Get's an user by username or user_id, Returns empty result if user is not found.

If userid param is skipped it is set to id of user who is calling this method.

This command can be executed only using api_key belonging to user with admin

rights, or regular users that cannot specify different userid than theirs

INPUT::

    id : <id_for_response>

    api_key : "<api_key>"

    method :  "get_user"

    args :    {

                "userid" : "<username or user_id Optional(=apiuser)>"

              }

OUTPUT::

    id : <id_given_in_input>

    result: None if user does not exist or

            {

                "user_id" :     "<user_id>",

                "api_key" :     "<api_key>",

                "username" :    "<username>",

                "firstname":    "<firstname>",

                "lastname" :    "<lastname>",

                "email" :       "<email>",

                "emails":       "<list_of_all_additional_emails>",

                "ip_addresses": "<list_of_ip_addresses_for_user>",

                "active" :      "<bool>",

                "admin" :       "<bool>",

                "ldap_dn" :     "<ldap_dn>",

                "last_login":   "<last_login>",

                "permissions": {

                    "global": ["hg.create.repository",

                               "repository.read",

                               "hg.register.manual_activate"],

                    "repositories": {"repo1": "repository.none"},

                    "repositories_groups": {"Group1": "group.read"}

                 },

            }

    error:  null

get_users

---------

Lists all existing users. This command can be executed only using api_key

belonging to user with admin rights.

INPUT::

    id : <id_for_response>

    api_key : "<api_key>"

    method :  "get_users"

    args :    { }

OUTPUT::

    id : <id_given_in_input>

    result: [

              {

                "user_id" :     "<user_id>",

                "username" :    "<username>",

                "firstname":    "<firstname>",

                "lastname" :    "<lastname>",

                "email" :       "<email>",

                "emails":       "<list_of_all_additional_emails>",

                "ip_addresses": "<list_of_ip_addresses_for_user>",

                "active" :      "<bool>",

                "admin" :       "<bool>",

                "ldap_dn" :     "<ldap_dn>",

                "last_login":   "<last_login>",

              },

              …

            ]

    error:  null

create_user

-----------

Creates new user. This command can

be executed only using api_key belonging to user with admin rights.

INPUT::

    id : <id_for_response>

    api_key : "<api_key>"

    method :  "create_user"

    args :    {

                "username" :  "<username>",

                "email" :     "<useremail>",

                "firstname" : "<firstname> = Optional(None)",

                "lastname" :  "<lastname> = Optional(None)",

                "active" :    "<bool> = Optional(True)",

                "admin" :     "<bool> = Optional(False)",

                "ldap_dn" :   "<ldap_dn> = Optional(None)"

              }

OUTPUT::

    id : <id_given_in_input>

    result: {

              "msg" : "created new user `<username>`",

              "user": {

                "user_id" :  "<user_id>",

                "username" : "<username>",

                "firstname": "<firstname>",

                "lastname" : "<lastname>",

                "email" :    "<email>",

                "emails":    "<list_of_all_additional_emails>",

                "active" :   "<bool>",

                "admin" :    "<bool>",

                "ldap_dn" :  "<ldap_dn>",

                "last_login": "<last_login>",

              },

            }

    error:  null

update_user

-----------

updates given user if such user exists. This command can

be executed only using api_key belonging to user with admin rights.

INPUT::

    id : <id_for_response>

    api_key : "<api_key>"

    method :  "update_user"

    args :    {

                "userid" : "<user_id or username>",

                "username" :  "<username> = Optional(None)",

                "email" :     "<useremail> = Optional(None)",

                "password" :  "<password> = Optional(None)",

                "firstname" : "<firstname> = Optional(None)",

                "lastname" :  "<lastname> = Optional(None)",

                "active" :    "<bool> = Optional(None)",

                "admin" :     "<bool> = Optional(None)",

                "ldap_dn" :   "<ldap_dn> = Optional(None)"

              }

OUTPUT::

    id : <id_given_in_input>

    result: {

              "msg" : "updated user ID:<userid> <username>",

              "user": {

                "user_id" :  "<user_id>",

                "username" : "<username>",

                "firstname": "<firstname>",

                "lastname" : "<lastname>",

                "email" :    "<email>",

                "emails":    "<list_of_all_additional_emails>",

                "active" :   "<bool>",

                "admin" :    "<bool>",

                "ldap_dn" :  "<ldap_dn>",

                "last_login": "<last_login>",

              },

            }

    error:  null

delete_user

-----------

deletes givenuser if such user exists. This command can

be executed only using api_key belonging to user with admin rights.

