Python auth.Identity类代码示例

 def _original_user(self):
     # A proper user, with an id that can be mapped directly to sqlalchemy
     if isinstance(self.id, int) or self.id.isdigit():
         return User.get(int(self.id))
     # A user who had no real indico account but an ldap identifier/email.
     # In this case we try to find his real user and replace the ID of this object
     # with that user's ID.
     data = self.id.split(':')
     # TODO: Once everything is in SQLAlchemy this whole thing needs to go away!
     user = None
     if data[0] == 'LDAP':
         identifier = data[1]
         email = data[2]
         # You better have only one ldap provider or at least different identifiers ;)
         identity = Identity.find_first(Identity.provider != 'indico', Identity.identifier == identifier)
         if identity:
             user = identity.user
     elif data[0] == 'Nice':
         email = data[1]
     else:
         return None
     if not user:
         user = User.find_first(User.all_emails.contains(email))
     if user:
         self._old_id = self.id
         self.id = str(user.id)
         logger.info("Updated legacy user id (%s => %s)", self._old_id, self.id)
     return user

def create(grant_admin):
    """Creates a new user"""
    user_type = 'user' if not grant_admin else 'admin'
    while True:
        email = prompt_email()
        if email is None:
            return
        email = email.lower()
        if not User.query.filter(User.all_emails == email, ~User.is_deleted, ~User.is_pending).has_rows():
            break
        print(cformat('%{red}Email already exists'))
    first_name = click.prompt("First name").strip()
    last_name = click.prompt("Last name").strip()
    affiliation = click.prompt("Affiliation", '').strip()
    print()
    while True:
        username = click.prompt("Enter username").lower().strip()
        if not Identity.find(provider='indico', identifier=username).count():
            break
        print(cformat('%{red}Username already exists'))
    password = prompt_pass()
    if password is None:
        return

    identity = Identity(provider='indico', identifier=username, password=password)
    user = create_user(email, {'first_name': to_unicode(first_name), 'last_name': to_unicode(last_name),
                               'affiliation': to_unicode(affiliation)}, identity)
    user.is_admin = grant_admin
    _print_user_info(user)

    if click.confirm(cformat("%{yellow}Create the new {}?").format(user_type), default=True):
        db.session.add(user)
        db.session.commit()
        print(cformat("%{green}New {} created successfully with ID: %{green!}{}").format(user_type, user.id))

def user_create(grant_admin):
    """Creates new user"""
    update_session_options(db)
    user_type = 'user' if not grant_admin else 'admin'
    while True:
        email = prompt_email()
        if email is None:
            return
        email = email.lower()
        if not User.find(User.all_emails.contains(email), ~User.is_deleted, ~User.is_pending).count():
            break
        error('Email already exists')
    first_name = prompt("First name")
    last_name = prompt("Last name")
    affiliation = prompt("Affiliation", '')
    print()
    while True:
        username = prompt("Enter username").lower()
        if not Identity.find(provider='indico', identifier=username).count():
            break
        error('Username already exists')
    password = prompt_pass()
    if password is None:
        return

    identity = Identity(provider='indico', identifier=username, password=password)
    user = create_user(email, {'first_name': to_unicode(first_name), 'last_name': to_unicode(last_name),
                               'affiliation': to_unicode(affiliation)}, identity)
    user.is_admin = grant_admin
    print_user_info(user)

    if prompt_bool(cformat("%{yellow}Create the new {}?").format(user_type), default=True):
        db.session.add(user)
        db.session.commit()
        success("New {} created successfully with ID: {}".format(user_type, user.id))

 def validate_username(self, field):
     query = Identity.find(
         Identity.provider == "indico",
         Identity.identifier == field.data,
         Identity.identifier != self.identity.identifier,
     )
     if query.count():
         raise ValidationError(_("This username is already in use."))

 def _process(self):
     if 'token' in request.args:
         identity_id = secure_serializer.loads(request.args['token'], max_age=3600, salt='reset-password')
         identity = Identity.get(identity_id)
         if not identity:
             raise BadData('Identity does not exist')
         return self._reset_password(identity)
     else:
         return self._request_token()

def get_user_from_identifier(settings, identifier):
    """Get an actual User object from an identifier"""
    providers = list(auth.strip() for auth in settings.get('authenticators').split(','))
    identities = Identity.find_all(Identity.provider.in_(providers), Identity.identifier == identifier)
    if identities:
        return sorted(identities, key=lambda x: providers.index(x.provider))[0].user
    for provider in providers:
        try:
            identity_info = multipass.get_identity(provider, identifier)
        except IdentityRetrievalFailed:
            continue
        if identity_info is None:
            continue
        if not identity_info.provider.settings.get('trusted_email'):
            continue
        emails = {email.lower() for email in identity_info.data.getlist('email') if email}
        if not emails:
            continue
        user = User.find_first(~User.is_deleted, User.all_emails.in_(list(emails)))
        if user:
            return user

