2017-05-10 23:37:20 +02:00
|
|
|
from typing import Callable, Text, Union, Optional, Dict, Any, List, Tuple
|
2017-01-06 18:56:36 +01:00
|
|
|
|
|
|
|
import os
|
2017-10-12 07:54:25 +02:00
|
|
|
import ujson
|
2015-11-24 05:26:33 +01:00
|
|
|
|
2016-06-05 00:47:14 +02:00
|
|
|
from django.http import HttpRequest, HttpResponse
|
|
|
|
|
2016-05-25 15:02:02 +02:00
|
|
|
from django.utils.translation import ugettext as _
|
2017-03-17 06:32:36 +01:00
|
|
|
from django.shortcuts import redirect, render
|
2017-01-06 18:56:36 +01:00
|
|
|
from django.conf import settings
|
2015-11-24 05:26:33 +01:00
|
|
|
from six.moves import map
|
|
|
|
|
2017-10-28 00:07:31 +02:00
|
|
|
from zerver.decorator import require_realm_admin, zulip_login_required
|
2015-11-24 05:26:33 +01:00
|
|
|
from zerver.forms import CreateUserForm
|
2017-02-24 06:36:54 +01:00
|
|
|
from zerver.lib.actions import do_change_avatar_fields, do_change_bot_owner, \
|
|
|
|
do_change_is_admin, do_change_default_all_public_streams, \
|
2015-11-24 05:26:33 +01:00
|
|
|
do_change_default_events_register_stream, do_change_default_sending_stream, \
|
2017-02-24 06:36:54 +01:00
|
|
|
do_create_user, do_deactivate_user, do_reactivate_user, do_regenerate_api_key
|
2017-10-10 04:51:04 +02:00
|
|
|
from zerver.lib.avatar import avatar_url, get_gravatar_url, get_avatar_field
|
2017-10-28 00:07:31 +02:00
|
|
|
from zerver.lib.exceptions import JsonableError
|
2017-07-14 16:44:07 +02:00
|
|
|
from zerver.lib.integrations import EMBEDDED_BOTS
|
2017-10-28 00:07:31 +02:00
|
|
|
from zerver.lib.request import has_request_variables, REQ
|
2015-11-24 05:26:33 +01:00
|
|
|
from zerver.lib.response import json_error, json_success
|
2017-01-30 03:17:42 +01:00
|
|
|
from zerver.lib.streams import access_stream_by_name
|
2015-11-24 05:26:33 +01:00
|
|
|
from zerver.lib.upload import upload_avatar_image
|
2017-06-10 18:43:31 +02:00
|
|
|
from zerver.lib.validator import check_bool, check_string, check_int, check_url
|
2017-06-21 13:46:58 +02:00
|
|
|
from zerver.lib.users import check_valid_bot_type, check_change_full_name, \
|
2017-07-03 18:35:12 +02:00
|
|
|
check_full_name, check_short_name, check_valid_interface_type
|
2016-12-15 12:22:24 +01:00
|
|
|
from zerver.lib.utils import generate_random_token
|
2017-07-17 21:02:09 +02:00
|
|
|
from zerver.models import UserProfile, Stream, Message, email_allowed_for_realm, \
|
2017-07-20 21:21:26 +02:00
|
|
|
get_user_profile_by_id, get_user, Service, get_user_including_cross_realm
|
2017-06-10 18:43:31 +02:00
|
|
|
from zerver.lib.create_user import random_api_key
|
2015-11-24 05:26:33 +01:00
|
|
|
|
2016-06-05 00:47:14 +02:00
|
|
|
|
2015-11-24 05:26:33 +01:00
|
|
|
def deactivate_user_backend(request, user_profile, email):
|
2016-12-25 00:44:26 +01:00
|
|
|
# type: (HttpRequest, UserProfile, Text) -> HttpResponse
|
2015-11-24 05:26:33 +01:00
|
|
|
try:
|
2017-05-23 01:33:15 +02:00
|
|
|
target = get_user(email, user_profile.realm)
|
2015-11-24 05:26:33 +01:00
|
|
|
except UserProfile.DoesNotExist:
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('No such user'))
|
2015-11-24 05:26:33 +01:00
|
|
|
if target.is_bot:
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('No such user'))
|
2016-12-05 06:40:00 +01:00
|
|
|
if check_last_admin(target):
|
|
|
|
return json_error(_('Cannot deactivate the only organization administrator'))
|
2015-11-24 05:26:33 +01:00
|
|
|
return _deactivate_user_profile_backend(request, user_profile, target)
|
|
|
|
|
2016-10-13 20:09:32 +02:00
|
|
|
def deactivate_user_own_backend(request, user_profile):
|
|
|
|
# type: (HttpRequest, UserProfile) -> HttpResponse
|
|
|
|
|
2016-12-05 06:40:00 +01:00
|
|
|
if user_profile.is_realm_admin and check_last_admin(user_profile):
|
|
|
|
