def to_python(self, value, state):
if not value:
return
if value.get('password'):
try:
value['password'] = get_crypt_password(value['password'])
except UnicodeEncodeError:
e_dict = {'password': _('Invalid characters in password')}
raise formencode.Invalid('', value, state, error_dict=e_dict)
if value.get('password_confirmation'):
try:
value['password_confirmation'] = \
get_crypt_password(value['password_confirmation'])
except UnicodeEncodeError:
e_dict = {
'password_confirmation': _('Invalid characters in password')
}
raise formencode.Invalid('', value, state, error_dict=e_dict)
if value.get('new_password'):
try:
value['new_password'] = \
get_crypt_password(value['new_password'])
except UnicodeEncodeError:
e_dict = {'new_password': _('Invalid characters in password')}
raise formencode.Invalid('', value, state, error_dict=e_dict)
return value
def reset_password(self, data):
from rhodecode.lib.celerylib import tasks, run_task
from rhodecode.lib import auth
user_email = data['email']
try:
try:
user = User.get_by_email(user_email)
new_passwd = auth.PasswordGenerator().gen_password(8,
auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
if user:
user.password = auth.get_crypt_password(new_passwd)
user.api_key = auth.generate_api_key(user.username)
Session().add(user)
Session().commit()
log.info('change password for %s' % user_email)
if new_passwd is None:
raise Exception('unable to generate new password')
except Exception:
log.error(traceback.format_exc())
Session().rollback()
run_task(tasks.send_email, user_email,
_('Your new password'),
_('Your new RhodeCode password:%s') % (new_passwd))
log.info('send new password mail to %s' % user_email)
except Exception:
log.error('Failed to update user password')
log.error(traceback.format_exc())
return True
def reset_password(self, data):
from rhodecode.lib.celerylib import tasks, run_task
from rhodecode.lib import auth
user_email = data['email']
try:
try:
user = User.get_by_email(user_email)
new_passwd = auth.PasswordGenerator().gen_password(
8, auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
if user:
user.password = auth.get_crypt_password(new_passwd)
user.api_key = auth.generate_api_key(user.username)
Session().add(user)
Session().commit()
log.info('change password for %s' % user_email)
if new_passwd is None:
raise Exception('unable to generate new password')
except Exception:
log.error(traceback.format_exc())
Session().rollback()
run_task(tasks.send_email, user_email, _('Your new password'),
_('Your new RhodeCode password:%s') % (new_passwd))
log.info('send new password mail to %s' % user_email)
except Exception:
log.error('Failed to update user password')
log.error(traceback.format_exc())
return True
def reset_user_password(user_email):
try:
log = reset_user_password.get_logger()
except:
log = logging.getLogger(__name__)
from rhodecode.lib import auth
from rhodecode.model.db import User
try:
try:
sa = get_session()
user = sa.query(User).filter(User.email == user_email).scalar()
new_passwd = auth.PasswordGenerator().gen_password(8, auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
if user:
user.password = auth.get_crypt_password(new_passwd)
user.api_key = auth.generate_api_key(user.username)
sa.add(user)
sa.commit()
log.info("change password for %s", user_email)
if new_passwd is None:
raise Exception("unable to generate new password")
except:
log.error(traceback.format_exc())
sa.rollback()
run_task(send_email, user_email, "Your new RhodeCode password", "Your new RhodeCode password:%s" % (new_passwd))
log.info("send new password mail to %s", user_email)
except:
log.error("Failed to update user password")
log.error(traceback.format_exc())
return True
def create_ldap(self, username, password, user_dn, attrs, cur_user=None):
"""
Checks if user is in database, if not creates this user marked
as ldap user
:param username:
:param password:
:param user_dn:
:param attrs:
:param cur_user:
"""
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), 'username', None)
from rhodecode.lib.auth import get_crypt_password
log.debug('Checking for such ldap account in RhodeCode database')
if self.get_by_username(username, case_insensitive=True) is None:
# autogenerate email for container account without one
generate_email = lambda usr: '******' % usr
password = get_crypt_password(password)
firstname = attrs['name']
lastname = attrs['lastname']
active = attrs.get('active', True)
email = attrs['email'] or generate_email(username)
from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
user_data = {
'username': username,
'password': password,
'email': email,
'firstname': firstname,
'lastname': lastname,
