def run(args):
"""This function return the status and service info"""
status = 0
message = None
service = None
service = get_service_info()
status = 0
message = "Success"
return_value = create_return_value(status, message)
if service:
return_value["service_info"] = service.to_data()
return return_value
def run(args):
"""This function is called to handle admin setup
of the service, e.g. setting admin passwords,
introducing trusted services etc.
"""
status = 0
message = None
provisioning_uri = None
try:
password = args["password"]
except:
password = None
try:
otpcode = args["otpcode"]
except:
otpcode = None
try:
new_service = args["new_service"]
except:
new_service = None
try:
remove_service = args["remove_service"]
except:
remove_service = None
try:
new_password = args["new_password"]
except:
new_password = None
try:
remember_device = args["remember_device"]
except:
remember_device = False
# first, do we have an existing Service object? If not,
# we grant access to the first user!
bucket = login_to_service_account()
# The data is stored in the object store at the key _service_info
# and is encrypted using the value of $SERVICE_PASSWORD
try:
service = get_service_info(True)
except MissingServiceAccountError:
service = None
if service:
if not service.is_accounting_service():
raise ServiceSetupError(
"Why is the accounting service info "
"for a service of type %s" % service.service_type())
provisioning_uri = service.verify_admin_user(password, otpcode,
remember_device)
else:
# we need to create the service
service_url = args["service_url"]
service_type = "accounting"
service = Service(service_type, service_url)
provisioning_uri = service.set_admin_password(password)
# write the service data, encrypted using the service password
service_password = os.getenv("SERVICE_PASSWORD")
if service_password is None:
raise ServiceSetupError(
"You must supply $SERVICE_PASSWORD "
"to setup a new service!")
service_data = service.to_data(service_password)
ObjectStore.set_object_from_json(bucket, "_service_info", service_data)
# we are definitely the admin user, so let's add or remove remote services
if remove_service:
remove_trusted_service_info(remove_service)
if new_service:
service = get_remote_service_info(new_service)
if new_service:
set_trusted_service_info(new_service, service)
status = 0
message = "Success"
return_value = create_return_value(status, message)
if provisioning_uri:
return_value["provisioning_uri"] = provisioning_uri
return return_value
def run(args):
"""This function will allow a user to request a new session
that will be validated by the passed public key and public
signing certificate. This will return a URL that the user
must connect to to then log in and validate that request.
"""
status = 0
message = None
login_url = None
login_uid = None
user_uid = None
username = args["username"]
public_key = PublicKey.from_data(args["public_key"])
public_cert = PublicKey.from_data(args["public_certificate"])
ip_addr = None
hostname = None
login_message = None
try:
ip_addr = args["ipaddr"]
except:
pass
try:
hostname = args["hostname"]
except:
pass
try:
login_message = args["message"]
except:
pass
# generate a sanitised version of the username
user_account = UserAccount(username)
# Now generate a login session for this request
login_session = LoginSession(public_key, public_cert, ip_addr, hostname,
login_message)
# now log into the central identity account to record
# that a request to open a login session has been opened
bucket = login_to_service_account()
# first, make sure that the user exists...
account_key = "accounts/%s" % user_account.sanitised_name()
try:
existing_data = ObjectStore.get_object_from_json(bucket, account_key)
except:
existing_data = None
if existing_data is None:
raise InvalidLoginError("There is no user with name '%s'" % username)
user_account = UserAccount.from_data(existing_data)
user_uid = user_account.uid()
# first, make sure that the user doens't have too many open
# login sessions at once - this prevents denial of service
user_session_root = "sessions/%s" % user_account.sanitised_name()
open_sessions = ObjectStore.get_all_object_names(bucket, user_session_root)
# take the opportunity to prune old user login sessions
prune_expired_sessions(bucket, user_account, user_session_root,
open_sessions)
# this is the key for the session in the object store
user_session_key = "%s/%s" % (user_session_root, login_session.uuid())
ObjectStore.set_object_from_json(bucket, user_session_key,
login_session.to_data())
# we will record a pointer to the request using the short
# UUID. This way we can give a simple URL. If there is a clash,
# then we will use the username provided at login to find the
# correct request from a much smaller pool (likely < 3)
request_key = "requests/%s/%s" % (login_session.short_uuid(),
login_session.uuid())
ObjectStore.set_string_object(bucket, request_key, user_account.name())
status = 0
# the login URL is the URL of this identity service plus the
# short UID of the session
login_url = "%s/s?id=%s" % (get_service_info().service_url(),
login_session.short_uuid())
login_uid = login_session.uuid()
message = "Success: Login via %s" % login_url
return_value = create_return_value(status, message)
if login_uid:
return_value["session_uid"] = login_uid
if login_url:
return_value["login_url"] = login_url
else:
return_value["login_url"] = None
if user_uid:
return_value["user_uid"] = user_uid
return return_value