def _populate_user_provides(self, user_object): """ Populates the provides that naturally apply to a user, such as being the admin of their own namespace. """ # Add the user specific permissions, only for non-oauth permission user_grant = _UserNeed(user_object.username, self._user_role_for_scopes("admin")) logger.debug("User permission: {0}".format(user_grant)) self.provides.add(user_grant) # Every user is the admin of their own 'org' user_namespace = _OrganizationNeed(user_object.username, self._team_role_for_scopes("admin")) logger.debug("User namespace permission: {0}".format(user_namespace)) self.provides.add(user_namespace) # Org repo roles can differ for scopes user_repos = _OrganizationRepoNeed(user_object.username, self._repo_role_for_scopes("admin")) logger.debug("User namespace repo permission: {0}".format(user_repos)) self.provides.add(user_repos) if (scopes.SUPERUSER in self._scope_set or scopes.DIRECT_LOGIN in self._scope_set) and superusers.is_superuser( user_object.username): logger.debug("Adding superuser to user: %s", user_object.username) self.provides.add(_SuperUserNeed())
def post(self, namespace): """ Takes ownership of the specified organization or user. """ if SuperUserPermission().can(): # Disallow for superusers. if superusers.is_superuser(namespace): raise InvalidRequest("Cannot take ownership of a superuser") authed_user = get_authenticated_user() entity_id, was_user = pre_oci_model.take_ownership(namespace, authed_user) if entity_id is None: raise NotFound() # Log the change. log_metadata = { "entity_id": entity_id, "namespace": namespace, "was_user": was_user, "superuser": authed_user.username, } log_action("take_ownership", authed_user.username, log_metadata) return jsonify({"namespace": namespace}) raise Unauthorized()
def put(self, username): """ Updates information about the specified user. """ if SuperUserPermission().can(): user = pre_oci_model.get_nonrobot_user(username) if user is None: raise NotFound() if superusers.is_superuser(username): raise InvalidRequest('Cannot update a superuser') user_data = request.get_json() if 'password' in user_data: # Ensure that we are using database auth. if app.config['AUTHENTICATION_TYPE'] != 'Database': raise InvalidRequest( 'Cannot change password in non-database auth') pre_oci_model.change_password(username, user_data['password']) if 'email' in user_data: # Ensure that we are using database auth. if app.config['AUTHENTICATION_TYPE'] not in [ 'Database', 'AppToken' ]: raise InvalidRequest( 'Cannot change e-mail in non-database auth') pre_oci_model.update_email(username, user_data['email'], auto_verify=True) if 'enabled' in user_data: # Disable/enable the user. pre_oci_model.update_enabled(username, bool(user_data['enabled'])) if 'superuser' in user_data: config_object = config_provider.get_config() superusers_set = set(config_object['SUPER_USERS']) if user_data['superuser']: superusers_set.add(username) elif username in superusers_set: superusers_set.remove(username) config_object['SUPER_USERS'] = list(superusers_set) config_provider.save_config(config_object) return_value = user.to_dict() if user_data.get('password') is not None: password = user_data.get('password') return_value[ 'encrypted_password'] = authentication.encrypt_user_password( password) if user_data.get('email') is not None: return_value['email'] = user_data.get('email') return return_value raise Unauthorized()
def put(self, username): """ Updates information about the specified user. """ if SuperUserPermission().can(): user = pre_oci_model.get_nonrobot_user(username) if user is None: raise NotFound() if superusers.is_superuser(username): raise InvalidRequest("Cannot update a superuser") user_data = request.get_json() if "password" in user_data: # Ensure that we are using database auth. if app.config["AUTHENTICATION_TYPE"] != "Database": raise InvalidRequest("Cannot change password in non-database auth") pre_oci_model.change_password(username, user_data["password"]) if "email" in user_data: # Ensure that we are using database auth. if app.config["AUTHENTICATION_TYPE"] not in ["Database", "AppToken"]: raise InvalidRequest("Cannot change e-mail in non-database auth") pre_oci_model.update_email(username, user_data["email"], auto_verify=True) if "enabled" in user_data: # Disable/enable the user. pre_oci_model.update_enabled(username, bool(user_data["enabled"])) if "superuser" in user_data: config_object = config_provider.get_config() superusers_set = set(config_object["SUPER_USERS"]) if user_data["superuser"]: superusers_set.add(username) elif username in superusers_set: superusers_set.remove(username) config_object["SUPER_USERS"] = list(superusers_set) config_provider.save_config(config_object) return_value = user.to_dict() if user_data.get("password") is not None: password = user_data.get("password") return_value["encrypted_password"] = authentication.encrypt_user_password( password ).decode("ascii") if user_data.get("email") is not None: return_value["email"] = user_data.get("email") return return_value raise Unauthorized()
def to_dict(self): user_data = { "kind": "user", "name": self.username, "username": self.username, "email": self.email, "verified": self.verified, "avatar": avatar.get_data_for_user(self), "super_user": superusers.is_superuser(self.username), "enabled": self.enabled, } return user_data
def to_dict(self): user_data = { 'kind': 'user', 'name': self.username, 'username': self.username, 'email': self.email, 'verified': self.verified, 'avatar': avatar.get_data_for_user(self), 'super_user': superusers.is_superuser(self.username), 'enabled': self.enabled, } return user_data
def delete(self, username): """ Deletes the specified user. """ if SuperUserPermission().can(): user = pre_oci_model.get_nonrobot_user(username) if user is None: raise NotFound() if superusers.is_superuser(username): raise InvalidRequest("Cannot delete a superuser") pre_oci_model.mark_user_for_deletion(username) return "", 204 raise Unauthorized()
def user_view(user, password=None): user_data = { "kind": "user", "name": user.username, "username": user.username, "email": user.email, "verified": user.verified, "avatar": avatar.get_data_for_user(user), "super_user": superusers.is_superuser(user.username), "enabled": user.enabled, } if password is not None: user_data["encrypted_password"] = authentication.encrypt_user_password(password) return user_data
def user_view(user, password=None): user_data = { 'kind': 'user', 'name': user.username, 'username': user.username, 'email': user.email, 'verified': user.verified, 'avatar': avatar.get_data_for_user(user), 'super_user': superusers.is_superuser(user.username), 'enabled': user.enabled, } if password is not None: user_data['encrypted_password'] = authentication.encrypt_user_password( password) return user_data
def post(self, username): # Ensure that we are using database auth. if app.config["AUTHENTICATION_TYPE"] != "Database": raise InvalidRequest("Cannot send a recovery e-mail for non-database auth") if SuperUserPermission().can(): user = pre_oci_model.get_nonrobot_user(username) if user is None: raise NotFound() if superusers.is_superuser(username): raise InvalidRequest("Cannot send a recovery email for a superuser") code = pre_oci_model.create_reset_password_email_code(user.email) send_recovery_email(user.email, code) return {"email": user.email} raise Unauthorized()
def to_dict(self): user_data = { "kind": "user", "name": self.username, "username": self.username, "email": self.email, "verified": self.verified, "avatar": avatar.get_data_for_user(self), "super_user": superusers.is_superuser(self.username), "enabled": self.enabled, } if features.QUOTA_MANAGEMENT and self.quotas is not None: user_data["quotas"] = ( [quota_view(quota) for quota in self.quotas] if self.quotas else []) user_data[ "quota_report"] = model.namespacequota.get_quota_for_view( self.username) return user_data