X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/b5a8d7052ff461073496627aef8e2e0c29901a19..118908c39c6ffa0ae8b62cddbdb610c51a461b6d:/services/api/app/models/user.rb diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb index 9209411f1e..310c2ca698 100644 --- a/services/api/app/models/user.rb +++ b/services/api/app/models/user.rb @@ -10,6 +10,7 @@ class User < ArvadosModel include KindAndEtag include CommonApiTemplate include CanBeAnOwner + extend CurrentApiClient serialize :prefs, Hash has_many :api_client_authorizations @@ -20,6 +21,7 @@ class User < ArvadosModel }, uniqueness: true, allow_nil: true) + validate :must_unsetup_to_deactivate before_update :prevent_privilege_escalation before_update :prevent_inactive_admin before_update :verify_repositories_empty, :if => Proc.new { |user| @@ -30,10 +32,11 @@ class User < ArvadosModel before_create :set_initial_username, :if => Proc.new { |user| user.username.nil? and user.email } + after_create :setup_on_activate after_create :add_system_group_permission_link after_create :invalidate_permissions_cache after_create :auto_setup_new_user, :if => Proc.new { |user| - Rails.configuration.auto_setup_new_users and + Rails.configuration.Users.AutoSetupNewUsers and (user.uuid != system_user_uuid) and (user.uuid != anonymous_user_uuid) } @@ -48,6 +51,8 @@ class User < ArvadosModel has_many :authorized_keys, :foreign_key => :authorized_user_uuid, :primary_key => :uuid has_many :repositories, foreign_key: :owner_uuid, primary_key: :uuid + default_scope { where('redirect_to_user_uuid is null') } + api_accessible :user, extend: :common do |t| t.add :email t.add :username @@ -78,7 +83,7 @@ class User < ArvadosModel def is_invited !!(self.is_active || - Rails.configuration.new_users_are_active || + Rails.configuration.Users.NewUsersAreActive || self.groups_i_can(:read).select { |x| x.match(/-f+$/) }.first) end @@ -138,16 +143,11 @@ class User < ArvadosModel true end - def self.invalidate_permissions_cache(timestamp=nil) - if Rails.configuration.async_permissions_update - timestamp = DbCurrentTime::db_current_time.to_i if timestamp.nil? - connection.execute "NOTIFY invalidate_permissions_cache, '#{timestamp}'" - else - refresh_permission_view - end + def self.invalidate_permissions_cache(async=false) + refresh_permission_view(async) end - def invalidate_permissions_cache(timestamp=nil) + def invalidate_permissions_cache User.invalidate_permissions_cache end @@ -188,44 +188,46 @@ class User < ArvadosModel end # create links - def setup(openid_prefix:, repo_name: nil, vm_uuid: nil) - oid_login_perm = create_oid_login_perm openid_prefix + def setup(repo_name: nil, vm_uuid: nil) repo_perm = create_user_repo_link repo_name vm_login_perm = create_vm_login_permission_link(vm_uuid, username) if vm_uuid group_perm = create_user_group_link - return [oid_login_perm, repo_perm, vm_login_perm, group_perm, self].compact + return [repo_perm, vm_login_perm, group_perm, self].compact end # delete user signatures, login, repo, and vm perms, and mark as inactive def unsetup # delete oid_login_perms for this user - Link.destroy_all(tail_uuid: self.email, + # + # note: these permission links are obsolete, they have no effect + # on anything and they are not created for new users. + Link.where(tail_uuid: self.email, link_class: 'permission', - name: 'can_login') + name: 'can_login').destroy_all # delete repo_perms for this user - Link.destroy_all(tail_uuid: self.uuid, + Link.where(tail_uuid: self.uuid, link_class: 'permission', - name: 'can_manage') + name: 'can_manage').destroy_all # delete vm_login_perms for this user - Link.destroy_all(tail_uuid: self.uuid, + Link.where(tail_uuid: self.uuid, link_class: 'permission', - name: 'can_login') + name: 'can_login').destroy_all # delete "All users" group read permissions for this user group = Group.where(name: 'All users').select do |g| g[:uuid].match(/-f+$/) end.first - Link.destroy_all(tail_uuid: self.uuid, + Link.where(tail_uuid: self.uuid, head_uuid: group[:uuid], link_class: 'permission', - name: 'can_read') + name: 'can_read').destroy_all # delete any signatures by this user - Link.destroy_all(link_class: 'signature', - tail_uuid: self.uuid) + Link.where(link_class: 'signature', + tail_uuid: self.uuid).destroy_all # delete user preferences (including profile) self.prefs = {} @@ -235,6 +237,37 @@ class User < ArvadosModel self.save! end + def must_unsetup_to_deactivate + if self.is_active_changed? && + self.is_active_was == true && + !self.is_active + + group = Group.where(name: 'All users').select do |g| + g[:uuid].match(/-f+$/) + end.first + + # When a user is set up, they are added to the "All users" + # group. A user that is part of the "All users" group is + # allowed to self-activate. + # + # It doesn't make sense to deactivate a user (set is_active = + # false) without first removing them from the "All users" group, + # because they would be able to immediately reactivate + # themselves. + # + # The 'unsetup' method removes the user from the "All users" + # group (and also sets is_active = false) so send a message + # explaining the correct way to deactivate a user. + # + if Link.where(tail_uuid: self.uuid, + head_uuid: group[:uuid], + link_class: 'permission', + name: 'can_read').any? + errors.add :is_active, "cannot be set to false directly, use the 'Deactivate' button on Workbench, or the 'unsetup' API call" + end + end + end + def set_initial_username(requested: false) if !requested.is_a?(String) || requested.empty? email_parts = email.partition("@") @@ -269,25 +302,211 @@ class User < ArvadosModel old_uuid = self.uuid self.uuid = new_uuid save!(validate: false) - ActiveRecord::Base.descendants.reject(&:abstract_class?).each do |klass| - klass.columns.each do |col| - if col.name.end_with?('_uuid') - column = col.name.to_sym - klass.where(column => old_uuid).update_all(column => new_uuid) + change_all_uuid_refs(old_uuid: old_uuid, new_uuid: new_uuid) + end + end + + # Move this user's (i.e., self's) owned items to new_owner_uuid and + # new_user_uuid (for things normally owned directly by the user). + # + # If redirect_auth is true, also reassign auth tokens and ssh keys, + # and redirect this account to redirect_to_user_uuid, i.e., when a + # caller authenticates to this account in the future, the account + # redirect_to_user_uuid account will be used instead. + # + # current_user must have admin privileges, i.e., the caller is + # responsible for checking permission to do this. + def merge(new_owner_uuid:, new_user_uuid:, redirect_to_new_user:) + raise PermissionDeniedError if !current_user.andand.is_admin + raise "Missing new_owner_uuid" if !new_owner_uuid + raise "Missing new_user_uuid" if !new_user_uuid + transaction(requires_new: true) do + reload + raise "cannot merge an already merged user" if self.redirect_to_user_uuid + + new_user = User.where(uuid: new_user_uuid).first + raise "user does not exist" if !new_user + raise "cannot merge to an already merged user" if new_user.redirect_to_user_uuid + + # If 'self' is a remote user, don't transfer authorizations + # (i.e. ability to access the account) to the new user, because + # that gives the remote site the ability to access the 'new' + # user account that takes over the 'self' account. + # + # If 'self' is a local user, it is okay to transfer + # authorizations, even if the 'new' user is a remote account, + # because the remote site does not gain the ability to access an + # account it could not before. + + if redirect_to_new_user and self.uuid[0..4] == Rails.configuration.ClusterID + # Existing API tokens and ssh keys are updated to authenticate + # to the new user. + ApiClientAuthorization. + where(user_id: id). + update_all(user_id: new_user.id) + + user_updates = [ + [AuthorizedKey, :owner_uuid], + [AuthorizedKey, :authorized_user_uuid], + [Link, :owner_uuid], + [Link, :tail_uuid], + [Link, :head_uuid], + ] + else + # Destroy API tokens and ssh keys associated with the old + # user. + ApiClientAuthorization.where(user_id: id).destroy_all + AuthorizedKey.where(owner_uuid: uuid).destroy_all + AuthorizedKey.where(authorized_user_uuid: uuid).destroy_all + user_updates = [ + [Link, :owner_uuid], + [Link, :tail_uuid] + ] + end + + # References to the old user UUID in the context of a user ID + # (rather than a "home project" in the project hierarchy) are + # updated to point to the new user. + user_updates.each do |klass, column| + klass.where(column => uuid).update_all(column => new_user.uuid) + end + + # Need to update repository names to new username + if username + old_repo_name_re = /^#{Regexp.escape(username)}\// + Repository.where(:owner_uuid => uuid).each do |repo| + repo.owner_uuid = new_user.uuid + repo_name_sub = "#{new_user.username}/" + name = repo.name.sub(old_repo_name_re, repo_name_sub) + while (conflict = Repository.where(:name => name).first) != nil + repo_name_sub += "migrated" + name = repo.name.sub(old_repo_name_re, repo_name_sub) end + repo.name = name + repo.save! end end + + # References to the merged user's "home project" are updated to + # point to new_owner_uuid. + ActiveRecord::Base.descendants.reject(&:abstract_class?).each do |klass| + next if [ApiClientAuthorization, + AuthorizedKey, + Link, + Log, + Repository].include?