'active': attrs.get('active', True),
'admin': False
}
# raises UserCreationError if it's not allowed
check_allowed_create_user(user_data, cur_user)
try:
new_user = User()
username = username.lower()
# add ldap account always lowercase
new_user.username = username
new_user.password = password
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(user_dn)
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
log_create_user(new_user.get_dict(), cur_user)
return new_user
except (DatabaseError, ):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug('this %s user exists skipping creation of ldap account',
username)
return None
def reset_password(self, data):
from rhodecode.lib.celerylib import tasks, run_task
from rhodecode.lib import auth
user_email = data['email']
pre_db = True
try:
user = User.get_by_email(user_email)
new_passwd = auth.PasswordGenerator().gen_password(
8, auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
if user:
user.password = auth.get_crypt_password(new_passwd)
user.api_key = auth.generate_api_key(user.username)
Session().add(user)
Session().commit()
log.info('change password for %s' % user_email)
if new_passwd is None:
raise Exception('unable to generate new password')
pre_db = False
run_task(tasks.send_email, user_email, _('Your new password'),
_('Your new RhodeCode password:%s') % (new_passwd, ))
log.info('send new password mail to %s' % user_email)
except Exception:
log.error('Failed to update user password')
log.error(traceback.format_exc())
if pre_db:
# we rollback only if local db stuff fails. If it goes into
# run_task, we're pass rollback state this wouldn't work then
Session().rollback()
return True
def create_ldap(self, username, password, user_dn, attrs):
"""
Checks if user is in database, if not creates this user marked
as ldap user
:param username:
:param password:
:param user_dn:
:param attrs:
"""
from rhodecode.lib.auth import get_crypt_password
log.debug('Checking for such ldap account in RhodeCode database')
if self.get_by_username(username, case_insensitive=True) is None:
try:
new_user = User()
# add ldap account always lowercase
new_user.username = username.lower()
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = attrs['email']
new_user.active = True
new_user.ldap_dn = safe_unicode(user_dn)
new_user.name = attrs['name']
new_user.lastname = attrs['lastname']
self.sa.add(new_user)
self.sa.commit()
return True
except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug('this %s user exists skipping creation of ldap account',
username)
return False
def create_test_user(force=True):
print 'creating test user'
sa = get_session()
user = sa.query(User).filter(User.username == USER).scalar()
if force and user is not None:
print 'removing current user'
for repo in sa.query(Repository).filter(Repository.user == user).all():
sa.delete(repo)
sa.delete(user)
sa.commit()
if user is None or force:
print 'creating new one'
new_usr = User()
new_usr.username = USER
new_usr.password = get_crypt_password(PASS)
new_usr.email = '*****@*****.**'
new_usr.name = 'test'
new_usr.lastname = 'lasttestname'
new_usr.active = True
new_usr.admin = True
sa.add(new_usr)
sa.commit()
print 'done'
def create_test_user(force=True):
print 'creating test user'
sa = get_session()
user = sa.query(User).filter(User.username == USER).scalar()
if force and user is not None:
print 'removing current user'
for repo in sa.query(Repository).filter(Repository.user == user).all():
sa.delete(repo)
sa.delete(user)
sa.commit()
if user is None or force:
print 'creating new one'
new_usr = User()
new_usr.username = USER
new_usr.password = get_crypt_password(PASS)
new_usr.email = '*****@*****.**'
new_usr.name = 'test'
new_usr.lastname = 'lasttestname'
new_usr.active = True
new_usr.admin = True
sa.add(new_usr)
sa.commit()
print 'done'
def reset_user_password(user_email):
from rhodecode.lib import auth
log = get_logger(reset_user_password)
DBS = get_session()
try:
try:
user = User.get_by_email(user_email)
new_passwd = auth.PasswordGenerator().gen_password(8,
auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
if user:
user.password = auth.get_crypt_password(new_passwd)
user.api_key = auth.generate_api_key(user.username)
DBS.add(user)
DBS.commit()
log.info('change password for %s' % user_email)
if new_passwd is None:
raise Exception('unable to generate new password')
except:
log.error(traceback.format_exc())
DBS.rollback()
run_task(send_email, user_email,
'Your new password',
'Your new RhodeCode password:%s' % (new_passwd))
log.info('send new password mail to %s' % user_email)
except:
log.error('Failed to update user password')
