Ejemplo n.º 1
0
    def decroated(self, data, req_info, curs):
        auth = Authenticator()
        session_id = data.get('session_id')
        session = auth.get_session(session_id)

        f = UserFilter(session, {'id': session.user_id}, {}, {})
        user = f.filter_one_obj(curs)

        try:
            if user.environment_id != session.environment_id:
                raise HelixauthError('User and session from different environments')
            if not user.is_active:
                raise UserInactive()
            auth.check_access(session, Service.TYPE_AUTH, method.__name__, req_info)

            data.pop('session_id', None)
            custom_actor_info = data.pop('custom_actor_info', None)

            try:
                result = method(self, data, req_info, session, curs)
            except Exception, e:
                data['environment_id'] = session.environment_id
                _add_log_info(data, session, custom_actor_info)
                raise e

            _add_log_info(data, session, custom_actor_info)
            return result
Ejemplo n.º 2
0
    def register_user(self, data, req_info, curs=None):
        env_name = data.get('environment_name')
        env_f = EnvironmentFilter({'name': env_name}, {}, None)
        env = env_f.filter_one_obj(curs)

        # creating user
        a = Authenticator()
        salt = a.salt()
        lang = data.get('lang', User.DEFAULT_LANG)
        u_data = {'environment_id': env.id, 'email': data.get('email'),
            'password': a.encrypt_password(data.get('password'), salt),
            'salt': salt, 'role': User.ROLE_USER,
            'lang': lang}

        group_f = GroupFilter(env.id, {'is_default': True}, {}, None)
        groups = group_f.filter_objs(curs)
        groups_ids = [g.id for g in groups]

        u_data['groups_ids'] = groups_ids
        user = User(**u_data)

        # For correct action logging
        data['environment_id'] = env.id
        try:
            mapping.save(curs, user)
        except ObjectCreationError:
            raise UserAlreadyExists
        auth = Authenticator()
        session = auth.create_session(curs, env, user, req_info)
        _add_log_info(data, session)

        n = Notifier()
        n_process = n.register_user(curs, user, session)
        return response_ok(session_id=session.session_id, id=user.id,
                           notification=n_process)
Ejemplo n.º 3
0
    def add_user(self, data, req_info, session, curs=None):
        a = Authenticator()
        env_id = session.environment_id
        salt = a.salt()
        u_data = {'environment_id': env_id, 'email': data.get('email'),
            'role': data.get('role', User.ROLE_USER),
            'password': a.encrypt_password(data.get('password'), salt),
            'salt': salt, 'is_active': data.get('is_active', True),
            'lang': data.get('lang', User.DEFAULT_LANG)
        }
        if u_data['role'] == User.ROLE_SUPER:
            raise SuperUserCreationDenied

        groups_ids = data.get('groups_ids', [])
        filtered_g_ids = self._filter_existed_groups(curs, session, groups_ids)
        u_data['groups_ids'] = filtered_g_ids
        user = User(**u_data)
        try:
            mapping.save(curs, user)
        except ObjectCreationError:
            raise HelixauthObjectAlreadyExists

        # For correct action logging
        data['id'] = [user.id]
        n = Notifier()
        n_process = n.register_user(curs, user, session)
        return response_ok(id=user.id, notification=n_process)
Ejemplo n.º 4
0
    def add_environment(self, data, req_info, curs=None):
        env_data = {'name': data.get('name')}
        env = Environment(**env_data)
        try:
            mapping.save(curs, env)
        except ObjectCreationError:
            raise HelixauthObjectAlreadyExists('Environment %s already exists' % env.name)

        # creating user
        a = Authenticator()
        salt = a.salt()
        u_data = {'environment_id': env.id, 'email': data.get('su_email'),
            'password': a.encrypt_password(data.get('su_password'), salt),
            'salt': salt, 'role': User.ROLE_SUPER,
            'lang': User.DEFAULT_LANG}
        user = User(**u_data)
        mapping.save(curs, user)