return json_error(_('Cannot deactivate the only organization administrator'))
|
2017-08-17 01:20:23 +02:00
|
|
|
do_deactivate_user(user_profile, acting_user=user_profile)
|
2016-10-21 07:34:04 +02:00
|
|
|
return json_success()
|
2016-10-13 20:09:32 +02:00
|
|
|
|
2016-12-05 06:40:00 +01:00
|
|
|
def check_last_admin(user_profile):
|
|
|
|
# type: (UserProfile) -> bool
|
|
|
|
admins = set(user_profile.realm.get_admin_users())
|
|
|
|
return user_profile.is_realm_admin and len(admins) == 1
|
|
|
|
|
2015-11-24 05:26:33 +01:00
|
|
|
def deactivate_bot_backend(request, user_profile, email):
|
2016-12-25 00:44:26 +01:00
|
|
|
# type: (HttpRequest, UserProfile, Text) -> HttpResponse
|
2015-11-24 05:26:33 +01:00
|
|
|
try:
|
2017-05-23 01:33:15 +02:00
|
|
|
target = get_user(email, user_profile.realm)
|
2015-11-24 05:26:33 +01:00
|
|
|
except UserProfile.DoesNotExist:
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('No such bot'))
|
2015-11-24 05:26:33 +01:00
|
|
|
if not target.is_bot:
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('No such bot'))
|
2015-11-24 05:26:33 +01:00
|
|
|
return _deactivate_user_profile_backend(request, user_profile, target)
|
|
|
|
|
|
|
|
def _deactivate_user_profile_backend(request, user_profile, target):
|
2016-06-05 00:47:14 +02:00
|
|
|
# type: (HttpRequest, UserProfile, UserProfile) -> HttpResponse
|
2015-11-24 05:26:33 +01:00
|
|
|
if not user_profile.can_admin_user(target):
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('Insufficient permission'))
|
2015-11-24 05:26:33 +01:00
|
|
|
|
2017-08-17 01:20:23 +02:00
|
|
|
do_deactivate_user(target, acting_user=user_profile)
|
2016-10-21 07:34:04 +02:00
|
|
|
return json_success()
|
2015-11-24 05:26:33 +01:00
|
|
|
|
|
|
|
def reactivate_user_backend(request, user_profile, email):
|
2016-12-25 00:44:26 +01:00
|
|
|
# type: (HttpRequest, UserProfile, Text) -> HttpResponse
|
2015-11-24 05:26:33 +01:00
|
|
|
try:
|
2017-05-23 01:33:15 +02:00
|
|
|
target = get_user(email, user_profile.realm)
|
2015-11-24 05:26:33 +01:00
|
|
|
except UserProfile.DoesNotExist:
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('No such user'))
|
2015-11-24 05:26:33 +01:00
|
|
|
|
|
|
|
if not user_profile.can_admin_user(target):
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('Insufficient permission'))
|
2015-11-24 05:26:33 +01:00
|
|
|
|
2017-09-22 16:18:05 +02:00
|
|
|
do_reactivate_user(target, acting_user=user_profile)
|
2016-10-21 07:34:04 +02:00
|
|
|
return json_success()
|
2015-11-24 05:26:33 +01:00
|
|
|
|
|
|
|
@has_request_variables
|
|
|
|
def update_user_backend(request, user_profile, email,
|
2016-09-27 14:25:52 +02:00
|
|
|
full_name=REQ(default="", validator=check_string),
|
2015-11-24 05:26:33 +01:00
|
|
|
is_admin=REQ(default=None, validator=check_bool)):
|
2016-12-25 00:44:26 +01:00
|
|
|
# type: (HttpRequest, UserProfile, Text, Optional[Text], Optional[bool]) -> HttpResponse
|
2015-11-24 05:26:33 +01:00
|
|
|
try:
|
2017-05-23 01:33:15 +02:00
|
|
|
target = get_user(email, user_profile.realm)
|
2015-11-24 05:26:33 +01:00
|
|
|
except UserProfile.DoesNotExist:
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('No such user'))
|
2015-11-24 05:26:33 +01:00
|
|
|
|
|
|
|
if not user_profile.can_admin_user(target):
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('Insufficient permission'))
|
2015-11-24 05:26:33 +01:00
|
|
|
|
|
|
|
if is_admin is not None:
|
2016-12-05 06:40:00 +01:00
|
|
|
if not is_admin and check_last_admin(user_profile):
|
|
|
|
return json_error(_('Cannot remove the only organization administrator'))
|
2015-11-24 05:26:33 +01:00
|
|
|
do_change_is_admin(target, is_admin)
|
2016-09-27 14:25:52 +02:00
|
|
|
|
|
|
|
if (full_name is not None and target.full_name != full_name and
|
|
|
|
full_name.strip() != ""):