INPUT::

    id : <id_for_response>

    api_key : "<api_key>"

    method :  "delete_user"

    args :    {

                "userid" : "<user_id or username>",

              }

OUTPUT::

    id : <id_given_in_input>

    result: {

              "msg" : "deleted user ID:<userid> <username>",

              "user": null

                )

    def get_locks(self, apiuser, userid=Optional(OAttr('apiuser'))):

        """

        Get all locks for given userid, if

        this command is runned by non-admin account userid is set to user

        who is calling this method, thus returning locks for himself

        :param apiuser:

        :param userid:

        """

        if HasPermissionAnyApi('hg.admin')(user=apiuser):

            pass

        else:

            #make sure normal user does not pass someone else userid,

            #he is not allowed to do that

            if not isinstance(userid, Optional) and userid != apiuser.user_id:

                raise JSONRPCError(

                    'userid is not the same as your user'

                )

        ret = []

        if isinstance(userid, Optional):

            user = None

        else:

            user = get_user_or_error(userid)

        #show all locks

        for r in Repository.getAll():

            userid, time_ = r.locked

            if time_:

                _api_data = r.get_api_data()

                # if we use userfilter just show the locks for this user

                if user:

                    if safe_int(userid) == user.user_id:

                        ret.append(_api_data)

                else:

                    ret.append(_api_data)

        return ret

    @HasPermissionAllDecorator('hg.admin')

    def show_ip(self, apiuser, userid):

        """

        Shows IP address as seen from RhodeCode server, together with all

        defined IP addresses for given user

        :param apiuser:

        :param userid:

        """

        user = get_user_or_error(userid)

        ips = UserIpMap.query().filter(UserIpMap.user == user).all()

        return dict(

            ip_addr_server=self.ip_addr,

            user_ips=ips

        )

    def get_user(self, apiuser, userid=Optional(OAttr('apiuser'))):

        """"

        Get a user by username, or userid, if userid is given

        :param apiuser:

        :param userid:

        """

        if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:

            #make sure normal user does not pass someone else userid,

            #he is not allowed to do that

            if not isinstance(userid, Optional) and userid != apiuser.user_id:

                raise JSONRPCError(

                    'userid is not the same as your user'

                )

        if isinstance(userid, Optional):

            userid = apiuser.user_id

        user = get_user_or_error(userid)

        data = user.get_api_data()

        data['permissions'] = AuthUser(user_id=user.user_id).permissions

        return data

    @HasPermissionAllDecorator('hg.admin')

    def get_users(self, apiuser):

        """"

        Get all users

        :param apiuser:

        """

        result = []

        users_list = User.query().order_by(User.username)\

                        .filter(User.username != User.DEFAULT_USER)\

                        .all()

        for user in users_list:

            result.append(user.get_api_data())

        return result

    @HasPermissionAllDecorator('hg.admin')

                    firstname=Optional(None), lastname=Optional(None),

                    active=Optional(True), admin=Optional(False),

                    ldap_dn=Optional(None)):

        """

        Create new user

        :param apiuser:

        :param username:

        :param email:

        :param password:

        :param firstname:

        :param lastname:

        :param active:

        :param admin:

        :param ldap_dn:

        """

        if UserModel().get_by_username(username):

            raise JSONRPCError("user `%s` already exist" % username)

        if UserModel().get_by_email(email, case_insensitive=True):

            raise JSONRPCError("email `%s` already exist" % email)

        if Optional.extract(ldap_dn):

            # generate temporary password if ldap_dn

            password = PasswordGenerator().gen_password(length=8)

        try:

            user = UserModel().create_or_update(

                username=Optional.extract(username),

                password=Optional.extract(password),

                email=Optional.extract(email),

                firstname=Optional.extract(firstname),

                lastname=Optional.extract(lastname),

                active=Optional.extract(active),

                admin=Optional.extract(admin),

                ldap_dn=Optional.extract(ldap_dn)

            )

