def get_users(config):
salt = config.get('ce1sus', 'salt')
result = list()
# Add admin user
user = User()
user.identifier = 1
user.uuid = 'f49eb0ed-438d-49ef-aa19-1d615a3ba01d'
user.name = 'Root'
user.sirname = 'Administrator'
user.username = '******'
user.password = hashSHA1('admin' + salt)
user.last_login = None
user.email = '*****@*****.**'
user.api_key = None
user.gpg_key = None
user.activated = datetime.now()
user.dbcode = 31
user.activation_sent = None
user.activation_str = 'e96e0b6cfdb77c4e957508315bf7b7124aea9fa0'
user.api_key = '4a5e3a7e8aa200cbde64432df11c4b459b154499'
group = Group()
group.name = 'Administrators'
group.description = 'Administrators group'
group.tlp_lvl = 0
group.dbcode = 31
group.default_dbcode = 31
group.email = '*****@*****.**'
user.group = group
result.append(user)
return result
def update_user(self, user, json):
user.populate(json)
if self.salt:
salt = self.salt
else:
salt = user.username
# Do not update the password if it matches the masking
if user.plain_password:
fistcheck = True
if is_plugin_available('ldap', self.config):
ldap_password_identifier = get_plugin_function(
'ldap', 'get_ldap_pwd_identifier', self.config,
'internal_plugin')()
if user.plain_password == ldap_password_identifier:
user.password = ldap_password_identifier
fistcheck = False
if not re.match(r'^\*{8,}$', user.plain_password) and fistcheck:
user.password = hashSHA1(user.plain_password, salt)
group_uuid = json.get('group_id', None)
if group_uuid:
group = self.group_broker.get_by_uuid(group_uuid)
user.group_id = group.identifier
user.group = group
else:
user.group_id = None
user.group = None
return user
def get_tmp_folder(self):
"""
Returns the temporary folder, and creates it when not existing
"""
try:
tmp_path = self.get_base_path() + '/tmp/' + hasher.hashSHA1('{0}'.format(datetime.utcnow()))
if not exists(tmp_path):
makedirs(tmp_path)
return tmp_path
except TypeError as error:
raise HandlerException(error)
def getUserByUsernameAndPassword(self, username, password, salt=None):
"""
Returns the user with the following username and password
Note: Password will be hashed inside this function
:param user: The username
:type user: Stirng
:param password: The username
:type password: Stirng
:returns: User
"""
if salt:
passwd = hashSHA1(password, salt)
old_pwd = hashSHA1(password + username)
else:
passwd = password
old_pwd = None
try:
if old_pwd:
user = self.session.query(User).filter(
User.username == username,
or_(
User.password == passwd,
User.password == old_pwd,
)).one()
else:
user = self.session.query(User).filter(
User.username == username, User.password == passwd).one()
except sqlalchemy.orm.exc.NoResultFound:
raise NothingFoundException(
u'Nothing found with ID :{0}'.format(username))
except sqlalchemy.orm.exc.MultipleResultsFound:
raise TooManyResultsFoundException(
u'Too many results found for ID ' + ':{0}'.format(username))
except sqlalchemy.exc.SQLAlchemyError as error:
self.session.rollback()
raise BrokerException(error)
return user
def resentmail(self, **args):
try:
path = args.get('path')
if len(path) > 0:
uuid = path.pop(0)
user = self.user_controller.get_user_by_uuid(uuid)
# set new random password for user
user.plain_password = hashSHA1(u'{0}'.format(random.random()))
self.user_controller.set_activation_str(user)
self.user_controller.update_user(user)
self.mail_controller.send_activation_mail(user)
return 'Ok'
else:
raise RestHandlerException('No uuid given')
except ControllerNothingFoundException as error:
raise RestHandlerNotFoundException(error)
except ControllerException as error:
raise RestHandlerException(error)
def update(self, instance, commit=True, validate=True):
"""
overrides BrokerBase.insert
"""
errors = not instance.validate()
if errors:
raise ValidationException(u'User to be updated is invalid')
if instance.password != 'EXTERNALAUTH':
# Don't update if the password is already a hash
if re.match('^[0-9a-f]{40}$', instance.password) is None:
