user = sa.query(User).filter(User.username == USER).scalar()
if force and user is not None:
print 'removing current user'
for repo in sa.query(Repository).filter(Repository.user == user).all():
sa.delete(repo)
sa.delete(user)
sa.commit()
if user is None or force:
print 'creating new one'
new_usr = User()
new_usr.username = USER
new_usr.password = get_crypt_password(PASS)
new_usr.email = '*****@*****.**'
new_usr.name = 'test'
new_usr.lastname = 'lasttestname'
new_usr.active = True
new_usr.admin = True
sa.add(new_usr)
sa.commit()
print 'done'
def create_for_container_auth(self, username, attrs):
"""
Creates the given user if it's not already in the database
:param username:
:param attrs:
"""
if self.get_by_username(username, case_insensitive=True) is None:
# autogenerate email for container account without one
generate_email = lambda usr: '******' % usr
try:
new_user = User()
new_user.username = username
new_user.password = None
new_user.api_key = generate_api_key(username)
new_user.email = attrs['email']
new_user.active = attrs.get('active', True)
new_user.name = attrs['name'] or generate_email(username)
new_user.lastname = attrs['lastname']
self.sa.add(new_user)
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug('User %s already exists. Skipping creation of account'
' for container auth.', username)
return None
def test_forgot_password(self):
response = self.app.get(
url(controller='login', action='password_reset'))
self.assertEqual(response.status, '200 OK')
username = '******'
password = '******'
email = '*****@*****.**'
name = 'passwd'
lastname = 'reset'
new = User()
new.username = username
new.password = password
new.email = email
new.name = name
new.lastname = lastname
new.api_key = generate_api_key(username)
self.Session().add(new)
self.Session().commit()
response = self.app.post(
url(controller='login', action='password_reset'), {
'email': email,
})
self.checkSessionFlash(response, 'Your password reset link was sent')
response = response.follow()
# BAD KEY
key = "bad"
response = self.app.get(
url(controller='login',
action='password_reset_confirmation',
key=key))
self.assertEqual(response.status, '302 Found')
self.assertTrue(response.location.endswith(url('reset_password')))
# GOOD KEY
key = User.get_by_username(username).api_key
response = self.app.get(
url(controller='login',
action='password_reset_confirmation',
key=key))
self.assertEqual(response.status, '302 Found')
self.assertTrue(response.location.endswith(url('login_home')))
self.checkSessionFlash(response,
('Your password reset was successful, '
'new password has been sent to your email'))
response = response.follow()
def create_or_update(self,
username,
password,
email,
firstname='',
lastname='',
active=True,
admin=False,
ldap_dn=None):
"""
Creates a new instance if not found, or updates current one
:param username:
:param password:
:param email:
:param active:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
"""
from rhodecode.lib.auth import get_crypt_password
log.debug('Checking for %s account in RhodeCode database' % username)
user = User.get_by_username(username, case_insensitive=True)
if user is None:
log.debug('creating new user %s' % username)
new_user = User()
edit = False
else:
log.debug('updating user %s' % username)
new_user = user
edit = True
try:
new_user.username = username
new_user.admin = admin
# set password only if creating an user or password is changed
if not edit or user.password != password:
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
return new_user
except (DatabaseError, ):
log.error(traceback.format_exc())
raise
def test_forgot_password(self):
response = self.app.get(url(controller='login',
action='password_reset'))
self.assertEqual(response.status , '200 OK')
username = '******'
password = '******'
email = '*****@*****.**'
name = 'passwd'
lastname = 'reset'
new = User()
new.username = username
new.password = password
new.email = email
new.name = name
new.lastname = lastname
new.api_key = generate_api_key(username)
self.sa.add(new)
self.sa.commit()
response = self.app.post(url(controller='login',
action='password_reset'),
{'email':email, })
self.checkSessionFlash(response, 'Your password reset link was sent')
response = response.follow()
# BAD KEY
key = "bad"
response = self.app.get(url(controller='login',
action='password_reset_confirmation',
key=key))
self.assertEqual(response.status, '302 Found')
self.assertTrue(response.location.endswith(url('reset_password')))
