Merge branch 'master' into orgview

2015-04-01 13:56:49 -04:00 · 2015-04-01 13:56:49 -04:00 · 5cd500257d
commit 5cd500257d
parent fde9666647 b10fd4ff22
52 changed files with 387 additions and 62 deletions
--- a/endpoints/api/user.py
+++ b/endpoints/api/user.py
@ -1,6 +1,7 @@
 import logging
 import json

+from random import SystemRandom
 from flask import request
 from flask.ext.login import logout_user
 from flask.ext.principal import identity_changed, AnonymousIdentity
@ -224,8 +225,13 @@ class User(ApiResource):
      if 'password' in user_data:
        logger.debug('Changing password for user: %s', user.username)
        log_action('account_change_password', user.username)
+
+        # Change the user's password.
        model.change_password(user, user_data['password'])

+        # Login again to reset their session cookie.
+        common_login(user)
+
        if features.MAILING:
          send_password_changed(user.username, user.email)

@ -335,13 +341,51 @@ class PrivateRepositories(ApiResource):
    }


+@resource('/v1/user/clientkey')
+@internal_only
+class ClientKey(ApiResource):
+  """ Operations for returning an encrypted key which can be used in place of a password
+      for the Docker client. """
+  schemas = {
+    'GenerateClientKey': {
+      'id': 'GenerateClientKey',
+      'type': 'object',
+      'required': [
+        'password',
+      ],
+      'properties': {
+        'password': {
+          'type': 'string',
+          'description': 'The user\'s password',
+        },
+      }
+    }
+  }
+
+  @require_user_admin
+  @nickname('generateUserClientKey')
+  @validate_json_request('GenerateClientKey')
+  def post(self):
+    """  Return's the user's private client key. """
+    username = get_authenticated_user().username
+    password = request.get_json()['password']
+
+    (result, error_message) = authentication.verify_user(username, password)
+    if not result:
+      raise request_error(message=error_message)
+
+    return {
+      'key': authentication.encrypt_user_password(password)
+    }
+
+
 def conduct_signin(username_or_email, password):
  needs_email_verification = False
  invalid_credentials = False

  verified = None
  try:
-    verified = authentication.verify_user(username_or_email, password)
+    (verified, error_message) = authentication.verify_user(username_or_email, password)
  except model.TooManyUsersException as ex:
    raise license_error(exception=ex)

@ -407,7 +451,7 @@ class ConvertToOrganization(ApiResource):

    # Ensure that the sign in credentials work.
    admin_password = convert_data['adminPassword']
-    admin_user =  authentication.verify_user(admin_username, admin_password)
+    (admin_user, error_message) =  authentication.verify_user(admin_username, admin_password)
    if not admin_user:
      raise request_error(reason='invaliduser',
                           message='The admin user credentials are not valid')