def incr_login_failed_attempts(username=None, ip=None): """Increase login failed attempts by 1 for both username and ip. Arguments: - `username`: - `ip`: Returns new value of failed attempts. """ timeout = settings.LOGIN_ATTEMPT_TIMEOUT username_attempts = 1 ip_attempts = 1 if username: cache_key = normalize_cache_key(username, prefix=LOGIN_ATTEMPT_PREFIX) try: username_attempts = cache.incr(cache_key) except ValueError: cache.set(cache_key, 1, timeout) if ip: cache_key = normalize_cache_key(ip, prefix=LOGIN_ATTEMPT_PREFIX) try: ip_attempts = cache.incr(cache_key) except ValueError: cache.set(cache_key, 1, timeout) return max(username_attempts, ip_attempts)
def update_user_info(request, user, password, is_active, is_staff, role, nickname, login_id, contact_email, reference_id, quota_total_mb, institution_name): # update basic user info if is_active is not None: user.is_active = is_active if password: user.set_password(password) if is_staff is not None: user.is_staff = is_staff # update user user.save() email = user.username # update additional user info if is_pro_version() and role: User.objects.update_role(email, role) if nickname is not None: Profile.objects.add_or_update(email, nickname) key = normalize_cache_key(nickname, NICKNAME_CACHE_PREFIX) cache.set(key, nickname, NICKNAME_CACHE_TIMEOUT) if login_id is not None: Profile.objects.add_or_update(email, login_id=login_id) if contact_email is not None: Profile.objects.add_or_update(email, contact_email=contact_email) key = normalize_cache_key(email, CONTACT_CACHE_PREFIX) cache.set(key, contact_email, CONTACT_CACHE_TIMEOUT) if reference_id is not None: if reference_id.strip(): ccnet_api.set_reference_id(email, reference_id.strip()) else: # remove reference id ccnet_api.set_reference_id(email, None) if institution_name is not None: Profile.objects.add_or_update(email, institution=institution_name) if institution_name == '': InstitutionAdmin.objects.filter(user=email).delete() if quota_total_mb: quota_total = int(quota_total_mb) * get_file_size_unit('MB') orgs = ccnet_api.get_orgs_by_user(email) try: if orgs: org_id = orgs[0].org_id seafile_api.set_org_user_quota(org_id, email, quota_total) else: seafile_api.set_user_quota(email, quota_total) except Exception as e: logger.error(e) seafile_api.set_user_quota(email, -1)
def refresh_cache(username): """ Function to be called when change user nickname. """ profile = get_first_object_or_none(Profile.objects.filter(user=username)) nickname = profile.nickname if profile else username.split('@')[0] contactemail = profile.contact_email if profile else '' key = normalize_cache_key(username, NICKNAME_CACHE_PREFIX) cache.set(key, nickname, NICKNAME_CACHE_TIMEOUT) contact_key = normalize_cache_key(username, CONTACT_CACHE_PREFIX) cache.set(contact_key, contactemail, CONTACT_CACHE_TIMEOUT)
def clear_login_failed_attempts(request, username): """Clear login failed attempts records. Arguments: - `request`: """ ip = get_remote_ip(request) cache.delete(normalize_cache_key(username, prefix=LOGIN_ATTEMPT_PREFIX)) cache.delete(normalize_cache_key(ip, prefix=LOGIN_ATTEMPT_PREFIX)) p = Profile.objects.get_profile_by_user(username) if p and p.login_id: cache.delete(normalize_cache_key(p.login_id, prefix=LOGIN_ATTEMPT_PREFIX))
def clear_login_failed_attempts(request, username): """Clear login failed attempts records. Arguments: - `request`: """ ip = get_remote_ip(request) cache.delete(normalize_cache_key(username, prefix=LOGIN_ATTEMPT_PREFIX)) cache.delete(normalize_cache_key(ip, prefix=LOGIN_ATTEMPT_PREFIX)) p = Profile.objects.get_profile_by_user(username) if p and p.login_id: cache.delete( normalize_cache_key(p.login_id, prefix=LOGIN_ATTEMPT_PREFIX))