log.error(traceback.format_exc())
return True
def create_or_update(self,
username,
password,
email,
firstname='',
lastname='',
active=True,
admin=False,
ldap_dn=None):
"""
Creates a new instance if not found, or updates current one
:param username:
:param password:
:param email:
:param active:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
"""
from rhodecode.lib.auth import get_crypt_password
log.debug('Checking for %s account in RhodeCode database' % username)
user = User.get_by_username(username, case_insensitive=True)
if user is None:
log.debug('creating new user %s' % username)
new_user = User()
edit = False
else:
log.debug('updating user %s' % username)
new_user = user
edit = True
try:
new_user.username = username
new_user.admin = admin
# set password only if creating an user or password is changed
if not edit or user.password != password:
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
return new_user
except (DatabaseError, ):
log.error(traceback.format_exc())
raise
def reset_password(self, data):
from rhodecode.lib.celerylib import tasks, run_task
from rhodecode.model.notification import EmailNotificationModel
from rhodecode.lib import auth
user_email = data['email']
pre_db = True
try:
user = User.get_by_email(user_email)
new_passwd = auth.PasswordGenerator().gen_password(
12, auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
if user:
user.password = auth.get_crypt_password(new_passwd)
# also force this user to reset his password !
user.update_userdata(force_password_change=True)
Session().add(user)
Session().commit()
log.info('change password for %s', user_email)
if new_passwd is None:
raise Exception('unable to generate new password')
pre_db = False
email_kwargs = {
'new_password': new_passwd,
'user': user,
'email': user_email,
'date': datetime.datetime.now()
}
(subject, headers, email_body,
email_body_plaintext) = EmailNotificationModel().render_email(
EmailNotificationModel.TYPE_PASSWORD_RESET_CONFIRMATION, **email_kwargs)
recipients = [user_email]
action_logger_generic(
'sent new password to user: {} with email: {}'.format(
user, user_email), namespace='security.password_reset')
run_task(tasks.send_email, recipients, subject,
email_body_plaintext, email_body)
except Exception:
log.error('Failed to update user password')
log.error(traceback.format_exc())
if pre_db:
# we rollback only if local db stuff fails. If it goes into
# run_task, we're pass rollback state this wouldn't work then
Session().rollback()
return True
def create_or_update(
self, username, password, email, firstname="", lastname="", active=True, admin=False, ldap_dn=None
):
"""
Creates a new instance if not found, or updates current one
:param username:
:param password:
:param email:
:param active:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
"""
from rhodecode.lib.auth import get_crypt_password
log.debug("Checking for %s account in RhodeCode database" % username)
user = User.get_by_username(username, case_insensitive=True)
if user is None:
log.debug("creating new user %s" % username)
new_user = User()
edit = False
else:
log.debug("updating user %s" % username)
new_user = user
edit = True
try:
new_user.username = username
new_user.admin = admin
# set password only if creating an user or password is changed
if not edit or user.password != password:
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
raise
def create(self, form_data):
from rhodecode.lib.auth import get_crypt_password
try:
new_user = User()
for k, v in form_data.items():
if k == 'password':
v = get_crypt_password(v)
if k == 'firstname':
k = 'name'
setattr(new_user, k, v)
new_user.api_key = generate_api_key(form_data['username'])
self.sa.add(new_user)
return new_user
except:
log.error(traceback.format_exc())
raise
def create(self, form_data):
from rhodecode.lib.auth import get_crypt_password
try:
new_user = User()
for k, v in form_data.items():
if k == 'password':
v = get_crypt_password(v)
if k == 'firstname':
k = 'name'
setattr(new_user, k, v)
new_user.api_key = generate_api_key(form_data['username'])
self.sa.add(new_user)
return new_user
except Exception:
log.error(traceback.format_exc())
raise
def create(cls, form_data):
from rhodecode.lib.auth import get_crypt_password
try:
new_user = cls()
for k, v in form_data.items():
if k == "password":
v = get_crypt_password(v)
setattr(new_user, k, v)
new_user.api_key = generate_api_key(form_data["username"])
Session.add(new_user)
Session.commit()
return new_user
except:
log.error(traceback.format_exc())
Session.rollback()
raise
def create_default_user(self):
log.info('creating default user')
#create default user for handling default permissions.
