/* * Copyright 2014 gitblit.com. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.gitblit.transport.ssh.gitblit; import java.util.ArrayList; import java.util.List; import org.kohsuke.args4j.Argument; import org.kohsuke.args4j.Option; import com.gitblit.Constants.AccessPermission; import com.gitblit.GitBlitException; import com.gitblit.Keys; import com.gitblit.manager.IGitblit; import com.gitblit.models.RegistrantAccessPermission; import com.gitblit.models.RepositoryModel; import com.gitblit.models.UserModel; import com.gitblit.transport.ssh.SshKey; import com.gitblit.transport.ssh.commands.CommandMetaData; import com.gitblit.transport.ssh.commands.DispatchCommand; import com.gitblit.transport.ssh.commands.ListFilterCommand; import com.gitblit.transport.ssh.commands.SshCommand; import com.gitblit.transport.ssh.commands.UsageExample; import com.gitblit.transport.ssh.commands.UsageExamples; import com.gitblit.utils.ArrayUtils; import com.gitblit.utils.FlipTable; import com.gitblit.utils.FlipTable.Borders; import com.gitblit.utils.StringUtils; import com.google.common.base.Joiner; @CommandMetaData(name = "users", description = "User management commands", admin = true) public class UsersDispatcher extends DispatchCommand { @Override protected void setup(UserModel user) { // primary user commands register(user, NewUser.class); register(user, RenameUser.class); register(user, RemoveUser.class); register(user, ShowUser.class); register(user, ListUsers.class); // user-specific commands register(user, SetField.class); register(user, Permissions.class); register(user, DisableUser.class); register(user, EnableUser.class); } public static abstract class UserCommand extends SshCommand { @Argument(index = 0, required = true, metaVar = "USERNAME", usage = "username") protected String username; protected UserModel getUser(boolean requireUser) throws UnloggedFailure { IGitblit gitblit = getContext().getGitblit(); UserModel user = gitblit.getUserModel(username); if (requireUser && user == null) { throw new UnloggedFailure(1, String.format("User %s does not exist!", username)); } return user; } } @CommandMetaData(name = "new", aliases = { "add" }, description = "Create a new user account") @UsageExample(syntax = "${cmd} john 12345 --email john@smith.com --canFork --canCreate") public static class NewUser extends UserCommand { @Argument(index = 1, required = true, metaVar = "PASSWORD", usage = "password") protected String password; @Option(name = "--email", metaVar = "ADDRESS", usage = "email address") protected String email; @Option(name = "--canAdmin", usage = "can administer the server") protected boolean canAdmin; @Option(name = "--canFork", usage = "can fork repositories") protected boolean canFork; @Option(name = "--canCreate", usage = "can create personal repositories") protected boolean canCreate; @Option(name = "--disabled", usage = "create a disabled user account") protected boolean disabled; @Override public void run() throws UnloggedFailure { if (getUser(false) != null) { throw new UnloggedFailure(1, String.format("User %s already exists!", username)); } UserModel user = new UserModel(username); user.password = password; if (email != null) { user.emailAddress = email; } user.canAdmin = canAdmin; user.canFork = canFork; user.canCreate = canCreate; user.disabled = disabled; IGitblit gitblit = getContext().getGitblit(); try { gitblit.addUser(user); stdout.println(String.format("%s created.", username)); } catch (GitBlitException e) { log.error("Failed to add " + username, e); throw new UnloggedFailure(1, e.getMessage()); } } } @CommandMetaData(name = "rename", aliases = { "mv" }, description = "Rename an account") @UsageExample(syntax = "${cmd} john frank", description = "Rename the account from john to frank") public static class RenameUser extends UserCommand { @Argument(index = 1, required = true, metaVar = "NEWNAME", usage = "the new account name") protected String newUserName; @Override public void run() throws UnloggedFailure { UserModel user = getUser(true); IGitblit gitblit = getContext().getGitblit(); if (null != gitblit.getTeamModel(newUserName)) { throw new UnloggedFailure(1, String.format("Team %s already exists!", newUserName)); } // set the new name user.username = newUserName; try { gitblit.reviseUser(username, user); stdout.println(String.format("Renamed user %s to %s.", username, newUserName)); } catch (GitBlitException e) { String