forked from plainblack/webgui
-
Notifications
You must be signed in to change notification settings - Fork 0
/
userImport.pl
361 lines (300 loc) · 11.8 KB
/
userImport.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2007 Plain Black Corporation.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#-------------------------------------------------------------------
# http://www.plainblack.com info@plainblack.com
#-------------------------------------------------------------------
our ($webguiRoot);
BEGIN {
$webguiRoot = "..";
unshift (@INC, $webguiRoot."/lib");
}
use strict;
use Digest::MD5;
use Getopt::Long;
use WebGUI::DateTime;
use WebGUI::Group;
use WebGUI::Session;
use WebGUI::User;
use WebGUI::Utility;
$|=1;
my $delimiter = "\t";
my $usersFile;
my $configFile;
my $defaultIdentifier = '123qwe';
my $help;
my $authMethod = 'WebGUI';
my $groups;
my $ldapUrl;
my $status = 'Active';
my $expireOffset;
my $expireUnits = 'seconds';
my $override;
my $quiet;
my $update;
my $updateAdd;
my $replaceGroups;
my $canChangePass;
GetOptions(
'usersfile=s'=>\$usersFile,
'configfile=s'=>\$configFile,
'help'=>\$help,
'authMethod:s'=>\$authMethod,
'delimiter:s'=>\$delimiter,
'password|identifier:s'=>\$defaultIdentifier,
'groups:s'=>\$groups,
'ldapUrl:s'=>\$ldapUrl,
'quiet'=>\$quiet,
'status:s'=>\$status,
'expireOffset:i'=>\$expireOffset,
'expireUnits:s'=>\$expireUnits,
'override'=>\$override,
'update'=>\$update,
'updateAdd'=>\$updateAdd,
'replaceGroups'=>\$replaceGroups,
'canChangePass'=>\$canChangePass
);
unless ($usersFile && $configFile && !$help) {
print <<STOP;
Usage: perl $0 --usersfile=<pathToFile> --configfile=<webguiConfig>
--usersFile File (and path) containing import information.
--configFile WebGUI config file (with no path info).
Options:
--authMethod The authentication method to be used for
each user. Defaults to 'WebGUI'. Can be
overridden in the import file.
--canChangePass If this flag is set users will be able to change
their passwords. Otherwise not.
--delimiter The string that separates each field in the
import file. Defaults to tab.
--expireOffset The the amount of time before the user will
be expired from the groups they are added
to. Defaults to the expire offset set in
the group definition within WebGUI. May be
overridden in the import file.
--expireUnits Valid values are "seconds", "minutes",
"hours", "days", "weeks", "months", "years",
"epoch", or "fixed". Defaults to "seconds". This is
the units of the expire offset. If set to
"epoch" the system will assume that the
expire offset is an epoch date rather than
an interval. If set to "fixed" the
system will assume that the expireDate is
a fixed date.
--groups A comma separated list of group ids that
each user in the import file will be set
to. Can be overridden in the import file.
--help Display this help message.
--identifier Alias for --password.
--ldapUrl The URL used to connect to the LDAP server
for authentication. Can be overridden in
the import file.
--override This utility is designed to be run as
a privileged user on Linux style systems.
If you wish to run this utility without
being the super user, then use this flag,
but note that it may not work as
intended.
--password The default password to use when none is
specified with the user. Defaults to
'123qwe'. Can be overridden in the import
file.
--quiet Disable output unless there's an error.
--status The user's account status. Defaults to
'Active'. Other valid value is 'Deactivated'.
--update looks up all the users from the file in the database
and updates all the given fields for each user that
exists in the database. users that are in the file
and not in the database are ignored.
--updateAdd looks up the users from the file in the database
and updates all the given fields for each user that
exists in the database. users who do not exist in the
database are added as new users.
--replaceGroups when updating, if the user already belongs to some group
this flag will delete all the user's existing groups and
and the new groups to him/her
User File Format:
-Tab delimited fields (unless overridden with --delimiter).
-First row contains field names.
-Valid field names:
username password authMethod status
ldapUrl connectDN groups expireOffset
-In addition to the field names above, you may use any
valid profile field name.
-The special field name 'groups' should contain a comma
separated list of group ids.
Special Cases:
-If no username is specified it will default to
'firstName.lastName'.
-If firstName and lastName or username are not specified,
the user will be skipped.
-Invalid field names will be ignored.
-Blank lines will be ignored.
-If userId is specified for an import record, that userId
be used instead of generating one.