def_user = User()
def_user.username = '******'
def_user.password = get_crypt_password(str(uuid.uuid1())[:8])
def_user.api_key = generate_api_key('default')
def_user.name = 'Anonymous'
def_user.lastname = 'User'
def_user.email = '*****@*****.**'
def_user.admin = False
def_user.active = False
try:
self.sa.add(def_user)
self.sa.commit()
except:
self.sa.rollback()
raise
def create_user(self, username, password, email='', admin=False):
log.info('creating administrator user %s', username)
new_user = User()
new_user.username = username
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.name = 'RhodeCode'
new_user.lastname = 'Admin'
new_user.email = email
new_user.admin = admin
new_user.active = True
try:
self.sa.add(new_user)
self.sa.commit()
except:
self.sa.rollback()
raise
def create(cls, form_data):
from rhodecode.lib.auth import get_crypt_password
try:
new_user = cls()
for k, v in form_data.items():
if k == 'password':
v = get_crypt_password(v)
setattr(new_user, k, v)
new_user.api_key = generate_auth_token(form_data['username'])
Session.add(new_user)
Session.commit()
return new_user
except:
log.error(traceback.format_exc())
Session.rollback()
raise
def update_user(self, user, **kwargs):
from rhodecode.lib.auth import get_crypt_password
try:
user = self._get_user(user)
if user.username == "default":
raise DefaultUserException(_("You can't Edit this user since it's" " crucial for entire application"))
for k, v in kwargs.items():
if k == "password" and v:
v = get_crypt_password(v)
user.api_key = generate_api_key(user.username)
setattr(user, k, v)
self.sa.add(user)
return user
except Exception:
log.error(traceback.format_exc())
raise
def update_user(self, user, **kwargs):
from rhodecode.lib.auth import get_crypt_password
try:
user = self._get_user(user)
if user.username == 'default':
raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
for k, v in kwargs.items():
if k == 'password' and v:
v = get_crypt_password(v)
user.api_key = generate_api_key(user.username)
setattr(user, k, v)
self.sa.add(user)
return user
except Exception:
log.error(traceback.format_exc())
raise
def update(self, user_id, form_data):
from rhodecode.lib.auth import get_crypt_password
try:
user = self.get(user_id, cache=False)
if user.username == 'default':
raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
for k, v in form_data.items():
if k == 'new_password' and v:
user.password = get_crypt_password(v)
user.api_key = generate_api_key(user.username)
else:
if k == 'firstname':
k = 'name'
setattr(user, k, v)
self.sa.add(user)
except:
log.error(traceback.format_exc())
raise
def create_ldap(self, username, password, user_dn, attrs):
"""
Checks if user is in database, if not creates this user marked
as ldap user
:param username:
:param password:
:param user_dn:
:param attrs:
"""
from rhodecode.lib.auth import get_crypt_password
log.debug('Checking for such ldap account in RhodeCode database')
if self.get_by_username(username, case_insensitive=True) is None:
# autogenerate email for ldap account without one
generate_email = lambda usr: '******' % usr
try:
new_user = User()
username = username.lower()
# add ldap account always lowercase
new_user.username = username
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = attrs['email'] or generate_email(username)
new_user.active = attrs.get('active', True)
new_user.ldap_dn = safe_unicode(user_dn)
new_user.name = attrs['name']
new_user.lastname = attrs['lastname']
self.sa.add(new_user)
return new_user
except (DatabaseError, ):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug('this %s user exists skipping creation of ldap account',
username)
return None
def create_ldap(self, username, password, user_dn, attrs):
"""
Checks if user is in database, if not creates this user marked
as ldap user
:param username:
:param password:
:param user_dn:
:param attrs:
"""
from rhodecode.lib.auth import get_crypt_password
log.debug("Checking for such ldap account in RhodeCode database")
if self.get_by_username(username, case_insensitive=True) is None:
# autogenerate email for ldap account without one
generate_email = lambda usr: "******" % usr
try:
new_user = User()
username = username.lower()
# add ldap account always lowercase
new_user.username = username
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = attrs["email"] or generate_email(username)
new_user.active = attrs.get("active", True)
new_user.ldap_dn = safe_unicode(user_dn)
new_user.name = attrs["name"]
