From 0f578ec36ccb3ceb91d64e3967a4fcd01b240895 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Thu, 30 Jun 2016 06:37:52 +0200 Subject: user: add object plugin for user_status Change user_status from a method of user to a method of a new userstatus class, which defines the extra attributes returned by user_status. This fixes user_status CLI output. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka --- API.txt | 6 ++--- VERSION | 4 ++-- ipaserver/plugins/baseuser.py | 18 --------------- ipaserver/plugins/stageuser.py | 2 -- ipaserver/plugins/user.py | 52 ++++++++++++++++++++++++++++++++++++------ 5 files changed, 50 insertions(+), 32 deletions(-) diff --git a/API.txt b/API.txt index 19922660a..085a7e0d8 100644 --- a/API.txt +++ b/API.txt @@ -5863,10 +5863,9 @@ output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: user_status/1 -args: 1,4,4 -arg: Str('uid', cli_name='login') +args: 1,3,4 +arg: Str('useruid', cli_name='login') option: Flag('all', autofill=True, cli_name='all', default=False) -option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('count', type=[]) @@ -6615,6 +6614,7 @@ default: user_stage/1 default: user_status/1 default: user_undel/1 default: user_unlock/1 +default: userstatus/1 default: vault/1 default: vault_add_internal/1 default: vault_add_member/1 diff --git a/VERSION b/VERSION index 5c3aef2e4..656e472ce 100644 --- a/VERSION +++ b/VERSION @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=203 -# Last change: host: added authentication indicators +IPA_API_VERSION_MINOR=204 +# Last change: user: add object plugin for user_status diff --git a/ipaserver/plugins/baseuser.py b/ipaserver/plugins/baseuser.py index 8087418d1..9c4af66f9 100644 --- a/ipaserver/plugins/baseuser.py +++ b/ipaserver/plugins/baseuser.py @@ -61,24 +61,6 @@ baseuser_output_params = ( ), ) -status_baseuser_output_params = ( - Str('server', - label=_('Server'), - ), - Str('krbloginfailedcount', - label=_('Failed logins'), - ), - Str('krblastsuccessfulauth', - label=_('Last successful authentication'), - ), - Str('krblastfailedauth', - label=_('Last failed authentication'), - ), - Str('now', - label=_('Time now'), - ), - ) - UPG_DEFINITION_DN = DN(('cn', 'UPG Definition'), ('cn', 'Definitions'), ('cn', 'Managed Entries'), diff --git a/ipaserver/plugins/stageuser.py b/ipaserver/plugins/stageuser.py index 9d5d40453..3b9388f60 100644 --- a/ipaserver/plugins/stageuser.py +++ b/ipaserver/plugins/stageuser.py @@ -40,7 +40,6 @@ from .baseuser import ( NO_UPG_MAGIC, baseuser_pwdchars, baseuser_output_params, - status_baseuser_output_params, baseuser_add_manager, baseuser_remove_manager) from ipalib.request import context @@ -102,7 +101,6 @@ register = Registry() stageuser_output_params = baseuser_output_params -status_output_params = status_baseuser_output_params @register() class stageuser(baseuser): diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py index adc59fcba..7c5221c85 100644 --- a/ipaserver/plugins/user.py +++ b/ipaserver/plugins/user.py @@ -38,7 +38,6 @@ from .baseuser import ( NO_UPG_MAGIC, UPG_DEFINITION_DN, baseuser_output_params, - status_baseuser_output_params, baseuser_pwdchars, validate_nsaccountlock, convert_nsaccountlock, @@ -48,6 +47,7 @@ from .baseuser import ( from .idviews import remove_ipaobject_overrides from ipalib.plugable import Registry from .baseldap import ( + LDAPObject, pkey_to_value, LDAPCreate, LDAPSearch, @@ -118,8 +118,6 @@ register = Registry() user_output_params = baseuser_output_params -status_output_params = status_baseuser_output_params - def check_protected_member(user, protected_group_name=u'admins'): ''' @@ -989,6 +987,38 @@ class user_unlock(LDAPQuery): ) +@register() +class userstatus(LDAPObject): + parent_object = 'user' + + takes_params = ( + Bool('preserved?', + label=_('Preserved user'), + flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, + ), + Str('server', + label=_('Server'), + flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, + ), + Str('krbloginfailedcount', + label=_('Failed logins'), + flags={'no_create', 'no_update', 'no_search'}, + ), + Str('krblastsuccessfulauth', + label=_('Last successful authentication'), + flags={'no_create', 'no_update', 'no_search'}, + ), + Str('krblastfailedauth', + label=_('Last failed authentication'), + flags={'no_create', 'no_update', 'no_search'}, + ), + Str('now', + label=_('Time now'), + flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, + ), + ) + + @register() class user_status(LDAPQuery): __doc__ = _(""" @@ -1013,12 +1043,20 @@ class user_status(LDAPQuery): login attempt is older than the lockouttime of the password policy. This means that the user may attempt a login again. """) + obj_name = 'userstatus' + attr_name = 'find' + has_output = output.standard_list_of_entries - has_output_params = LDAPSearch.has_output_params + status_output_params + + def get_args(self): + for arg in super(user_status, self).get_args(): + if arg.name == 'useruid': + arg = arg.clone(cli_name='login') + yield arg def execute(self, *keys, **options): ldap = self.obj.backend - dn = self.obj.get_either_dn(*keys, **options) + dn = self.api.Object.user.get_either_dn(*keys, **options) attr_list = ['krbloginfailedcount', 'krblastsuccessfulauth', 'krblastfailedauth', 'nsaccountlock'] disabled = False @@ -1074,11 +1112,11 @@ class user_status(LDAPQuery): convert_nsaccountlock(entry) if 'nsaccountlock' in entry: disabled = entry['nsaccountlock'] - self.obj.get_preserved_attribute(entry, options) + self.api.Object.user.get_preserved_attribute(entry, options) entries.append(newresult) count += 1 except errors.NotFound: - self.obj.handle_not_found(*keys) + self.api.Object.user.handle_not_found(*keys) except Exception as e: self.error("user_status: Retrieving status for %s failed with %s" % (dn, str(e))) newresult = {'dn': dn} -- cgit