Beispiel #1
0
    def set_user_password(self, admin_token, user_id, user, tenant_id):
        self.__validate_token(admin_token)

        dtenant = db_api.tenant_get(tenant_id)
        if dtenant == None:
            raise fault.UnauthorizedFault("Unauthorized")
        if not dtenant.enabled:
            raise fault.TenantDisabledFault("Your account has been disabled")

        duser = db_api.user_get(user_id)
        if not duser:
            raise fault.ItemNotFoundFault("The user could not be found")

        if not duser.enabled:
            raise fault.UserDisabledFault("User has been disabled")

        if not isinstance(user, users.User):
            raise fault.BadRequestFault("Expecting a User")

        duser = db_api.user_get(user_id)
        if duser == None:
            raise fault.ItemNotFoundFault("The user could not be found")

        values = {'password': user.password}

        db_api.user_update(user_id, values)

        return users.User_Update(user.password, None, None, None, None, None)
Beispiel #2
0
    def set_user_tenant(self, admin_token, user_id, user):
        self.__validate_token(admin_token)
        duser = db_api.user_get(user_id)
        if not duser:
            raise fault.ItemNotFoundFault("The user could not be found")
        if not isinstance(user, users.User):
            raise fault.BadRequestFault("Expecting a User")

        duser = db_api.user_get(user_id)
        if duser == None:
            raise fault.ItemNotFoundFault("The user could not be found")

        
        dtenant = db_api.tenant_get(user.tenant_id)

        #Check if tenant exists.If user has passed a tenant that does not exist throw error.
        #If user is trying to update to a tenant that is disabled throw an error.
        if dtenant == None and len(user.tenant_id) > 0:
            raise fault.ItemNotFoundFault("The tenant not found")
        elif not dtenant.enabled:
            raise fault.TenantDisabledFault("Your account has been disabled")

        values = {'tenant_id': user.tenant_id}
        db_api.user_update(user_id, values)
        return users.User_Update(None, None, user.tenant_id, None, None, None)
Beispiel #3
0
    def get_user(self, admin_token, tenant_id, user_id):
        self.__validate_token(admin_token)
        dtenant = db_api.tenant_get(tenant_id)
        if dtenant == None:
            raise fault.UnauthorizedFault("Unauthorized")
        if not dtenant.enabled:
            raise fault.TenantDisabledFault("Your account has been disabled")

        duser = db_api.user_get(user_id)
        if not duser:
            raise fault.ItemNotFoundFault("The user could not be found")

        if not duser.enabled:
            raise fault.UserDisabledFault("User has been disabled")

        if len(duser.tenants) > 0:
            tenant_user = duser.tenants[0].tenant_id
        else:
            tenant_user = tenant_id

        ts = []
        dusergroups = db_api.user_groups_get_all(user_id)

        for dusergroup, dusergroupAsso in dusergroups:
            ts.append(tenants.Group(dusergroup.id, dusergroup.tenant_id, None))

        return users.User_Update(None, duser.id, tenant_user, duser.email,
                                 duser.enabled, ts)
Beispiel #4
0
    def update_user(self, admin_token, user_id, user, tenant_id):
        self.__validate_token(admin_token)

        dtenant = db_api.tenant_get(tenant_id)
        if dtenant == None:
            raise fault.UnauthorizedFault("Unauthorized")
        if not dtenant.enabled:
            raise fault.TenantDisabledFault("Your account has been disabled")

        duser = db_api.user_get(user_id)

        if not duser:
            raise fault.ItemNotFoundFault("The user could not be found")

        if not duser.enabled:
            raise fault.UserDisabledFault("User has been disabled")

        if not isinstance(user, users.User):
            raise fault.BadRequestFault("Expecting a User")

        if db_api.user_get_email(user.email) is not None:
            raise fault.EmailConflictFault(
                "Email already exists")

