def change_password(parsed_args: Namespace) -> None:
if parsed_args.target_user:
username = parsed_args.target_user
elif parsed_args.user:
username = parsed_args.user
else:
username = authentication.must_cli_auth().get_session_user()
if not username:
# The default user should have been set by now by autologin.
print(
colored("Please log in as an admin or user to change passwords",
"red"))
return
password = getpass.getpass("New password for user '{}': ".format(username))
check_password = getpass.getpass("Confirm password: "******"Passwords do not match", "red"))
return
# Hash the password to avoid sending it in cleartext.
password = api.salt_and_hash(password)
update_user(username, parsed_args.master, password=password)
# If the target user's password isn't being changed by another user, reauthenticate after
# password change so that the user doesn't have to do so manually.
if parsed_args.target_user is None:
token_store = authentication.TokenStore(parsed_args.master)
token = authentication.do_login(parsed_args.master, username, password)
token_store.set_token(username, token)
token_store.set_active(username)
def _init_session(
self,
requested_user: Optional[str],
password: Optional[str],
try_reauth: bool,
cert: Optional[certs.Cert],
) -> Session:
session_user = (requested_user or self.token_store.get_active_user()
or constants.DEFAULT_DETERMINED_USER)
token = self.token_store.get_token(session_user)
if token is not None and not _is_token_valid(self.master_address,
token, cert):
self.token_store.drop_user(session_user)
token = None
# util.get_container_user_name() and util.get_container_user_token()
# are either both None or both strings
if (token is None and util.get_container_user_name() is not None
and util.get_container_user_token() is not None):
session_user = util.get_container_user_name() # type: ignore
token = util.get_container_user_token()
if token is not None:
return Session(session_user, token)
if token is None and not try_reauth:
raise api.errors.UnauthenticatedException(username=session_user)
fallback_to_default = password is None and session_user == constants.DEFAULT_DETERMINED_USER
if fallback_to_default:
password = constants.DEFAULT_DETERMINED_PASSWORD
elif session_user is None:
session_user = input("Username: "******"Password for user '{}': ".format(session_user))
if password:
password = api.salt_and_hash(password)
try:
token = do_login(self.master_address, session_user, password, cert)
except api.errors.ForbiddenException:
if fallback_to_default:
raise api.errors.UnauthenticatedException(
username=session_user)
raise
self.token_store.set_token(session_user, token)
return Session(session_user, token)
def log_in_user(parsed_args: Namespace) -> None:
if parsed_args.username is None:
username = input("Username: "******"Password for user '{}': ".format(username)
# In order to not send clear-text passwords, we hash the password.
password = api.salt_and_hash(getpass.getpass(message))
token_store = authentication.TokenStore(parsed_args.master)
token = authentication.do_login(parsed_args.master, username, password)
token_store.set_token(username, token)
token_store.set_active(username)
def initialize_session(master_address: str,
requested_user: Optional[str] = None,
try_reauth: bool = False) -> None:
auth = Authentication.instance()
session_user = (requested_user or auth.token_store.get_active_user()
or constants.DEFAULT_DETERMINED_USER)
token = auth.token_store.get_token(session_user)
if token is not None and not _is_token_valid(master_address, token):
auth.token_store.drop_user(session_user)
token = None
if token is not None:
auth.session = api.Session(session_user, token)
return
if token is None and not try_reauth:
raise api.errors.UnauthenticatedException(username=session_user)
password = None
if session_user == constants.DEFAULT_DETERMINED_USER:
password = constants.DEFAULT_DETERMINED_PASSWORD
elif session_user is None:
session_user = input("Username: "******"Password for user '{}': ".format(session_user)))
token = do_login(master_address, auth, session_user, password)
auth.token_store.set_token(session_user, token)
# If the user wasn't set with the '-u' option and the session_user
# is the default user, tag them as being the active user.
if requested_user is None and session_user == constants.DEFAULT_DETERMINED_USER:
auth.token_store.set_active(session_user, True)
auth.session = api.Session(session_user, token)
def _init_session(
self,
requested_user: Optional[str],
password: Optional[str],
try_reauth: bool,
cert: Optional[certs.Cert],
) -> Session:
session_user = (requested_user or self.token_store.get_active_user()
or constants.DEFAULT_DETERMINED_USER)
token = self.token_store.get_token(session_user)
if token is not None and not _is_token_valid(self.master_address,
token, cert):
self.token_store.drop_user(session_user)
token = None
if token is not None:
return Session(session_user, token)
if token is None and not try_reauth:
raise api.errors.UnauthenticatedException(username=session_user)
if password is None and session_user == constants.DEFAULT_DETERMINED_USER:
password = constants.DEFAULT_DETERMINED_PASSWORD
elif session_user is None:
session_user = input("Username: "******"Password for user '{}': ".format(session_user))
if password:
password = api.salt_and_hash(password)
token = do_login(self.master_address, session_user, password, cert)
self.token_store.set_token(session_user, token)
return Session(session_user, token)