zulip/zerver/management/commands/create_user.py

import argparse
import logging
from typing import Any, Optional

from django.conf import settings
from django.core import validators
from django.core.exceptions import ValidationError
from django.core.management.base import CommandError
from django.db.utils import IntegrityError

from zerver.lib.actions import do_create_user
from zerver.lib.initial_password import initial_password
from zerver.lib.management import ZulipBaseCommand


class Command(ZulipBaseCommand):
    help = """Create the specified user with a default initial password.

Sets tos_version=None, so that the user needs to do a ToS flow on login.

Omit both <email> and <full name> for interactive user creation.
"""

    def add_arguments(self, parser: argparse.ArgumentParser) -> None:
        self.add_create_user_args(parser)
        self.add_realm_args(
            parser, required=True, help="The name of the existing realm to which to add the user."
        )

    def handle(self, *args: Any, **options: Any) -> None:
        realm = self.get_realm(options)
        assert realm is not None  # Should be ensured by parser

        if "email" not in options:
            email = input("Email: ")
        else:
            email = options["email"]

        try:
            validators.validate_email(email)
        except ValidationError:
            raise CommandError("Invalid email address.")

        if "full_name" not in options:
            full_name = input("Full name: ")
        else:
            full_name = options["full_name"]

        if options["password_file"] is not None:
            with open(options["password_file"]) as f:
                password: Optional[str] = f.read().strip()
        elif options["password"] is not None:
            logging.warning(
                "Passing password on the command line is insecure; prefer --password-file."
            )
            password = options["password"]
        else:
            # initial_password will return a random password that
            # is a salted hash of the email address in a
            # development environment, and None in a production
            # environment.
            user_initial_password = initial_password(email)
            if user_initial_password is None:
                logging.info("User will be created with a disabled password.")
            else:
                assert settings.DEVELOPMENT
                logging.info("Password will be available via `./manage.py print_initial_password`.")
            password = user_initial_password

        try:
            do_create_user(
                email,
                password,
                realm,
                full_name,
                # Explicitly set tos_version=None. For servers that
                # have configured Terms of Service, this means that
                # users created via this mechanism will be prompted to
                # accept the Terms of Service on first login.
                tos_version=None,
                acting_user=None,
            )
        except IntegrityError:
            raise CommandError("User already exists.")
Django 1.8: declare positional arguments in management commands (imported from commit d9efca1376de92c8187d25f546c79fece8d2d8c6) 2015-08-21 02:10:41 +02:00			`import argparse`
management: Clean up create_user password logic. * Assert that we're in a development environment when appropriate. * Add useful logging messages, including print_initial_password details. 2022-03-21 05:09:56 +01:00			`import logging`
			`from typing import Any, Optional`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00
management: Clean up create_user password logic. * Assert that we're in a development environment when appropriate. * Add useful logging messages, including print_initial_password details. 2022-03-21 05:09:56 +01:00			`from django.conf import settings`
python: Sort imports in management commands. 2017-11-16 00:43:27 +01:00			`from django.core import validators`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00			`from django.core.exceptions import ValidationError`
python: Sort imports in management commands. 2017-11-16 00:43:27 +01:00			`from django.core.management.base import CommandError`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00			`from django.db.utils import IntegrityError`