STOP
exit;
}
if (!($^O =~ /^Win/i) && $> != 0 && !$override) {
print "You must be the super user to use this utility.\n";
exit;
}
print "Starting up..." unless ($quiet);
my $session = WebGUI::Session->open($webguiRoot,$configFile);
$session->user({userId=>3});
open(FILE,"<".$usersFile);
print "OK\n" unless ($quiet);
my $first = 1;
my $lineNumber = 0;
my @field;
my @profileFields = $session->db->buildArray("select fieldName from userProfileField");
while(<FILE>) {
$lineNumber++;
chomp;
my @row = split($delimiter,$_);
my $i=0;
if ($first) {
# parse field headers
foreach (@row) {
chomp;
$field[$i] = $_;
$i++;
}
$first = 0;
} else {
# parse fields
my %user = ();
foreach (@row) {
chomp;
$user{$field[$i]} = $_;
$user{$field[$i]} =~ s/\s+$//g; #remove trailing whitespace from each field
$i++;
}
if ($user{username} eq "" && $user{firstName} ne "" && $user{lastName} ne "") {
$user{username} = $user{firstName}.".".$user{lastName};
}
if ($user{password} eq "") {
$user{identifier} = $defaultIdentifier;
} else {
$user{identifier} = $user{password};
}
$user{identifier} = Digest::MD5::md5_base64($user{identifier});
$user{ldapUrl} = $ldapUrl if ($user{ldapUrl} eq "");
$user{authMethod} = $authMethod if ($user{authMethod} eq "");
$user{groups} = $groups if ($user{groups} eq "");
$user{status} = $status if ($user{status} eq "");
$user{expireOffset} = $expireOffset if ($user{expireOffset} eq "");
$user{expireOffset} = calculateExpireOffset($user{expireOffset},$expireUnits);
if ($user{birthdate}) {
$user{birthdate} = WebGUI::DateTime->new($user{birthdate}." 00:00:00")->epoch();
}
if ($user{changePassword} eq "") {
if ($canChangePass) {
$user{changePassword} = 1;
} else {
$user{changePassword} = 0;
}
}
# process user
my $u;
my $queryHandler;
my ($duplicate) = $session->db->quickArray("select userid from users where username=?",[$user{username}]);
if ($user{username} eq "") {
print "Skipping line $lineNumber.\n" unless ($quiet);
} else {
# update only
if ($update) {
if ($duplicate) {
print "Updating user $user{username}\n" unless ($quiet);
$u = WebGUI::User->new($session, $duplicate);
if ($replaceGroups and ($user{groups} ne "")) {
$queryHandler = $session->db->prepare("delete from groupings where userid=?",[$duplicate]);
if ($queryHandler) { $queryHandler->execute(); }
}
my ($pw) = $session->db->quickArray("select authentication.fieldData from authentication,users where authentication.authMethod='WebGUI' and users.username=? and users.userId=authentication.userId and authentication.fieldName='identifier'",[$user{username}]);
$user{identifier} = $pw;
} else {
print "User $user{username} not found. Skipping.\n" unless ($quiet);
}
} elsif ($updateAdd) { # update and add users
if ($duplicate) {
print "Updating user $user{username}\n" unless ($quiet);
$u = WebGUI::User->new($session, $duplicate);
if ($replaceGroups and ($user{groups} ne "")) {
$queryHandler = $session->db->prepare("delete from groupings where userid=?",[$duplicate]);
if ($queryHandler) { $queryHandler->execute(); }
}
my ($pw) = $session->db->quickArray("select authentication.fieldData from authentication,users where authentication.authMethod='WebGUI' and users.username=? and users.userId=authentication.userId and authentication.fieldName='identifier'",[$user{username}]);
$user{identifier} = $pw;
} else {
$u = WebGUI::User->new($session, "new");
print "Adding user $user{username}\n" unless ($quiet);
}
} else { # add users only
if ($duplicate) {
print "User $user{username} already exists. Skipping.\n" unless ($quiet);
} else {
$u = WebGUI::User->new($session, "new");
print "Adding user $user{username}\n" unless ($quiet);
}
}
}
if ($u) {
$u->username($user{username});
$u->authMethod($user{authMethod});
$u->status($user{status});
my $cmd = "WebGUI::Auth::".$authMethod;
my $load = "use ".$cmd;
$session->errorHandler->fatal("Authentication module failed to compile: $cmd.".$@) if($@);
eval($load);
my $auth = eval{$cmd->new($session, $authMethod,$u->userId)};
$auth->saveParams($u->userId,"WebGUI",{identifier=>$user{identifier}});
$auth->saveParams($u->userId,"LDAP",{
ldapUrl=>$user{ldapUrl},
connectDN=>$user{connectDN}
});
$auth->saveParams($u->userId,"WebGUI",{changePassword=>$user{changePassword}});
foreach (keys %user) {
if (isIn($_, @profileFields)) {
$u->profileField($_,$user{$_});
}
}
if ($user{groups} ne "") {
my @groups = split(/,/,$user{groups});
$u->addToGroups(\@groups,$user{expireOffset});
}
}
}
}
print "Cleaning up..." unless ($quiet);
close(FILE);
$session->var->end;
$session->close;
print "OK\n" unless ($quiet);
#-------------------------------------------------
# calculateExpireOffset(expireOffset,expireUnits)
# return: offsetInSeconds
sub calculateExpireOffset {
my ($offset, $units) = @_;
return undef if ($offset < 1);
if ($units eq "epoch") {
my $seconds = ($offset);
if ($seconds < 1) {
return undef;
} else {
return $seconds;
}
}
if ($units eq "fixed") {
my $seconds = (($offset - $session->datetime->time()));
if ($seconds < 1) {
return undef;
} else {
return int($seconds);
}
}
return $session->datetime->intervalToSeconds($offset, $units)
}