From 259655b6bd6c140a9cbfcdce4016d92a92883c2f Mon Sep 17 00:00:00 2001 From: lian Date: Fri, 28 Jul 2017 16:25:56 +0800 Subject: [PATCH] update clear token clear token when inactive user, delete user, change user password --- seahub/api2/endpoints/admin/org_users.py | 9 +------- seahub/auth/forms.py | 3 +-- seahub/base/accounts.py | 26 ++++++++++++++++++++- seahub/institutions/views.py | 5 ++-- seahub/views/sysadmin.py | 7 +++--- tests/api/endpoints/test_account.py | 29 ++++++++++++++++++++++-- 6 files changed, 59 insertions(+), 20 deletions(-) diff --git a/seahub/api2/endpoints/admin/org_users.py b/seahub/api2/endpoints/admin/org_users.py index 80a6c87a65..e40c609b2a 100644 --- a/seahub/api2/endpoints/admin/org_users.py +++ b/seahub/api2/endpoints/admin/org_users.py @@ -10,7 +10,7 @@ from rest_framework import status from constance import config from seaserv import ccnet_api, seafile_api -from seahub.utils import clear_token, is_valid_email +from seahub.utils import is_valid_email from seahub.utils.licenseparse import user_number_over_limit from seahub.utils.file_size import get_file_size_unit from seahub.base.accounts import User @@ -213,13 +213,6 @@ class AdminOrgUser(APIView): else: user.is_active = False - # clear web api and repo sync token - # when inactive an user - try: - clear_token(email) - except Exception as e: - logger.error(e) - try: # update user status result_code = user.save() diff --git a/seahub/auth/forms.py b/seahub/auth/forms.py index 8680b3b7b7..15b3446c42 100644 --- a/seahub/auth/forms.py +++ b/seahub/auth/forms.py @@ -9,7 +9,7 @@ from seahub.auth import authenticate from seahub.auth.tokens import default_token_generator from seahub.profile.models import Profile from seahub.utils import IS_EMAIL_CONFIGURED, send_html_email, \ - is_valid_username, is_ldap_user, is_user_password_strong, clear_token + is_ldap_user, is_user_password_strong from captcha.fields import CaptchaField @@ -170,7 +170,6 @@ class SetPasswordForm(forms.Form): self.user.set_password(self.cleaned_data['new_password1']) if commit: self.user.save() - clear_token(self.user.username) return self.user class PasswordChangeForm(SetPasswordForm): diff --git a/seahub/base/accounts.py b/seahub/base/accounts.py index a1b6998522..ff5044641f 100644 --- a/seahub/base/accounts.py +++ b/seahub/base/accounts.py @@ -1,6 +1,7 @@ # Copyright (c) 2012-2016 Seafile Ltd. # encoding: utf-8 import re +import logging from django import forms from django.core.mail import send_mail @@ -32,6 +33,8 @@ try: except ImportError: MULTI_TENANCY = False +logger = logging.getLogger(__name__) + UNUSABLE_PASSWORD = '!' # This will never be a valid hash class UserManager(object): @@ -197,6 +200,14 @@ class User(object): else: source = "LDAP" + if not self.is_active: + # clear web api and repo sync token + # when inactive an user + try: + clear_token(self.username) + except Exception as e: + logger.error(e) + result_code = ccnet_threaded_rpc.update_emailuser(source, emailuser.id, self.password, @@ -253,7 +264,13 @@ class User(object): for r in shared_in_repos: seafile_api.remove_share(r.repo_id, r.user, username) - clear_token(username) + # clear web api and repo sync token + # when delete user + try: + clear_token(self.username) + except Exception as e: + logger.error(e) + # remove current user from joined groups ccnet_api.remove_group_user(username) ccnet_api.remove_emailuser(source, username) @@ -273,6 +290,13 @@ class User(object): else: self.password = '%s' % raw_password + # clear web api and repo sync token + # when user password change + try: + clear_token(self.username) + except Exception as e: + logger.error(e) + def check_password(self, raw_password): """ Returns a boolean of whether the raw_password was correct. Handles diff --git a/seahub/institutions/views.py b/seahub/institutions/views.py index d02f13f7e2..04c8b48bdd 100644 --- a/seahub/institutions/views.py +++ b/seahub/institutions/views.py @@ -20,7 +20,7 @@ from seahub.institutions.decorators import (inst_admin_required, inst_admin_can_manage_user) from