zulip/zerver/management/commands/create_user.py

import argparse
import sys
from typing import Any

from django.core import validators
from django.core.exceptions import ValidationError
from django.core.management.base import CommandError
from django.db.utils import IntegrityError

from zerver.lib.actions import do_create_user
from zerver.lib.initial_password import initial_password
from zerver.lib.management import ZulipBaseCommand
from zerver.models import email_to_username


class Command(ZulipBaseCommand):
    help = """Create the specified user with a default initial password.

Set tos_version=None, so that the user needs to do a ToS flow on login.

Omit both <email> and <full name> for interactive user creation.
"""

    def add_arguments(self, parser: argparse.ArgumentParser) -> None:
        parser.add_argument('--this-user-has-accepted-the-tos',
                            dest='tos',
                            action="store_true",
                            default=False,
                            help='Acknowledgement that the user has already accepted the ToS.')
        parser.add_argument('--password',
                            dest='password',
                            type=str,
                            default='',
                            help='password of new user. For development only.'
                                 'Note that we recommend against setting '
                                 'passwords this way, since they can be snooped by any user account '
                                 'on the server via `ps -ef` or by any superuser with'
                                 'read access to the user\'s bash history.')
        parser.add_argument('--password-file',
                            dest='password_file',
                            type=str,
                            default='',
                            help='The file containing the password of the new user.')
        parser.add_argument('email', metavar='<email>', type=str, nargs='?', default=argparse.SUPPRESS,
                            help='email address of new user')
        parser.add_argument('full_name', metavar='<full name>', type=str, nargs='?',
                            default=argparse.SUPPRESS,
                            help='full name of new user')
        self.add_realm_args(parser, True, "The name of the existing realm to which to add the user.")

    def handle(self, *args: Any, **options: Any) -> None:
        if not options["tos"]:
            raise CommandError("""You must confirm that this user has accepted the
Terms of Service by passing --this-user-has-accepted-the-tos.""")
        realm = self.get_realm(options)
        assert realm is not None  # Should be ensured by parser

        try:
            email = options['email']
            full_name = options['full_name']
            try:
                validators.validate_email(email)
            except ValidationError:
                raise CommandError("Invalid email address.")
        except KeyError:
            if 'email' in options or 'full_name' in options:
                raise CommandError("""Either specify an email and full name as two
parameters, or specify no parameters for interactive user creation.""")
            else:
                while True:
                    email = input("Email: ")
                    try:
                        validators.validate_email(email)
                        break
                    except ValidationError:
                        print("Invalid email address.", file=sys.stderr)
                full_name = input("Full name: ")

        try:
            if options['password_file']:
                with open(options['password_file']) as f:
                    pw = f.read()
            elif options['password']:
                pw = options['password']
            else:
                user_initial_password = initial_password(email)
                if user_initial_password is None:
                    raise CommandError("Password is unusable.")
                pw = user_initial_password
            do_create_user(email, pw, realm, full_name, email_to_username(email), acting_user=None)
        except IntegrityError:
            raise CommandError("User already exists.")
Django 1.8: declare positional arguments in management commands (imported from commit d9efca1376de92c8187d25f546c79fece8d2d8c6) 2015-08-21 02:10:41 +02:00			`import argparse`
python: Sort imports in management commands. 2017-11-16 00:43:27 +01:00			`import sys`
			`from typing import Any`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00
python: Sort imports in management commands. 2017-11-16 00:43:27 +01:00			`from django.core import validators`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00			`from django.core.exceptions import ValidationError`
python: Sort imports in management commands. 2017-11-16 00:43:27 +01:00			`from django.core.management.base import CommandError`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00			`from django.db.utils import IntegrityError`