|
|
|
|
# We don't respect `name_changes_disabled` here because the request
|
|
|
|
# is on behalf of the administrator.
|
2017-04-07 07:28:28 +02:00
|
|
|
check_change_full_name(target, full_name, user_profile)
|
2016-09-27 14:25:52 +02:00
|
|
|
|
2016-10-21 07:34:04 +02:00
|
|
|
return json_success()
|
2015-11-24 05:26:33 +01:00
|
|
|
|
2016-10-24 16:42:43 +02:00
|
|
|
# TODO: Since eventually we want to support using the same email with
|
|
|
|
# different organizations, we'll eventually want this to be a
|
|
|
|
# logged-in endpoint so that we can access the realm_id.
|
2017-07-17 18:29:24 +02:00
|
|
|
@zulip_login_required
|
2017-03-19 23:29:29 +01:00
|
|
|
def avatar(request, email_or_id, medium=False):
|
2017-02-23 20:13:56 +01:00
|
|
|
# type: (HttpRequest, str, bool) -> HttpResponse
|
2016-10-24 16:42:43 +02:00
|
|
|
"""Accepts an email address or user ID and returns the avatar"""
|
2017-07-17 21:02:09 +02:00
|
|
|
is_email = False
|
2015-11-24 05:26:33 +01:00
|
|
|
try:
|
2016-10-24 16:42:43 +02:00
|
|
|
int(email_or_id)
|
|
|
|
except ValueError:
|
2017-07-17 21:02:09 +02:00
|
|
|
is_email = True
|
2016-10-24 16:42:43 +02:00
|
|
|
|
|
|
|
try:
|
2017-07-17 21:02:09 +02:00
|
|
|
if is_email:
|
|
|
|
realm = request.user.realm
|
|
|
|
user_profile = get_user_including_cross_realm(email_or_id, realm)
|
|
|
|
else:
|
|
|
|
user_profile = get_user_profile_by_id(email_or_id)
|
2016-10-24 16:42:43 +02:00
|
|
|
# If there is a valid user account passed in, use its avatar
|
2017-02-23 20:13:56 +01:00
|
|
|
url = avatar_url(user_profile, medium=medium)
|
2015-11-24 05:26:33 +01:00
|
|
|
except UserProfile.DoesNotExist:
|
2016-10-24 16:42:43 +02:00
|
|
|
# If there is no such user, treat it as a new gravatar
|
|
|
|
email = email_or_id
|
2017-02-16 22:35:57 +01:00
|
|
|
avatar_version = 1
|
2017-07-17 18:04:36 +02:00
|
|
|
url = get_gravatar_url(email, avatar_version, medium)