# GOOD KEY
key = User.get_by_username(username).api_key
response = self.app.get(url(controller='login',
action='password_reset_confirmation',
key=key))
self.assertEqual(response.status, '302 Found')
self.assertTrue(response.location.endswith(url('login_home')))
self.checkSessionFlash(response,
('Your password reset was successful, '
'new password has been sent to your email'))
response = response.follow()
def create_for_container_auth(self, username, attrs, cur_user=None):
"""
Creates the given user if it's not already in the database
:param username:
:param attrs:
:param cur_user:
"""
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), 'username', None)
if self.get_by_username(username, case_insensitive=True) is None:
# autogenerate email for container account without one
generate_email = lambda usr: '******' % usr
firstname = attrs['name']
lastname = attrs['lastname']
active = attrs.get('active', True)
email = attrs['email'] or generate_email(username)
from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
user_data = {
'username': username,
'password': None,
'email': email,
'firstname': firstname,
'lastname': lastname,
'active': attrs.get('active', True),
'admin': False
}
# raises UserCreationError if it's not allowed
check_allowed_create_user(user_data, cur_user)
try:
new_user = User()
new_user.username = username
new_user.password = None
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
log_create_user(new_user.get_dict(), cur_user)
return new_user
except (DatabaseError, ):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug(
'User %s already exists. Skipping creation of account'
' for container auth.', username)
return None
def create_for_container_auth(self, username, attrs, cur_user=None):
"""
Creates the given user if it's not already in the database
:param username:
:param attrs:
:param cur_user:
"""
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), "username", None)
if self.get_by_username(username, case_insensitive=True) is None:
# autogenerate email for container account without one
generate_email = lambda usr: "******" % usr
firstname = attrs["name"]
lastname = attrs["lastname"]
active = attrs.get("active", True)
email = attrs["email"] or generate_email(username)
from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
user_data = {
"username": username,
"password": None,
"email": email,
"firstname": firstname,
"lastname": lastname,
"active": attrs.get("active", True),
"admin": False,
}
# raises UserCreationError if it's not allowed
check_allowed_create_user(user_data, cur_user)
try:
new_user = User()
new_user.username = username
new_user.password = None
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
log_create_user(new_user.get_dict(), cur_user)
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug("User %s already exists. Skipping creation of account" " for container auth.", username)
return None
def test_forgot_password(self):
response = self.app.get(pwd_reset_url)
assert response.status == '200 OK'
username = '******'
password = '******'
email = '*****@*****.**'
name = 'passwd'
lastname = 'reset'
new = User()
new.username = username
new.password = password
new.email = email
new.name = name
new.lastname = lastname
new.api_key = generate_auth_token(username)
Session().add(new)
Session().commit()
response = self.app.post(pwd_reset_url, {
'email': email,
})
assert_session_flash(response, 'Your password reset link was sent')
response = response.follow()
# BAD KEY
key = "bad"
confirm_url = '{}?key={}'.format(pwd_reset_confirm_url, key)
response = self.app.get(confirm_url)
assert response.status == '302 Found'
assert response.location.endswith(pwd_reset_url)
# GOOD KEY
key = User.get_by_username(username).api_key
confirm_url = '{}?key={}'.format(pwd_reset_confirm_url, key)
response = self.app.get(confirm_url)
assert response.status == '302 Found'
assert response.location.endswith(login_url)
assert_session_flash(
response, 'Your password reset was successful, '
'a new password has been sent to your email')
response = response.follow()
def create_or_update(
self, username, password, email, firstname="", lastname="", active=True, admin=False, ldap_dn=None
):
"""
Creates a new instance if not found, or updates current one
:param username:
:param password:
:param email:
:param active:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
"""
from rhodecode.lib.auth import get_crypt_password
