def plugin_attribute_fetcher(context, user_id):
"""
A small fake attribute manager plugin that reads a user and sets the 'eppn'
attribute to one based on the users _id.
:param context: User database
:param user_id: Unique identifier
:type context: AmTestUserDb
:type user_id: ObjectId
:return: update dict
:rtype: dict
"""
assert isinstance(context, AmTestUserDb)
db = context
user = db.get_user_by_id(user_id)
if user is None:
raise UserDoesNotExist("No user matching _id={!r}".format(user_id))
# Transfer all attributes except `uid' from the test plugins database.
# Transform eduPersonPrincipalName on the way to make it clear that the
# update was done using this code.
res = user.to_dict(old_userdb_format=True)
res['eduPersonPrincipalName'] = "{!s}@eduid.se".format(user.uid)
del res['uid']
return res
def attribute_fetcher(db, _id):
attributes = {}
user = db.users.find_one({'_id': _id})
if user is None:
raise UserDoesNotExist(
"No user matching _id=%s in collection 'users'" % repr(_id))
# white list of valid attributes for security reasons
for attr in [
'c',
'displayName',
'eduID,private,credential_id',
'eduID,private,salt',
'eduPersonPrincipalName',
'eduPersonTargetedID',
'email',
'givenName',
'norEduPersonNIN',
'ou',
'sn',
'uid',
]:
value = user.get(attr, None)
if value is not None:
attributes[attr] = value
return attributes
def _get_user_by_attr(self, attr, value, raise_on_missing=True):
"""
Locate a user in the userdb using any attribute and value.
This is a private function since callers can't depend on the name of things in the db.
:param attr: The attribute to match on
:param value: The value to match on
:param raise_on_missing: If True, raise exception if no matching user object can be found.
:return: UserClass instance | None
:rtype: UserClass | None
:raise self.UserDoesNotExist: No user match the search criteria
:raise self.MultipleUsersReturned: More than one user matches the search criteria
"""
user = None
logger.debug("{!s} Looking in {!r} for user with {!r} = {!r}".format(
self, self._coll_name, attr, value))
try:
doc = self._get_document_by_attr(attr, value, raise_on_missing)
if doc is not None:
logger.debug("{!s} Found user with id {!s}".format(
self, doc['_id']))
user = self.UserClass(data=doc)
logger.debug("{!s} Returning user {!s}".format(self, user))
return user
except self.exceptions.DocumentDoesNotExist as e:
logger.debug("UserDoesNotExist, {!r} = {!r}".format(attr, value))
raise UserDoesNotExist(e.reason)
except self.exceptions.MultipleDocumentsReturned as e:
logger.error("MultipleUsersReturned, {!r} = {!r}".format(
attr, value))
raise MultipleUsersReturned(e.reason)
def _get_user_by_filter(self,
filter,
raise_on_missing=True,
return_list=False):
"""
return the user matching the provided filter.
:param filter: The filter to match the user
:param raise_on_missing: If True, raise exception if no matching user object can be found.
:param return_list: If True, always return a list of user objects regardless of how many there is.
:type filter: dict
:type raise_on_missing: bool
:type return_list: bool
:return: User instance
:rtype: UserClass
"""
try:
users = list(
self._get_documents_by_filter(
filter, raise_on_missing=raise_on_missing))
except DocumentDoesNotExist:
logger.debug("{!s} No user found with filter {!r} in {!r}".format(
self, filter, self._coll_name))
raise UserDoesNotExist(
"No user matching filter {!r}".format(filter))
if return_list:
return [self.UserClass(data=user) for user in users]
if len(users) == 0:
return None
if len(users) > 1:
raise MultipleUsersReturned(
"Multiple matching users for filter {!r}".format(filter))
return self.UserClass(data=users[0])
def attribute_fetcher(context, user_id):
"""
Read a user from the Signup private userdb and return an update
dict to let the Attribute Manager update the use in the central
eduid user database.
:param context: Plugin context, see plugin_init above.
:param user_id: Unique identifier
:type context: ToUAMPContext
:type user_id: ObjectId
:return: update dict
:rtype: dict
"""
user = context.tou_userdb.get_user_by_id(user_id)
if user is None:
raise UserDoesNotExist("No user matching _id='%s'" % user_id)
user_dict = user.to_dict(old_userdb_format=True)
import pprint
logger.debug("Processing user {!r}:\n{!s}".format(
user_id, pprint.pformat(user_dict)))
attributes = {'$push': {'tou': user_dict['tou'][0]}}
try:
context.tou_userdb.remove_user_by_id(user_id)
except pymongo.errors.OperationFailure:
# eduid_am might not have write permission to the signup application's
# collection. Just ignore cleanup if that is the case, and let that be
# handled by some other process (cron job maybe).
pass
return attributes