Merge pull request #20 from tracim/feature/613_user_invitation_admin

backend/tracim_backend/command/user.py

@@ -127,7 +127,8 @@ class UserCommand(AppContextCommand):
                     "You must provide -p/--password parameter"
                 )
             password = ''
-
+        if self._user_api.check_email_already_in_db(login):
+            raise UserAlreadyExistError()
         try:
             user = self._user_api.create_user(
                 email=login,
@@ -140,12 +141,12 @@ class UserCommand(AppContextCommand):
             # daemons = DaemonsManager()
             # daemons.run('radicale', RadicaleDaemon)
             self._user_api.execute_created_user_actions(user)
-        except IntegrityError:
+        except IntegrityError as exception:
             self._session.rollback()
-            raise UserAlreadyExistError()
+            raise UserAlreadyExistError() from exception
         except NotificationNotSend as exception:
             self._session.rollback()
-            raise exception
+            raise exception from exception
 
         return user
 

backend/tracim_backend/exceptions.py

@@ -213,3 +213,7 @@ class TooShortAutocompleteString(TracimException):
 
 class PageNotFound(TracimException):
     pass
+
+
+class EmailAlreadyExistInDb(TracimException):
+    pass

backend/tracim_backend/lib/core/user.py

@@ -13,6 +13,7 @@ from tracim_backend.config import CFG
 from tracim_backend.models.auth import User
 from tracim_backend.models.auth import Group
 from tracim_backend.exceptions import NoUserSetted
+from tracim_backend.exceptions import EmailAlreadyExistInDb
 from tracim_backend.exceptions import TooShortAutocompleteString
 from tracim_backend.exceptions import PasswordDoNotMatch
 from tracim_backend.exceptions import EmailValidationFailed
@@ -272,6 +273,32 @@ class UserApi(object):
         return user
 
     def _check_email(self, email: str) -> bool:
+        """
+        Check if email is completely ok to be used in user db table
+        """
+        is_email_correct = self._check_email_correctness(email)
+        if not is_email_correct:
+            raise EmailValidationFailed(
+                'Email given form {} is uncorrect'.format(email))  # nopep8
+        email_already_exist_in_db = self.check_email_already_in_db(email)
+        if email_already_exist_in_db:
+            raise EmailAlreadyExistInDb(
+                'Email given {} already exist, please choose something else'.format(email)  # nopep8
+            )
+        return True
+
+    def check_email_already_in_db(self, email: str) -> bool:
+        """
+        Verify if given email does not already exist in db
+        """
+        return self._session.query(User.email).filter(User.email==email).count() != 0  # nopep8
+
+    def _check_email_correctness(self, email: str) -> bool:
+        """
+           Verify if given email is correct:
+           - check format
+           - futur active check for email ? (dns based ?)
+           """
         # TODO - G.M - 2018-07-05 - find a better way to check email
         if not email:
             return False
@@ -293,10 +320,8 @@ class UserApi(object):
         if name is not None:
             user.display_name = name
 
-        if email is not None:
-            email_exist = self._check_email(email)
-            if not email_exist:
-                raise EmailValidationFailed('Email given form {} is uncorrect'.format(email))  # nopep8
+        if email is not None and email != user.email:
+            self._check_email(email)
             user.email = email
 
         if password is not None:
@@ -359,11 +384,8 @@ class UserApi(object):
             save_now=False
     ) -> User:
         """Previous create_user method"""
+        self._check_email(email)
         user = User()
-
-        email_exist = self._check_email(email)
-        if not email_exist:
-            raise EmailValidationFailed('Email given form {} is uncorrect'.format(email))  # nopep8
         user.email = email
         user.display_name = email.split('@')[0]
 

