Add superuser abilities: create user, show logs. Also fix the super users UI to show the user drop down and make all superuser API calls require fresh login

2014-10-01 13:55:09 -04:00 · 2014-10-01 13:55:09 -04:00 · d9c7e92637
commit d9c7e92637
parent 039d53ea6c
6 changed files with 225 additions and 29 deletions
--- a/endpoints/api/superuser.py
+++ b/endpoints/api/superuser.py
@ -1,20 +1,22 @@
+import string
 import logging
 import json

+from random import SystemRandom
 from app import app
-
 from flask import request

 from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
                           log_action, internal_only, NotFound, require_user_admin, format_date,
                           InvalidToken, require_scope, format_date, hide_if, show_if, parse_args,
-                           query_param, abort)
+                           query_param, abort, require_fresh_login)

 from endpoints.api.logs import get_logs

 from data import model
 from auth.permissions import SuperUserPermission
 from auth.auth_context import get_authenticated_user
+from util.useremails import send_confirmation_email, send_recovery_email

 import features

@ -55,6 +57,26 @@ def user_view(user):
@show_if(features.SUPER_USERS)
 class SuperUserList(ApiResource):
  """ Resource for listing users in the system. """
+  schemas = {
+    'CreateInstallUser': {
+      'id': 'CreateInstallUser',
+      'description': 'Data for creating a user',
+      'required': ['username', 'email'],
+      'properties': {
+        'username': {
+          'type': 'string',
+          'description': 'The username of the user being created'
+        },
+
+        'email': {
+          'type': 'string',
+          'description': 'The email address of the user being created'
+        }
+      }
+    }
+  }
+
+  @require_fresh_login
  @nickname('listAllUsers')
  def get(self):
    """ Returns a list of all users in the system. """
@ -67,6 +89,63 @@ class SuperUserList(ApiResource):
    abort(403)


+  @require_fresh_login
+  @nickname('createInstallUser')
+  @validate_json_request('CreateInstallUser')
+  def post(self):
+    """ Creates a new user. """
+    user_information = request.get_json()
+    if SuperUserPermission().can():
+      username = user_information['username']
+      email = user_information['email']
+
+      # Generate a temporary password for the user.
+      random = SystemRandom()
+      password =  ''.join([random.choice(string.ascii_uppercase + string.digits) for _ in range(32)])
+
+      # Create the user.
+      user = model.create_user(username, password, email, auto_verify=not features.MAILING)
+
+      # If mailing is turned on, send the user a verification email.
+      if features.MAILING:
+        confirmation = model.create_confirm_email_code(user, new_email=user.email)
+        send_confirmation_email(user.username, user.email, confirmation.code)
+
+      return {
+        'username': username,
+        'email': email,
+        'password': password
+      }
+
+    abort(403)
+
+
+@resource('/v1/superusers/users/<username>/sendrecovery')
+@internal_only
+@show_if(features.SUPER_USERS)
+@show_if(features.MAILING)
+class SuperUserSendRecoveryEmail(ApiResource):
+  """ Resource for sending a recovery user on behalf of a user. """
+  @require_fresh_login
+  @nickname('sendInstallUserRecoveryEmail')
+  def post(self, username):
+    if SuperUserPermission().can():
+      user = model.get_user(username)
+      if not user or user.organization or user.robot:
+        abort(404)
+
+      if username in app.config['SUPER_USERS']:
+          abort(403)
+
+      code = model.create_reset_password_email_code(user.email)
+      send_recovery_email(user.email, code.code)
+      return {
+        'email': user.email
+      }
+
+    abort(403)
+
+
@resource('/v1/superuser/users/<username>')
@internal_only
@show_if(features.SUPER_USERS)
@ -90,18 +169,20 @@ class SuperUserManagement(ApiResource):
    },
  }

+  @require_fresh_login
  @nickname('getInstallUser')
  def get(self, username):
    """ Returns information about the specified user. """
    if SuperUserPermission().can():
-        user = model.get_user(username)
-        if not user or user.organization or user.robot:
-          abort(404)
-            
-        return user_view(user)
+      user = model.get_user(username)
+      if not user or user.organization or user.robot:
+        abort(404)
+          
+      return user_view(user)

    abort(403)

+  @require_fresh_login
  @nickname('deleteInstallUser')
  def delete(self, username):
    """ Deletes the specified user. """
@ -118,6 +199,7 @@ class SuperUserManagement(ApiResource):

    abort(403)

+  @require_fresh_login
  @nickname('changeInstallUser')
  @validate_json_request('UpdateUser')
  def put(self, username):