log.debug("Checking for %s account in RhodeCode database" % username)
user = User.get_by_username(username, case_insensitive=True)
if user is None:
log.debug("creating new user %s" % username)
new_user = User()
edit = False
else:
log.debug("updating user %s" % username)
new_user = user
edit = True
try:
new_user.username = username
new_user.admin = admin
# set password only if creating an user or password is changed
if not edit or user.password != password:
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
raise
def test_forgot_password(self):
response = self.app.get(url(controller="login", action="password_reset"))
self.assertEqual(response.status, "200 OK")
username = "******"
password = "******"
email = "*****@*****.**"
name = "passwd"
lastname = "reset"
new = User()
new.username = username
new.password = password
new.email = email
new.name = name
new.lastname = lastname
new.api_key = generate_api_key(username)
self.Session().add(new)
self.Session().commit()
response = self.app.post(url(controller="login", action="password_reset"), {"email": email})
self.checkSessionFlash(response, "Your password reset link was sent")
response = response.follow()
# BAD KEY
key = "bad"
response = self.app.get(url(controller="login", action="password_reset_confirmation", key=key))
self.assertEqual(response.status, "302 Found")
self.assertTrue(response.location.endswith(url("reset_password")))
# GOOD KEY
key = User.get_by_username(username).api_key
response = self.app.get(url(controller="login", action="password_reset_confirmation", key=key))
self.assertEqual(response.status, "302 Found")
self.assertTrue(response.location.endswith(url("login_home")))
self.checkSessionFlash(
response, ("Your password reset was successful, " "new password has been sent to your email")
)
response = response.follow()
def create_user(self, username, password, email='', admin=False):
log.info('creating administrator user %s', username)
new_user = User()
new_user.username = username
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.name = 'RhodeCode'
new_user.lastname = 'Admin'
new_user.email = email
new_user.admin = admin
new_user.active = True
try:
self.sa.add(new_user)
self.sa.commit()
except:
self.sa.rollback()
raise
def create_default_user(self):
log.info('creating default user')
#create default user for handling default permissions.
def_user = User()
def_user.username = '******'
def_user.password = get_crypt_password(str(uuid.uuid1())[:8])
def_user.api_key = generate_api_key('default')
def_user.name = 'Anonymous'
def_user.lastname = 'User'
def_user.email = '*****@*****.**'
def_user.admin = False
def_user.active = False
try:
self.sa.add(def_user)
self.sa.commit()
except:
self.sa.rollback()
raise
def create_ldap(self, username, password, user_dn, attrs):
"""
Checks if user is in database, if not creates this user marked
as ldap user
:param username:
:param password:
:param user_dn:
:param attrs:
"""
from rhodecode.lib.auth import get_crypt_password
log.debug('Checking for such ldap account in RhodeCode database')
if self.get_by_username(username, case_insensitive=True) is None:
# autogenerate email for ldap account without one
generate_email = lambda usr: '******' % usr
try:
new_user = User()
username = username.lower()
# add ldap account always lowercase
new_user.username = username
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = attrs['email'] or generate_email(username)
new_user.active = attrs.get('active', True)
new_user.ldap_dn = safe_unicode(user_dn)
new_user.name = attrs['name']
new_user.lastname = attrs['lastname']
self.sa.add(new_user)
return new_user
except (DatabaseError, ):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug('this %s user exists skipping creation of ldap account',
username)
return None
def create_ldap(self, username, password, user_dn, attrs):
"""
Checks if user is in database, if not creates this user marked
as ldap user
:param username:
:param password:
:param user_dn:
:param attrs:
"""
from rhodecode.lib.auth import get_crypt_password
log.debug("Checking for such ldap account in RhodeCode database")
if self.get_by_username(username, case_insensitive=True) is None:
# autogenerate email for ldap account without one
generate_email = lambda usr: "******" % usr
try:
new_user = User()
username = username.lower()
# add ldap account always lowercase
new_user.username = username
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = attrs["email"] or generate_email(username)