(klass) + next if !klass.columns.collect(&:name).include?('owner_uuid') + klass.where(owner_uuid: uuid).update_all(owner_uuid: new_owner_uuid) + end + + if redirect_to_new_user + update_attributes!(redirect_to_user_uuid: new_user.uuid, username: nil) + end + invalidate_permissions_cache end end + def redirects_to + user = self + redirects = 0 + while (uuid = user.redirect_to_user_uuid) + user = User.unscoped.find_by_uuid(uuid) + if !user + raise Exception.new("user uuid #{user.uuid} redirects to nonexistent uuid #{uuid}") + end + redirects += 1 + if redirects > 15 + raise "Starting from #{self.uuid} redirect_to_user_uuid exceeded maximum number of redirects" + end + end + user + end + + def self.register info + # login info expected fields, all can be optional but at minimum + # must supply either 'identity_url' or 'email' + # + # email + # first_name + # last_name + # username + # alternate_emails + # identity_url + + primary_user = nil + + # local database + identity_url = info['identity_url'] + + if identity_url && identity_url.length > 0 + # Only local users can create sessions, hence uuid_like_pattern + # here. + user = User.unscoped.where('identity_url = ? and uuid like ?', + identity_url, + User.uuid_like_pattern).first + primary_user = user.redirects_to if user + end + + if !primary_user + # identity url is unset or didn't find matching record. + emails = [info['email']] + (info['alternate_emails'] || []) + emails.select! {|em| !em.nil? && !em.empty?} + + User.unscoped.where('email in (?) and uuid like ?', + emails, + User.uuid_like_pattern).each do |user| + if !primary_user + primary_user = user.redirects_to + elsif primary_user.uuid != user.redirects_to.uuid + raise "Ambiguous email address, directs to both #{primary_user.uuid} and #{user.redirects_to.uuid}" + end + end + end + + if !primary_user + # New user registration + primary_user = User.new(:owner_uuid => system_user_uuid, + :is_admin => false, + :is_active => Rails.configuration.Users.NewUsersAreActive) + + primary_user.set_initial_username(requested: info['username']) if info['username'] && !info['username'].blank? + primary_user.identity_url = info['identity_url'] if identity_url + end + + primary_user.email = info['email'] if info['email'] + primary_user.first_name = info['first_name'] if info['first_name'] + primary_user.last_name = info['last_name'] if info['last_name'] + + if (!primary_user.email or primary_user.email.empty?) and (!primary_user.identity_url or primary_user.identity_url.empty?) + raise "Must have supply at least one of 'email' or 'identity_url' to User.register" + end + + act_as_system_user do + primary_user.save! + end + + primary_user + end + protected + def change_all_uuid_refs(old_uuid:, new_uuid:) + ActiveRecord::Base.descendants.reject(&:abstract_class?).each do |klass| + klass.columns.each do |col| + if col.name.end_with?('_uuid') + column = col.name.to_sym + klass.where(column => old_uuid).update_all(column => new_uuid) + end + end + end + end + def ensure_ownership_path_leads_to_user true end def permission_to_update - if username_changed? + if username_changed? || redirect_to_user_uuid_changed? || email_changed? current_user.andand.is_admin else # users must be able to update themselves (even if they are @@ -298,16 +517,17 @@ class User < ArvadosModel def permission_to_create current_user.andand.is_admin or - (self == current_user and - self.is_active == Rails.configuration.new_users_are_active) + (self == current_user && + self.redirect_to_user_uuid.nil? && + self.is_active == Rails.configuration.Users.NewUsersAreActive) end def check_auto_admin return if self.uuid.end_with?