            Session().commit()

            return dict(

                msg='created new user `%s`' % username,

                user=user.get_api_data()

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError('failed to create user `%s`' % username)

    @HasPermissionAllDecorator('hg.admin')

    def update_user(self, apiuser, userid, username=Optional(None),

                    email=Optional(None), firstname=Optional(None),

                    lastname=Optional(None), active=Optional(None),

                    admin=Optional(None), ldap_dn=Optional(None),

                    password=Optional(None)):

        """

        Updates given user

        :param apiuser:

        :param userid:

        :param username:

        :param email:

        :param firstname:

        :param lastname:

        :param active:

        :param admin:

        :param ldap_dn:

        :param password:

        """

        user = get_user_or_error(userid)

        # call function and store only updated arguments

        updates = {}

        def store_update(attr, name):

            if not isinstance(attr, Optional):

                updates[name] = attr

        try:

            store_update(username, 'username')

            store_update(password, 'password')

            store_update(email, 'email')

            store_update(firstname, 'name')

            store_update(lastname, 'lastname')

            store_update(active, 'active')

            store_update(admin, 'admin')

            store_update(ldap_dn, 'ldap_dn')

            user = UserModel().update_user(user, **updates)

            Session().commit()

            return dict(

                msg='updated user ID:%s %s' % (user.user_id, user.username),

                user=user.get_api_data()

            )

        except DefaultUserException:

            log.error(traceback.format_exc())

    UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \

    Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \

    UserEmailMap, UserIpMap, UserGroupUserGroupToPerm, UserGroup

from rhodecode.lib.exceptions import DefaultUserException, \

    UserOwnsReposException

from rhodecode.model.meta import Session

log = logging.getLogger(__name__)

PERM_WEIGHTS = Permission.PERM_WEIGHTS

class UserModel(BaseModel):

    cls = User

    def get(self, user_id, cache=False):

        user = self.sa.query(User)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % user_id))

        return user.get(user_id)

    def get_user(self, user):

        return self._get_user(user)

    def get_by_username(self, username, cache=False, case_insensitive=False):

        if case_insensitive:

            user = self.sa.query(User).filter(User.username.ilike(username))

        else:

            user = self.sa.query(User)\

                .filter(User.username == username)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % username))

        return user.scalar()

    def get_by_email(self, email, cache=False, case_insensitive=False):

        return User.get_by_email(email, case_insensitive, cache)

    def get_by_api_key(self, api_key, cache=False):

        return User.get_by_api_key(api_key, cache)

    def create(self, form_data):

        from rhodecode.lib.auth import get_crypt_password

        try:

            new_user = User()

            for k, v in form_data.items():

                if k == 'password':

                    v = get_crypt_password(v)

                if k == 'firstname':

                    k = 'name'

                setattr(new_user, k, v)

            new_user.api_key = generate_api_key(form_data['username'])

            self.sa.add(new_user)

            return new_user

        except Exception:

            log.error(traceback.format_exc())

            raise

    def create_or_update(self, username, password, email, firstname='',

                         lastname='', active=True, admin=False, ldap_dn=None):

        """

        Creates a new instance if not found, or updates current one

        :param username:

        :param password:

        :param email:

        :param active:

        :param firstname:

        :param lastname:

        :param active:

        :param admin:

        :param ldap_dn:

        """

        from rhodecode.lib.auth import get_crypt_password

        log.debug('Checking for %s account in RhodeCode database' % username)

        user = User.get_by_username(username, case_insensitive=True)

        if user is None:

            log.debug('creating new user %s' % username)

            new_user = User()

            edit = False

        else:

            log.debug('updating user %s' % username)

            new_user = user

            edit = True

        try:

            new_user.username = username

            new_user.admin = admin

            # set password only if creating an user or password is changed

            if not edit or user.password != password:

                new_user.api_key = generate_api_key(username)

            new_user.email = email

            new_user.active = active

            new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None

            new_user.name = firstname

            new_user.lastname = lastname

            self.sa.add(new_user)

            return new_user

        except (DatabaseError,):

            log.error(traceback.format_exc())

            raise

    def create_for_container_auth(self, username, attrs):

        """

        Creates the given user if it's not already in the database

        :param username:

        :param attrs:

        """

        if self.get_by_username(username, case_insensitive=True) is None:

            # autogenerate email for container account without one

            generate_email = lambda usr: '%s@container_auth.account' % usr

            try:

                new_user = User()

                new_user.username = username

                new_user.password = None

                new_user.api_key = generate_api_key(username)

                new_user.email = attrs['email']

                new_user.active = attrs.get('active', True)

                new_user.name = attrs['name'] or generate_email(username)

                new_user.lastname = attrs['lastname']

                self.sa.add(new_user)

                return new_user

            except (DatabaseError,):

                log.error(traceback.format_exc())

                self.sa.rollback()

                raise

        log.debug('User %s already exists. Skipping creation of account'

                  ' for container auth.', username)

        return None

    def create_ldap(self, username, password, user_dn, attrs):

        """

        Checks if user is in database, if not creates this user marked

        as ldap user

        :param username:

        :param password:

        :param user_dn:

        :param attrs:

        """

        from rhodecode.lib.auth import get_crypt_password

        log.debug('Checking for such ldap account in RhodeCode database')

        if self.get_by_username(username, case_insensitive=True) is None:

            # autogenerate email for ldap account without one

            generate_email = lambda usr: '%s@ldap.account' % usr

            try:

                new_user = User()

                username = username.lower()

                # add ldap account always lowercase

                new_user.username = username

                new_user.password = get_crypt_password(password)

                new_user.api_key = generate_api_key(username)

                new_user.email = attrs['email'] or generate_email(username)

                new_user.active = attrs.get('active', True)

                new_user.ldap_dn = safe_unicode(user_dn)

                new_user.name = attrs['name']

                new_user.lastname = attrs['lastname']

                self.sa.add(new_user)

                return new_user

            except (DatabaseError,):

                log.error(traceback.format_exc())

                self.sa.rollback()

                raise

        log.debug('this %s user exists skipping creation of ldap account',

                  username)

        return None

    def create_registration(self, form_data):

        from rhodecode.model.notification import NotificationModel

        try:

            form_data['admin'] = False

            new_user = self.create(form_data)

            self.sa.add(new_user)

            self.sa.flush()

            # notification to admins

            subject = _('New user registration')

        id_, params = _build_data(self.apikey, 'lock',

                                  repoid=self.REPO)

        response = api_call(self, params)

        time_ = json.loads(response.body)['result']['locked_since']

        expected = {

            'repo': self.REPO,

            'locked': True,

            'locked_since': None,

            'locked_by': TEST_USER_ADMIN_LOGIN,

            'msg': ('Repo `%s` locked by `%s`. '

                            % (self.REPO,

                               json.dumps(time_to_datetime(time_))))

        }

        expected['locked_since'] = time_

        self._compare_ok(id_, expected, given=response.body)

    @mock.patch.object(Repository, 'lock', crash)

    def test_api_lock_error(self):

        id_, params = _build_data(self.apikey, 'lock',

                                  userid=TEST_USER_ADMIN_LOGIN,

                                  repoid=self.REPO,

                                  locked=True)

        response = api_call(self, params)

        expected = 'Error occurred locking repository `%s`' % self.REPO

        self._compare_error(id_, expected, given=response.body)

    def test_api_get_locks_regular_user(self):

        id_, params = _build_data(self.apikey_regular, 'get_locks')

        response = api_call(self, params)

        expected = []

        self._compare_ok(id_, expected, given=response.body)

    def test_api_get_locks_with_userid_regular_user(self):

        id_, params = _build_data(self.apikey_regular, 'get_locks',

                                  userid=TEST_USER_ADMIN_LOGIN)

        response = api_call(self, params)

        expected = 'userid is not the same as your user'

        self._compare_error(id_, expected, given=response.body)

    def test_api_get_locks(self):

        id_, params = _build_data(self.apikey, 'get_locks')

        response = api_call(self, params)

        expected = []

        self._compare_ok(id_, expected, given=response.body)

    def test_api_get_locks_with_userid(self):

        id_, params = _build_data(self.apikey, 'get_locks',

                                  userid=TEST_USER_REGULAR_LOGIN)

        response = api_call(self, params)

        expected = []

        self._compare_ok(id_, expected, given=response.body)

    def test_api_create_existing_user(self):

        id_, params = _build_data(self.apikey, 'create_user',

                                  username=TEST_USER_ADMIN_LOGIN,

                                  email='test@foo.com',

                                  password='trololo')