new_user.active = attrs.get("active", True)
new_user.ldap_dn = safe_unicode(user_dn)
new_user.name = attrs["name"]
new_user.lastname = attrs["lastname"]
self.sa.add(new_user)
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug("this %s user exists skipping creation of ldap account", username)
return None
def create_or_update(
self,
username,
password,
email,
firstname="",
lastname="",
active=True,
admin=False,
ldap_dn=None,
cur_user=None,
):
"""
Creates a new instance if not found, or updates current one
:param username:
:param password:
:param email:
:param active:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
:param cur_user:
"""
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), "username", None)
from rhodecode.lib.auth import get_crypt_password
from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
user_data = {
"username": username,
"password": password,
"email": email,
"firstname": firstname,
"lastname": lastname,
"active": active,
"admin": admin,
}
# raises UserCreationError if it's not allowed
check_allowed_create_user(user_data, cur_user)
log.debug("Checking for %s account in RhodeCode database" % username)
user = User.get_by_username(username, case_insensitive=True)
if user is None:
log.debug("creating new user %s" % username)
new_user = User()
edit = False
else:
log.debug("updating user %s" % username)
new_user = user
edit = True
try:
new_user.username = username
new_user.admin = admin
# set password only if creating an user or password is changed
if not edit or user.password != password:
new_user.password = get_crypt_password(password) if password else None
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
if not edit:
log_create_user(new_user.get_dict(), cur_user)
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
raise
def create_or_update(self,
username,
password,
email,
firstname='',
lastname='',
active=True,
admin=False,
ldap_dn=None,
cur_user=None):
"""
Creates a new instance if not found, or updates current one
:param username:
:param password:
:param email:
:param active:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
:param cur_user:
"""
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), 'username', None)
from rhodecode.lib.auth import get_crypt_password
from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
user_data = {
'username': username,
'password': password,
'email': email,
'firstname': firstname,
'lastname': lastname,
'active': active,
'admin': admin
}
# raises UserCreationError if it's not allowed
check_allowed_create_user(user_data, cur_user)
log.debug('Checking for %s account in RhodeCode database' % username)
user = User.get_by_username(username, case_insensitive=True)
if user is None:
log.debug('creating new user %s' % username)
new_user = User()
edit = False
else:
log.debug('updating user %s' % username)
new_user = user
edit = True
try:
new_user.username = username
new_user.admin = admin
# set password only if creating an user or password is changed
if not edit or user.password != password:
new_user.password = get_crypt_password(
password) if password else None
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
if not edit:
log_create_user(new_user.get_dict(), cur_user)
return new_user
except (DatabaseError, ):
log.error(traceback.format_exc())
raise
def create_or_update(
self, username, password, email, firstname='', lastname='',
active=True, admin=False, extern_type=None, extern_name=None,
cur_user=None, plugin=None, force_password_change=False,
allow_to_create_user=True, create_repo_group=False,
updating_user_id=None, language=None, strict_creation_check=True):
"""
Creates a new instance if not found, or updates current one
:param username:
:param password:
:param email:
:param firstname:
:param lastname:
:param active:
:param admin:
:param extern_type:
:param extern_name:
:param cur_user:
:param plugin: optional plugin this method was called from
:param force_password_change: toggles new or existing user flag
for password change
:param allow_to_create_user: Defines if the method can actually create
new users
:param create_repo_group: Defines if the method should also
create an repo group with user name, and owner
:param updating_user_id: if we set it up this is the user we want to
update this allows to editing username.
:param language: language of user from interface.
:returns: new User object with injected `is_new_user` attribute.
