def _create(self, user_name, email, domain, domain_user,
email_verified=False, display_name=None,
redirect_url=None):
"""
Create a user based on data gathered from velruse.
"""
model.meta.Session.begin(subtransactions=True)
try:
user = User.find_by_email(email)
if user is None:
user = model.User.create(user_name,
email,
locale=c.locale,
display_name=display_name)
if email_verified:
user.set_email_verified()
v = Velruse(unicode(domain), unicode(domain_user), user)
model.meta.Session.add(v)
model.meta.Session.commit()
event.emit(event.T_USER_CREATE, user)
return user, v
except Exception as e:
model.meta.Session.rollback()
raise e
def main():
users = User.all_q(include_deleted=None)\
.filter(not_(User.user_name.in_(EXCLUDED_USERNAMES))).all()
for user in users:
user_name = None
while user_name is None:
try_user_name = random_username()
if User.find(try_user_name) is None:
user_name = try_user_name
if SET_DISPLAY_NAMES and user.display_name is None:
user.display_name = user.user_name
user.user_name = user_name
meta.Session.flush()
meta.Session.commit()
def main():
users = User.all_q(include_deleted=None)\
.filter(not_(User.user_name.in_(EXCLUDED_USERNAMES))).all()
for user in users:
user_name = None
while user_name is None:
try_user_name = random_username()
if User.find(try_user_name) is None:
user_name = try_user_name
if SET_DISPLAY_NAMES and user.display_name is None:
user.display_name = user.user_name
user.user_name = user_name
meta.Session.flush()
meta.Session.commit()
def _create_user_and_login(self, persistent_id, username, email=None,
display_name=None, locale=None):
user = User.create(username,
email,
locale=locale,
display_name=display_name,
shibboleth_persistent_id=persistent_id)
# NOTE: We might want to automatically join the current instance
# here at some point
meta.Session.commit()
return self._login(user, h.user.post_register_url(user))
def _create_user_and_login(self,
persistent_id,
username,
email=None,
display_name=None,
locale=None):
user = User.create(username,
email,
locale=locale,
display_name=display_name,
shibboleth_persistent_id=persistent_id)
# NOTE: We might want to automatically join the current instance
# here at some point
meta.Session.commit()
return self._login(user, h.user.post_register_url(user))
def unused_user_name(preferred_user_name, recursion_depth=913):
"""
Will find an adhocracy username which is not used
but similiar to the given one.
"""
if (recursion_depth < 0):
raise "internal error: could not find any unused user names!"
if (len(preferred_user_name) > MAX_USER_NAME_LENGTH
or preferred_user_name == ""):
unused_user_name("user", recursion_depth=recursion_depth - 1)
if User.find_by_user_name(preferred_user_name) is None:
return preferred_user_name
else:
random_digit = random.randint(0, 9)
return unused_user_name(preferred_user_name + str(random_digit),
recursion_depth=recursion_depth - 1)
def unused_user_name(preferred_user_name, recursion_depth=913):
"""
Will find an adhocracy username which is not used
but similiar to the given one.
"""
if (recursion_depth < 0):
raise "internal error: could not find any unused user names!"
if (len(preferred_user_name) > MAX_USER_NAME_LENGTH
or preferred_user_name == ""):
unused_user_name("user",
recursion_depth=recursion_depth - 1)
if User.find_by_user_name(preferred_user_name) is None:
return preferred_user_name
else:
random_digit = random.randint(0, 9)
return unused_user_name(preferred_user_name + str(random_digit),
recursion_depth=recursion_depth - 1)
def post_auth(self):
"""
This controller is called after successful Shibboleth authentication.
It checks whether the authenticated user already exists. If yes, the
corresponding Adhocracy user is logged in. If no, an intermediate step
querying the user for additional information is performed and a new
Adhocracy user is registered.
In any case the Shibboleth headers are only used once for logging in
and immediatly removed afterwards. The reason for this design decision
is that Single-Sign-Off isn't recommended by Shibboleth as it is either
very complicated or even impossible.
NOTE: There isn't one clear way on how to deal with user deletion in
environments with external user management. We now implemented the
following:
If a user logs in into a deleted account, this account is undeleted
on the fly.
"""
if 'shibboleth' not in allowed_login_types():
ret_abort(_("Shibboleth authentication not enabled"), code=403)
persistent_id = self._get_persistent_id()
if persistent_id is None:
ret_abort(_("This URL shouldn't be called directly"), code=403)
user = User.find_by_shibboleth(persistent_id, include_deleted=True)
if user is not None:
if user.is_deleted():
user.undelete()
meta.Session.commit()
h.flash(
_("User %s has been undeleted") % user.user_name,
'success')
return self._login(user, h.user.post_login_url(user))
else:
return self._register(persistent_id)
def post_auth(self):
"""
This controller is called after successful Shibboleth authentication.
It checks whether the authenticated user already exists. If yes, the
corresponding Adhocracy user is logged in. If no, an intermediate step
querying the user for additional information is performed and a new
Adhocracy user is registered.
In any case the Shibboleth headers are only used once for logging in
and immediatly removed afterwards. The reason for this design decision
is that Single-Sign-Off isn't recommended by Shibboleth as it is either
very complicated or even impossible.
NOTE: There isn't one clear way on how to deal with user deletion in
environments with external user management. We now implemented the
following:
If a user logs in into a deleted account, this account is undeleted
on the fly.
"""
if 'shibboleth' not in allowed_login_types():
ret_abort(_("Shibboleth authentication not enabled"), code=403)
persistent_id = self._get_persistent_id()
if persistent_id is None:
ret_abort(_("This URL shouldn't be called directly"), code=403)
user = User.find_by_shibboleth(persistent_id, include_deleted=True)
if user is not None:
if user.is_deleted():
user.undelete()
meta.Session.commit()
h.flash(_("User %s has been undeleted") % user.user_name,
'success')
return self._login(user, h.user.post_login_url(user))
else:
return self._register(persistent_id)
def _register(self, persistent_id):
if request.method == 'GET':
defaults = {
'email': request.headers.get('shib-email'),
}
return self._register_form(defaults=defaults)
# POST
check_csrf()
try:
form_result = ShibbolethRegisterForm().to_python(request.params)
if config.get_bool('adhocracy.force_randomized_user_names'):
username = None
else:
username = form_result['username']
if config.get_bool('adhocracy.set_display_name_on_register'):
display_name = form_result['display_name']
else:
display_name = None
user = User.create(username,
form_result['email'],
display_name=display_name,
shibboleth_persistent_id=persistent_id)
# NOTE: We might want to automatically join the current instance
# here at some point
meta.Session.commit()
return self._login(user, h.user.post_register_url(user))
except formencode.Invalid, i:
return self._register_form(errors=i.unpack_errors())
def _create(self,
user_name,
email,
domain,
domain_user,
email_verified=False,
display_name=None,
redirect_url=None):
"""
Create a user based on data gathered from velruse.
"""
model.meta.Session.begin(subtransactions=True)
try:
user = User.find_by_email(email)
if user is None:
user = model.User.create(user_name,
email,
locale=c.locale,
display_name=display_name)
if email_verified:
user.set_email_verified()
v = Velruse(unicode(domain), unicode(domain_user), user)
model.meta.Session.add(v)
model.meta.Session.commit()
event.emit(event.T_USER_CREATE, user)
return user, v
except Exception as e:
model.meta.Session.rollback()
raise e
