2017-12-13 01:45:57 +01:00
|
|
|
import logging
|
2019-01-11 11:25:36 +01:00
|
|
|
from argparse import ArgumentParser
|
2022-06-23 20:07:19 +02:00
|
|
|
from typing import Any, Collection
|
2019-01-11 11:25:36 +01:00
|
|
|
|
2017-11-16 00:43:27 +01:00
|
|
|
from django.conf import settings
|
2022-04-14 21:16:29 +02:00
|
|
|
from django.core.management.base import CommandError
|
2020-01-14 21:59:46 +01:00
|
|
|
from django.db import transaction
|
2023-10-12 19:43:45 +02:00
|
|
|
from typing_extensions import override
|
2013-11-25 22:22:17 +01:00
|
|
|
|
2017-12-13 01:45:57 +01:00
|
|
|
from zerver.lib.logging_util import log_to_file
|
2019-01-11 11:25:36 +01:00
|
|
|
from zerver.lib.management import ZulipBaseCommand
|
2017-11-16 00:43:27 +01:00
|
|
|
from zerver.models import UserProfile
|
2022-11-17 09:30:48 +01:00
|
|
|
from zproject.backends import ZulipLDAPError, sync_user_from_ldap
|
2013-11-25 22:22:17 +01:00
|
|
|
|
|
|
|
## Setup ##
|
2021-02-12 08:20:45 +01:00
|
|
|
logger = logging.getLogger("zulip.sync_ldap_user_data")
|
2017-12-13 01:45:57 +01:00
|
|
|
log_to_file(logger, settings.LDAP_SYNC_LOG_PATH)
|
2013-11-25 22:22:17 +01:00
|
|
|
|
2023-02-02 04:35:24 +01:00
|
|
|
|
2022-02-08 00:13:33 +01:00
|
|
|
# Run this on a cron job to pick up on name changes.
|
2021-08-24 01:39:49 +02:00
|
|
|
@transaction.atomic
|
2021-02-12 08:19:30 +01:00
|
|
|
def sync_ldap_user_data(
|
2022-06-23 20:07:19 +02:00
|
|
|
user_profiles: Collection[UserProfile], deactivation_protection: bool = True
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> None:
|
2013-11-25 22:22:17 +01:00
|
|
|
logger.info("Starting update.")
|
2021-08-24 01:39:49 +02:00
|
|
|
try:
|
2020-04-09 21:51:58 +02:00
|
|
|
realms = {u.realm.string_id for u in user_profiles}
|
2020-01-03 05:45:05 +01:00
|
|
|
|
|
|
|
for u in user_profiles:
|
|
|
|
# This will save the user if relevant, and will do nothing if the user
|
|
|
|
# does not exist.
|
|
|
|
try:
|
|
|
|
sync_user_from_ldap(u, logger)
|
2022-11-17 09:30:48 +01:00
|
|
|
except ZulipLDAPError as e:
|
2020-05-02 08:44:14 +02:00
|
|
|
logger.error("Error attempting to update user %s:", u.delivery_email)
|
2020-06-12 01:35:37 +02:00
|
|
|
logger.error(e.args[0])
|
2020-01-03 05:45:05 +01:00
|
|
|
|
|
|
|
if deactivation_protection:
|
|
|
|
if not UserProfile.objects.filter(is_bot=False, is_active=True).exists():
|
2021-08-24 01:39:49 +02:00
|
|
|
raise Exception(
|
|
|
|
"LDAP sync would have deactivated all users. This is most likely due "
|
|
|
|
"to a misconfiguration of LDAP settings. Rolling back...\n"
|
|
|
|
"Use the --force option if the mass deactivation is intended."
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2020-01-03 05:45:05 +01:00
|
|
|
for string_id in realms:
|
2021-02-12 08:19:30 +01:00
|
|
|
if not UserProfile.objects.filter(
|
|
|
|
is_bot=False,
|
|
|
|
is_active=True,
|
|
|
|
realm__string_id=string_id,
|
2021-05-06 19:10:30 +02:00
|
|
|
role=UserProfile.ROLE_REALM_OWNER,
|
2021-02-12 08:19:30 +01:00
|
|
|
).exists():
|
2021-08-24 01:39:49 +02:00
|
|
|
raise Exception(
|
|
|
|
f"LDAP sync would have deactivated all owners of realm {string_id}. "
|
|
|
|
"This is most likely due "
|
|
|
|
"to a misconfiguration of LDAP settings. Rolling back...\n"
|
|
|
|
"Use the --force option if the mass deactivation is intended."
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2021-08-24 01:39:49 +02:00
|
|
|
except Exception:
|
2023-02-04 01:43:46 +01:00
|
|
|
logger.exception("LDAP sync failed")
|
2021-08-24 01:39:49 +02:00
|
|
|
raise
|
2020-01-03 05:45:05 +01:00
|
|
|
|
2013-11-25 22:22:17 +01:00
|
|
|
logger.info("Finished update.")
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2019-01-11 11:25:36 +01:00
|
|
|
class Command(ZulipBaseCommand):
|
2023-10-12 19:43:45 +02:00
|
|
|
@override
|
2019-01-11 11:25:36 +01:00
|
|
|
def add_arguments(self, parser: ArgumentParser) -> None:
|
2021-02-12 08:19:30 +01:00
|
|
|
parser.add_argument(
|
2021-02-12 08:20:45 +01:00
|
|
|
"-f",
|
|
|
|
"--force",
|
2021-02-12 08:19:30 +01:00
|
|
|
action="store_true",
|
2021-02-12 08:20:45 +01:00
|
|
|
help="Disable the protection against deactivating all users.",
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2020-01-03 05:45:05 +01:00
|
|
|
|
2019-01-11 11:25:36 +01:00
|
|
|
self.add_realm_args(parser)
|
|
|
|
self.add_user_list_args(parser)
|
|
|
|
|
2023-10-12 19:43:45 +02:00
|
|
|
@override
|
2017-10-26 11:35:57 +02:00
|
|
|
def handle(self, *args: Any, **options: Any) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
if options.get("realm_id") is not None:
|
2019-01-11 11:25:36 +01:00
|
|
|
realm = self.get_realm(options)
|
2021-02-12 08:19:30 +01:00
|
|
|
user_profiles = self.get_users(options, realm, is_bot=False, include_deactivated=True)
|
2019-01-11 11:25:36 +01:00
|
|
|
else:
|
2023-08-03 22:20:37 +02:00
|
|
|
user_profiles = UserProfile.objects.select_related("realm").filter(is_bot=False)
|
2022-04-14 21:16:29 +02:00
|
|
|
|
2023-08-03 22:20:37 +02:00
|
|
|
if not user_profiles.exists():
|
2022-04-14 21:16:29 +02:00
|
|
|
# This case provides a special error message if one
|
|
|
|
# tries setting up LDAP sync before creating a realm.
|
|
|
|
raise CommandError("Zulip server contains no users. Have you created a realm?")
|
|
|
|
|
|
|
|
if len(user_profiles) == 0:
|
|
|
|
# We emphasize that this error is purely about the
|
|
|
|
# command-line parameters, since this has nothing to do
|
|
|
|
# with your LDAP configuration.
|
|
|
|
raise CommandError("Zulip server contains no users matching command-line parameters.")
|
|
|
|
|
2021-02-12 08:20:45 +01:00
|
|
|
sync_ldap_user_data(user_profiles, not options["force"])
|