seahub.institutions.utils import get_institution_available_quota from seahub.profile.models import Profile, DetailedProfile -from seahub.utils import is_valid_username, clear_token +from seahub.utils import is_valid_username from seahub.utils.rpc import mute_seafile_api from seahub.utils.file_size import get_file_size_unit from seahub.views.sysadmin import email_user_on_activation, populate_user_info @@ -253,8 +253,7 @@ def user_toggle_status(request, email): return HttpResponse(json.dumps({'success': True, 'email_sent': email_sent, }), content_type=content_type) - else: - clear_token(user.email) + return HttpResponse(json.dumps({'success': True}), content_type=content_type) except User.DoesNotExist: diff --git a/seahub/views/sysadmin.py b/seahub/views/sysadmin.py index c07bda442a..93d6a577a3 100644 --- a/seahub/views/sysadmin.py +++ b/seahub/views/sysadmin.py @@ -42,7 +42,7 @@ from seahub.invitations.models import Invitation from seahub.role_permissions.utils import get_available_roles from seahub.utils import IS_EMAIL_CONFIGURED, string2list, is_valid_username, \ is_pro_version, send_html_email, get_user_traffic_list, get_server_id, \ - clear_token, handle_virus_record, get_virus_record_by_id, \ + handle_virus_record, get_virus_record_by_id, \ get_virus_record, FILE_AUDIT_ENABLED, get_max_upload_file_size from seahub.utils.file_size import get_file_size_unit from seahub.utils.ldap import get_ldap_info @@ -880,10 +880,10 @@ def user_toggle_status(request, email): return HttpResponse(json.dumps({'success': True, 'email_sent': email_sent, }), content_type=content_type) - else: - clear_token(user.email) + return HttpResponse(json.dumps({'success': True}), content_type=content_type) + except User.DoesNotExist: return HttpResponse(json.dumps({'success': False}), status=500, content_type=content_type) @@ -943,7 +943,6 @@ def user_reset(request, email): user.set_password(new_password) user.save() - clear_token(user.username) if config.FORCE_PASSWORD_CHANGE: UserOptions.objects.set_force_passwd_change(user.username) diff --git a/tests/api/endpoints/test_account.py b/tests/api/endpoints/test_account.py index 7365ffd216..03c1148c06 100644 --- a/tests/api/endpoints/test_account.py +++ b/tests/api/endpoints/test_account.py @@ -9,6 +9,8 @@ from seahub.base.templatetags.seahub_tags import email2nickname from seahub.profile.models import Profile from seahub.test_utils import BaseTestCase from tests.common.utils import randstring +from tests.api.urls import TOKEN_URL +from seahub.api2.models import TokenV2 class AccountTest(BaseTestCase): def setUp(self): @@ -142,14 +144,14 @@ class AccountTest(BaseTestCase): def test_update_name(self): """only test name""" self.login_as(self.admin) - resp = self._do_update_name() + self._do_update_name() self.assertEqual(Profile.objects.get_profile_by_user( self.user1.username).nickname, 'user1') def test_update_loginid(self): """only test loginid""" self.login_as(self.admin) - resp = self._do_update_loginid() + self._do_update_loginid() self.assertEqual(Profile.objects.get_profile_by_user( self.user1.username).login_id, 'hello') @@ -239,6 +241,29 @@ class AccountTest(BaseTestCase): self.assertEqual(user2_groups[1].id, other_group.id) self.assertEqual(user2_groups[1].creator_name, self.user.username) + def test_inactive_user(self): + self.login_as(self.admin) + + username = self.user1.username + data = { + 'username': username, + 'password': 'secret', + 'platform': 'windows', + 'device_id': randstring(length=40), + 'device_name': 'fake-device-name', + 'client_version': '4.1.0', + 'platform_version': '', + } + self.client.post(TOKEN_URL, data=data) + assert len(TokenV2.objects.filter(user=username)) == 1 + + url = reverse('api2-account', args=[self.user1.username]) + data = 'is_active=0' + resp = self.client.put(url, data, 'application/x-www-form-urlencoded') + self.assertEqual(200, resp.status_code) + + assert len(TokenV2.objects.filter(user=username)) == 0 + def test_delete(self): self.login_as(self.admin)