123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589 |
- /*
- * Copyright 2014 gitblit.com.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- package com.gitblit.transport.ssh.gitblit;
-
- import java.util.ArrayList;
- import java.util.List;
-
- import org.kohsuke.args4j.Argument;
- import org.kohsuke.args4j.Option;
-
- import com.gitblit.Constants.AccessPermission;
- import com.gitblit.GitBlitException;
- import com.gitblit.Keys;
- import com.gitblit.manager.IGitblit;
- import com.gitblit.models.RegistrantAccessPermission;
- import com.gitblit.models.RepositoryModel;
- import com.gitblit.models.UserModel;
- import com.gitblit.transport.ssh.SshKey;
- import com.gitblit.transport.ssh.commands.CommandMetaData;
- import com.gitblit.transport.ssh.commands.DispatchCommand;
- import com.gitblit.transport.ssh.commands.ListFilterCommand;
- import com.gitblit.transport.ssh.commands.SshCommand;
- import com.gitblit.transport.ssh.commands.UsageExample;
- import com.gitblit.transport.ssh.commands.UsageExamples;
- import com.gitblit.utils.ArrayUtils;
- import com.gitblit.utils.FlipTable;
- import com.gitblit.utils.FlipTable.Borders;
- import com.gitblit.utils.StringUtils;
- import com.google.common.base.Joiner;
-
- @CommandMetaData(name = "users", description = "User management commands", admin = true)
- public class UsersDispatcher extends DispatchCommand {
-
- @Override
- protected void setup(UserModel user) {
- // primary user commands
- register(user, NewUser.class);
- register(user, RenameUser.class);
- register(user, RemoveUser.class);
- register(user, ShowUser.class);
- register(user, ListUsers.class);
-
- // user-specific commands
- register(user, SetField.class);
- register(user, Permissions.class);
- register(user, DisableUser.class);
- register(user, EnableUser.class);
- }
-
- public static abstract class UserCommand extends SshCommand {
- @Argument(index = 0, required = true, metaVar = "USERNAME", usage = "username")
- protected String username;
-
- protected UserModel getUser(boolean requireUser) throws UnloggedFailure {
- IGitblit gitblit = getContext().getGitblit();
- UserModel user = gitblit.getUserModel(username);
- if (requireUser && user == null) {
- throw new UnloggedFailure(1, String.format("User %s does not exist!", username));
- }
- return user;
- }
- }
-
- @CommandMetaData(name = "new", description = "Create a new user account")
- @UsageExample(syntax = "${cmd} john 12345 --email john@smith.com --canFork --canCreate")
- public static class NewUser extends UserCommand {
-
- @Argument(index = 1, required = true, metaVar = "PASSWORD", usage = "password")
- protected String password;
-
- @Option(name = "--email", metaVar = "ADDRESS", usage = "email address")
- protected String email;
-
- @Option(name = "--canAdmin", usage = "can administer the server")
- protected boolean canAdmin;
-
- @Option(name = "--canFork", usage = "can fork repositories")
- protected boolean canFork;
-
- @Option(name = "--canCreate", usage = "can create personal repositories")
- protected boolean canCreate;
-
- @Option(name = "--disabled", usage = "create a disabled user account")
- protected boolean disabled;
-
- @Override
- public void run() throws UnloggedFailure {
-
- if (getUser(false) != null) {
- throw new UnloggedFailure(1, String.format("User %s already exists!", username));
- }
-
- UserModel user = new UserModel(username);
- user.password = password;
-
- if (email != null) {
- user.emailAddress = email;
- }
-
- user.canAdmin = canAdmin;
- user.canFork = canFork;
- user.canCreate = canCreate;
- user.disabled = disabled;
-
- IGitblit gitblit = getContext().getGitblit();