def get_dingtalk_access_token(): cache_key = normalize_cache_key('DINGTALK_ACCESS_TOKEN') access_token = cache.get(cache_key, None) if not access_token: data = { 'appkey': DINGTALK_DEPARTMENT_APP_KEY, 'appsecret': DINGTALK_DEPARTMENT_APP_SECRET, } resp_json = requests.get(DINGTALK_DEPARTMENT_GET_ACCESS_TOKEN_URL, params=data).json() access_token = resp_json.get('access_token', '') if not access_token: logger.error('failed to get dingtalk access_token') logger.error(data) logger.error(DINGTALK_DEPARTMENT_GET_ACCESS_TOKEN_URL) logger.error(resp_json) return '' expires_in = resp_json.get('expires_in', 7200) cache.set(cache_key, access_token, expires_in) return access_token
def _get_cache_key(request, prefix): """Return cache key of certain ``prefix``. If user is logged in, use username, otherwise use combination of request ip and user agent. Arguments: - `prefix`: """ if request.user.is_authenticated(): key = normalize_cache_key(request.user.username, 'SharedLink_') else: ip = get_remote_ip(request) # Memcached key length limit is 250 chars, and user agent somethings may # be long which will cause error. agent = request.META.get('HTTP_USER_AGENT', '')[:150] key = normalize_cache_key(ip + agent, 'SharedLink_') return key
def refresh_group_name_cache(group_id, new_group_name): """ Function to be called when change group name. """ group_id = str(group_id) key = normalize_cache_key(group_id, GROUP_ID_CACHE_PREFIX) cache.set(key, new_group_name, GROUP_ID_CACHE_TIMEOUT)
def ajax_get_link_audit_code(request): """ Generate a token, and record that token with email in cache, expires in one hour, send token to that email address. User provide token and email at share link page, if the token and email are valid, record that email in session. """ content_type = 'application/json; charset=utf-8' token = request.POST.get('token') email = request.POST.get('email') if not is_valid_email(email): return HttpResponse(json.dumps( {'error': _('Email address is not valid')}), status=400, content_type=content_type) dfs = FileShare.objects.get_valid_file_link_by_token(token) ufs = UploadLinkShare.objects.get_valid_upload_link_by_token(token) fs = dfs if dfs else ufs if fs is None: return HttpResponse(json.dumps({'error': _('Share link is not found')}), status=400, content_type=content_type) cache_key = normalize_cache_key(email, 'share_link_audit_') timeout = 60 * 60 # one hour code = gen_token(max_length=6) cache.set(cache_key, code, timeout) # send code to user via email subject = _("Verification code for visiting share links") c = { 'code': code, } try: send_html_email_with_dj_template( email, dj_template='share/audit_code_email.html', context=c, subject=subject, priority=MAIL_PRIORITY.now) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) except Exception as e: logger.error('Failed to send audit code via email to %s') logger.error(e) return HttpResponse(json.dumps({ "error": _("Failed to send a verification code, please try again later.") }), status=500, content_type=content_type)
def char2pinyin(value): """Convert Chinese character to pinyin.""" key = normalize_cache_key(value, 'CHAR2PINYIN_') py = cache.get(key) if not py: py = cc.convert(value) cache.set(key, py, 365 * 24 * 60 * 60) return py
def check_user_workspace_quota(workspace): """ check workspace is whether valid about quota """ # if workspace is a group workspace and not a org workspace, don't need to check # because users are not allowed to create groups but org users can if '@seafile_group' in workspace.owner and workspace.org_id == -1: return True if workspace.org_id != -1: # org workspace, check the sum of the org's all workspace size is whether valid org_role = OrgSettings.objects.filter(org_id=workspace.org_id).first() org_role = org_role.role if org_role else ORG_DEFAULT quota = get_enabled_role_permissions_by_role(org_role).get( 'role_asset_quota', '') quota = get_quota_from_string(quota) if quota else quota if quota: asset_size = cache.get( normalize_cache_key(str(workspace.org_id), ASSET_SIZE_CACHE_PREFIX)) if not asset_size: repo_ids = Workspaces.objects.filter( org_id=workspace.org_id).values_list('repo_id', flat=True) asset_size = 0 for repo_id in repo_ids: asset_size += seafile_api.get_repo_size(repo_id) cache.set( normalize_cache_key(str(workspace.id), ASSET_SIZE_CACHE_PREFIX), asset_size, ASSET_SIZE_CACHE_TIMEOUT) if int(asset_size) > quota: return False else: # check user's workspace size user = ccnet_api.get_emailuser_with_import(workspace.owner) if not user: return False quota = get_enabled_role_permissions_by_role(user.role).get( 'role_asset_quota', '') quota = get_quota_from_string(quota) if quota else quota if quota and seafile_api.get_repo_size(workspace.repo_id) > quota: return False return True
def get_login_failed_attempts(username=None, ip=None): """Get login failed attempts base on username and ip. If both username and ip are provided, return the max value. Arguments: - `username`: - `ip`: """ if username is None and ip is None: return 0 username_attempts = ip_attempts = 0 if username: cache_key = normalize_cache_key(username, prefix=LOGIN_ATTEMPT_PREFIX) username_attempts = cache.get(cache_key, 0) if ip: cache_key = normalize_cache_key(ip, prefix=LOGIN_ATTEMPT_PREFIX) ip_attempts = cache.get(cache_key, 0) return max(username_attempts, ip_attempts)
def _decorated(request, token, *args, **kwargs): assert token is not None # Checked by URLconf fileshare = FileShare.objects.get_valid_file_link_by_token(token) or \ FileShare.objects.get_valid_dir_link_by_token(token) or \ UploadLinkShare.objects.get_valid_upload_link_by_token(token) if fileshare is None: raise Http404 if not is_pro_version() or not settings.ENABLE_SHARE_LINK_AUDIT: return func(request, fileshare, *args, **kwargs) # no audit for authenticated user, since we've already got email address if request.user.is_authenticated(): return func(request, fileshare, *args, **kwargs) # anonymous user if request.session.get('anonymous_email') is not None: request.user.username = request.session.get('anonymous_email') return func(request, fileshare, *args, **kwargs) if request.method == 'GET': return render_to_response('share/share_link_audit.html', { 'token': token, }, context_instance=RequestContext(request)) elif request.method == 'POST': code = request.POST.get('code', '') email = request.POST.get('email', '') cache_key = normalize_cache_key(email, 'share_link_audit_') if code == cache.get(cache_key): # code is correct, add this email to session so that he will # not be asked again during this session, and clear this code. request.session['anonymous_email'] = email request.user.username = request.session.get('anonymous_email') cache.delete(cache_key) return func(request, fileshare, *args, **kwargs) else: return render_to_response( 'share/share_link_audit.html', { 'err_msg': 'Invalid token, please try again.', 'email': email, 'code': code, 'token': token, }, context_instance=RequestContext(request)) else: assert False, 'TODO'
def create_user_info(request, email, role, nickname, contact_email, quota_total_mb): # update additional user info if is_pro_version() and role: User.objects.update_role(email, role) if nickname is not None: Profile.objects.add_or_update(email, nickname) key = normalize_cache_key(nickname, NICKNAME_CACHE_PREFIX) cache.set(key, nickname, NICKNAME_CACHE_TIMEOUT) if contact_email is not None: Profile.objects.add_or_update(email, contact_email=contact_email) key = normalize_cache_key(email, CONTACT_CACHE_PREFIX) cache.set(key, contact_email, CONTACT_CACHE_TIMEOUT) if quota_total_mb: quota_total = int(quota_total_mb) * get_file_size_unit('MB') if is_org_context(request): org_id = request.user.org.org_id seafile_api.set_org_user_quota(org_id, email, quota_total) else: seafile_api.set_user_quota(email, quota_total)
