14.2.1.1. Users

There are the library functions for user functions. It depends on the lib.resolver and lib.realm.

There are and must be no dependencies to the token functions (lib.token) or to webservices!

This code is tested in tests/test_lib_user.py

class privacyidea.lib.user.User(login='', realm='', resolver='')[source]
The user has the attributes
login, realm and resolver.

Usually a user can be found via “login@realm”.

A user object with an empty login and realm should not exist, whereas a user object could have an empty resolver.

check_password(password)[source]

The password of the user is checked against the user source

Parameters:password – The clear text password
Returns:the username of the authenticated user. If unsuccessful, returns None
Return type:string/None
delete()[source]

This deletes the user in the user store. I.e. the user in the SQL database or the LDAP gets deleted.

Returns True in case of success

exist()[source]

Check if the user object exists in the user store :return: True or False

get_ordererd_resolvers()[source]

returns a list of resolvernames ordered by priority. The resolver with the lowest priority is the first. If resolvers have the same priority, they are ordered alphabetically.

Returns:list or resolvernames
get_search_fields()[source]

Return the valid search fields of a user. The search fields are defined in the UserIdResolver class.

Returns:searchFields with name (key) and type (value)
Return type:dict
get_user_identifiers()[source]

This returns the UserId information from the resolver object and the resolvertype and the resolvername (former: getUserId) (former: getUserResolverId) :return: The userid, the resolver type and the resolver name

like (1000, “passwdresolver”, “resolver1”)
Return type:tuple
get_user_phone(phone_type='phone')[source]

Returns the phone number of a user

Parameters:phone_type (string) – The type of the phone, i.e. either mobile or phone (land line)
Returns:list with phone numbers of this user object
get_user_realms()[source]

Returns a list of the realms, a user belongs to. Usually this will only be one realm. But if the user object has no realm but only a resolver, than all realms, containing this resolver are returned. This function is used for the policy module

Returns:realms of the user
Return type:list
info

return the detailed information for the user

Returns:a dict with all the userinformation
Return type:dict
is_empty()[source]
login = ''
realm = ''
resolver = ''
update_user_info(attributes, password=None)[source]

This updates the given attributes of a user. The attributes can be “username”, “surname”, “givenname”, “email”, “mobile”, “phone”, “password”

Parameters:
  • attributes (dict) – A dictionary of the attributes to be updated
  • password – The password of the user
Returns:

True in case of success
privacyidea.lib.user.create_user(resolvername, attributes, password=None)[source]

This creates a new user in the given resolver. The resolver must be editable to do so.

The attributes is a dictionary containing the keys “username”, “email”, “phone”, “mobile”, “surname”, “givenname”, “password”.

We return the UID and not the user object, since the user could be located in several realms!

Parameters:
  • resolvername (basestring) – The name of the resolver, in which the user should be created
  • attributes (dict) – Attributes of the user
  • password – The password of the user
Returns:

The uid of the user object
privacyidea.lib.user.get_user_from_param(param, optionalOrRequired=True)[source]

Find the parameters user, realm and resolver and create a user object from these parameters.

An exception is raised, if a user in a realm is found in more than one resolvers.

Parameters:param (dict) – The dictionary of request parameters
Returns:User as found in the parameters
Return type:User object
privacyidea.lib.user.get_user_info(userid, resolvername)[source]

return the detailed information for a user in a resolver

Parameters:
  • userid (string) – The id of the user in a resolver
  • resolvername – The name of the resolver
Returns:

a dict with all the userinformation
Return type:

dict
privacyidea.lib.user.get_user_list(param=None, user=None)[source]
privacyidea.lib.user.get_username(userid, resolvername)[source]

Determine the username for a given id and a resolvername.

Parameters:
  • userid (string) – The id of the user in a resolver
  • resolvername – The name of the resolver
Returns:

the username or “” if it does not exist
Return type:

string
privacyidea.lib.user.split_user(username)[source]

Split the username of the form user@realm into the username and the realm splitting myemail@emailprovider.com@realm is also possible and will return (myemail@emailprovider, realm).

If for a user@domain the “domain” does not exist as realm, the name is not split, since it might be the user@domain in the default realm

We can also split realmuser to (user, realm)

Parameters:username (string) – the username to split
Returns:username and realm
Return type:tuple