management: Fix buggy create_user management command. The create_user management command incorrectly was double-calling notify_new_user. 2018-12-17 07:22:52 +01:00			`from zerver.lib.actions import do_create_user`
[manual] Rename Django app from zephyr to zerver. This needs to be deployed to both staging and prod at the same off-peak time (and the schema migration run). At the time it is deployed, we need to make a few changes directly in the database: (1) UPDATE django_content_type set app_label='zerver' where app_label='zephyr'; (2) UPDATE south_migrationhistory set app_name='zerver' where app_name='zephyr'; (imported from commit eb3fd719571740189514ef0b884738cb30df1320) 2013-07-29 23:03:31 +02:00			`from zerver.lib.initial_password import initial_password`
management: Use self.get_realm in create_user. 2017-08-07 17:15:11 +02:00			`from zerver.lib.management import ZulipBaseCommand`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00
python: Sort migrations/management command imports with isort. This is a preparatory commit for using isort for sorting all of our imports, merging changes to files where we can easily review the changes as something we're happy with. These are also files with relatively little active development, which means we don't expect much merge conflict risk from these changes. 2020-01-14 21:59:46 +01:00
management: Use self.get_realm in create_user. 2017-08-07 17:15:11 +02:00			`class Command(ZulipBaseCommand):`
create_user: Add Terms of Service warning. (imported from commit bdb31aebad397e98db77d3ea95ef17ac9dd4737f) 2013-01-08 23:05:42 +01:00			`help = """Create the specified user with a default initial password.`

management: Extract add_create_user_args. This will avoid code duplication when adding a create_realm management command. 2022-03-21 04:32:20 +01:00			`Sets tos_version=None, so that the user needs to do a ToS flow on login.`
Django 1.8: declare positional arguments in management commands (imported from commit d9efca1376de92c8187d25f546c79fece8d2d8c6) 2015-08-21 02:10:41 +02:00
			`Omit both <email> and <full name> for interactive user creation.`
create_user: Add Terms of Service warning. (imported from commit bdb31aebad397e98db77d3ea95ef17ac9dd4737f) 2013-01-08 23:05:42 +01:00			`"""`

zerver/management: Use python 3 syntax for typing. 2017-10-26 11:35:57 +02:00			`def add_arguments(self, parser: argparse.ArgumentParser) -> None:`
management: Extract add_create_user_args. This will avoid code duplication when adding a create_realm management command. 2022-03-21 04:32:20 +01:00			`self.add_create_user_args(parser)`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`self.add_realm_args(`
management: Use required kwargs in add_realm_args. This makes management commands more readable, since one doesn't need to know details of how the library works to read based code. 2021-05-10 21:29:25 +02:00			`parser, required=True, help="The name of the existing realm to which to add the user."`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`)`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00
zerver/management: Use python 3 syntax for typing. 2017-10-26 11:35:57 +02:00			`def handle(self, args: Any, *options: Any) -> None:`
management: Use self.get_realm in create_user. 2017-08-07 17:15:11 +02:00			`realm = self.get_realm(options)`
mypy: Add assertions of get_realm results when parser requires realm. 2017-09-26 01:25:39 +02:00			`assert realm is not None # Should be ensured by parser`

create_user: Fix unnecessary nesting of input logic. 2022-03-21 05:16:05 +01:00			`if "email" not in options:`
create_user: Simplify parameter processing. We remove a bit of error handling for cases where someone provided only one of the email and full name parameters, with the benefit of this being a lot cleaner. 2022-03-21 05:17:58 +01:00			`email = input("Email: ")`
			`else:`
			`email = options["email"]`
create_user: Fix unnecessary nesting of input logic. 2022-03-21 05:16:05 +01:00
			`try:`
			`validators.validate_email(email)`
			`except ValidationError:`
			`raise CommandError("Invalid email address.")`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00
create_user: Simplify parameter processing. We remove a bit of error handling for cases where someone provided only one of the email and full name parameters, with the benefit of this being a lot cleaner. 2022-03-21 05:17:58 +01:00			`if "full_name" not in options:`
			`full_name = input("Full name: ")`
			`else:`
			`full_name = options["full_name"]`