backend/tracim_backend/models/context_models.py

@@ -8,10 +8,12 @@ from sqlalchemy.orm import Session
 from tracim_backend.config import CFG
 from tracim_backend.config import PreviewDim
 from tracim_backend.lib.utils.utils import get_root_frontend_url
+from tracim_backend.lib.utils.utils import password_generator
 from tracim_backend.lib.utils.utils import CONTENT_FRONTEND_URL_SCHEMA
 from tracim_backend.lib.utils.utils import WORKSPACE_FRONTEND_URL_SCHEMA
 from tracim_backend.models import User
 from tracim_backend.models.auth import Profile
+from tracim_backend.models.auth import Group
 from tracim_backend.models.data import Content
 from tracim_backend.models.data import ContentRevisionRO
 from tracim_backend.models.data import Workspace
@@ -99,17 +101,19 @@ class UserCreation(object):
     def __init__(
             self,
             email: str,
-            password: str,
-            public_name: str,
-            timezone: str,
-            profile: str,
-            email_notification: str,
+            password: str = None,
+            public_name: str = None,
+            timezone: str = None,
+            profile: str = None,
+            email_notification: bool = True,
     ) -> None:
         self.email = email
-        self.password = password
-        self.public_name = public_name
-        self.timezone = timezone
-        self.profile = profile
+        # INFO - G.M - 2018-08-16 - cleartext password, default value
+        # is auto-generated.
+        self.password = password or password_generator()
+        self.public_name = public_name or None
+        self.timezone = timezone or ''
+        self.profile = profile or Group.TIM_USER_GROUPNAME
         self.email_notification = email_notification
 
 

backend/tracim_backend/tests/functional/test_user.py

@@ -4,6 +4,7 @@ Tests for /api/v2/users subpath endpoints.
 """
 from time import sleep
 import pytest
+import requests
 import transaction
 
 from tracim_backend import models
@@ -2422,6 +2423,7 @@ class TestUserWorkspaceEndpoint(FunctionalTest):
         assert sidebar_entry['hexcolor'] == "#ad4cf9"
         assert sidebar_entry['fa_icon'] == "comments-o"
 
+
     def test_api__get_user_workspaces__err_403__unallowed_user(self):
         """
         Check obtain all workspaces reachables for one user
@@ -2636,6 +2638,303 @@ class TestUserEndpoint(FunctionalTest):
             status=403
         )
 