|
2016-07-13 02:19:26 +02:00
|
|
|
|
|
|
|
# We can rely on the url already having query parameters. Because
|
|
|
|
# our templates depend on being able to use the ampersand to
|
|
|
|
# add query parameters to our url, get_avatar_url does '?x=x'
|
|
|
|
# hacks to prevent us from having to jump through decode/encode hoops.
|
|
|
|
assert '?' in url
|
|
|
|
url += '&' + request.META['QUERY_STRING']
|
2015-11-24 05:26:33 +01:00
|
|
|
return redirect(url)
|
|
|
|
|
|
|
|
def get_stream_name(stream):
|
2017-02-11 05:44:37 +01:00
|
|
|
# type: (Optional[Stream]) -> Optional[Text]
|
2015-11-24 05:26:33 +01:00
|
|
|
if stream:
|
2017-02-11 05:44:37 +01:00
|
|
|
return stream.name
|
|
|
|
return None
|
2015-11-24 05:26:33 +01:00
|
|
|
|
|
|
|
@has_request_variables
|
|
|
|
def patch_bot_backend(request, user_profile, email,
|
|
|
|
full_name=REQ(default=None),
|
2017-02-24 06:36:54 +01:00
|
|
|
bot_owner=REQ(default=None),
|
2015-11-24 05:26:33 +01:00
|
|
|
default_sending_stream=REQ(default=None),
|
|
|
|
default_events_register_stream=REQ(default=None),
|
|
|
|
default_all_public_streams=REQ(default=None, validator=check_bool)):
|
2017-02-24 06:36:54 +01:00
|
|
|
# type: (HttpRequest, UserProfile, Text, Optional[Text], Optional[Text], Optional[Text], Optional[Text], Optional[bool]) -> HttpResponse
|
2015-11-24 05:26:33 +01:00
|
|
|
try:
|
2017-05-23 01:33:15 +02:00
|
|
|
bot = get_user(email, user_profile.realm)
|
2017-03-06 01:13:55 +01:00
|
|
|
except UserProfile.DoesNotExist:
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('No such user'))
|
2015-11-24 05:26:33 +01:00
|
|
|
|
|
|
|
if not user_profile.can_admin_user(bot):
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('Insufficient permission'))
|
2015-11-24 05:26:33 +01:00
|
|
|
|
|
|
|
if full_name is not None:
|
2017-04-07 07:28:28 +02:00
|
|
|
check_change_full_name(bot, full_name, user_profile)
|
2017-02-24 06:36:54 +01:00
|
|
|
if bot_owner is not None:
|
2017-07-18 23:49:27 +02:00
|
|
|
owner = get_user(bot_owner, user_profile.realm)
|
2017-03-31 17:27:08 +02:00
|
|
|
do_change_bot_owner(bot, owner, user_profile)
|
2015-11-24 05:26:33 +01:00
|
|
|
if default_sending_stream is not None:
|
2017-01-30 03:17:42 +01:00
|
|
|
if default_sending_stream == "":
|
2017-02-11 05:45:39 +01:00
|
|
|
stream = None # type: Optional[Stream]
|
2017-01-30 03:17:42 +01:00
|
|
|
else:
|
|
|
|
(stream, recipient, sub) = access_stream_by_name(
|
|
|
|
user_profile, default_sending_stream)
|
2015-11-24 05:26:33 +01:00
|
|
|
do_change_default_sending_stream(bot, stream)
|
|
|
|
if default_events_register_stream is not None:
|
2017-01-30 03:17:42 +01:00
|
|
|
if default_events_register_stream == "":
|
|
|
|
stream = None
|
|
|
|
else:
|
|
|
|
(stream, recipient, sub) = access_stream_by_name(
|
|
|
|
user_profile, default_events_register_stream)
|
2015-11-24 05:26:33 +01:00
|
|
|
do_change_default_events_register_stream(bot, stream)
|
|
|
|
if default_all_public_streams is not None:
|
|
|
|
do_change_default_all_public_streams(bot, default_all_public_streams)
|
|
|
|
|
|
|
|
if len(request.FILES) == 0:
|
|
|
|
pass
|
|
|
|
elif len(request.FILES) == 1:
|
2016-01-25 01:27:18 +01:00
|
|
|
user_file = list(request.FILES.values())[0]
|
2017-03-02 16:21:46 +01:00
|
|
|
upload_avatar_image(user_file, user_profile, bot)
|
2015-11-24 05:26:33 +01:00
|
|
|
avatar_source = UserProfile.AVATAR_FROM_USER
|
2017-01-28 19:05:20 +01:00
|
|
|
do_change_avatar_fields(bot, avatar_source)
|
2015-11-24 05:26:33 +01:00
|
|
|
else:
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_("You may only upload one file at a time"))
|
2015-11-24 05:26:33 +01:00
|
|
|
|
|
|
|
json_result = dict(
|
|
|
|
full_name=bot.full_name,
|
|
|
|
avatar_url=avatar_url(bot),
|
|
|
|
default_sending_stream=get_stream_name(bot.default_sending_stream),
|
|
|
|
default_events_register_stream=get_stream_name(bot.default_events_register_stream),
|
|
|
|
default_all_public_streams=bot.default_all_public_streams,
|
|
|
|
)