- try {
- gitblit.addUser(user);
- stdout.println(String.format("%s created.", username));
- } catch (GitBlitException e) {
- log.error("Failed to add " + username, e);
- throw new UnloggedFailure(1, e.getMessage());
- }
- }
- }
-
- @CommandMetaData(name = "rename", aliases = { "mv" }, description = "Rename an account")
- @UsageExample(syntax = "${cmd} john frank", description = "Rename the account from john to frank")
- public static class RenameUser extends UserCommand {
- @Argument(index = 1, required = true, metaVar = "NEWNAME", usage = "the new account name")
- protected String newUserName;
-
- @Override
- public void run() throws UnloggedFailure {
- UserModel user = getUser(true);
- IGitblit gitblit = getContext().getGitblit();
- if (null != gitblit.getTeamModel(newUserName)) {
- throw new UnloggedFailure(1, String.format("Team %s already exists!", newUserName));
- }
-
- // set the new name
- user.username = newUserName;
-
- try {
- gitblit.reviseUser(username, user);
- stdout.println(String.format("Renamed user %s to %s.", username, newUserName));
- } catch (GitBlitException e) {
- String msg = String.format("Failed to rename user from %s to %s", username, newUserName);
- log.error(msg, e);
- throw new UnloggedFailure(1, msg);
- }
- }
- }
-
- @CommandMetaData(name = "set", description = "Set the specified field of an account")
- @UsageExample(syntax = "${cmd} john name John Smith", description = "Set the display name to \"John Smith\" for john's account")
- public static class SetField extends UserCommand {
-
- @Argument(index = 1, required = true, metaVar = "FIELD", usage = "the field to update")
- protected String fieldName;
-
- @Argument(index = 2, required = true, metaVar = "VALUE", usage = "the new value")
- protected List<String> fieldValues = new ArrayList<String>();
-
- protected enum Field {
- name, displayName, email, password, canAdmin, canFork, canCreate;
-
- static Field fromString(String name) {
- for (Field field : values()) {
- if (field.name().equalsIgnoreCase(name)) {
- return field;
- }
- }
- return null;
- }
- }
-
- @Override
- protected String getUsageText() {
- String fields = Joiner.on(", ").join(Field.values());
- StringBuilder sb = new StringBuilder();
- sb.append("Valid fields are:\n ").append(fields);
- return sb.toString();
- }
-
- @Override
- public void run() throws UnloggedFailure {
- UserModel user = getUser(true);
-
- Field field = Field.fromString(fieldName);
- if (field == null) {
- throw new UnloggedFailure(1, String.format("Unknown field %s", fieldName));
- }
-
- String value = Joiner.on(" ").join(fieldValues).trim();
- IGitblit gitblit = getContext().getGitblit();
-
- boolean editCredentials = gitblit.supportsCredentialChanges(user);
- boolean editDisplayName = gitblit.supportsDisplayNameChanges(user);
- boolean editEmailAddress = gitblit.supportsEmailAddressChanges(user);
-
- String m = String.format("Can not edit %s for %s (%s)", field, user.username, user.accountType);
-
- switch(field) {
- case name:
- case displayName:
- if (!editDisplayName) {
- throw new UnloggedFailure(1, m);
- }
- user.displayName = value;
- break;
- case email:
- if (!editEmailAddress) {
- throw new UnloggedFailure(1, m);
- }
- user.emailAddress = value;
- break;
- case password:
- if (!editCredentials) {
- throw new UnloggedFailure(1, m);
- }
- int minLength = gitblit.getSettings().getInteger(Keys.realm.minPasswordLength, 5);
- if (minLength < 4) {
- minLength = 4;
- }
- if (value.trim().length() < minLength) {
- throw new UnloggedFailure(1, "Password is too short.");
- }
-
- // Optionally store the password MD5 digest.