new_user.lastname = attrs["lastname"]
self.sa.add(new_user)
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug("this %s user exists skipping creation of ldap account", username)
return None
def create(self, form_data, cur_user=None):
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), "username", None)
from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
_fd = form_data
user_data = {
"username": _fd["username"],
"password": _fd["password"],
"email": _fd["email"],
"firstname": _fd["firstname"],
"lastname": _fd["lastname"],
"active": _fd["active"],
"admin": False,
}
# raises UserCreationError if it's not allowed
check_allowed_create_user(user_data, cur_user)
from rhodecode.lib.auth import get_crypt_password
try:
new_user = User()
for k, v in form_data.items():
if k == "password":
v = get_crypt_password(v)
if k == "firstname":
k = "name"
setattr(new_user, k, v)
new_user.api_key = generate_api_key(form_data["username"])
self.sa.add(new_user)
log_create_user(new_user.get_dict(), cur_user)
return new_user
except Exception:
log.error(traceback.format_exc())
raise
def update(self, user_id, form_data, skip_attrs=[]):
from rhodecode.lib.auth import get_crypt_password
try:
user = self.get(user_id, cache=False)
if user.username == 'default':
raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
for k, v in form_data.items():
if k in skip_attrs:
continue
if k == 'new_password' and v:
user.password = get_crypt_password(v)
user.api_key = generate_api_key(user.username)
else:
if k == 'firstname':
k = 'name'
setattr(user, k, v)
self.sa.add(user)
except Exception:
log.error(traceback.format_exc())
raise
def reset_password(self, data):
from rhodecode.lib.celerylib import tasks, run_task
from rhodecode.lib import auth
user_email = data["email"]
pre_db = True
try:
user = User.get_by_email(user_email)
new_passwd = auth.PasswordGenerator().gen_password(8, auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
if user:
user.password = auth.get_crypt_password(new_passwd)
user.api_key = auth.generate_api_key(user.username)
Session().add(user)
Session().commit()
log.info("change password for %s" % user_email)
if new_passwd is None:
raise Exception("unable to generate new password")
pre_db = False
run_task(
tasks.send_email,
user_email,
_("Your new password"),
_("Your new RhodeCode password:%s") % (new_passwd,),
)
log.info("send new password mail to %s" % user_email)
except Exception:
log.error("Failed to update user password")
log.error(traceback.format_exc())
if pre_db:
# we rollback only if local db stuff fails. If it goes into
# run_task, we're pass rollback state this wouldn't work then
Session().rollback()
return True
def create(self, form_data, cur_user=None):
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), 'username', None)
from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
_fd = form_data
user_data = {
'username': _fd['username'],
'password': _fd['password'],
'email': _fd['email'],
'firstname': _fd['firstname'],
'lastname': _fd['lastname'],
'active': _fd['active'],
'admin': False
}
# raises UserCreationError if it's not allowed
check_allowed_create_user(user_data, cur_user)
from rhodecode.lib.auth import get_crypt_password
try:
new_user = User()
for k, v in form_data.items():
if k == 'password':
v = get_crypt_password(v)
if k == 'firstname':
k = 'name'
setattr(new_user, k, v)
new_user.api_key = generate_api_key(form_data['username'])
self.sa.add(new_user)
log_create_user(new_user.get_dict(), cur_user)
return new_user
except Exception:
log.error(traceback.format_exc())
raise
def create_ldap(self, username, password, user_dn, attrs, cur_user=None):
"""
Checks if user is in database, if not creates this user marked
as ldap user
:param username:
:param password:
:param user_dn:
:param attrs:
:param cur_user:
"""
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), "username", None)
from rhodecode.lib.auth import get_crypt_password
log.debug("Checking for such ldap account in RhodeCode database")
if self.get_by_username(username, case_insensitive=True) is None:
# autogenerate email for container account without one
generate_email = lambda usr: "******" % usr
password = get_crypt_password(password)
firstname = attrs["name"]
lastname = attrs["lastname"]
active = attrs.get("active", True)
email = attrs["email"] or generate_email(username)
from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
user_data = {
"username": username,