def email2nickname(value): """ Return nickname or short email. """ if not value: return '' key = normalize_cache_key(value, NICKNAME_CACHE_PREFIX) nickname = cache.get(key) if not nickname: profile = get_first_object_or_none(Profile.objects.filter(user=value)) nickname = profile.nickname if profile else value.split('@')[0] cache.set(key, nickname, NICKNAME_CACHE_TIMEOUT) return nickname
def ajax_get_link_audit_code(request): """ Generate a token, and record that token with email in cache, expires in one hour, send token to that email address. User provide token and email at share link page, if the token and email are valid, record that email in session. """ content_type = 'application/json; charset=utf-8' token = request.POST.get('token') email = request.POST.get('email') if not is_valid_email(email): return HttpResponse(json.dumps({ 'error': _('Email address is not valid') }), status=400, content_type=content_type) dfs = FileShare.objects.get_valid_file_link_by_token(token) ufs = UploadLinkShare.objects.get_valid_upload_link_by_token(token) fs = dfs if dfs else ufs if fs is None: return HttpResponse(json.dumps({ 'error': _('Share link is not found') }), status=400, content_type=content_type) cache_key = normalize_cache_key(email, 'share_link_audit_') timeout = 60 * 60 # one hour code = gen_token(max_length=6) cache.set(cache_key, code, timeout) # send code to user via email subject = _("Verification code for visiting share links") c = { 'code': code, } try: send_html_email_with_dj_template( email, dj_template='share/audit_code_email.html', context=c, subject=subject, priority=MAIL_PRIORITY.now ) return HttpResponse(json.dumps({'success': True}), status=200, content_type=content_type) except Exception as e: logger.error('Failed to send audit code via email to %s') logger.error(e) return HttpResponse(json.dumps({ "error": _("Failed to send a verification code, please try again later.") }), status=500, content_type=content_type)
def group_id_to_name(group_id): group_id = str(group_id) key = normalize_cache_key(group_id, GROUP_ID_CACHE_PREFIX) cached_group_name = cache.get(key) if cached_group_name: return cached_group_name group = ccnet_api.get_group(int(group_id)) if not group: return '' group_name = group.group_name cache.set(key, group_name, GROUP_ID_CACHE_TIMEOUT) return group_name
def email2contact_email(value): """ Return contact_email if it exists and it's not an empty string, otherwise return username(login email). """ if not value: return '' key = normalize_cache_key(value, CONTACT_CACHE_PREFIX) contact_email = cache.get(key) if contact_email and contact_email.strip(): return contact_email contact_email = Profile.objects.get_contact_email_by_user(value) cache.set(key, contact_email, CONTACT_CACHE_TIMEOUT) return contact_email
def _decorated(request, token, *args, **kwargs): assert token is not None # Checked by URLconf fileshare = FileShare.objects.get_valid_file_link_by_token(token) or \ FileShare.objects.get_valid_dir_link_by_token(token) or \ UploadLinkShare.objects.get_valid_upload_link_by_token(token) if fileshare is None: raise Http404 if not is_pro_version() or not settings.ENABLE_SHARE_LINK_AUDIT: return func(request, fileshare, *args, **kwargs) # no audit for authenticated user, since we've already got email address if request.user.is_authenticated(): return func(request, fileshare, *args, **kwargs) # anonymous user if request.session.get('anonymous_email') is not None: request.user.username = request.session.get('anonymous_email') return func(request, fileshare, *args, **kwargs) if request.method == 'GET': return render_to_response('share/share_link_audit.html', { 'token': token, }, context_instance=RequestContext(request)) elif request.method == 'POST': code = request.POST.get('code', '') email = request.POST.get('email', '') cache_key = normalize_cache_key(email, 'share_link_audit_') if code == cache.get(cache_key): # code is correct, add this email to session so that he will # not be asked again during this session, and clear this code. request.session['anonymous_email'] = email request.user.username = request.session.get('anonymous_email') cache.delete(cache_key) return func(request, fileshare, *args, **kwargs) else: return render_to_response('share/share_link_audit.html', { 'err_msg': 'Invalid token, please try again.', 'email': email, 'code': code, 'token': token, }, context_instance=RequestContext(request)) else: assert False, 'TODO'
def email2id(value): """ Return the user id of an email. User id can be 0(ldap user), positive(registered user) or negtive(unregistered user). """ if not value: return -1 key = normalize_cache_key(value, EMAIL_ID_CACHE_PREFIX) user_id = cache.get(key) if user_id is None: try: user = User.objects.get(email=value) user_id = user.id except User.DoesNotExist: user_id = -1 cache.set(key, user_id, EMAIL_ID_CACHE_TIMEOUT) return user_id
def email2id(value): """ Return the user id of an email. User id can be 0(ldap user), positive(registered user) or negtive(unregistered user). """ if not value: return -1 key = normalize_cache_key(value, EMAIL_ID_CACHE_PREFIX) user_id = cache.get(key) if not user_id: try: user = User.objects.get(email=value) user_id = user.id except User.DoesNotExist: user_id = -1 cache.set(key, user_id, EMAIL_ID_CACHE_TIMEOUT) return user_id
def test_anonymous_user_post_correct_token(self, mock_is_pro_version): """ Check that anonnymous user input email and correct verification code. """ mock_is_pro_version.return_value = True code = gen_token(max_length=6) email = '*****@*****.**' cache_key = normalize_cache_key(email, 'share_link_audit_') cache.set(cache_key, code, timeout=60) assert cache.get(cache_key) == code anon_req = self._anon_post_request(data={'code': code, 'email': email}) self.assertEqual(anon_req.session.get('anonymous_email'), None) resp = self._fake_view_shared_file(anon_req, self.fs.token) self.assertEqual(resp.status_code, 200) self.assertEqual(anon_req.session.get('anonymous_email'), email) # email is set in session assert cache.get(cache_key) is None # token is delete after used
def email2nickname(value): """ Return nickname if it exists and it's not an empty string, otherwise return short email. """ if not value: return '' key = normalize_cache_key(value, NICKNAME_CACHE_PREFIX) cached_nickname = cache.get(key) if cached_nickname and cached_nickname.strip(): return cached_nickname.strip() profile = get_first_object_or_none(Profile.objects.filter(user=value)) if profile is not None and profile.nickname and profile.nickname.strip(): nickname = profile.nickname.strip() else: nickname = value.split('@')[0] cache.set(key, nickname, NICKNAME_CACHE_TIMEOUT) return nickname
def get_work_weixin_access_token(): """ get global work weixin access_token """ cache_key = normalize_cache_key(WORK_WEIXIN_ACCESS_TOKEN_CACHE_KEY) access_token = cache.get(cache_key, None) if not access_token: data = { 'corpid': WORK_WEIXIN_CORP_ID, 'corpsecret': WORK_WEIXIN_AGENT_SECRET, } api_response = requests.get(WORK_WEIXIN_ACCESS_TOKEN_URL, params=data) api_response_dic = handler_work_weixin_api_response(api_response) if not api_response_dic: logger.error('can not get work weixin response') return None access_token = api_response_dic.get('access_token', None) expires_in = api_response_dic.get('expires_in', None) if access_token and expires_in: cache.set(cache_key, access_token, expires_in) return access_token
