[tilde TODO] If a username is being registered that is also a member of /home/, do not allow the client to register it unless the logged in user matches the name

[desvox]

No description provided.

[MineRobber9000]

To get the username of the logged in user:

import pwd,os

CURRENT_USER = pwd.getpwuid(os.getuid()).pw_name

[benharri]

I think this is meant to be for the case of using someone else's username so you'd just want to check based on the name they're trying to register:

import pwd

try:
    pwd.getpwnam('someusr')
except KeyError:
    print('User someusr does not exist.')

I think we'll want both checks.

[MineRobber9000]

well, what I posted is for getting the name of the user (to verify that the name is theirs)

[benharri]

Yeah I know. We'll want to check that they are that user AND that the username they're trying to register is even an account on the machine.

[MineRobber9000]

so how about this:

import pwd, os

""'Returns True if user exists on system."""
def is_user(username):
    try:
        pwd.getpwnam('someusr')
        return True
    except KeyError:
        return False

"""Returns username of user that owns this process."""
def get_username():
    return pwd.getpwuid(os.getuid()).pw_name

"""Returns True if username may be registered by this user.
If False is returned, a reason is also returned, to be shown to the user."""
def validate_username(username_choice):
    if is_user(username_choice):
        if username_choice!=get_username():
            return False,"User exists on server, and is not you."
        return True
    else:
        return True

While this does not work in the API case, I'd like to remind you that in the API case, we have no way to verify the user's identity anyways (as they can lie).

[benharri]

That looks good to me