        response = api_call(self, params)

        expected = "user `%s` already exist" % TEST_USER_ADMIN_LOGIN

        self._compare_error(id_, expected, given=response.body)

    def test_api_create_user_with_existing_email(self):

        id_, params = _build_data(self.apikey, 'create_user',

                                  username=TEST_USER_ADMIN_LOGIN + 'new',

                                  email=TEST_USER_REGULAR_EMAIL,

                                  password='trololo')

        response = api_call(self, params)

        expected = "email `%s` already exist" % TEST_USER_REGULAR_EMAIL

        self._compare_error(id_, expected, given=response.body)

    def test_api_create_user(self):

        username = 'test_new_api_user'

        email = username + "@foo.com"

        id_, params = _build_data(self.apikey, 'create_user',

                                  username=username,

                                  email=email,

                                  password='trololo')

        response = api_call(self, params)

        usr = UserModel().get_by_username(username)

        ret = dict(

            msg='created new user `%s`' % username,

            user=jsonify(usr.get_api_data())

        )

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        UserModel().delete(usr.user_id)

        Session().commit()

    @mock.patch.object(UserModel, 'create_or_update', crash)

    def test_api_create_user_when_exception_happened(self):

        username = 'test_new_api_user'

        email = username + "@foo.com"

        id_, params = _build_data(self.apikey, 'create_user',

                                  username=username,

                                  email=email,

                                  password='trololo')

        response = api_call(self, params)

        expected = 'failed to create user `%s`' % username

        self._compare_error(id_, expected, given=response.body)

    def test_api_delete_user(self):

        usr = UserModel().create_or_update(username=u'test_user',

                                           password=u'qweqwe',

                                           email=u'u232@rhodecode.org',

                                           firstname=u'u1', lastname=u'u1')

        Session().commit()

        username = usr.username

        email = usr.email

        usr_id = usr.user_id

        ## DELETE THIS USER NOW

        id_, params = _build_data(self.apikey, 'delete_user',

                                  userid=username,)

        response = api_call(self, params)

        ret = {'msg': 'deleted user ID:%s %s' % (usr_id, username),

               'user': None}

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    @mock.patch.object(UserModel, 'delete', crash)

    def test_api_delete_user_when_exception_happened(self):

        usr = UserModel().create_or_update(username=u'test_user',

                                           password=u'qweqwe',

                                           email=u'u232@rhodecode.org',

                                           firstname=u'u1', lastname=u'u1')

        Session().commit()

        username = usr.username

        id_, params = _build_data(self.apikey, 'delete_user',

                                  userid=username,)

        response = api_call(self, params)

        ret = 'failed to delete ID:%s %s' % (usr.user_id,

                                             usr.username)

        expected = ret

        self._compare_error(id_, expected, given=response.body)

    @parameterized.expand([('firstname', 'new_username'),

                           ('lastname', 'new_username'),

                           ('email', 'new_username'),

                           ('admin', True),

                           ('admin', False),

                           ('ldap_dn', 'test'),

                           ('ldap_dn', None),

                           ('active', False),

                           ('active', True),

                           ('password', 'newpass')

                           ])

    def test_api_update_user(self, name, expected):

        usr = UserModel().get_by_username(self.TEST_USER_LOGIN)

        kw = {name: expected,

              'userid': usr.user_id}

        id_, params = _build_data(self.apikey, 'update_user', **kw)

        response = api_call(self, params)

        ret = {

        'msg': 'updated user ID:%s %s' % (usr.user_id, self.TEST_USER_LOGIN),

        'user': jsonify(UserModel()\

                            .get_by_username(self.TEST_USER_LOGIN)\

                            .get_api_data())

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    def test_api_update_user_no_changed_params(self):

        usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)

        ret = jsonify(usr.get_api_data())

        id_, params = _build_data(self.apikey, 'update_user',

                                  userid=TEST_USER_ADMIN_LOGIN)

        response = api_call(self, params)

        ret = {

        'msg': 'updated user ID:%s %s' % (usr.user_id, TEST_USER_ADMIN_LOGIN),

        'user': ret

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    def test_api_update_user_by_user_id(self):

        usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)

        ret = jsonify(usr.get_api_data())