if not errors:
instance.password = hashSHA1(instance.password,
instance.username)
try:
BrokerBase.update(self, instance, commit, validate=False)
self.do_commit(commit)
except sqlalchemy.exc.SQLAlchemyError as error:
self.session.rollback()
raise BrokerException(error)
def insert_user(self, user, validate=True, commit=True, send_mail=True):
try:
# Add unset elements
self.set_activation_str(user)
if user.plain_password:
user.password = hashSHA1(user.plain_password + self.salt)
# TODO: add api key and mail sending
self.user_broker.insert(user, validate=validate, commit=commit)
if user.gpg_key:
self.mail_controller.import_gpg_key(user.gpg_key)
if send_mail:
self.mail_controller.send_activation_mail(user)
except IntegrityException as error:
raise ControllerIntegrityException(error)
except ValidationException as error:
message = ObjectValidator.getFirstValidationError(user)
raise ControllerException(u'Could not add user due to: {0}'.format(message))
except (BrokerException) as error:
raise ControllerException(error)
def user(self, **args):
try:
method = args.get('method')
path = args.get('path')
details = self.get_detail_value(args)
inflated = self.get_inflated_value(args)
json = args.get('json')
if method == 'GET':
if len(path) > 0:
# if there is a uuid as next parameter then return single user
uuid = path.pop(0)
user = self.user_controller.get_user_by_uuid(uuid)
if details:
password = '******'
if is_plugin_available('ldap', self.config):
ldap_password_identifier = get_plugin_function(
'ldap', 'get_ldap_pwd_identifier', self.config,
'internal_plugin')()
if user.password == ldap_password_identifier:
password = ldap_password_identifier
user.password = password
return user.to_dict(details, inflated)
else:
return user.to_dict(details, inflated)
else:
# else return all
users = self.user_controller.get_all_users()
result = list()
for user in users:
if details:
password = AdminUserHandler.PASSWORD_MASK
if is_plugin_available('ldap', self.config):
ldap_password_identifier = get_plugin_function(
'ldap', 'get_ldap_pwd_identifier',
self.config, 'internal_plugin')()
password = ldap_password_identifier
user.password = password
result.append(user.to_dict(details, inflated))
else:
result.append(user.to_dict(details, inflated))
return result
elif method == 'POST':
# Add new user
user = self.assembler.assemble_user(json)
user.password = hashSHA1(user.plain_password, user.username)
self.user_controller.insert_user(user)
return user.to_dict(details, inflated)
elif method == 'PUT':
# update user
if len(path) > 0:
# if there is a uuid as next parameter then return single user
uuid = path.pop(0)
user = self.user_controller.get_user_by_uuid(uuid)
user = self.assembler.update_user(user, json)
self.user_controller.update_user(user)
return user.to_dict(details, inflated)
else:
raise RestHandlerException(
u'Cannot update user as no identifier was given')
elif method == 'DELETE':
# Remove user
if len(path) > 0:
# if there is a uuid as next parameter then return single user
uuid = path.pop(0)
self.user_controller.remove_user_by_uuid(uuid)
return 'Deleted user'
else:
raise RestHandlerException(
u'Cannot delete user as no identifier was given')
raise RestHandlerException(u'Unrecoverable error')
except ControllerNothingFoundException as error:
raise RestHandlerNotFoundException(error)
except ControllerException as error:
raise RestHandlerException(error)
def set_activation_str(self, user):
user.activation_str = hashSHA1('{0}{1}'.format(user.plain_password, random.random()))
user.activation_sent = datetime.utcnow()
def gen_attr_chksum(attribute):
key = '{0}{1}{2}{3}'.format(attribute.name, attribute.regex,
attribute.table_id,
attribute.attributehandler_id)
return hashSHA1(key)
def gen_obj_chksum(obj):
return hashSHA1(obj.name)
def gen_reference_chksum(reference_definition):
key = '{0}{1}{2}'.format(reference_definition.name,
reference_definition.regex,
reference_definition.referencehandler_id)
return hashSHA1(key)