        values = {'email': user.email}

        db_api.user_update(user_id, values)
        duser = db_api.user_get_update(user_id)
        return users.User(duser.password, duser.id, tenant_id, duser.email,
                          duser.enabled)
Beispiel #5
0
    def add_user_global_group(self, admin_token, group, user):
        self.__validate_token(admin_token)
        gtenant = self.__check_create_global_tenant()

        if db_api.tenant_get(gtenant.id) == None:
            raise fault.ItemNotFoundFault("The Global Tenant not found")

        if db_api.group_get(group) == None:
            raise fault.ItemNotFoundFault("The Group not found")
        duser = db_api.user_get(user)
        if duser == None:
            raise fault.ItemNotFoundFault("The User not found")

        if db_api.tenant_group_get(group, gtenant.id) == None:
            raise fault.ItemNotFoundFault("A global tenant group with"
                                          " that id not found")

        if db_api.get_user_by_group(user, group) != None:
            raise fault.UserGroupConflictFault(
                "A user with that id already exists in group")

        dusergroup = db_models.UserGroupAssociation()
        dusergroup.user_id = user
        dusergroup.group_id = group
        db_api.user_tenant_group(dusergroup)

        return tenants.User(duser.id, duser.email, duser.enabled,
                           group_id=group)
Beispiel #6
0
def main():
    usage = "usage: %prog username enabled"
    parser = optparse.OptionParser(usage)
    options, args = parser.parse_args()
    if len(args) != 2:
        parser.error("Incorrect number of arguments")
    else:
        username = args[0]
        enabled = args[1].capitalize().strip()

        if enabled == 'True' or enabled == '1':
            enabled = 1
        elif enabled == 'False' or enabled == '0':
            enabled = 0
        else:
            parser.error("Incorrect arguments value")

        try:
            u = db_api.user_get(username)
            if u == None:
                raise IndexError("User not found")
            else:
                values = {'enabled': enabled}
                db_api.user_update(username, values)
            print 'User', u.id, 'updated. Enabled =', enabled
        except Exception, e:
            print 'Error updating user', username, ':', str(e)
Beispiel #7
0
    def create_role_ref(self, admin_token, user_id, roleRef):
        self.__validate_token(admin_token)
        duser = db_api.user_get(user_id)

        if not duser:
            raise fault.ItemNotFoundFault("The user could not be found")
            
        if not isinstance(roleRef, roles.RoleRef):
            raise fault.BadRequestFault("Expecting a Role Ref")

        if roleRef.role_id == None:
            raise fault.BadRequestFault("Expecting a Role Id")
            
        drole = db_api.role_get(roleRef.role_id)
        if drole == None:
            raise fault.ItemNotFoundFault("The role not found")
            
        if roleRef.tenant_id == None:
            raise fault.BadRequestFault("Expecting a Tenant Id")
        
        dtenant = db_api.tenant_get(roleRef.tenant_id)
        if dtenant == None:
            raise fault.ItemNotFoundFault("The tenant not found")

        drole_ref = db_models.UserRoleAssociation()
        drole_ref.user_id = duser.id
        drole_ref.role_id = drole.id
        drole_ref.tenant_id = dtenant.id
        user_role_ref = db_api.user_role_add(drole_ref)
        roleRef.role_ref_id = user_role_ref.id
        return roleRef
Beispiel #8
0
    def create_user(self, admin_token, tenant_id, user):
        self.__validate_token(admin_token)

        dtenant = db_api.tenant_get(tenant_id)
        if dtenant == None:
            raise fault.UnauthorizedFault("Unauthorized")
        if not dtenant.enabled:
            raise fault.TenantDisabledFault("Your account has been disabled")

        if not isinstance(user, users.User):
            raise fault.BadRequestFault("Expecting a User")

        if user.user_id == None:
            raise fault.BadRequestFault("Expecting a unique User Id")

        if db_api.user_get(user.user_id) != None:
            raise fault.UserConflictFault(
                "An user with that id already exists")

        if db_api.user_get_email(user.email) != None:
            raise fault.EmailConflictFault(
                "Email already exists")