+    def test_api__create_user__ok_200__full_admin(self):
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'email': 'test@test.test',
+            'password': 'mysuperpassword',
+            'profile': 'users',
+            'timezone': 'Europe/Paris',
+            'public_name': 'test user',
+            'email_notification': False,
+        }
+        res = self.testapp.post_json(
+            '/api/v2/users',
+            status=200,
+            params=params,
+        )
+        res = res.json_body
+        assert res['user_id']
+        user_id = res['user_id']
+        assert res['created']
+        assert res['is_active'] is True
+        assert res['profile'] == 'users'
+        assert res['email'] == 'test@test.test'
+        assert res['public_name'] == 'test user'
+        assert res['timezone'] == 'Europe/Paris'
+
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        user = uapi.get_one(user_id)
+        assert user.email == 'test@test.test'
+        assert user.validate_password('mysuperpassword')
+
+    def test_api__create_user__ok_200__limited_admin(self):
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'email': 'test@test.test',
+            'email_notification': False,
+        }
+        res = self.testapp.post_json(
+            '/api/v2/users',
+            status=200,
+            params=params,
+        )
+        res = res.json_body
+        assert res['user_id']
+        user_id = res['user_id']
+        assert res['created']
+        assert res['is_active'] is True
+        assert res['profile'] == 'users'
+        assert res['email'] == 'test@test.test'
+        assert res['public_name'] == 'test'
+        assert res['timezone'] == ''
+
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        user = uapi.get_one(user_id)
+        assert user.email == 'test@test.test'
+        assert user.password
+
+    def test_api__create_user__err_400__email_already_in_db(self):
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('users')]
+        test_user = uapi.create_user(
+            email='test@test.test',
+            password='pass',
+            name='bob',
+            groups=groups,
+            timezone='Europe/Paris',
+            do_save=True,
+            do_notify=False,
+        )
+        uapi.save(test_user)
+        transaction.commit()
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'email': 'test@test.test',
+            'password': 'mysuperpassword',
+            'profile': 'users',
+            'timezone': 'Europe/Paris',
+            'public_name': 'test user',
+            'email_notification': False,
+        }
+        res = self.testapp.post_json(
+            '/api/v2/users',
+            status=400,
+            params=params,
+        )
+
+    def test_api__create_user__err_403__other_user(self):
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('users')]
+        test_user = uapi.create_user(
+            email='test@test.test',
+            password='pass',
+            name='bob',
+            groups=groups,
+            timezone='Europe/Paris',
+            do_save=True,
+            do_notify=False,
+        )
+        uapi.save(test_user)
+        transaction.commit()
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'pass',
+            )
+        )
+        params = {
+            'email': 'test2@test2.test2',
+            'password': 'mysuperpassword',
+            'profile': 'users',
+            'timezone': 'Europe/Paris',
+            'public_name': 'test user',
+            'email_notification': False,
+        }
+        res = self.testapp.post_json(
+            '/api/v2/users',
+            status=403,
+            params=params,
+        )
+
+
+class TestUserWithNotificationEndpoint(FunctionalTest):
+    """
+    Tests for POST /api/v2/users/{user_id}
+    """
+    config_section = 'functional_test_with_mail_test_sync'
+
+    def test_api__create_user__ok_200__full_admin_with_notif(self):
+        requests.delete('http://127.0.0.1:8025/api/v1/messages')
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'email': 'test@test.test',
+            'password': 'mysuperpassword',
+            'profile': 'users',
+            'timezone': 'Europe/Paris',
+            'public_name': 'test user',
+            'email_notification': True,
+        }
+        res = self.testapp.post_json(
+            '/api/v2/users',
+            status=200,
+            params=params,
+        )
+        res = res.json_body
+        assert res['user_id']
+        user_id = res['user_id']
+        assert res['created']
+        assert res['is_active'] is True
+        assert res['profile'] == 'users'
+        assert res['email'] == 'test@test.test'
+        assert res['public_name'] == 'test user'
+        assert res['timezone'] == 'Europe/Paris'
+
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        user = uapi.get_one(user_id)
+        assert user.email == 'test@test.test'
+        assert user.validate_password('mysuperpassword')
+
+        # check mail received
+        response = requests.get('http://127.0.0.1:8025/api/v1/messages')
+        response = response.json()
+        assert len(response) == 1
+        headers = response[0]['Content']['Headers']
+        assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>'  # nopep8
+        assert headers['To'][0] == 'test user <test@test.test>'
+        assert headers['Subject'][0] == '[TRACIM] Created account'
+
+        # TODO - G.M - 2018-08-02 - Place cleanup outside of the test
+        requests.delete('http://127.0.0.1:8025/api/v1/messages')
+
+    def test_api__create_user__ok_200__limited_admin_with_notif(self):
+        requests.delete('http://127.0.0.1:8025/api/v1/messages')
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        params = {
+            'email': 'test@test.test',
+            'email_notification': True,
+        }
+        res = self.testapp.post_json(
+            '/api/v2/users',
+            status=200,
+            params=params,
+        )
+        res = res.json_body
+        assert res['user_id']
+        user_id = res['user_id']
+        assert res['created']
+        assert res['is_active'] is True
+        assert res['profile'] == 'users'
+        assert res['email'] == 'test@test.test'
+        assert res['public_name'] == 'test'
+        assert res['timezone'] == ''
+
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        user = uapi.get_one(user_id)
+        assert user.email == 'test@test.test'
+        assert user.password
+
+        # check mail received
+        response = requests.get('http://127.0.0.1:8025/api/v1/messages')
+        response = response.json()
+        assert len(response) == 1
+        headers = response[0]['Content']['Headers']
+        assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>'  # nopep8
+        assert headers['To'][0] == 'test <test@test.test>'
+        assert headers['Subject'][0] == '[TRACIM] Created account'
+
+        # TODO - G.M - 2018-08-02 - Place cleanup outside of the test
+        requests.delete('http://127.0.0.1:8025/api/v1/messages')
+
     def test_api_delete_user__ok_200__admin(self):
         dbsession = get_tm_session(self.session_factory, transaction.manager)
         admin = dbsession.query(models.User) \
@@ -3136,6 +3435,68 @@ class TestSetEmailEndpoint(FunctionalTest):
         res = res.json_body
         assert res['email'] == 'mysuperemail@email.fr'
 
+    def test_api__set_user_email__err_400__admin_same_email(self):
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('users')]
+        test_user = uapi.create_user(
+            email='test@test.test',
+            password='pass',
+            name='bob',
+            groups=groups,
+            timezone='Europe/Paris',
+            do_save=True,
+            do_notify=False,
+        )
+        uapi.save(test_user)
+        transaction.commit()
+        user_id = int(test_user.user_id)
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        # check before
+        res = self.testapp.get(
+            '/api/v2/users/{}'.format(user_id),
+            status=200
+        )
+        res = res.json_body
+        assert res['email'] == 'test@test.test'
+
+        # Set password
+        params = {
+            'email': 'admin@admin.admin',
+            'loggedin_user_password': 'admin@admin.admin',
+        }
+        self.testapp.put_json(
+            '/api/v2/users/{}/email'.format(user_id),
+            params=params,
+            status=400,
+        )
+        # Check After
+        res = self.testapp.get(
+            '/api/v2/users/{}'.format(user_id),
+            status=200
+        )
+        res = res.json_body
+        assert res['email'] == 'test@test.test'
+
     def test_api__set_user_email__err_403__admin_wrong_password(self):
         dbsession = get_tm_session(self.session_factory, transaction.manager)
         admin = dbsession.query(models.User) \

