16.2.1.1. Users¶
There are the library functions for user functions. It depends on the lib.resolver and lib.realm.
There are and must be no dependencies to the token functions (lib.token) or to webservices!
This code is tested in tests/test_lib_user.py
- class privacyidea.lib.user.User(login='', realm='', resolver='', uid=None)[source]¶
- The user has the attributes
login, realm and resolver.
Usually a user can be found via “login@realm”.
A user object with an empty login and realm should not exist, whereas a user object could have an empty resolver.
- property attributes¶
returns the custom attributes of a user :return: a dictionary of attributes with keys and values
- check_password(password)[source]¶
The password of the user is checked against the user source
- Parameters
password – The clear text password
- Returns
the username of the authenticated user. If unsuccessful, returns None
- Return type
string/None
- delete()[source]¶
This deletes the user in the user store. I.e. the user in the SQL database or the LDAP gets deleted.
Returns True in case of success
- delete_attribute(attrkey=None)[source]¶
Delete the given key as custom user attribute. If no key is given, then all attributes are deleted
- Parameters
attrkey – The key to delete
- Returns
The number of deleted rows
- get_ordered_resolvers()[source]¶
returns a list of resolver names ordered by priority. The resolver with the lowest priority is the first. If resolvers have the same priority, they are ordered alphabetically.
- Returns
list of resolver names
- Return type
list
- get_search_fields()[source]¶
Return the valid search fields of a user. The search fields are defined in the UserIdResolver class.
- Returns
searchFields with name (key) and type (value)
- Return type
dict
- get_user_identifiers()[source]¶
This returns the UserId information from the resolver object and the resolvertype and the resolvername (former: getUserId) (former: getUserResolverId) :return: The userid, the resolver type and the resolver name
like (1000, “passwdresolver”, “resolver1”)
- Return type
tuple
- get_user_phone(phone_type='phone', index=None)[source]¶
Returns the phone number or a list of phone numbers of a user.
- Parameters
phone_type (string) – The type of the phone, i.e. either mobile or phone (land line)
index – The index of the selected phone number of list of the phones of the user. If the index is given, this phone number as string is returned. If the index is omitted, all phone numbers are returned.
- Returns
list with phone numbers of this user object
- get_user_realms()[source]¶
Returns a list of the realms, a user belongs to. Usually this will only be one realm. But if the user object has no realm but only a resolver, than all realms, containing this resolver are returned. This function is used for the policy module
- Returns
realms of the user
- Return type
list
- property info¶
return the detailed information for the user
- Returns
a dict with all the userinformation
- Return type
dict
- login = ''¶
- realm = ''¶
- resolver = ''¶
- set_attribute(attrkey, attrvalue, attrtype=None)[source]¶
Set a custom attribute for a user
- Parameters
attrkey – The key of the attribute
attrvalue – The value of the attribute
- Returns
The id of the attribute setting
- update_user_info(attributes, password=None)[source]¶
This updates the given attributes of a user. The attributes can be “username”, “surname”, “givenname”, “email”, “mobile”, “phone”, “password”
- Parameters
attributes (dict) – A dictionary of the attributes to be updated
password – The password of the user
- Returns
True in case of success
- privacyidea.lib.user.create_user(resolvername, attributes, password=None)[source]¶
This creates a new user in the given resolver. The resolver must be editable to do so.
The attributes is a dictionary containing the keys “username”, “email”, “phone”, “mobile”, “surname”, “givenname”, “password”.
We return the UID and not the user object, since the user could be located in several realms!
- Parameters
resolvername (basestring) – The name of the resolver, in which the user should be created
attributes (dict) – Attributes of the user
password – The password of the user
- Returns
The uid of the user object
- privacyidea.lib.user.get_attributes(uid, resolver, realm_id)[source]¶
Returns the attributes for the given user.
- Parameters
uid – The UID of the user
resolver – The name of the resolver
realm_id – The realm_id
- Returns
A dictionary of key/values
- privacyidea.lib.user.get_user_from_param(param, optionalOrRequired=True)[source]¶
Find the parameter user, realm and resolver and create a user object from these parameters.
An exception is raised, if a user in a realm is found in more than one resolver.
- Parameters
param (dict) – The dictionary of request parameters
optionalOrRequired (bool) – whether the user is required
- Returns
User as found in the parameters
- Return type
User object
- privacyidea.lib.user.get_user_list(param=None, user=None, custom_attributes=False)[source]¶
This function returns a list of user dictionaries.
- Parameters
param (dict) – search parameters
user (User object) – a specific user object to return
custom_attributes (bool) – Set to True, if you want to receive custom attributes of external users.
- Returns
list of dictionaries
- privacyidea.lib.user.get_username(userid, resolvername)[source]¶
Determine the username for a given id and a resolvername.
- Parameters
userid (string) – The id of the user in a resolver
resolvername – The name of the resolver
- Returns
the username or “” if it does not exist
- Return type
string
- privacyidea.lib.user.is_attribute_at_all()[source]¶
Check if there are custom user attributes at all :return: bool
- privacyidea.lib.user.log_used_user(user, other_text='')[source]¶
This creates a log message combined of a user and another text. The user information is only added, if user.login != user.used_login
- Parameters
user (User object) – A user to log
other_text – Some additional text
- Returns
str
- privacyidea.lib.user.split_user(username)[source]¶
Split the username of the form user@realm into the username and the realm splitting myemail@emailprovider.com@realm is also possible and will return (myemail@emailprovider.com, realm).
If for a user@domain the “domain” does not exist as realm, the name is not split, since it might be the user@domain in the default realm
If the Split@Sign configuration is disabled, the username won’t be split and the username and an empty realm will be returned.
We can also split realmuser to (user, realm)
- Parameters
username (string) – the username to split
- Returns
username and realm
- Return type
tuple