        duser = db_models.User()
        duser.id = user.user_id
        duser.password = user.password
        duser.email = user.email
        duser.enabled = user.enabled
        duser.tenant_id = tenant_id
        db_api.user_create(duser)
        

        return user
Beispiel #9
0
    def set_user_tenant(self, admin_token, user_id, user):
        self.__validate_token(admin_token)
        duser = db_api.user_get(user_id)
        if not duser:
            raise fault.ItemNotFoundFault("The user could not be found")
        if not isinstance(user, users.User):
            raise fault.BadRequestFault("Expecting a User")

        duser = db_api.user_get(user_id)
        if duser == None:
            raise fault.ItemNotFoundFault("The user could not be found")

        values = {'tenant_id': user.tenant_id}

        db_api.user_update(user_id, values)

        return users.User_Update(None, None, user.tenant_id, None, None, None)
Beispiel #10
0
    def delete_user(self, admin_token, user_id):
        self.__validate_token(admin_token)
        duser = db_api.user_get(user_id)
        if not duser:
            raise fault.ItemNotFoundFault("The user could not be found")

        dtenant = db_api.tenant_get(duser.tenant_id)
        db_api.user_delete_tenant(user_id, dtenant.id)
        return None
Beispiel #11
0
    def __get_dauth_data(self, token_id):
        """return token and user object for a token_id"""

        token = None
        user = None
        if token_id:
            token = db_api.token_get(token_id)
            if token:
                user = db_api.user_get(token.user_id)
        return (token, user)
Beispiel #12
0
    def delete_user(self, admin_token, user_id):
        self.__validate_token(admin_token)
        duser = db_api.user_get(user_id)
        if not duser:
            raise fault.ItemNotFoundFault("The user could not be found")

        dtenant = db_api.tenant_get(duser.tenant_id)
        if dtenant != None and not dtenant.enabled:
            raise fault.TenantDisabledFault("Your account has been disabled")
        db_api.user_delete_tenant(user_id, dtenant.id)
        return None
Beispiel #13
0
    def authenticate(self, credentials):
        if not isinstance(credentials, auth.PasswordCredentials):
            raise fault.BadRequestFault("Expecting Password Credentials!")

        duser = db_api.user_get(credentials.username)
        if duser == None:
            raise fault.UnauthorizedFault("Unauthorized")
        if not duser.enabled:
            raise fault.UserDisabledFault("Your account has been disabled")
        if duser.password != credentials.password:
            raise fault.UnauthorizedFault("Unauthorized")

        #
        # Look for an existing token, or create one,
        # TODO: Handle tenant/token search
        #
        # removing following code for multi-token
        """if not credentials.tenant_id:
            dtoken = db_api.token_for_user(duser.id)
        else:
            dtoken = db_api.token_for_user_tenant(duser.id,
                                                  credentials.tenant_id)
        """
        # added following code

        dtoken = db_api.token_for_user_tenant(duser.id, credentials.tenant_id)
        #---
        if not dtoken or dtoken.expires < datetime.now():
            dtoken = db_models.Token()
            dtoken.token_id = str(uuid.uuid4())
            dtoken.user_id = duser.id

            if not duser.tenants:
                raise fault.IDMFault("Strange: user %s is not associated "
                                     "with a tenant!" % duser.id)
            user = db_api.user_get_by_tenant(duser.id, credentials.tenant_id)

            if not credentials.tenant_id or not user:
                raise fault.ForbiddenFault("Error: user %s is "
                                     "not associated "
                                     "with a tenant! %s" % (duser.id,
                                                    credentials.tenant_id))
            dtoken.tenant_id = credentials.tenant_id
            #removing following code for multi token
            """else:
                dtoken.tenant_id = duser.tenants[0].tenant_id"""
            dtoken.expires = datetime.now() + timedelta(days=1)
            db_api.token_create(dtoken)

        return self.__get_auth_data(dtoken, duser)
Beispiel #14
0
def main():
    usage = "usage: %prog username"
    parser = optparse.OptionParser(usage)
    options, args = parser.parse_args()
    if len(args) != 1:
        parser.error("Incorrect number of arguments")
    else:
        username = args[0]
        try:
            u = db_api.user_get(username)
            if u == None:
                raise IndexError("User not found")
            print u.id, u.email, u.enabled
        except Exception, e:
            print 'Error finding user', username, ':', str(e)
Beispiel #15
0
    def authenticate(self, credentials):
        # Check credentials
        if not isinstance(credentials, auth.PasswordCredentials):
            raise fault.BadRequestFault("Expecting Password Credentials!")