 def _process_args(self):
     RHUserBase._process_args(self)
     self.identity = Identity.get_one(request.view_args['identity'])
     if self.identity.user != self.user:
         raise NotFound()

    def migrate_users(self):
        print cformat('%{white!}migrating users')

        seen_identities = set()

        for avatar in committing_iterator(self._iter_avatars(), 5000):
            if getattr(avatar, '_mergeTo', None):
                print cformat('%{red!}!!!%{reset} '
                              '%{yellow!}Skipping {} - merged into {}').format(avatar.id, avatar._mergeTo.id)
                continue
            elif avatar.status == 'Not confirmed':
                print cformat('%{yellow!}!!!%{reset} '
                              '%{yellow!}Skipping {} - not activated').format(avatar.id)
                continue
            elif not avatar.name.strip() and not avatar.surName.strip():
                links = {(obj, role): list(objs)
                         for obj, x in avatar.linkedTo.iteritems()
                         for role, objs in x.iteritems()
                         if objs}
                if not avatar.identities and not links:
                    print cformat('%{yellow!}!!!%{reset} '
                                  '%{yellow!}Skipping {} - no names and no identities/links').format(avatar.id)
                    continue

            user = self._user_from_avatar(avatar)
            self._fix_collisions(user, avatar)
            db.session.add(user)
            settings = self._settings_from_avatar(avatar)
            user_settings.set_multi(user, settings)
            # favorite users cannot be migrated here since the target user might not have been migrated yet
            # XXX: adapt to new categories for 2.0
            user.favorite_categories = set(filter(None, avatar.linkedTo['category']['favorite']))
            db.session.flush()
            print cformat('%{green}+++%{reset} '
                          '%{white!}{:6d}%{reset} %{cyan}{}%{reset} [%{blue!}{}%{reset}] '
                          '{{%{cyan!}{}%{reset}}}').format(user.id, user.full_name, user.email,
                                                           ', '.join(user.secondary_emails))
            # migrate API keys
            self._migrate_api_keys(avatar, user)
            # migrate identities of non-deleted avatars
            if not user.is_deleted:
                for old_identity in avatar.identities:
                    identity = None
                    username = convert_to_unicode(old_identity.login).strip().lower()

                    if not username:
                        print cformat("%{red!}!!!%{reset} "
                                      "%{yellow!}Empty username: {}. Skipping identity.").format(
                                          old_identity)
                        continue

                    provider = {
                        'LocalIdentity': 'indico',
                        'LDAPIdentity': self.ldap_provider_name
                    }.get(old_identity.__class__.__name__)

                    if provider is None:
                        print cformat("%{red!}!!!%{reset} "
                                      "%{yellow!}Unsupported provider: {}. Skipping identity.").format(
                            old_identity.__class__.__name__)
                        continue

                    if (provider, username) in seen_identities:
                        print cformat("%{red!}!!!%{reset} "
                                      "%{yellow!}Duplicate identity: {}, {}. Skipping.").format(provider, username)
                        continue

                    if provider == 'indico' and not self.ignore_local_accounts:
                        identity = Identity(provider=provider, identifier=username)

                        if not hasattr(old_identity, 'algorithm'):  # plaintext password
                            if not old_identity.password:
                                # password is empty, skip identity
                                print cformat("%{red!}!!!%{reset} "
                                              "%{yellow!}Identity '{}' has empty password. Skipping identity.").format(
                                                  old_identity.login)
                                continue
                            identity.password = old_identity.password
                        else:
                            assert old_identity.algorithm == 'bcrypt'
                            identity.password_hash = old_identity.password

                    elif provider == self.ldap_provider_name:
                        identity = Identity(provider=provider, identifier=username)

                    if identity:
                        print cformat('%{blue!}<->%{reset}  %{yellow}{}%{reset}').format(identity)
                        user.identities.add(identity)
                        seen_identities.add((provider, username))

            for merged_avatar in getattr(avatar, '_mergeFrom', ()):
                if merged_avatar.id == avatar.id:
                    continue
                merged = self._user_from_avatar(merged_avatar, is_deleted=True, merged_into_id=user.id)
                print cformat('%{blue!}***%{reset} '
                              '%{white!}{:6d}%{reset} %{cyan}{}%{reset} [%{blue!}{}%{reset}] '
                              '{{%{cyan!}{}%{reset}}}').format(merged.id, merged.full_name, merged.email,
                                                               ', '.join(merged.secondary_emails))
                self._fix_collisions(merged, merged_avatar)
                db.session.add(merged)
#.........这里部分代码省略.........

def _check_existing_username(form, field):
    if Identity.find(provider='indico', identifier=field.data).count():
        raise ValidationError(_('This username is already in use.'))