- String type = gitblit.getSettings().getString(Keys.realm.passwordStorage, "md5");
- if (type.equalsIgnoreCase("md5")) {
- // store MD5 digest of password
- user.password = StringUtils.MD5_TYPE + StringUtils.getMD5(value);
- } else if (type.equalsIgnoreCase("combined-md5")) {
- // store MD5 digest of username+password
- user.password = StringUtils.COMBINED_MD5_TYPE + StringUtils.getMD5(username + value);
- } else {
- user.password = value;
- }
-
- // reset the cookie
- user.cookie = StringUtils.getSHA1(user.username + value);
- break;
- case canAdmin:
- user.canAdmin = toBool(value);
- break;
- case canFork:
- user.canFork = toBool(value);
- break;
- case canCreate:
- user.canCreate = toBool(value);
- break;
- default:
- throw new UnloggedFailure(1, String.format("Field %s was not properly handled by the set command.", fieldName));
- }
-
- try {
- gitblit.reviseUser(username, user);
- stdout.println(String.format("Set %s.%s = %s", username, fieldName, value));
- } catch (GitBlitException e) {
- String msg = String.format("Failed to set %s.%s = %s", username, fieldName, value);
- log.error(msg, e);
- throw new UnloggedFailure(1, msg);
- }
- }
-
- protected boolean toBool(String value) throws UnloggedFailure {
- String v = value.toLowerCase();
- if (v.equals("t")
- || v.equals("true")
- || v.equals("yes")
- || v.equals("on")
- || v.equals("y")
- || v.equals("1")) {
- return true;
- } else if (v.equals("f")
- || v.equals("false")
- || v.equals("no")
- || v.equals("off")
- || v.equals("n")
- || v.equals("0")) {
- return false;
- }
- throw new UnloggedFailure(1, String.format("Invalid boolean value %s", value));
- }
- }
-
- @CommandMetaData(name = "disable", description = "Prohibit an account from authenticating")
- @UsageExample(syntax = "${cmd} john", description = "Prevent John from authenticating")
- public static class DisableUser extends UserCommand {
-
- @Override
- public void run() throws UnloggedFailure {
-
- UserModel user = getUser(true);
- user.disabled = true;
-
- IGitblit gitblit = getContext().getGitblit();
- if (gitblit.updateUserModel(username, user)) {
- stdout.println(String.format("%s is not allowed to authenticate.", username));
- } else {
- throw new UnloggedFailure(1, String.format("Failed to disable %s!", username));
- }
- }
- }
-
- @CommandMetaData(name = "enable", description = "Allow an account to authenticate")
- @UsageExample(syntax = "${cmd} john", description = "Allow John to authenticate")
- public static class EnableUser extends UserCommand {
-
- @Override
- public void run() throws UnloggedFailure {
-
- UserModel user = getUser(true);
- user.disabled = false;
-
- IGitblit gitblit = getContext().getGitblit();
- if (gitblit.updateUserModel(username, user)) {
- stdout.println(String.format("%s may now authenticate.", username));
- } else {
- throw new UnloggedFailure(1, String.format("Failed to enable %s!", username));
- }
- }
- }
-
- @CommandMetaData(name = "permissions", aliases = { "perms" }, description = "Add or remove permissions from an account")
- @UsageExample(syntax = "${cmd} john RW:alpha/repo.git RWC:alpha/repo2.git", description = "Add or set permissions for John")
- public static class Permissions extends UserCommand {
-
- @Argument(index = 1, multiValued = true, metaVar = "[PERMISSION:]REPOSITORY", usage = "a repository expression")
- protected List<String> permissions;
-
- @Option(name = "--remove", aliases = { "-r" }, metaVar = "REPOSITORY|ALL", usage = "remove a repository permission")
- protected List<String> removals;
-
- @Override
- public void run() throws UnloggedFailure {
- IGitblit gitblit = getContext().getGitblit();
- UserModel user = getUser(true);
-
- boolean modified = false;
- if (!ArrayUtils.isEmpty(removals)) {
- if (removals.contains("ALL")) {
- user.permissions.clear();
- } else {
- for (String repo : removals) {
- user.removeRepositoryPermission(repo);