        if not credentials.tenant_id:
            duser = db_api.user_get(credentials.username)
            if duser == None:
                raise fault.UnauthorizedFault("Unauthorized")
        else:
            duser = db_api.user_get_by_tenant(credentials.username,
                                              credentials.tenant_id)
            if duser == None:
                raise fault.UnauthorizedFault("Unauthorized on this tenant")

        if not duser.enabled:
            raise fault.UserDisabledFault("Your account has been disabled")
        if duser.password != credentials.password:
            raise fault.UnauthorizedFault("Unauthorized")

        #
        # Look for an existing token, or create one,
        # TODO: Handle tenant/token search
        #
        if not credentials.tenant_id:
            dtoken = db_api.token_for_user(duser.id)
        else:
            dtoken = db_api.token_for_user_tenant(duser.id,
                                                  credentials.tenant_id)
        tenant_id = None
        if credentials.tenant_id:
            tenant_id = credentials.tenant_id
        else:
            tenant_id = duser.tenant_id

        if not dtoken or dtoken.expires < datetime.now():
            # Create new token
            dtoken = db_models.Token()
            dtoken.token_id = str(uuid.uuid4())
            dtoken.user_id = duser.id
            if credentials.tenant_id:
                dtoken.tenant_id = credentials.tenant_id
            dtoken.expires = datetime.now() + timedelta(days=1)
            db_api.token_create(dtoken)
        #if tenant_id is passed in the call that tenant_id is passed else
        #user's default tenant_id is used.
        return self.__get_auth_data(dtoken, tenant_id)
Beispiel #16
0
def main():
    usage = "usage: %prog username"
    parser = optparse.OptionParser(usage)
    options, args = parser.parse_args()
    if len(args) != 1:
        parser.error("Incorrect number of arguments")
    else:
        username = args[0]
        try:
            u = db_api.user_get(username)
            if u == None:
                raise IndexError("User not found")
            else:
                db_api.user_delete(username)
            print "User", username, "deleted."
        except Exception, e:
            print "Error deleting user", username, ":", str(e)
Beispiel #17
0
    def delete_user(self, admin_token, user_id, tenant_id):
        self.__validate_token(admin_token)
        dtenant = db_api.tenant_get(tenant_id)
        if dtenant == None:
            raise fault.UnauthorizedFault("Unauthorized")
        if not dtenant.enabled:
            raise fault.TenantDisabledFault("Your account has been disabled")

        duser = db_api.user_get(user_id)
        if not duser:
            raise fault.ItemNotFoundFault("The user could not be found")
        duser = db_api.user_get_by_tenant(user_id, tenant_id)
        if not duser:
            raise fault.ItemNotFoundFault("The user could not be "
                                        "found under given tenant")

        db_api.user_delete_tenant(user_id, tenant_id)
        return None
Beispiel #18
0
    def get_user(self, admin_token, user_id):
        self.__validate_token(admin_token)
        duser = db_api.user_get(user_id)
        if not duser:
            raise fault.ItemNotFoundFault("The user could not be found")

        if not duser.enabled:
            raise fault.UserDisabledFault("User has been disabled")

        dtenant = db_api.tenant_get(duser.tenant_id)

        ts = []
        dusergroups = db_api.user_groups_get_all(user_id)

        for dusergroup, dusergroupAsso in dusergroups:
            ts.append(tenants.Group(dusergroup.id, dusergroup.tenant_id, None))

