[ARVADOS] updated: b481a5167f6c50bf04fb9aae7bb07caa1a1add6e
git at public.curoverse.com
git at public.curoverse.com
Mon Dec 30 21:06:47 EST 2013
Summary of changes:
apps/admin/setup-new-user.rb | 46 +++++++++++++++++---
.../app/controllers/application_controller.rb | 12 +++++-
.../app/controllers/user_sessions_controller.rb | 20 +++++++++
3 files changed, 70 insertions(+), 8 deletions(-)
via b481a5167f6c50bf04fb9aae7bb07caa1a1add6e (commit)
via 14baeb15c9a703a7c7b5c36b2ddcbf44c35c4c7a (commit)
via 22dc7d543f4b484b8dc658292ddf0afef00fb98a (commit)
via d088be45bcdd2069e62e0c7133a451855f2d25a9 (commit)
via ce4299cdb9bd265cc1b1e4af8086f0031342aabb (commit)
from 385f300ba44bc186aa679d5aba543260e8ffee1e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit b481a5167f6c50bf04fb9aae7bb07caa1a1add6e
Author: Tom Clegg <tom at curoverse.com>
Date: Mon Dec 30 18:05:17 2013 -0800
Do not set is_active flag for new users. They do that themselves now,
after accepting user agreements.
refs #1699
diff --git a/apps/admin/setup-new-user.rb b/apps/admin/setup-new-user.rb
index ba5d3d2..01fdfc6 100755
--- a/apps/admin/setup-new-user.rb
+++ b/apps/admin/setup-new-user.rb
@@ -166,8 +166,3 @@ group_perm = arv.link.create(link: {
link_class: 'permission',
name: 'can_read'})
log.info { "group permission: " + group_perm[:uuid] }
-
-user[:is_active] = true
-user.save
-
-log.info { "user saved with is_active=true" }
commit 14baeb15c9a703a7c7b5c36b2ddcbf44c35c4c7a
Merge: 22dc7d5 d088be4
Author: Tom Clegg <tom at curoverse.com>
Date: Mon Dec 30 18:02:33 2013 -0800
Merge branch '1675-preactivation'
closes #1722
closes #1785
commit 22dc7d543f4b484b8dc658292ddf0afef00fb98a
Author: Tom Clegg <tom at curoverse.com>
Date: Mon Dec 30 17:58:29 2013 -0800
Request activation if is_active==false but no user agreements seem to
be required.
refs #1699
diff --git a/apps/workbench/app/controllers/application_controller.rb b/apps/workbench/app/controllers/application_controller.rb
index bde1156..a97a97d 100644
--- a/apps/workbench/app/controllers/application_controller.rb
+++ b/apps/workbench/app/controllers/application_controller.rb
@@ -227,7 +227,17 @@ class ApplicationController < ActionController::Base
Collection.find(ua.uuid)
end
end
- render 'user_agreements/index'
+ if @required_user_agreements.empty?
+ # No agreements to sign. Perhaps we just need to ask?
+ current_user.activate
+ if !current_user.is_active
+ logger.warn "#{current_user.uuid.inspect}: " +
+ "No user agreements to sign, but activate failed!"
+ end
+ end
+ if !current_user.is_active
+ render 'user_agreements/index'
+ end
end
true
end
commit d088be45bcdd2069e62e0c7133a451855f2d25a9
Author: Tom Clegg <tom at curoverse.com>
Date: Mon Dec 30 17:50:53 2013 -0800
Support pre-activation by creating a new user record and OpenID
permission link.
refs #1785
refs #1722
diff --git a/apps/admin/setup-new-user.rb b/apps/admin/setup-new-user.rb
index f3758e0..ba5d3d2 100755
--- a/apps/admin/setup-new-user.rb
+++ b/apps/admin/setup-new-user.rb
@@ -5,7 +5,6 @@ abort 'Error: Ruby >= 1.9.3 required.' if RUBY_VERSION < '1.9.3'
require 'logger'
require 'trollop'
log = Logger.new STDERR
-log.level = ENV['DEBUG'] ? Logger::DEBUG : Logger::WARN
log.progname = $0.split('/').last
opts = Trollop::options do
@@ -13,12 +12,26 @@ opts = Trollop::options do
banner "Usage: #{log.progname} " +
"{user_uuid_or_email} {user_and_repo_name} {vm_uuid}"
banner ''
+ opt :debug, <<-eos
+Show debug messages.