"password": password,
"email": email,
"firstname": firstname,
"lastname": lastname,
"active": attrs.get("active", True),
"admin": False,
}
# raises UserCreationError if it's not allowed
check_allowed_create_user(user_data, cur_user)
try:
new_user = User()
username = username.lower()
# add ldap account always lowercase
new_user.username = username
new_user.password = password
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(user_dn)
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
log_create_user(new_user.get_dict(), cur_user)
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug("this %s user exists skipping creation of ldap account", username)
return None
def test_get_crypt_password_accepts_unicode(password):
result = auth.get_crypt_password(password.value)
assert result == password.hashed
def create_or_update(
self, username, password, email, firstname='', lastname='',
active=True, admin=False, extern_type=None, extern_name=None,
cur_user=None, plugin=None, force_password_change=False,
allow_to_create_user=True, create_repo_group=False,
updating_user_id=None, language=None, strict_creation_check=True):
"""
Creates a new instance if not found, or updates current one
:param username:
:param password:
:param email:
:param firstname:
:param lastname:
:param active:
:param admin:
:param extern_type:
:param extern_name:
:param cur_user:
:param plugin: optional plugin this method was called from
:param force_password_change: toggles new or existing user flag
for password change
:param allow_to_create_user: Defines if the method can actually create
new users
:param create_repo_group: Defines if the method should also
create an repo group with user name, and owner
:param updating_user_id: if we set it up this is the user we want to
update this allows to editing username.
:param language: language of user from interface.
:returns: new User object with injected `is_new_user` attribute.
"""
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), 'username', None)
from rhodecode.lib.auth import (
get_crypt_password, check_password, generate_auth_token)
from rhodecode.lib.hooks_base import (
log_create_user, check_allowed_create_user)
def _password_change(new_user, password):
# empty password
if not new_user.password:
return False
# password check is only needed for RhodeCode internal auth calls
# in case it's a plugin we don't care
if not plugin:
# first check if we gave crypted password back, and if it matches
# it's not password change
if new_user.password == password:
return False
password_match = check_password(password, new_user.password)
if not password_match:
return True
return False
user_data = {
'username': username,
'password': password,
'email': email,
'firstname': firstname,
'lastname': lastname,
'active': active,
'admin': admin
}
if updating_user_id:
log.debug('Checking for existing account in RhodeCode '
'database with user_id `%s` ' % (updating_user_id,))
user = User.get(updating_user_id)
else:
log.debug('Checking for existing account in RhodeCode '
'database with username `%s` ' % (username,))
user = User.get_by_username(username, case_insensitive=True)
if user is None:
# we check internal flag if this method is actually allowed to
# create new user
if not allow_to_create_user:
msg = ('Method wants to create new user, but it is not '
'allowed to do so')
log.warning(msg)
raise NotAllowedToCreateUserError(msg)
log.debug('Creating new user %s', username)
# only if we create user that is active
new_active_user = active
if new_active_user and strict_creation_check:
# raises UserCreationError if it's not allowed for any reason to
# create new active user, this also executes pre-create hooks
check_allowed_create_user(user_data, cur_user, strict_check=True)
self.send_event(UserPreCreate(user_data))
new_user = User()
edit = False
else:
log.debug('updating user %s', username)
self.send_event(UserPreUpdate(user, user_data))
new_user = user
edit = True
# we're not allowed to edit default user
if user.username == User.DEFAULT_USER:
raise DefaultUserException(
_("You can't edit this user (`%(username)s`) since it's "
"crucial for entire application") % {'username': user.username})
# inject special attribute that will tell us if User is new or old
new_user.is_new_user = not edit
# for users that didn's specify auth type, we use RhodeCode built in
from rhodecode.authentication.plugins import auth_rhodecode
extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.name
extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.name
try:
new_user.username = username
new_user.admin = admin
new_user.email = email
new_user.active = active
new_user.extern_name = safe_unicode(extern_name)
new_user.extern_type = safe_unicode(extern_type)
new_user.name = firstname
new_user.lastname = lastname
if not edit:
new_user.api_key = generate_auth_token(username)
# set password only if creating an user or password is changed
if not edit or _password_change(new_user, password):
reason = 'new password' if edit else 'new user'
log.debug('Updating password reason=>%s', reason)
new_user.password = get_crypt_password(password) if password else None
if force_password_change:
new_user.update_userdata(force_password_change=True)
if language:
new_user.update_userdata(language=language)
self.sa.add(new_user)
if not edit and create_repo_group:
# create new group same as username, and make this user an owner
desc = RepoGroupModel.PERSONAL_GROUP_DESC % {'username': username}
RepoGroupModel().create(group_name=username,
group_description=desc,
owner=username, commit_early=False)
if not edit:
# add the RSS token
AuthTokenModel().create(username,
description='Generated feed token',
role=AuthTokenModel.cls.ROLE_FEED)
log_create_user(created_by=cur_user, **new_user.get_dict())
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
raise
def create_or_update(
self,
username,
password,
email,
firstname="",
lastname="",
active=True,
admin=False,
ldap_dn=None,
cur_user=None,
):
"""
Creates a new instance if not found, or updates current one
:param username:
:param password:
:param email:
:param active:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
:param cur_user:
"""
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), "username", None)
from rhodecode.lib.auth import get_crypt_password
from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
user_data = {
"username": username,
"password": password,
"email": email,
"firstname": firstname,
"lastname": lastname,
"active": active,
"admin": admin,
}
# raises UserCreationError if it's not allowed
check_allowed_create_user(user_data, cur_user)
log.debug("Checking for %s account in RhodeCode database" % username)
user = User.get_by_username(username, case_insensitive=True)
if user is None:
log.debug("creating new user %s" % username)
new_user = User()
edit = False
else:
log.debug("updating user %s" % username)
new_user = user
edit = True
try:
new_user.username = username
new_user.admin = admin
# set password only if creating an user or password is changed
if not edit or user.password != password:
new_user.password = get_crypt_password(password) if password else None
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
if not edit:
log_create_user(new_user.get_dict(), cur_user)
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
raise
def create_or_update(self,
username,
password,
email,
firstname='',
lastname='',
active=True,
admin=False,
ldap_dn=None,
cur_user=None):
"""
Creates a new instance if not found, or updates current one
:param username:
:param password:
:param email:
:param active:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
:param cur_user:
"""
if not cur_user:
cur_user = getattr(get_current_rhodecode_user(), 'username', None)
from rhodecode.lib.auth import get_crypt_password
from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
user_data = {
'username': username,
'password': password,
'email': email,
'firstname': firstname,
'lastname': lastname,
'active': active,
'admin': admin
}
# raises UserCreationError if it's not allowed
check_allowed_create_user(user_data, cur_user)
log.debug('Checking for %s account in RhodeCode database' % username)
user = User.get_by_username(username, case_insensitive=True)
if user is None:
log.debug('creating new user %s' % username)
new_user = User()
edit = False
else:
log.debug('updating user %s' % username)
new_user = user
edit = True
try:
new_user.username = username
new_user.admin = admin
# set password only if creating an user or password is changed
if not edit or user.password != password:
new_user.password = get_crypt_password(
password) if password else None
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
new_user.name = firstname
new_user.lastname = lastname
self.sa.add(new_user)
if not edit:
log_create_user(new_user.get_dict(), cur_user)
return new_user
except (DatabaseError, ):
log.error(traceback.format_exc())
raise