msg = String.format("Failed to rename user from %s to %s", username, newUserName); log.error(msg, e); throw new UnloggedFailure(1, msg); } } } @CommandMetaData(name = "set", description = "Set the specified field of an account") @UsageExample(syntax = "${cmd} john name John Smith", description = "Set the display name to \"John Smith\" for john's account") public static class SetField extends UserCommand { @Argument(index = 1, required = true, metaVar = "FIELD", usage = "the field to update") protected String fieldName; @Argument(index = 2, required = true, metaVar = "VALUE", usage = "the new value") protected List fieldValues = new ArrayList(); protected enum Field { name, displayName, email, password, canAdmin, canFork, canCreate, disabled; static Field fromString(String name) { for (Field field : values()) { if (field.name().equalsIgnoreCase(name)) { return field; } } return null; } } @Override protected String getUsageText() { String fields = Joiner.on(", ").join(Field.values()); StringBuilder sb = new StringBuilder(); sb.append("Valid fields are:\n ").append(fields); return sb.toString(); } @Override public void run() throws UnloggedFailure { UserModel user = getUser(true); Field field = Field.fromString(fieldName); if (field == null) { throw new UnloggedFailure(1, String.format("Unknown field %s", fieldName)); } String value = Joiner.on(" ").join(fieldValues).trim(); IGitblit gitblit = getContext().getGitblit(); boolean editCredentials = gitblit.supportsCredentialChanges(user); boolean editDisplayName = gitblit.supportsDisplayNameChanges(user); boolean editEmailAddress = gitblit.supportsEmailAddressChanges(user); String m = String.format("Can not edit %s for %s (%s)", field, user.username, user.accountType); switch(field) { case name: case displayName: if (!editDisplayName) { throw new UnloggedFailure(1, m); } user.displayName = value; break; case email: if (!editEmailAddress) { throw new UnloggedFailure(1, m); } user.emailAddress = value; break; case password: if (!editCredentials) { throw new UnloggedFailure(1, m); } int minLength = gitblit.getSettings().getInteger(Keys.realm.minPasswordLength, 5); if (minLength < 4) { minLength = 4; } if (value.trim().length() < minLength) { throw new UnloggedFailure(1, "Password is too short."); } // Optionally store the password MD5 digest. String type = gitblit.getSettings().getString(Keys.realm.passwordStorage, "md5"); if (type.equalsIgnoreCase("md5")) { // store MD5 digest of password user.password = StringUtils.MD5_TYPE + StringUtils.getMD5(value); } else if (type.equalsIgnoreCase("combined-md5")) { // store MD5 digest of username+password user.password = StringUtils.COMBINED_MD5_TYPE + StringUtils.getMD5(username + value); } else { user.password = value; } // reset the cookie user.cookie = StringUtils.getSHA1(user.username + value); break; case canAdmin: user.canAdmin = toBool(value); break; case canFork: user.canFork = toBool(value); break; case canCreate: user.canCreate = toBool(value); break; case disabled: user.disabled = toBool(value); break; default: throw new UnloggedFailure(1, String.format("Field %s was not properly handled by the set command.", fieldName)); } try { gitblit.reviseUser(username, user); stdout.println(String.format("Set %s.%s = %s", username, fieldName, value)); } catch (GitBlitException e) { String msg = String.format("Failed to set %s.%s = %s", username, fieldName, value); log.error(msg, e); throw new UnloggedFailure(1, msg); } } protected boolean toBool(String value) throws UnloggedFailure { String v = value.toLowerCase(); if (v.equals("t") || v.equals("true") || v.equals("yes") || v.equals("on") || v.equals("y") || v.equals("1")) { return true; } else if (v.equals("f") || v.equals("false") || v.equals("no") || v.equals("off") || v.equals("n") || v.equals("0")) { return false; } throw new UnloggedFailure(1, String.format("Invalid boolean value %s", value)); } } @CommandMetaData(name = "disable", description = "Prohibit an account from authenticating") @UsageExample(syntax = "${cmd} john", description = "Prevent John from authenticating") public static class DisableUser extends UserCommand { @Override public void run() throws UnloggedFailure { UserModel user = getUser(true); user.disabled = true; IGitblit gitblit = getContext().getGitblit(); if (gitblit.updateUserModel(username, user)) { stdout.println(String.format("%s is not allowed to authenticate.", username)); } else { throw new UnloggedFailure(1, String.format("Failed to disable %s!", username)); } } } @CommandMetaData(name = "enable", description = "Allow an account to authenticate") @UsageExample(syntax = "${cmd} john", description = "Allow John to authenticate") public static class EnableUser extends UserCommand { @Override public void run() throws UnloggedFailure { UserModel user = getUser(true); user.disabled = false; IGitblit gitblit = getContext().getGitblit(); if (gitblit.updateUserModel(username, user)) { stdout.println(String.format("%s may now authenticate.", username)); } else { throw new UnloggedFailure(1, String.format("Failed to enable %s!", username)); } } } @CommandMetaData(name = "permissions", aliases = { "perms" }, description = "Add or remove permissions from an account") @UsageExample(syntax = "${cmd} john RW:alpha/repo.git RWC:alpha/repo2.git", description = "Add or set permissions for John") public static class Permissions extends UserCommand { @Argument(index = 1, multiValued = true, metaVar = "[PERMISSION:]REPOSITORY", usage = "a repository expression") protected List permissions; @Option(name = "--remove", aliases = { "-r" }, metaVar = "REPOSITORY|ALL", usage = "remove a repository permission") protected List removals; @Override public void run() throws UnloggedFailure { IGitblit gitblit = getContext().getGitblit(); UserModel user = getUser(true); boolean modified = false; if (!ArrayUtils.isEmpty(removals)) { if (removals.contains("ALL")) { user.permissions.clear(); } else { for (String repo : removals) { user.removeRepositoryPermission(repo); log.info(String.format("Removing permission for %s from %s", repo, username)); } } modified = true; } if (!ArrayUtils.isEmpty(permissions)) { for (String perm : permissions) { String repo = AccessPermission.repositoryFromRole(perm); if (StringUtils.findInvalidCharacter(repo) == null) { // explicit permision, confirm repository RepositoryModel r = gitblit.getRepositoryModel(repo); if (r == null) { throw new UnloggedFailure(1, String.format("Repository %s does not exist!", repo)); } } AccessPermission ap = AccessPermission.permissionFromRole(perm); user.setRepositoryPermission(repo, ap); log.info(String.format("Setting %s:%s for %s", ap.name(), repo, username)); } modified = true; } if (modified && gitblit.updateUserModel(username, user)) { // reload & display new permissions user = gitblit.getUserModel(username); } showPermissions(user); } protected void showPermissions(UserModel user) { List perms = user.getRepositoryPermissions(); String[] pheaders = { "Repository", "Permission", "Type", "Source", "Mutable" }; Object [][] pdata = new Object[perms.size()][]; for (int i = 0; i < perms.size(); i++) { RegistrantAccessPermission ap = perms.get(i); pdata[i] = new Object[] { ap.registrant, ap.permission, ap.permissionType, ap.source, ap.mutable ? "Y":"" }; } stdout.println(FlipTable.of(pheaders, pdata, Borders.BODY_HCOLS)); } } @CommandMetaData(name = "remove", aliases = { "rm" }, description = "Remove a user account") @UsageExample(syntax = "${cmd} john", description = "Delete john's account") public static class RemoveUser extends UserCommand { @Override public void run() throws UnloggedFailure { UserModel user = getUser(true); IGitblit gitblit = getContext().getGitblit(); if (gitblit.deleteUserModel(user)) { stdout.println(String.format("%s has been deleted.", username)); } else { throw new UnloggedFailure(1, String.format("Failed to delete %s!", username)); } } } @CommandMetaData(name = "show", description = "Show the details of an account") @UsageExample(syntax = "${cmd} john", description = "Display john's account") public static class ShowUser extends UserCommand { @Override public void run() throws UnloggedFailure { UserModel u = getUser(true); // fields StringBuilder fb = new StringBuilder(); fb.append("Email : ").append(u.emailAddress == null ? "": u.emailAddress).append('\n'); fb.append("Type : ").append(u.accountType).append('\n'); fb.append("Can Admin : ").append(u.canAdmin() ? "Y":"").append('\n'); fb.append("Can Fork : ").append(u.canFork() ? "Y":"").append('\n'); fb.append("Can Create : ").append(u.canCreate() ? "Y":"").append('\n'); String fields = fb.toString(); // teams String teams; if (u.teams.size() == 0) { teams = FlipTable.EMPTY; } else { teams = Joiner.on(", ").join(u.teams); } // owned repositories String ownedTable; List owned = new ArrayList(); for (RepositoryModel repository : getContext().getGitblit().getRepositoryModels(u)) { if (repository.isOwner(u.username)) { owned.add(repository); } } if (owned.isEmpty()) { ownedTable = FlipTable.EMPTY; } else { String [] theaders = new String [] { "Repository", "Description" }; Object [][] tdata = new Object[owned.size()][]; int i = 0; for (RepositoryModel r : owned) { tdata[i] = new Object [] { r.name, r.description }; i++; } ownedTable = FlipTable.of(theaders, tdata, Borders.COLS); } // permissions List perms = u.getRepositoryPermissions(); String permissions; if (perms.isEmpty()) { permissions = FlipTable.EMPTY; } else { String[] pheaders = { "Repository", "Permission", "Type", "Source", "Mutable" }; Object [][] pdata = new Object[perms.size()][]; for (int i = 0; i < perms.size(); i++) { RegistrantAccessPermission ap = perms.get(i); pdata[i] = new Object[] { ap.registrant, ap.permission, ap.permissionType, ap.source, ap.mutable ? "Y":"" }; } permissions = FlipTable.of(pheaders, pdata, Borders.COLS); } // keys String keyTable; List keys = getContext().getGitblit().getPublicKeyManager().getKeys(u.username); if (ArrayUtils.isEmpty(keys)) { keyTable = FlipTable.EMPTY; } else { String[] headers = { "#", "Fingerprint", "Comment", "Type" }; int len = keys == null ? 0 : keys.size(); Object[][] data = new Object[len][]; for (int i = 0; i < len; i++) { // show 1-based index numbers with the fingerprint // this is useful for comparing with "ssh-add -l" SshKey k = keys.get(i); data[i] = new Object[] { (i + 1), k.getFingerprint(), k.getComment(), k.getAlgorithm() }; } keyTable = FlipTable.of(headers, data, Borders.COLS); } // assemble user table String userTitle = u.getDisplayName() + (u.username.equals(u.getDisplayName()) ? "" : (" (" + u.username + ")")); if (u.disabled) { userTitle += " [DISABLED]"; } String [] headers = new String[] { userTitle }; String[][] data = new String[8][]; data[0] = new String [] { "FIELDS" }; data[1] = new String [] { fields }; data[2] = new String [] { "TEAMS" }; data[3] = new String [] { teams }; data[4] = new String [] { "OWNED REPOSITORIES" }; data[5] = new String [] { ownedTable }; data[4] = new String [] { "PERMISSIONS" }; data[5] = new String [] { permissions }; data[6] = new String [] { "SSH PUBLIC KEYS" }; data[7] = new String [] { keyTable }; stdout.println(FlipTable.of(headers, data)); } } @CommandMetaData(name = "list", aliases= { "ls" }, description = "List accounts") @UsageExamples(examples = { @UsageExample(syntax = "${cmd}", description = "List accounts as a table"), @UsageExample(syntax = "${cmd} j.*", description = "List all accounts that start with 'j'"), }) public static class ListUsers extends ListFilterCommand { @Override protected List getItems() { IGitblit gitblit = getContext().getGitblit(); List users = gitblit.getAllUsers(); return users; } @Override protected boolean matches(String filter, UserModel u) { return u.username.matches(filter); } @Override protected void asTable(List list) { String[] headers; if (verbose) { String[] h = { "Name", "Display name", "Email", "Type", "Teams", "Create?", "Fork?"}; headers = h; } else { String[] h = { "Name", "Display name", "Email", "Type"}; headers = h; } Object[][] data = new Object[list.size()][]; for (int i = 0; i < list.size(); i++) { UserModel u = list.get(i); String name = (u.disabled ? "-" : ((u.canAdmin() ? "*" : " "))) + u.username; if (verbose) { data[i] = new Object[] { name, u.displayName, u.emailAddress, u.accountType + (u.canAdmin() ? ",admin":""), u.teams.isEmpty() ? "" : u.teams.size(), (u.canAdmin() || u.canCreate()) ? "Y":"", (u.canAdmin() || u.canFork()) ? "Y" : ""}; } else { data[i] = new Object[] { name, u.displayName, u.emailAddress, u.accountType + (u.canAdmin() ? ",admin":"")}; } } stdout.print(FlipTable.of(headers, data, Borders.BODY_HCOLS)); stdout.println(" * = admin account, - = disabled account"); stdout.println(); } @Override protected void asTabbed(List users) { if (verbose) { for (UserModel u : users) { outTabbed( u.disabled ? "-" : ((u.canAdmin() ? "*" : " ")) + u.username, u.getDisplayName(), u.emailAddress == null ? "" : u.emailAddress, u.accountType + (u.canAdmin() ? ",admin":""), u.teams.isEmpty() ? "" : u.teams.size(), (u.canAdmin() || u.canCreate()) ? "Y":"", (u.canAdmin() || u.canFork()) ? "Y" : ""); } } else { for (UserModel u : users) { outTabbed(u.disabled ? "-" : ((u.canAdmin() ? "*" : " ")) + u.username); } } } } }