kallithea Changeset - 09dc083f461f

Changeset - 09dc083f461f

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Mads Kiilerich - 9 years ago 2016-09-12 17:41:19
madski@unity3d.com

api: drop odd creation of password when extern_name is set

The check of extern_name and the interpretation of it seems odd.

Also, there is no point in setting a random password. It can't be retrieved and
used, and not setting a password is more secure.

1 file changed with 0 insertions and 4 deletions:

kallithea/controllers/api/api.py

0 comments (0 inline, 0 general)

kallithea/controllers/api/api.py

➞

Show inline comments

@@ @@ -584,196 +584,192 @@ class ApiController(JSONRPCController): @@
                     'userid is not the same as your user'
+                )
         if isinstance(userid, Optional):
             userid = apiuser.user_id
         user = get_user_or_error(userid)
         data = user.get_api_data()
         data['permissions'] = AuthUser(user_id=user.user_id).permissions
         return data
     @HasPermissionAnyDecorator('hg.admin')
     def get_users(self, apiuser):
         """
         Lists all existing users. This command can be executed only using api_key
         belonging to user with admin rights.
         :param apiuser: filled automatically from apikey
         :type apiuser: AuthUser
         OUTPUT::
             id : <id_given_in_input>
             result: [<user_object>, ...]
             error:  null
         """
         result = []
         users_list = User.query().order_by(User.username) \
             .filter(User.username != User.DEFAULT_USER) \
             .all()
         for user in users_list:
             result.append(user.get_api_data())
         return result
     @HasPermissionAnyDecorator('hg.admin')
     def create_user(self, apiuser, username, email, password=Optional(''),
                     firstname=Optional(''), lastname=Optional(''),
                     active=Optional(True), admin=Optional(False),
                     extern_name=Optional(EXTERN_TYPE_INTERNAL),
                     extern_type=Optional(EXTERN_TYPE_INTERNAL)):
         """
         Creates new user. Returns new user object. This command can
         be executed only using api_key belonging to user with admin rights.
         :param apiuser: filled automatically from apikey
         :type apiuser: AuthUser
         :param username: new username
         :type username: str or int
         :param email: email
         :type email: str
         :param password: password
         :type password: Optional(str)
         :param firstname: firstname
         :type firstname: Optional(str)
         :param lastname: lastname
         :type lastname: Optional(str)
         :param active: active
         :type active: Optional(bool)
         :param admin: admin
         :type admin: Optional(bool)
         :param extern_name: name of extern
         :type extern_name: Optional(str)
         :param extern_type: extern_type
         :type extern_type: Optional(str)
         OUTPUT::
             id : <id_given_in_input>
             result: {
                       "msg" : "created new user `<username>`",
                       "user": <user_obj>
+                    }
             error:  null
         ERROR OUTPUT::
           id : <id_given_in_input>
           result : null
           error :  {
             "user `<username>` already exist"
             or
             "email `<email>` already exist"
             or
             "failed to create user `<username>`"
+          }
         """
         if User.get_by_username(username):
             raise JSONRPCError("user `%s` already exist" % (username,))
         if User.get_by_email(email):
             raise JSONRPCError("email `%s` already exist" % (email,))
         if Optional.extract(extern_name):
             # generate temporary password if user is external
             password = PasswordGenerator().gen_password(length=8)
         try:
             user = UserModel().create_or_update(
                 username=Optional.extract(username),
                 password=Optional.extract(password),
                 email=Optional.extract(email),
                 firstname=Optional.extract(firstname),
                 lastname=Optional.extract(lastname),
                 active=Optional.extract(active),
                 admin=Optional.extract(admin),
                 extern_type=Optional.extract(extern_type),
                 extern_name=Optional.extract(extern_name)
+            )
             Session().commit()
             return dict(
                 msg='created new user `%s`' % username,
                 user=user.get_api_data()
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to create user `%s`' % (username,))
     @HasPermissionAnyDecorator('hg.admin')
     def update_user(self, apiuser, userid, username=Optional(None),
                     email=Optional(None), password=Optional(None),
                     firstname=Optional(None), lastname=Optional(None),
                     active=Optional(None), admin=Optional(None),
                     extern_type=Optional(None), extern_name=Optional(None)):
         """
         updates given user if such user exists. This command can
         be executed only using api_key belonging to user with admin rights.
         :param apiuser: filled automatically from apikey
         :type apiuser: AuthUser
         :param userid: userid to update
         :type userid: str or int
         :param username: new username
         :type username: str or int
         :param email: email
         :type email: str
         :param password: password
         :type password: Optional(str)
         :param firstname: firstname
         :type firstname: Optional(str)
         :param lastname: lastname
         :type lastname: Optional(str)
         :param active: active
         :type active: Optional(bool)
         :param admin: admin
         :type admin: Optional(bool)
         :param extern_name:
         :type extern_name: Optional(str)
         :param extern_type:
         :type extern_type: Optional(str)
         OUTPUT::
             id : <id_given_in_input>
             result: {
                       "msg" : "updated user ID:<userid> <username>",
                       "user": <user_object>,
+                    }
             error:  null
         ERROR OUTPUT::
           id : <id_given_in_input>
           result : null
           error :  {
             "failed to update user `<username>`"
+          }
         """
         user = get_user_or_error(userid)
         # only non optional arguments will be stored in updates
         updates = {}
         try:
             store_update(updates, username, 'username')
             store_update(updates, password, 'password')
             store_update(updates, email, 'email')
             store_update(updates, firstname, 'name')
             store_update(updates, lastname, 'lastname')
             store_update(updates, active, 'active')
             store_update(updates, admin, 'admin')
             store_update(updates, extern_name, 'extern_name')
             store_update(updates, extern_type, 'extern_type')
             user = UserModel().update_user(user, **updates)
             Session().commit()
             return dict(
                 msg='updated user ID:%s %s' % (user.user_id, user.username),
                 user=user.get_api_data()

0 comments (0 inline, 0 general)