|
2017-02-24 06:36:54 +01:00
|
|
|
|
|
|
|
# Don't include the bot owner in case it is not set.
|
|
|
|
# Default bots have no owner.
|
|
|
|
if bot.bot_owner is not None:
|
|
|
|
json_result['bot_owner'] = bot.bot_owner.email
|
|
|
|
|
2015-11-24 05:26:33 +01:00
|
|
|
return json_success(json_result)
|
|
|
|
|
|
|
|
@has_request_variables
|
|
|
|
def regenerate_bot_api_key(request, user_profile, email):
|
2016-12-25 00:44:26 +01:00
|
|
|
# type: (HttpRequest, UserProfile, Text) -> HttpResponse
|
2015-11-24 05:26:33 +01:00
|
|
|
try:
|
2017-05-23 01:33:15 +02:00
|
|
|
bot = get_user(email, user_profile.realm)
|
2017-03-06 01:13:55 +01:00
|
|
|
except UserProfile.DoesNotExist:
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('No such user'))
|
2015-11-24 05:26:33 +01:00
|
|
|
|
|
|
|
if not user_profile.can_admin_user(bot):
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('Insufficient permission'))
|
2015-11-24 05:26:33 +01:00
|
|
|
|
2017-04-06 12:27:58 +02:00
|
|
|
do_regenerate_api_key(bot, user_profile)
|
2015-11-24 05:26:33 +01:00
|
|
|
json_result = dict(
|
|
|
|
api_key = bot.api_key
|
|
|
|
)
|
|
|
|
return json_success(json_result)
|
|
|
|
|
2017-07-14 16:44:07 +02:00
|
|
|
# Adds an outgoing webhook or embedded bot service.
|
2017-10-25 20:13:11 +02:00
|
|
|
def add_service(name, user_profile, base_url=None, interface=None, token=None):
|
2017-06-10 18:43:31 +02:00
|
|
|
# type: (Text, UserProfile, Text, int, Text) -> None
|
|
|
|
Service.objects.create(name=name,
|
|
|
|
user_profile=user_profile,
|
|
|
|
base_url=base_url,
|
|
|
|
interface=interface,
|
|
|
|
token=token)
|
|
|
|
|
2015-11-24 05:26:33 +01:00
|
|
|
@has_request_variables
|
2017-06-21 13:46:58 +02:00
|
|
|
def add_bot_backend(request, user_profile, full_name_raw=REQ("full_name"), short_name_raw=REQ("short_name"),
|
2017-05-30 19:19:48 +02:00
|
|
|
bot_type=REQ(validator=check_int, default=UserProfile.DEFAULT_BOT),
|
2017-07-14 16:44:07 +02:00
|
|
|
payload_url=REQ(validator=check_url, default=""),
|
|
|
|
service_name=REQ(default=None),
|
2017-07-03 18:35:12 +02:00
|
|
|
interface_type=REQ(validator=check_int, default=Service.GENERIC),
|
2016-06-05 00:47:14 +02:00
|
|
|
default_sending_stream_name=REQ('default_sending_stream', default=None),
|
|
|
|
default_events_register_stream_name=REQ('default_events_register_stream', default=None),
|
2015-11-24 05:26:33 +01:00
|
|
|
default_all_public_streams=REQ(validator=check_bool, default=None)):
|
2017-07-14 16:44:07 +02:00
|
|
|
# type: (HttpRequest, UserProfile, Text, Text, int, Optional[Text], Optional[Text], int, Optional[Text], Optional[Text], Optional[bool]) -> HttpResponse
|
2017-06-21 13:46:58 +02:00
|
|
|
short_name = check_short_name(short_name_raw)
|
2017-07-14 16:44:07 +02:00
|
|
|
service_name = service_name or short_name
|
2015-11-24 05:26:33 +01:00
|
|
|
short_name += "-bot"
|
2017-02-08 04:51:01 +01:00
|
|
|
full_name = check_full_name(full_name_raw)
|
2017-03-05 04:17:12 +01:00
|
|
|
email = '%s@%s' % (short_name, user_profile.realm.get_bot_domain())
|
2015-11-24 05:26:33 +01:00
|
|
|
form = CreateUserForm({'full_name': full_name, 'email': email})
|
2017-07-14 16:44:07 +02:00
|
|
|
|
|
|
|
if bot_type == UserProfile.EMBEDDED_BOT:
|
|
|
|
if not settings.EMBEDDED_BOTS_ENABLED:
|
|
|
|
return json_error(_("Embedded bots are not enabled."))
|
|
|
|
if service_name not in [bot.name for bot in EMBEDDED_BOTS]:
|
|
|
|
return json_error(_("Invalid embedded bot name."))