- log.info(String.format("Removing permission for %s from %s", repo, username));
- }
- }
- modified = true;
- }
-
- if (!ArrayUtils.isEmpty(permissions)) {
- for (String perm : permissions) {
- String repo = AccessPermission.repositoryFromRole(perm);
- if (StringUtils.findInvalidCharacter(repo) == null) {
- // explicit permision, confirm repository
- RepositoryModel r = gitblit.getRepositoryModel(repo);
- if (r == null) {
- throw new UnloggedFailure(1, String.format("Repository %s does not exist!", repo));
- }
- }
- AccessPermission ap = AccessPermission.permissionFromRole(perm);
- user.setRepositoryPermission(repo, ap);
- log.info(String.format("Setting %s:%s for %s", ap.name(), repo, username));
- }
- modified = true;
- }
-
- if (modified && gitblit.updateUserModel(username, user)) {
- // reload & display new permissions
- user = gitblit.getUserModel(username);
- }
-
- showPermissions(user);
- }
-
- protected void showPermissions(UserModel user) {
- List<RegistrantAccessPermission> perms = user.getRepositoryPermissions();
- String[] pheaders = { "Repository", "Permission", "Type", "Source", "Mutable" };
- Object [][] pdata = new Object[perms.size()][];
- for (int i = 0; i < perms.size(); i++) {
- RegistrantAccessPermission ap = perms.get(i);
- pdata[i] = new Object[] { ap.registrant, ap.permission, ap.permissionType, ap.source, ap.mutable ? "Y":"" };
- }
- stdout.println(FlipTable.of(pheaders, pdata, Borders.BODY_HCOLS));
- }
- }
-
- @CommandMetaData(name = "remove", aliases = { "rm" }, description = "Remove a user account")
- @UsageExample(syntax = "${cmd} john", description = "Delete john's account")
- public static class RemoveUser extends UserCommand {
-
- @Override
- public void run() throws UnloggedFailure {
-
- UserModel user = getUser(true);
- IGitblit gitblit = getContext().getGitblit();
- if (gitblit.deleteUserModel(user)) {
- stdout.println(String.format("%s has been deleted.", username));
- } else {
- throw new UnloggedFailure(1, String.format("Failed to delete %s!", username));
- }
- }
- }
-
- @CommandMetaData(name = "show", description = "Show the details of an account")
- @UsageExample(syntax = "${cmd} john", description = "Display john's account")
- public static class ShowUser extends UserCommand {
-
- @Override
- public void run() throws UnloggedFailure {
-
- UserModel u = getUser(true);
-
- // fields
- StringBuilder fb = new StringBuilder();
- fb.append("Email : ").append(u.emailAddress == null ? "": u.emailAddress).append('\n');
- fb.append("Type : ").append(u.accountType).append('\n');
- fb.append("Can Admin : ").append(u.canAdmin() ? "Y":"").append('\n');
- fb.append("Can Fork : ").append(u.canFork() ? "Y":"").append('\n');
- fb.append("Can Create : ").append(u.canCreate() ? "Y":"").append('\n');
- String fields = fb.toString();
-
- // teams
- String teams;
- if (u.teams.size() == 0) {
- teams = FlipTable.EMPTY;
- } else {
- teams = Joiner.on(", ").join(u.teams);
- }
-
- // owned repositories
- String ownedTable;
- List<RepositoryModel> owned = new ArrayList<RepositoryModel>();
- for (RepositoryModel repository : getContext().getGitblit().getRepositoryModels(u)) {
- if (repository.isOwner(u.username)) {
- owned.add(repository);
- }
- }
- if (owned.isEmpty()) {
- ownedTable = FlipTable.EMPTY;
- } else {
- String [] theaders = new String [] { "Repository", "Description" };
- Object [][] tdata = new Object[owned.size()][];
- int i = 0;
- for (RepositoryModel r : owned) {
- tdata[i] = new Object [] { r.name, r.description };
- i++;
- }
- ownedTable = FlipTable.of(theaders, tdata, Borders.COLS);
- }
-
- // permissions
- List<RegistrantAccessPermission> perms = u.getRepositoryPermissions();
- String permissions;
- if (perms.isEmpty()) {
- permissions = FlipTable.EMPTY;
- } else {
- String[] pheaders = { "Repository", "Permission", "Type", "Source", "Mutable" };
- Object [][] pdata = new Object[perms.size()][];
- for (int i = 0; i < perms.size(); i++) {