        return users.User_Update(None, duser.id, duser.tenant_id, duser.email,
                                 duser.enabled, ts)
Beispiel #19
0
def main():
    usage = "usage: %prog username password"
    parser = optparse.OptionParser(usage)
    options, args = parser.parse_args()
    if len(args) != 2:
        parser.error("Incorrect number of arguments")
    else:
        username = args[0]
        password = args[1]
        try:
            u = db_api.user_get(username)
            if u == None:
                raise IndexError("User not found")
            else:
                values = {'password': password}
                db_api.user_update(username, values)
            print 'User', u.id, 'updated.'
        except Exception, e:
            print 'Error updating user', username, ':', str(e)
Beispiel #20
0
    def get_user_roles(self, admin_token, marker, limit, url, user_id):
        self.__validate_token(admin_token)
        duser = db_api.user_get(user_id)

        if not duser:
            raise fault.ItemNotFoundFault("The user could not be found")

        ts = []
        droleRefs = db_api.role_ref_get_page(marker, limit, user_id)
        for droleRef in droleRefs:
            ts.append(roles.RoleRef(droleRef.id,droleRef.role_id,
                                     droleRef.tenant_id))
        prev, next = db_api.role_ref_get_page_markers(user_id, marker, limit)
        links = []
        if prev:
            links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" \
                                                % (url, prev, limit)))
        if next:
            links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" \
                                                % (url, next, limit)))
        return roles.RoleRefs(ts, links)
Beispiel #21
0
    def delete_user_tenant_group(self, admin_token, tenant, group, user):
        self.__validate_token(admin_token)

        if db_api.tenant_get(tenant) == None:
            raise fault.ItemNotFoundFault("The Tenant not found")

        if db_api.group_get(group) == None:
            raise fault.ItemNotFoundFault("The Group not found")
        duser = db_api.user_get(user)
        if duser == None:
            raise fault.ItemNotFoundFault("The User not found")

        if db_api.tenant_group_get(group, tenant) == None:
            raise fault.ItemNotFoundFault("A tenant group with"
                                          " that id not found")

        if db_api.get_user_by_group(user, group) == None:
            raise fault.ItemNotFoundFault("A user with that id "
                                          "in a group not found")

        db_api.user_tenant_group_delete(user, group)
        return None
Beispiel #22
0
    def delete_user_global_group(self, admin_token, group, user):
        self.__validate_token(admin_token)
        gtenant = self.__check_create_global_tenant()

        if db_api.tenant_get(gtenant.id) == None:
            raise fault.ItemNotFoundFault("The Global Tenant not found")

        if db_api.group_get(group) == None:
            raise fault.ItemNotFoundFault("The Group not found")
        duser = db_api.user_get(user)
        if duser == None:
            raise fault.ItemNotFoundFault("The User not found")

        if db_api.tenant_group_get(group, gtenant.id) == None:
            raise fault.ItemNotFoundFault("A global tenant group with "
                                          "that id not found")

        if db_api.get_user_by_group(user, group) == None:
            raise fault.ItemNotFoundFault("A user with that id in a "
                                          "group not found")

        db_api.user_tenant_group_delete(user, group)
        return None
Beispiel #23
0
    def add_user_tenant(self, admin_token, user_id, tenant_id):
        self.__validate_token(admin_token)

        dtenant = db_api.tenant_get(tenant_id)
        if dtenant == None:
            raise fault.UnauthorizedFault("Unauthorized")
        if not dtenant.enabled:
            raise fault.TenantDisabledFault("Your account has been disabled")
        if user_id == None:
            raise fault.BadRequestFault("Expecting a unique User Id")

        if db_api.user_get(user_id) is None:
            raise fault.ItemNotFoundFault(
                "user does not exists")

        if db_api.user_get_by_tenant(user_id,tenant_id) != None:
            raise fault.UserConflictFault(
                "An user with that id already exists in the given tenant")

        duser_tenant = db_models.UserTenantAssociation()
        duser_tenant.user_id = user_id
        duser_tenant.tenant_id = tenant_id
        db_api.user_tenant_create(duser_tenant)
        return None