|
|
|
|
|
2015-11-24 05:26:33 +01:00
|
|
|
if not form.is_valid():
|
|
|
|
# We validate client-side as well
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('Bad name or username'))
|
2015-11-24 05:26:33 +01:00
|
|
|
try:
|
2017-05-23 01:33:15 +02:00
|
|
|
get_user(email, user_profile.realm)
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_("Username already in use"))
|
2015-11-24 05:26:33 +01:00
|
|
|
except UserProfile.DoesNotExist:
|
|
|
|
pass
|
2017-05-30 19:19:48 +02:00
|
|
|
check_valid_bot_type(bot_type)
|
2017-07-03 18:35:12 +02:00
|
|
|
check_valid_interface_type(interface_type)
|
2015-11-24 05:26:33 +01:00
|
|
|
|
|
|
|
if len(request.FILES) == 0:
|
|
|
|
avatar_source = UserProfile.AVATAR_FROM_GRAVATAR
|
|
|
|
elif len(request.FILES) != 1:
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_("You may only upload one file at a time"))
|
2015-11-24 05:26:33 +01:00
|
|
|
else:
|
|
|
|
avatar_source = UserProfile.AVATAR_FROM_USER
|
|
|
|
|
2016-06-05 00:47:14 +02:00
|
|
|
default_sending_stream = None
|
|
|
|
if default_sending_stream_name is not None:
|
2017-01-30 03:17:42 +01:00
|
|
|
(default_sending_stream, ignored_rec, ignored_sub) = access_stream_by_name(
|
|
|
|
user_profile, default_sending_stream_name)
|
2015-11-24 05:26:33 +01:00
|
|
|
|
2016-06-05 00:47:14 +02:00
|
|
|
default_events_register_stream = None
|
|
|
|
if default_events_register_stream_name is not None:
|
2017-01-30 03:17:42 +01:00
|
|
|
(default_events_register_stream, ignored_rec, ignored_sub) = access_stream_by_name(
|
|
|
|
user_profile, default_events_register_stream_name)
|
2015-11-24 05:26:33 +01:00
|
|
|
|
|
|
|
bot_profile = do_create_user(email=email, password='',
|
|
|
|
realm=user_profile.realm, full_name=full_name,
|
2016-05-18 20:23:03 +02:00
|
|
|
short_name=short_name, active=True,
|
2017-05-30 19:19:48 +02:00
|
|
|
bot_type=bot_type,
|
2015-11-24 05:26:33 +01:00
|
|
|
bot_owner=user_profile,
|
|
|
|
avatar_source=avatar_source,
|
|
|
|
default_sending_stream=default_sending_stream,
|
|
|
|
default_events_register_stream=default_events_register_stream,
|
|
|
|
default_all_public_streams=default_all_public_streams)
|
2017-03-02 16:21:46 +01:00
|
|
|
if len(request.FILES) == 1:
|
|
|
|
user_file = list(request.FILES.values())[0]
|
|
|
|
upload_avatar_image(user_file, user_profile, bot_profile)
|
2017-06-10 18:43:31 +02:00
|
|
|
|
2017-07-14 16:44:07 +02:00
|
|
|
if bot_type in (UserProfile.OUTGOING_WEBHOOK_BOT, UserProfile.EMBEDDED_BOT):
|
2017-10-25 20:13:11 +02:00
|
|
|
add_service(name=service_name,
|
|
|
|
user_profile=bot_profile,
|
|
|
|
base_url=payload_url,
|
|
|
|
interface=interface_type,
|
|
|
|
token=random_api_key())
|
2017-06-10 18:43:31 +02:00
|
|
|
|
2015-11-24 05:26:33 +01:00
|
|
|
json_result = dict(
|
2017-01-24 07:06:13 +01:00
|
|
|
api_key=bot_profile.api_key,
|
|
|
|
avatar_url=avatar_url(bot_profile),
|
|
|
|
default_sending_stream=get_stream_name(bot_profile.default_sending_stream),
|
|
|
|
default_events_register_stream=get_stream_name(bot_profile.default_events_register_stream),
|
|
|
|
default_all_public_streams=bot_profile.default_all_public_streams,
|
2015-11-24 05:26:33 +01:00
|
|
|
)
|
|
|
|
return json_success(json_result)
|
|
|
|
|
|
|
|