('anonymouspublic') if (User.where("email = ?",self.email).where(:is_admin => true).count == 0 and - Rails.configuration.auto_admin_user and self.email == Rails.configuration.auto_admin_user) or + !Rails.configuration.Users.AutoAdminUserWithEmail.empty? and self.email == Rails.configuration.Users["AutoAdminUserWithEmail"]) or (User.where("uuid not like '%-000000000000000'").where(:is_admin => true).count == 0 and - Rails.configuration.auto_admin_first_user) + Rails.configuration.Users.AutoAdminFirstUser) self.is_admin = true self.is_active = true end @@ -322,13 +542,13 @@ class User < ArvadosModel quoted_name = self.class.connection.quote_string(basename) next_username = basename next_suffix = 1 - while Rails.configuration.auto_setup_name_blacklist.include?(next_username) + while Rails.configuration.Users.AutoSetupUsernameBlacklist[next_username] next_suffix += 1 next_username = "%s%i" % [basename, next_suffix] end 0.upto(6).each do |suffix_len| pattern = "%s%s" % [quoted_name, "_" * suffix_len] - self.class. + self.class.unscoped. where("username like '#{pattern}'"). select(:username). order('username asc'). @@ -351,7 +571,7 @@ class User < ArvadosModel end if self.is_active_changed? if self.is_active != self.is_active_was - logger.warn "User #{current_user.uuid} tried to change is_active from #{self.is_admin_was} to #{self.is_admin} for #{self.uuid}" + logger.warn "User #{current_user.uuid} tried to change is_active from #{self.is_active_was} to #{self.is_active} for #{self.uuid}" self.is_active = self.is_active_was end end @@ -391,30 +611,6 @@ class User < ArvadosModel merged end - def create_oid_login_perm(openid_prefix) - # Check oid_login_perm - oid_login_perms = Link.where(tail_uuid: self.email, - head_uuid: self.uuid, - link_class: 'permission', - name: 'can_login') - - if !oid_login_perms.any? - # create openid login permission - oid_login_perm = Link.create(link_class: 'permission', - name: 'can_login', - tail_uuid: self.email, - head_uuid: self.uuid, - properties: { - "identity_url_prefix" => openid_prefix, - }) - logger.info { "openid login permission: " + oid_login_perm[:uuid] } - else - oid_login_perm = oid_login_perms.first - end - - return oid_login_perm - end - def create_user_repo_link(repo_name) # repo_name is optional if not repo_name @@ -434,7 +630,7 @@ class User < ArvadosModel # create login permission for the given vm_uuid, if it does not already exist def create_vm_login_permission_link(vm_uuid, repo_name) # vm uuid is optional - return if !vm_uuid + return if vm_uuid == "" vm = VirtualMachine.where(uuid: vm_uuid).first if !vm @@ -496,18 +692,18 @@ class User < ArvadosModel def setup_on_activate return if [system_user_uuid, anonymous_user_uuid].include?(self.uuid) if is_active && (new_record? || is_active_changed?) - setup(openid_prefix: Rails.configuration.default_openid_prefix) + setup end end # Automatically setup new user during creation def auto_setup_new_user - setup(openid_prefix: Rails.configuration.default_openid_prefix) + setup if username - create_vm_login_permission_link(Rails.configuration.auto_setup_new_users_with_vm_uuid, + create_vm_login_permission_link(Rails.configuration.Users.AutoSetupNewUsersWithVmUUID, username) repo_name = "#{username}/#{username}" - if Rails.configuration.auto_setup_new_users_with_repository and + if Rails.configuration.Users.AutoSetupNewUsersWithRepository and Repository.where(name: repo_name).first.nil? repo = Repository.create!(name: repo_name, owner_uuid: uuid) Link.create!(tail_uuid: uuid, head_uuid: repo.uuid, @@ -520,8 +716,8 @@ class User < ArvadosModel def send_profile_created_notification if self.prefs_changed? if self.prefs_was.andand.empty? || !self.prefs_was.andand['profile'] - profile_notification_address = Rails.configuration.user_profile_notification_address - ProfileNotifier.profile_created(self, profile_notification_address).deliver_now if profile_notification_address + profile_notification_address = Rails.configuration.Users.UserProfileNotificationAddress + ProfileNotifier.profile_created(self, profile_notification_address).deliver_now if profile_notification_address and !profile_notification_address.empty? end end end @@ -529,7 +725,7 @@ class User < ArvadosModel def verify_repositories_empty unless repositories.first.nil? errors.add(:username, "can't be unset when the user owns repositories") - false + throw(:abort) end end