def test_get_dir_file_modifier(self): # upload the file , then test whether can get modifier self.login_as(self.user) self.text = self.create_file(repo_id=self.repo.id, parent_dir='/', filename='test.az', username=self.user.username) resp = self.client.get(self.endpoint) self.assertEqual(200, resp.status_code) json_resp = json.loads(resp.content) assert json_resp[1]['type'] == 'file' assert json_resp[1]['modifier_email'] == self.user.username assert json_resp[1]['modifier_name'] == \ email2nickname(self.user.username) assert json_resp[1]['modifier_contact_email'] == \ email2contact_email(self.user.username) p = Profile.objects.add_or_update(self.user.username, 'test') p = Profile.objects.update_contact_email(self.user.username, self.user.username) assert cache.get(normalize_cache_key(self.user.username, 'CONTACT_')) == \ self.user.username
def dingtalk_get_userid_by_unionid(union_id): cache_key = normalize_cache_key('DINGTALK_UNION_ID_%s' % union_id) user_id = cache.get(cache_key, None) if user_id: return user_id access_token = dingtalk_get_access_token() data = { 'access_token': access_token, 'unionid': union_id, } resp_json = requests.get(DINGTALK_GET_USERID_BY_UNIONID, params=data).json() user_id = resp_json.get('userid', '') if not user_id: logger.error('failed to get userid by unionid: %s' % union_id) logger.error(DINGTALK_GET_USERID_BY_UNIONID) logger.error(data) logger.error(resp_json) return '' cache.set(cache_key, user_id) return user_id
def update_user_info(request, user): # update basic user info password = request.data.get("password") if password: user.set_password(password) is_staff = request.data.get("is_staff") if is_staff: is_staff = to_python_boolean(is_staff) user.is_staff = is_staff is_active = request.data.get("is_active") if is_active: is_active = to_python_boolean(is_active) user.is_active = is_active # update user user.save() email = user.username # update additional user info if is_pro_version(): role = request.data.get("role") if role: User.objects.update_role(email, role) nickname = request.data.get("name", None) if nickname is not None: Profile.objects.add_or_update(email, nickname) # update account login_id login_id = request.data.get("login_id", None) if login_id is not None: Profile.objects.add_or_update(email, login_id=login_id) # update account contact email contact_email = request.data.get('contact_email', None) if contact_email is not None: Profile.objects.add_or_update(email, contact_email=contact_email) key = normalize_cache_key(email, CONTACT_CACHE_PREFIX) cache.set(key, contact_email, CONTACT_CACHE_TIMEOUT) reference_id = request.data.get("reference_id", None) if reference_id is not None: if reference_id.strip(): ccnet_api.set_reference_id(email, reference_id.strip()) else: # remove reference id ccnet_api.set_reference_id(email, None) department = request.data.get("department") if department: d_profile = DetailedProfile.objects.get_detailed_profile_by_user(email) if d_profile is None: d_profile = DetailedProfile(user=email) d_profile.department = department d_profile.save() quota_total_mb = request.data.get("quota_total") if quota_total_mb: quota_total = int(quota_total_mb) * get_file_size_unit('MB') if is_org_context(request): org_id = request.user.org.org_id seafile_api.set_org_user_quota(org_id, email, quota_total) else: seafile_api.set_user_quota(email, quota_total)
def set_group_name_cache(group_id, group_name): group_id = str(group_id) key = normalize_cache_key(group_id, GROUP_ID_CACHE_PREFIX) cache.set(key, group_name, GROUP_ID_CACHE_TIMEOUT)
def generate_onlyoffice_cache_key(repo_id, file_path): prefix = "ONLYOFFICE_" value = "%s_%s" % (repo_id, file_path) return normalize_cache_key(value, prefix)
def clean_email_id_cache(sender, **kwargs): from seahub.utils import normalize_cache_key user = kwargs['user'] key = normalize_cache_key(user.email, EMAIL_ID_CACHE_PREFIX) cache.set(key, user.id, EMAIL_ID_CACHE_TIMEOUT)
def get_cache_key_of_unseen_notifications(username): return normalize_cache_key(username, USER_NOTIFICATION_COUNT_CACHE_PREFIX)