def get_bots_backend(request, user_profile):
|
2016-06-05 00:47:14 +02:00
|
|
|
# type: (HttpRequest, UserProfile) -> HttpResponse
|
2015-11-24 05:26:33 +01:00
|
|
|
bot_profiles = UserProfile.objects.filter(is_bot=True, is_active=True,
|
|
|
|
bot_owner=user_profile)
|
|
|
|
bot_profiles = bot_profiles.select_related('default_sending_stream', 'default_events_register_stream')
|
|
|
|
bot_profiles = bot_profiles.order_by('date_joined')
|
|
|
|
|
|
|
|
def bot_info(bot_profile):
|
2016-06-05 00:47:14 +02:00
|
|
|
# type: (UserProfile) -> Dict[str, Any]
|
2015-11-24 05:26:33 +01:00
|
|
|
default_sending_stream = get_stream_name(bot_profile.default_sending_stream)
|
|
|
|
default_events_register_stream = get_stream_name(bot_profile.default_events_register_stream)
|
|
|
|
|
|
|
|
return dict(
|
|
|
|
username=bot_profile.email,
|
|
|
|
full_name=bot_profile.full_name,
|
|
|
|
api_key=bot_profile.api_key,
|
|
|
|
avatar_url=avatar_url(bot_profile),
|
|
|
|
default_sending_stream=default_sending_stream,
|
|
|
|
default_events_register_stream=default_events_register_stream,
|
|
|
|
default_all_public_streams=bot_profile.default_all_public_streams,
|
|
|
|
)
|
|
|
|
|
|
|
|
return json_success({'bots': list(map(bot_info, bot_profiles))})
|
|
|
|
|
2017-10-10 04:51:04 +02:00
|
|
|
@has_request_variables
|
|
|
|
def get_members_backend(request, user_profile,
|
|
|
|
client_gravatar=REQ(validator=check_bool, default=False)):
|
|
|
|
# type: (HttpRequest, UserProfile, bool) -> HttpResponse
|
|
|
|
'''
|
|
|
|
The client_gravatar field here is set to True if clients can compute
|
|
|
|
their own gravatars, which saves us bandwidth. We want to eventually
|
|
|
|
make this the default behavior, but we have old clients that expect
|
|
|
|
the server to compute this for us.
|
|
|
|
'''
|
|
|
|
|
2015-11-24 05:26:33 +01:00
|
|
|
realm = user_profile.realm
|
2017-10-09 20:56:09 +02:00
|
|
|
admin_ids = set(u.id for u in user_profile.realm.get_admin_users())
|
|
|
|
|
|
|
|
query = UserProfile.objects.filter(
|
|
|
|
realm_id=realm.id
|
|
|
|
).values(
|
|
|
|
'id',
|
|
|
|
'email',
|
|
|
|
'realm_id',
|
|
|
|
'full_name',
|
|
|
|
'is_bot',
|
|
|
|
'is_active',
|
|
|
|
'bot_type',
|
|
|
|
'avatar_source',
|
|
|
|
'avatar_version',
|
|
|
|
'bot_owner__email',
|
|
|
|
)
|
|
|
|
|
|
|
|
def get_member(row):
|
|
|
|
# type: (Dict[str, Any]) -> Dict[str, Any]
|
|
|
|
email = row['email']
|
|
|
|
user_id = row['id']
|
|
|
|
|
|
|
|
result = dict(
|
|
|
|
user_id=user_id,
|
|
|
|
email=email,
|
|
|
|
full_name=row['full_name'],
|
|
|
|
is_bot=row['is_bot'],
|
|
|
|
is_active=row['is_active'],
|
|
|
|
bot_type=row['bot_type'],
|
|
|
|
)
|
|
|
|
|
|
|
|
result['is_admin'] = user_id in admin_ids
|
|
|
|
|
2017-10-10 04:51:04 +02:00
|
|
|
result['avatar_url'] = get_avatar_field(
|
|
|
|
user_id=user_id,
|
|
|
|
email=email,
|
2017-10-09 20:56:09 +02:00
|
|
|
avatar_source=row['avatar_source'],
|
|
|
|
avatar_version=row['avatar_version'],
|
|
|
|
realm_id=row['realm_id'],
|
2017-10-10 04:51:04 +02:00
|
|
|
medium=False,
|
|
|
|
client_gravatar=client_gravatar,
|
2017-10-09 20:56:09 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
if row['bot_owner__email']:
|
|
|
|
result['bot_owner'] = row['bot_owner__email']
|
|
|
|
|
|
|
|
return result