backend/tracim_backend/views/core_api/schemas.py

@@ -7,6 +7,7 @@ from marshmallow.validate import Range
 
 from tracim_backend.lib.utils.utils import DATETIME_FORMAT
 from tracim_backend.models.auth import Profile
+from tracim_backend.models.auth import Group
 from tracim_backend.models.contents import GlobalStatus
 from tracim_backend.models.contents import CONTENT_STATUS
 from tracim_backend.models.contents import CONTENT_TYPES
@@ -159,12 +160,38 @@ class UserProfileSchema(marshmallow.Schema):
         return UserProfile(**data)
 
 
-class UserCreationSchema(
-    SetEmailSchema,
-    SetPasswordSchema,
-    UserInfosSchema,
-    UserProfileSchema
-):
+class UserCreationSchema(marshmallow.Schema):
+    email = marshmallow.fields.Email(
+        required=True,
+        example='suri.cate@algoo.fr'
+    )
+    password = marshmallow.fields.String(
+        example='8QLa$<w',
+        required=False,
+    )
+    profile = marshmallow.fields.String(
+        attribute='profile',
+        validate=OneOf(Profile._NAME),
+        example='managers',
+        required=False,
+        default=Group.TIM_USER_GROUPNAME
+    )
+    timezone = marshmallow.fields.String(
+        example="Europe/Paris",
+        required=False,
+        default=''
+    )
+    public_name = marshmallow.fields.String(
+        example='Suri Cate',
+        required=False,
+        default=None,
+    )
+    email_notification = marshmallow.fields.Bool(
+        example=True,
+        required=False,
+        default=True,
+    )
+
     @post_load
     def create_user(self, data):
         return UserCreation(**data)

backend/tracim_backend/views/core_api/user_controller.py

@@ -1,4 +1,5 @@
 from pyramid.config import Configurator
+from tracim_backend.lib.utils.utils import password_generator
 
 try:  # Python 3.5+
     from http import HTTPStatus
@@ -16,6 +17,7 @@ from tracim_backend.views.controllers import Controller
 from tracim_backend.lib.utils.authorization import require_same_user_or_profile
 from tracim_backend.lib.utils.authorization import require_profile
 from tracim_backend.exceptions import WrongUserPassword
+from tracim_backend.exceptions import EmailAlreadyExistInDb
 from tracim_backend.exceptions import PasswordDoNotMatch
 from tracim_backend.views.core_api.schemas import UserSchema
 from tracim_backend.views.core_api.schemas import AutocompleteQuerySchema
@@ -120,6 +122,7 @@ class UserController(Controller):
 
     @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS])
     @hapic.handle_exception(WrongUserPassword, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(EmailAlreadyExistInDb, HTTPStatus.BAD_REQUEST)
     @require_same_user_or_profile(Group.TIM_ADMIN)
     @hapic.input_body(SetEmailSchema())
     @hapic.input_path(UserIdPathSchema())
@@ -192,8 +195,8 @@ class UserController(Controller):
         return uapi.get_user_with_context(user)
 
     @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS])
+    @hapic.handle_exception(EmailAlreadyExistInDb, HTTPStatus.BAD_REQUEST)
     @require_profile(Group.TIM_ADMIN)
-    @hapic.input_path(UserIdPathSchema())
     @hapic.input_body(UserCreationSchema())
     @hapic.output_body(UserSchema())
     def create_user(self, context, request: TracimRequest, hapic_data=None):

backend/tracim_backend/views/core_api/workspace_controller.py

@@ -287,7 +287,7 @@ class WorkspaceController(Controller):
                 # notification for creation
                 user = uapi.create_user(
                     email=hapic_data.body.user_email_or_public_name,
-                    password= password_generator(),
+                    password=password_generator(),
                     do_notify=True
                 )  # nopep8
                 newly_created = True