"""
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), 'username', None)
from rhodecode.lib.auth import (
get_crypt_password, check_password, generate_auth_token)
from rhodecode.lib.hooks_base import (
log_create_user, check_allowed_create_user)
def _password_change(new_user, password):
# empty password
if not new_user.password:
return False
# password check is only needed for RhodeCode internal auth calls
# in case it's a plugin we don't care
if not plugin:
# first check if we gave crypted password back, and if it matches
# it's not password change
if new_user.password == password:
return False
password_match = check_password(password, new_user.password)
if not password_match:
return True
return False
user_data = {
'username': username,
'password': password,
'email': email,
'firstname': firstname,
'lastname': lastname,
'active': active,
'admin': admin
}
if updating_user_id:
log.debug('Checking for existing account in RhodeCode '
'database with user_id `%s` ' % (updating_user_id,))
user = User.get(updating_user_id)
else:
log.debug('Checking for existing account in RhodeCode '
'database with username `%s` ' % (username,))
user = User.get_by_username(username, case_insensitive=True)
if user is None:
# we check internal flag if this method is actually allowed to
# create new user
if not allow_to_create_user:
msg = ('Method wants to create new user, but it is not '
'allowed to do so')
log.warning(msg)
raise NotAllowedToCreateUserError(msg)
log.debug('Creating new user %s', username)
# only if we create user that is active
new_active_user = active
if new_active_user and strict_creation_check:
# raises UserCreationError if it's not allowed for any reason to
# create new active user, this also executes pre-create hooks
check_allowed_create_user(user_data, cur_user, strict_check=True)
self.send_event(UserPreCreate(user_data))
new_user = User()
edit = False
else:
log.debug('updating user %s', username)
self.send_event(UserPreUpdate(user, user_data))
new_user = user
edit = True
# we're not allowed to edit default user
if user.username == User.DEFAULT_USER:
raise DefaultUserException(
_("You can't edit this user (`%(username)s`) since it's "
"crucial for entire application") % {'username': user.username})
# inject special attribute that will tell us if User is new or old
new_user.is_new_user = not edit
# for users that didn's specify auth type, we use RhodeCode built in
from rhodecode.authentication.plugins import auth_rhodecode
extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.name
extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.name
try:
new_user.username = username
new_user.admin = admin
new_user.email = email
new_user.active = active
new_user.extern_name = safe_unicode(extern_name)
new_user.extern_type = safe_unicode(extern_type)
new_user.name = firstname
new_user.lastname = lastname
if not edit:
new_user.api_key = generate_auth_token(username)
# set password only if creating an user or password is changed
if not edit or _password_change(new_user, password):
reason = 'new password' if edit else 'new user'
log.debug('Updating password reason=>%s', reason)
new_user.password = get_crypt_password(password) if password else None
if force_password_change:
new_user.update_userdata(force_password_change=True)
if language:
new_user.update_userdata(language=language)
self.sa.add(new_user)
if not edit and create_repo_group:
# create new group same as username, and make this user an owner
desc = RepoGroupModel.PERSONAL_GROUP_DESC % {'username': username}
RepoGroupModel().create(group_name=username,
group_description=desc,
owner=username, commit_early=False)
if not edit:
# add the RSS token
AuthTokenModel().create(username,
description='Generated feed token',
role=AuthTokenModel.cls.ROLE_FEED)
log_create_user(created_by=cur_user, **new_user.get_dict())
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
raise
def create_ldap(self, username, password, user_dn, attrs, cur_user=None):
"""
Checks if user is in database, if not creates this user marked
as ldap user
:param username:
:param password:
:param user_dn:
:param attrs:
:param cur_user:
"""
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), "username", None)
from rhodecode.lib.auth import get_crypt_password
log.debug("Checking for such ldap account in RhodeCode database")
if self.get_by_username(username, case_insensitive=True) is None:
# autogenerate email for container account without one
generate_email = lambda usr: "******" % usr
password = get_crypt_password(password)
firstname = attrs["name"]
lastname = attrs["lastname"]
active = attrs.get("active", True)
email = attrs["email"] or generate_email(username)
from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
user_data = {
"username": username,
"password": password,
"email": email,
"firstname": firstname,
"lastname": lastname,
"active": attrs.get("active", True),
"admin": False,
}
# raises UserCreationError if it's not allowed
check_allowed_create_user(user_data, cur_user)
try:
new_user = User()
username = username.lower()
# add ldap account always lowercase
new_user.username = username
new_user.password = password
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(user_dn)
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
log_create_user(new_user.get_dict(), cur_user)
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug("this %s user exists skipping creation of ldap account", username)
return None