- RegistrantAccessPermission ap = perms.get(i);
- pdata[i] = new Object[] { ap.registrant, ap.permission, ap.permissionType, ap.source, ap.mutable ? "Y":"" };
- }
- permissions = FlipTable.of(pheaders, pdata, Borders.COLS);
- }
-
- // keys
- String keyTable;
- List<SshKey> keys = getContext().getGitblit().getPublicKeyManager().getKeys(u.username);
- if (ArrayUtils.isEmpty(keys)) {
- keyTable = FlipTable.EMPTY;
- } else {
- String[] headers = { "#", "Fingerprint", "Comment", "Type" };
- int len = keys == null ? 0 : keys.size();
- Object[][] data = new Object[len][];
- for (int i = 0; i < len; i++) {
- // show 1-based index numbers with the fingerprint
- // this is useful for comparing with "ssh-add -l"
- SshKey k = keys.get(i);
- data[i] = new Object[] { (i + 1), k.getFingerprint(), k.getComment(), k.getAlgorithm() };
- }
- keyTable = FlipTable.of(headers, data, Borders.COLS);
- }
-
- // assemble user table
- String userTitle = u.getDisplayName() + (u.username.equals(u.getDisplayName()) ? "" : (" (" + u.username + ")"));
- if (u.disabled) {
- userTitle += " [DISABLED]";
- }
- String [] headers = new String[] { userTitle };
- String[][] data = new String[8][];
- data[0] = new String [] { "FIELDS" };
- data[1] = new String [] { fields };
- data[2] = new String [] { "TEAMS" };
- data[3] = new String [] { teams };
- data[4] = new String [] { "OWNED REPOSITORIES" };
- data[5] = new String [] { ownedTable };
- data[4] = new String [] { "PERMISSIONS" };
- data[5] = new String [] { permissions };
- data[6] = new String [] { "SSH PUBLIC KEYS" };
- data[7] = new String [] { keyTable };
- stdout.println(FlipTable.of(headers, data));
- }
- }
-
- @CommandMetaData(name = "list", aliases= { "ls" }, description = "List accounts")
- @UsageExamples(examples = {
- @UsageExample(syntax = "${cmd}", description = "List accounts as a table"),
- @UsageExample(syntax = "${cmd} j.*", description = "List all accounts that start with 'j'"),
- })
- public static class ListUsers extends ListFilterCommand<UserModel> {
-
- @Override
- protected List<UserModel> getItems() {
- IGitblit gitblit = getContext().getGitblit();
- List<UserModel> users = gitblit.getAllUsers();
- return users;
- }
-
- @Override
- protected boolean matches(String filter, UserModel u) {
- return u.username.matches(filter);
- }
-
- @Override
- protected void asTable(List<UserModel> list) {
- String[] headers;
- if (verbose) {
- String[] h = { "Name", "Display name", "Email", "Type", "Teams", "Create?", "Fork?"};
- headers = h;
- } else {
- String[] h = { "Name", "Display name", "Email", "Type"};
- headers = h;
- }
-
- Object[][] data = new Object[list.size()][];
- for (int i = 0; i < list.size(); i++) {
- UserModel u = list.get(i);
-
- String name = (u.disabled ? "-" : ((u.canAdmin() ? "*" : " "))) + u.username;
- if (verbose) {
- data[i] = new Object[] {
- name,
- u.displayName,
- u.emailAddress,
- u.accountType + (u.canAdmin() ? ",admin":""),
- u.teams.isEmpty() ? "" : u.teams.size(),
- (u.canAdmin() || u.canCreate()) ? "Y":"",
- (u.canAdmin() || u.canFork()) ? "Y" : ""};
- } else {
- data[i] = new Object[] {
- name,
- u.displayName,
- u.emailAddress,
- u.accountType + (u.canAdmin() ? ",admin":"")};
- }
- }
- stdout.print(FlipTable.of(headers, data, Borders.BODY_HCOLS));
- stdout.println(" * = admin account, - = disabled account");
- stdout.println();
- }
-
- @Override
- protected void asTabbed(List<UserModel> users) {
- if (verbose) {
- for (UserModel u : users) {
- outTabbed(
- u.disabled ? "-" : ((u.canAdmin() ? "*" : " ")) + u.username,
- u.getDisplayName(),
- u.emailAddress == null ? "" : u.emailAddress,
- u.accountType + (u.canAdmin() ? ",admin":""),
- u.teams.isEmpty() ? "" : u.teams.size(),
- (u.canAdmin() || u.canCreate()) ? "Y":"",
- (u.canAdmin() || u.canFork()) ? "Y" : "");
- }
- } else {
- for (UserModel u : users) {
- outTabbed(u.disabled ? "-" : ((u.canAdmin() ? "*" : " ")) + u.username);
- }
- }
- }
- }
- }
|