create_user: Fix overly large try/except block. Only the do_create_user call can throw IntegrityError, and it's a lot more readable to thus scope the try/except where it belongs. 2022-03-21 05:19:23 +01:00			`if options["password_file"] is not None:`
			`with open(options["password_file"]) as f:`
create_user: Rename pw => password for readability. 2022-03-21 05:20:28 +01:00			`password: Optional[str] = f.read().strip()`
create_user: Fix overly large try/except block. Only the do_create_user call can throw IntegrityError, and it's a lot more readable to thus scope the try/except where it belongs. 2022-03-21 05:19:23 +01:00			`elif options["password"] is not None:`
			`logging.warning(`
			`"Passing password on the command line is insecure; prefer --password-file."`
			`)`
create_user: Rename pw => password for readability. 2022-03-21 05:20:28 +01:00			`password = options["password"]`
create_user: Fix overly large try/except block. Only the do_create_user call can throw IntegrityError, and it's a lot more readable to thus scope the try/except where it belongs. 2022-03-21 05:19:23 +01:00			`else:`
			`# initial_password will return a random password that`
			`# is a salted hash of the email address in a`
			`# development environment, and None in a production`
			`# environment.`
			`user_initial_password = initial_password(email)`
			`if user_initial_password is None:`
			`logging.info("User will be created with a disabled password.")`
create_user: Receive password input from a file instead of shell arg. This is to be used for the case of container orchestration instead of shell arg to prevent snooping by any user account on the server via `ps -ef` or any superuser with read access to the user\'s bash history. 2017-07-18 05:50:54 +02:00			`else:`
create_user: Fix overly large try/except block. Only the do_create_user call can throw IntegrityError, and it's a lot more readable to thus scope the try/except where it belongs. 2022-03-21 05:19:23 +01:00			`assert settings.DEVELOPMENT`
			logging.info("Password will be available via `./manage.py print_initial_password`.")
create_user: Rename pw => password for readability. 2022-03-21 05:20:28 +01:00			`password = user_initial_password`
management: Clean up create_user password logic. * Assert that we're in a development environment when appropriate. * Add useful logging messages, including print_initial_password details. 2022-03-21 05:09:56 +01:00
create_user: Fix overly large try/except block. Only the do_create_user call can throw IntegrityError, and it's a lot more readable to thus scope the try/except where it belongs. 2022-03-21 05:19:23 +01:00			`try:`
database: Remove short_name from UserProfile. A few major themes here: - We remove short_name from UserProfile and add the appropriate migration. - We remove short_name from various cache-related lists of fields. - We allow import tools to continue to write short_name to their export files, and then we simply ignore the field at import time. - We change functions like do_create_user, create_user_profile, etc. - We keep short_name in the /json/bots API. (It actually gets turned into an email.) - We don't modify our LDAP code much here. 2020-07-16 14:10:43 +02:00			`do_create_user(`
			`email,`
create_user: Rename pw => password for readability. 2022-03-21 05:20:28 +01:00			`password,`
database: Remove short_name from UserProfile. A few major themes here: - We remove short_name from UserProfile and add the appropriate migration. - We remove short_name from various cache-related lists of fields. - We allow import tools to continue to write short_name to their export files, and then we simply ignore the field at import time. - We change functions like do_create_user, create_user_profile, etc. - We keep short_name in the /json/bots API. (It actually gets turned into an email.) - We don't modify our LDAP code much here. 2020-07-16 14:10:43 +02:00			`realm,`
			`full_name,`
create_user: Specify tos_version=None explicitly in automation. This is an important design detail, so we document this aspect of creating users via both the management command and API code paths with an explicit parameter value and comment. 2022-03-21 04:43:43 +01:00			`# Explicitly set tos_version=None. For servers that`
			`# have configured Terms of Service, this means that`
			`# users created via this mechanism will be prompted to`
			`# accept the Terms of Service on first login.`
			`tos_version=None,`
database: Remove short_name from UserProfile. A few major themes here: - We remove short_name from UserProfile and add the appropriate migration. - We remove short_name from various cache-related lists of fields. - We allow import tools to continue to write short_name to their export files, and then we simply ignore the field at import time. - We change functions like do_create_user, create_user_profile, etc. - We keep short_name in the /json/bots API. (It actually gets turned into an email.) - We don't modify our LDAP code much here. 2020-07-16 14:10:43 +02:00			`acting_user=None,`
			`)`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00			`except IntegrityError:`
			`raise CommandError("User already exists.")`