def get_user(self, request: HTTPServerRequest) -> Optional[User]:
"""Gets the User based on certificates supplied with in the request body
Args:
request: tornado HTTPServerRequest object
Returns:
User: The User object for the user specified by the certificates
None: If no User was found
"""
authenticated_user: Optional[User] = None
if request.headers and self.group_mapping:
username = request.headers.get(self.username_header)
groups = self._groups_from_headers(request.headers)
if username and groups:
try:
authenticated_user = User.objects.get(username=username)
except User.DoesNotExist:
if self.create_users:
authenticated_user = User(username=username)
# TODO: Really we should just have an option on User to disable
# password logins. For now, just set a random-ish value.
authenticated_user.set_password(str(uuid4()))
if authenticated_user:
authenticated_user.role_assignments = (
self._role_assignments_from_groups(groups))
authenticated_user.save()
return authenticated_user
def user_admin(user_admin_role):
role_assignment = RoleAssignment(role=user_admin_role,
domain={"scope": "Global"})
user = User(username="******")
user.set_password("password")
user.role_assignments = [role_assignment]
user.save()
yield user
user.delete()
def ensure_users():
"""Create the default admin user if necessary"""
if User.objects.count() == 0:
username = config.get("auth.default_admin.username")
password = config.get("auth.default_admin.password")
superuser_role = Role.objects.get(name="superuser")
logger.info("Creating default admin user with username: %s", username)
admin = User(username=username)
admin.set_password(password)
admin.role_assignments = [
RoleAssignment(role=superuser_role, domain={"scope": "Global"})
]
admin.save()