def user_settings_profile(ipa, username): user = User(user_or_404(ipa, username)) form = UserSettingsProfileForm(obj=user) if form.validate_on_submit(): result = _user_mod( ipa, form, user, { 'first_name': form.firstname.data, 'last_name': form.lastname.data, 'full_name': '%s %s' % (form.firstname.data, form.lastname.data), 'display_name': '%s %s' % (form.firstname.data, form.lastname.data), 'mail': form.mail.data, 'fasircnick': form.ircnick.data, 'faslocale': form.locale.data, 'fastimezone': form.timezone.data, 'fasgithubusername': form.github.data.lstrip('@'), 'fasgitlabusername': form.gitlab.data.lstrip('@'), 'fasrhbzemail': form.rhbz_mail.data, 'faswebsiteurl': form.website_url.data, }, "user_settings_profile", ) if result: return result return render_template('user-settings-profile.html', user=user, form=form, activetab="profile")
def user_settings_keys(ipa, username): user = User(user_or_404(ipa, username)) form = UserSettingsKeysForm(obj=user) if form.validate_on_submit(): result = _user_mod( ipa, form, user, { 'ipasshpubkey': form.sshpubkeys.data, 'fasgpgkeyid': form.gpgkeys.data }, "user_settings_keys", ) if result: return result # if the form has errors, we don't want to add new fields. otherwise, # more fields will show up with every validation error if not form.errors: # Append 2 empty entries at the bottom of the gpgkeys fieldlist for i in range(2): form.gpgkeys.append_entry() form.sshpubkeys.append_entry() return render_template('user-settings-keys.html', user=user, form=form, activetab="keys")
def user_settings_otp(ipa, username): addotpform = UserSettingsAddOTPForm() user = User(user_or_404(ipa, username)) if addotpform.validate_on_submit(): try: maybe_ipa_login(app, session, username, addotpform.password.data) result = ipa.otptoken_add( o_ipatokenowner=username, o_ipatokenotpalgorithm='sha512', o_description=addotpform.description.data, )['result'] uri = urlparse(result['uri']) # Use the provided description in the token, so it shows up in the user's app instead of # the token's UUID principal = uri.path.split(":", 1)[0] new_uri = uri._replace( path=f"{principal.lower()}:{quote(addotpform.description.data)}" ) session['otp_uri'] = new_uri.geturl() except python_freeipa.exceptions.InvalidSessionPassword: addotpform.password.errors.append(_("Incorrect password")) except python_freeipa.exceptions.FreeIPAError as e: app.logger.error( f'An error happened while creating an OTP token for user {username}: {e.message}' ) addotpform.non_field_errors.errors.append( _('Cannot create the token.')) else: return redirect(url_for('user_settings_otp', username=username)) otp_uri = session.get('otp_uri') session['otp_uri'] = None tokens = [ OTPToken(t) for t in ipa.otptoken_find(o_ipatokenowner=username)["result"] ] tokens.sort(key=lambda t: t.description or "") return render_template( 'user-settings-otp.html', addotpform=addotpform, user=user, activetab="otp", tokens=tokens, otp_uri=otp_uri, )
def user(ipa, username): user = User(user_or_404(ipa, username)) # As a speed optimization, we make two separate calls. # Just doing a group_find (with all=True) is super slow here, with a lot of # groups. groups = [ Group(g) for g in ipa.group_find( user=username, all=False, fasgroup=True)['result'] ] managed_groups = [ Group(g) for g in ipa.group_find( membermanager_user=username, all=False, fasgroup=True)['result'] ] return render_template('user.html', user=user, groups=groups, managed_groups=managed_groups)
def user_settings_agreements(ipa, username): user = User(user_or_404(ipa, username)) agreements = [ Agreement(a) for a in ipa.fasagreement_find(all=False) if Agreement(a).enabled ] form = UserSettingsAgreementSign() if form.validate_on_submit(): agreement_name = form.agreement.data if agreement_name not in [a.name for a in agreements]: flash(_("Unknown agreement: %(name)s.", name=agreement_name), "warning") return redirect( url_for('user_settings_agreements', username=username)) try: ipa.fasagreement_add_user(agreement_name, user=user.username) except python_freeipa.exceptions.BadRequest as e: app.logger.error( f"Cannot sign the agreement {agreement_name!r}: {e}") flash( _( 'Cannot sign the agreement "%(name)s": %(error)s', name=agreement_name, error=e, ), 'danger', ) else: flash( _('You signed the "%(name)s" agreement.', name=agreement_name), "success", ) return redirect(url_for('user_settings_agreements', username=username)) return render_template( 'user-settings-agreements.html', user=user, activetab="agreements", agreementslist=agreements, raw=ipa.fasagreement_find(all=True), )
def user_settings_password(ipa, username): user = User(user_or_404(ipa, username)) form = PasswordResetForm() # check if an OTP token exists. If so, the user is using OTP. using_otp = bool(ipa.otptoken_find(ipatokenowner=username)) if not using_otp: form.current_password.description = "" if form.validate_on_submit(): res = _validate_change_pw_form(form, username, ipa) if res and res.ok: return redirect(url_for('root')) return render_template( 'user-settings-password.html', user=user, password_reset_form=form, activetab="password", using_otp=using_otp, )
def test_user_or_404_unknown(client, logged_in_dummy_user): """Test the user_or_404 method on an unknown user""" with pytest.raises(NotFound): user_or_404(logged_in_dummy_user, "unknown")
def test_user_or_404(client, logged_in_dummy_user): """Test the user_or_404 method""" result = user_or_404(logged_in_dummy_user, "dummy") assert result is not None assert result["uid"] == ["dummy"]