+ eos
+ opt :create, <<-eos
+Create a new user with the given email address if an existing user \
+is not found.
+ eos
+ opt :openid_prefix, <<-eos, default: 'https://www.google.com/accounts/o8/id'
+If creating a new user record, require authentication from an OpenID \
+with this OpenID prefix *and* a matching email address in order to \
+claim the account.
+ eos
opt :force, <<-eos
Continue even if sanity checks raise flags: the given user is already \
active, the given repository already exists, etc.
eos
opt :n, 'Do not change anything, just probe'
end
+
+log.level = (ENV['DEBUG'] || opts.debug) ? Logger::DEBUG : Logger::WARN
if ARGV.count != 3
Trollop::die "required arguments are missing"
@@ -33,6 +46,30 @@ user = begin
arv.user.get(uuid: user_arg)
rescue Arvados::TransactionFailedError
found = arv.user.list(where: {email: ARGV[0]})[:items]
+ if found.count == 0 and opts.create
+ if !opts.force and !user_arg.match(/\w\@\w+\.\w+/)
+ abort "About to create new user, but #{user_arg.inspect} " +
+ "does not look like an email address. Stop."
+ end
+ if opts.n
+ log.info "-n flag given. Stop before creating new user record."
+ exit 0
+ end
+ new_user = arv.user.create(user: {email: user_arg})
+ log.info { "created user: " + new_user[:uuid] }
+ login_perm_props = {identity_url_prefix: opts.openid_prefix }
+ oid_login_perm = arv.link.create(link: {
+ link_class: 'permission',
+ name: 'can_login',
+ tail_kind: 'email',
+ tail_uuid: user_arg,
+ head_kind: 'arvados#user',
+ head_uuid: new_user[:uuid],
+ properties: login_perm_props
+ })
+ log.info { "openid login permission: " + oid_login_perm[:uuid] }
+ found = [new_user]
+ end
if found.count != 1
abort "Found #{found.count} users " +
"with uuid or email #{user_arg.inspect}. Stop."
@@ -93,7 +130,7 @@ if opts.n
end
if need_force and not opts.force
- abort "This does not seem to be a new user, and -f was not given. Stop."
+ abort "This does not seem to be a new user[name], and -f was not given. Stop."
end
# Everything seems to be in order. Create a repository (if needed) and
commit ce4299cdb9bd265cc1b1e4af8086f0031342aabb
Author: Tom Clegg <tom at curoverse.com>
Date: Mon Dec 30 17:48:08 2013 -0800
Allow authentication from multiple OpenIDs using permission links with
matching email and OpenID prefix.
refs #1722
diff --git a/services/api/app/controllers/user_sessions_controller.rb b/services/api/app/controllers/user_sessions_controller.rb
index eaaf7b5..3ac47d4 100644
--- a/services/api/app/controllers/user_sessions_controller.rb
+++ b/services/api/app/controllers/user_sessions_controller.rb
@@ -21,6 +21,22 @@ class UserSessionsController < ApplicationController
user = User.find_by_identity_url(omniauth['info']['identity_url'])
if not user
+ # Check for permission to log in to an existing User record with
+ # a different identity_url
+ Link.where(link_class: 'permission',
+ name: 'can_login',
+ tail_kind: 'email',
+ tail_uuid: omniauth['info']['email'],
+ head_kind: 'arvados#user').each do |link|
+ if prefix = link.properties[:identity_url_prefix]
+ if prefix == omniauth['info']['identity_url'][0..prefix.size-1]
+ user = User.find_by_uuid(link.head_uuid)
+ break if user
+ end
+ end
+ end
+ end
+ if not user
# New user registration
user = User.new(:email => omniauth['info']['email'],
:first_name => omniauth['info']['first_name'],
@@ -31,6 +47,10 @@ class UserSessionsController < ApplicationController
user.email = omniauth['info']['email']
user.first_name = omniauth['info']['first_name']
user.last_name = omniauth['info']['last_name']
+ if user.identity_url.nil?
+ # First login to a pre-activated account
+ user.identity_url = omniauth['info']['identity_url']
+ end
end
# prevent ArvadosModel#before_create and _update from throwing
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list