|
|
|
|
|
|
|
|
members = [get_member(row) for row in query]
|
|
|
|
|
2015-11-24 05:26:33 +01:00
|
|
|
return json_success({'members': members})
|
2016-01-12 15:40:40 +01:00
|
|
|
|
|
|
|
@require_realm_admin
|
|
|
|
@has_request_variables
|
2016-05-31 16:29:39 +02:00
|
|
|
def create_user_backend(request, user_profile, email=REQ(), password=REQ(),
|
2017-02-08 04:51:01 +01:00
|
|
|
full_name_raw=REQ("full_name"), short_name=REQ()):
|
2016-12-25 00:44:26 +01:00
|
|
|
# type: (HttpRequest, UserProfile, Text, Text, Text, Text) -> HttpResponse
|
2017-02-08 04:51:01 +01:00
|
|
|
full_name = check_full_name(full_name_raw)
|
2016-01-12 15:40:40 +01:00
|
|
|
form = CreateUserForm({'full_name': full_name, 'email': email})
|
|
|
|
if not form.is_valid():
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_('Bad name or username'))
|
2016-01-12 15:40:40 +01:00
|
|
|
|
|
|
|
# Check that the new user's email address belongs to the admin's realm
|
|
|
|
# (Since this is an admin API, we don't require the user to have been
|
|
|
|
# invited first.)
|
|
|
|
realm = user_profile.realm
|
2016-01-12 16:34:37 +01:00
|
|
|
if not email_allowed_for_realm(email, user_profile.realm):
|
2017-03-13 17:37:01 +01:00
|
|
|
return json_error(_("Email '%(email)s' not allowed for realm '%(realm)s'") %
|
|
|
|
{'email': email, 'realm': realm.string_id})
|
2016-01-12 15:40:40 +01:00
|
|
|
|
|
|
|
try:
|
2017-05-23 01:33:15 +02:00
|
|
|
get_user(email, user_profile.realm)
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_("Email '%s' already in use") % (email,))
|
2016-01-12 15:40:40 +01:00
|
|
|
except UserProfile.DoesNotExist:
|
|
|
|
pass
|
|
|
|
|
2017-10-25 21:48:37 +02:00
|
|
|
do_create_user(email, password, realm, full_name, short_name)
|
2016-01-12 15:40:40 +01:00
|
|
|
return json_success()
|
2016-12-15 12:22:24 +01:00
|
|
|
|
|
|
|
def generate_client_id():
|
2017-07-08 02:46:51 +02:00
|
|
|
# type: () -> str
|
2016-12-15 12:22:24 +01:00
|
|
|
return generate_random_token(32)
|
|
|
|
|
|
|
|
def get_profile_backend(request, user_profile):
|
|
|
|
# type: (HttpRequest, UserProfile) -> HttpResponse
|
|
|
|
result = dict(pointer = user_profile.pointer,
|
|
|
|
client_id = generate_client_id(),
|
|
|
|
max_message_id = -1,
|
|
|
|
user_id = user_profile.id,
|
|
|
|
full_name = user_profile.full_name,
|
|
|
|
email = user_profile.email,
|
|
|
|
is_bot = user_profile.is_bot,
|
|
|
|
is_admin = user_profile.is_realm_admin,
|
|
|
|
short_name = user_profile.short_name)
|
|
|
|
|
|
|
|
messages = Message.objects.filter(usermessage__user_profile=user_profile).order_by('-id')[:1]
|
|
|
|
if messages:
|
|
|
|
result['max_message_id'] = messages[0].id
|
|
|
|
|
|
|
|
return json_success(result)
|
2017-01-06 18:56:36 +01:00
|
|
|
|
2017-07-27 03:05:45 +02:00
|
|
|
def about_view(request):
|
2017-01-06 18:56:36 +01:00
|
|
|
# type: (HttpRequest) -> HttpResponse
|
|
|
|
|
|
|
|
with open(settings.CONTRIBUTORS_DATA) as f:
|
2017-10-12 07:54:25 +02:00
|
|
|
data = ujson.load(f)
|
2017-01-06 18:56:36 +01:00
|
|
|
|
2017-03-17 06:32:36 +01:00
|
|
|
return render(
|
|
|
|
request,
|
2017-07-27 03:05:45 +02:00
|
|
|
'zerver/about.html',
|
2017-03-17 06:32:36 +01:00
|
|
|
context=data,
|
2017-01-06 18:56:36 +01:00
|
|
|
)
|