management: Fix buggy create_user management command. The create_user management command incorrectly was double-calling notify_new_user. 2018-12-17 07:22:52 +01:00			`from zerver.lib.actions import do_create_user`
[manual] Rename Django app from zephyr to zerver. This needs to be deployed to both staging and prod at the same off-peak time (and the schema migration run). At the time it is deployed, we need to make a few changes directly in the database: (1) UPDATE django_content_type set app_label='zerver' where app_label='zephyr'; (2) UPDATE south_migrationhistory set app_name='zerver' where app_name='zephyr'; (imported from commit eb3fd719571740189514ef0b884738cb30df1320) 2013-07-29 23:03:31 +02:00			`from zerver.lib.initial_password import initial_password`
management: Use self.get_realm in create_user. 2017-08-07 17:15:11 +02:00			`from zerver.lib.management import ZulipBaseCommand`
python: Sort imports in management commands. 2017-11-16 00:43:27 +01:00			`from zerver.models import email_to_username`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00
python: Sort migrations/management command imports with isort. This is a preparatory commit for using isort for sorting all of our imports, merging changes to files where we can easily review the changes as something we're happy with. These are also files with relatively little active development, which means we don't expect much merge conflict risk from these changes. 2020-01-14 21:59:46 +01:00
management: Use self.get_realm in create_user. 2017-08-07 17:15:11 +02:00			`class Command(ZulipBaseCommand):`
create_user: Add Terms of Service warning. (imported from commit bdb31aebad397e98db77d3ea95ef17ac9dd4737f) 2013-01-08 23:05:42 +01:00			`help = """Create the specified user with a default initial password.`

management: Fix incorrect create_user docsting on ToS. 2018-12-17 07:23:35 +01:00			`Set tos_version=None, so that the user needs to do a ToS flow on login.`
Django 1.8: declare positional arguments in management commands (imported from commit d9efca1376de92c8187d25f546c79fece8d2d8c6) 2015-08-21 02:10:41 +02:00
			`Omit both <email> and <full name> for interactive user creation.`
create_user: Add Terms of Service warning. (imported from commit bdb31aebad397e98db77d3ea95ef17ac9dd4737f) 2013-01-08 23:05:42 +01:00			`"""`

zerver/management: Use python 3 syntax for typing. 2017-10-26 11:35:57 +02:00			`def add_arguments(self, parser: argparse.ArgumentParser) -> None:`
Django 1.8: declare positional arguments in management commands (imported from commit d9efca1376de92c8187d25f546c79fece8d2d8c6) 2015-08-21 02:10:41 +02:00			`parser.add_argument('--this-user-has-accepted-the-tos',`
			`dest='tos',`
			`action="store_true",`
			`default=False,`
			`help='Acknowledgement that the user has already accepted the ToS.')`
Add password argument to `manage.py create_user`. Tweaked by tabbott to provide clear --help output recommending against setting passwords this way. 2017-07-08 07:25:17 +02:00			`parser.add_argument('--password',`
			`dest='password',`
			`type=str,`
			`default='',`
create_user: Receive password input from a file instead of shell arg. This is to be used for the case of container orchestration instead of shell arg to prevent snooping by any user account on the server via `ps -ef` or any superuser with read access to the user\'s bash history. 2017-07-18 05:50:54 +02:00			`help='password of new user. For development only.'`
			`'Note that we recommend against setting '`
create_user: Separate password help into multiple lines. This line is too long and ./tools/lint --pep8 is failing because of this. 2017-07-08 23:12:34 +02:00			`'passwords this way, since they can be snooped by any user account '`
create_user: Receive password input from a file instead of shell arg. This is to be used for the case of container orchestration instead of shell arg to prevent snooping by any user account on the server via `ps -ef` or any superuser with read access to the user\'s bash history. 2017-07-18 05:50:54 +02:00			'on the server via `ps -ef` or by any superuser with'
			`'read access to the user\'s bash history.')`
			`parser.add_argument('--password-file',`
			`dest='password_file',`
			`type=str,`
			`default='',`
			`help='The file containing the password of the new user.')`
Django 1.8: declare positional arguments in management commands (imported from commit d9efca1376de92c8187d25f546c79fece8d2d8c6) 2015-08-21 02:10:41 +02:00			`parser.add_argument('email', metavar='<email>', type=str, nargs='?', default=argparse.SUPPRESS,`
			`help='email address of new user')`
zerver: Text-wrap long lines exceeding 110. 2017-11-09 11:45:56 +01:00			`parser.add_argument('full_name', metavar='<full name>', type=str, nargs='?',`
			`default=argparse.SUPPRESS,`
Django 1.8: declare positional arguments in management commands (imported from commit d9efca1376de92c8187d25f546c79fece8d2d8c6) 2015-08-21 02:10:41 +02:00			`help='full name of new user')`
management: Use self.get_realm in create_user. 2017-08-07 17:15:11 +02:00			`self.add_realm_args(parser, True, "The name of the existing realm to which to add the user.")`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00
zerver/management: Use python 3 syntax for typing. 2017-10-26 11:35:57 +02:00			`def handle(self, args: Any, *options: Any) -> None:`
create_user: Add Terms of Service warning. (imported from commit bdb31aebad397e98db77d3ea95ef17ac9dd4737f) 2013-01-08 23:05:42 +01:00			`if not options["tos"]:`
			`raise CommandError("""You must confirm that this user has accepted the`
			`Terms of Service by passing --this-user-has-accepted-the-tos.""")`
management: Use self.get_realm in create_user. 2017-08-07 17:15:11 +02:00			`realm = self.get_realm(options)`
mypy: Add assertions of get_realm results when parser requires realm. 2017-09-26 01:25:39 +02:00			`assert realm is not None # Should be ensured by parser`

Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00			`try:`
Django 1.8: declare positional arguments in management commands (imported from commit d9efca1376de92c8187d25f546c79fece8d2d8c6) 2015-08-21 02:10:41 +02:00			`email = options['email']`
			`full_name = options['full_name']`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00			`try:`
			`validators.validate_email(email)`
			`except ValidationError:`
			`raise CommandError("Invalid email address.")`
Django 1.8: declare positional arguments in management commands (imported from commit d9efca1376de92c8187d25f546c79fece8d2d8c6) 2015-08-21 02:10:41 +02:00			`except KeyError:`
			`if 'email' in options or 'full_name' in options:`
create_user: fix missing spaces in options error message. (imported from commit 25ea284b17dfb3160aca336e31203991f70994d8) 2013-01-08 23:08:13 +01:00			`raise CommandError("""Either specify an email and full name as two`
			`parameters, or specify no parameters for interactive user creation.""")`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00			`else:`
			`while True:`
Apply Python 3 futurize transform libmodernize.fixes.fix_input_six. 2015-11-01 17:14:42 +01:00			`email = input("Email: ")`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00			`try:`
			`validators.validate_email(email)`
			`break`
			`except ValidationError:`
Apply Python 3 futurize transform libfuturize.fixes.fix_print_with_import. 2015-11-01 17:11:06 +01:00			`print("Invalid email address.", file=sys.stderr)`
Apply Python 3 futurize transform libmodernize.fixes.fix_input_six. 2015-11-01 17:14:42 +01:00			`full_name = input("Full name: ")`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00
			`try:`
create_user: Try to read password file only when param specified. The argument parser has default empty values set for the options `--password` and `--password-file`, and this causes the script to try and read a password file even when the argument was not provided. 2019-06-20 13:57:56 +02:00			`if options['password_file']:`
python: Modernize legacy Python 2 syntax with pyupgrade. Generated by `pyupgrade --py3-plus --keep-percent-format` on all our Python code except `zthumbor` and `zulip-ec2-configure-interfaces`, followed by manual indentation fixes. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2020-04-09 21:51:58 +02:00			`with open(options['password_file']) as f:`
python: Migrate open statements to use with. This is low priority, but it's nice to be consistently using the best practice pattern. Fixes: #12419. 2019-07-14 21:37:08 +02:00			`pw = f.read()`
create_user: Try to read password file only when param specified. The argument parser has default empty values set for the options `--password` and `--password-file`, and this causes the script to try and read a password file even when the argument was not provided. 2019-06-20 13:57:56 +02:00			`elif options['password']:`
			`pw = options['password']`
create_user: Receive password input from a file instead of shell arg. This is to be used for the case of container orchestration instead of shell arg to prevent snooping by any user account on the server via `ps -ef` or any superuser with read access to the user\'s bash history. 2017-07-18 05:50:54 +02:00			`else:`
mypy.ini: Move purge_queue exclusion into re-architecting section. 2018-03-24 23:40:54 +01:00			`user_initial_password = initial_password(email)`
mypy: Raise in commands/create_user.py if initial_password returns None. 2018-03-24 23:47:11 +01:00			`if user_initial_password is None:`
			`raise CommandError("Password is unusable.")`
check_user: Get rid of incorrect encode call for initial password. 2019-06-20 14:15:10 +02:00			`pw = user_initial_password`
audit_log: Log acting_user in user creation and user activation. 2020-06-29 13:12:17 +02:00			`do_create_user(email, pw, realm, full_name, email_to_username(email), acting_user=None)`
Introduce new manage.py command which creates users with default passwords. (imported from commit ba5ed9cb6ee91435b184845019391e5dc38fc3aa) 2012-12-06 23:26:47 +01:00			`except IntegrityError:`
			`raise CommandError("User already exists.")`