        # creating default services and groups
        self._create_default_objects(req_info, curs, env)

        # creating session for super user
        auth = Authenticator()
        session = auth.create_session(curs, env, user, req_info)

        _add_log_info(data, session)

        return response_ok(session_id=session.session_id,
            environment_id=env.id, user_id=session.user_id)
Ejemplo n.º 5
0
    def login(self, data, req_info, curs=None):
        f = EnvironmentFilter(data, {}, None)
        env = f.filter_one_obj(curs)

        # Required for proper logging action
        data['environment_id'] = env.id

        f_params = {'environment_id': env.id, 'email': data.get('email')}
        f = SubjectUserFilter(env.id, f_params, {}, None)
        try:
            user = f.filter_one_obj(curs)
        except UserNotFound:
            raise UserAuthError
        if not user.is_active:
            raise UserInactive()

        # checking password
        auth = Authenticator()
        enc_p = auth.encrypt_password(data.get('password'), user.salt)
        if enc_p != user.password:
            raise UserAuthError

        # creating session
        bind_to_ip = data.get('bind_to_ip', False)
        lt_minutes = data.get('fixed_lifetime_minutes')
        session = auth.create_session(curs, env, user, req_info,
            bind_to_ip=bind_to_ip, lifetime_minutes=lt_minutes)

        _add_log_info(data, session)

        return response_ok(session_id=session.session_id,
            user_id=session.user_id, environment_id=session.environment_id)
Ejemplo n.º 6
0
 def set_password_self(self, data, req_info, session, curs=None):
     f = UserFilter(session, {'id': session.user_id}, {}, None)
     d = {}
     a = Authenticator()
     salt = a.salt()
     d['new_salt'] = salt
     d['new_password'] = a.encrypt_password(data['new_password'], salt)
     loader = partial(f.filter_one_obj, curs, for_update=True)
     self.update_obj(curs, d, loader)
     return response_ok()
Ejemplo n.º 7
0
    def test_encrypt_password(self):
        a = Authenticator()
        p = a.encrypt_password('pass', 'salt')
        self.assertNotEquals(None, p)
        self.assertNotEquals('', p)

        enc_p1 = a.encrypt_password('1', '2')
        enc_p2 = a.encrypt_password('1', '2')
        self.assertEquals(enc_p1, enc_p2)

        enc_p2 = a.encrypt_password(u'чук', '2')
Ejemplo n.º 8
0
    def _change_session_ip(self, sess_id, curs=None):
        # changing ip in session
        f = SessionFilter({"session_id": sess_id}, {}, None)
        s = f.filter_one_obj(curs)
        data = json.loads(s.serialized_data)
        data["ip"] = "new_%s" % data["ip"]
        s.serialized_data = json.dumps(data)
        mapping.save(curs, s)

        a = Authenticator()
        a._save_session_to_cache(s)
Ejemplo n.º 9
0
 def check_access(self, data, req_info, session, curs=None):
     a = Authenticator()
     srv_type = data.get('service_type', None)
     p = data.get('property', None)
     try:
         a.check_access(session, srv_type, p, req_info)
         return response_ok(user_id=session.user_id,
             environment_id=session.environment_id, access='granted')
     except (UserAccessDenied, SessionIpChanged):
         return response_ok(user_id=session.user_id,
             environment_id=session.environment_id, access='denied')
Ejemplo n.º 10
0
 def test_create_restore_password_session(self, curs=None):
     a = Authenticator()
     self.create_actor_env()
     env = self.get_environment_by_name(self.actor_env_name)
     user = self.get_subj_user(env.id, self.actor_login)
     req_info = RequestInfo()
     sess = a.create_restore_password_session(curs, env, user,
         req_info, bind_to_ip=False, lifetime_minutes=None)
     sess_data = json.loads(sess.serialized_data)
     rights = sess_data['rights']
     self.assertEquals({Service.TYPE_AUTH: ['set_password_self']},
         rights)
Ejemplo n.º 11
0
 def modify_users(self, data, req_info, session, curs=None):
     u_ids = data['ids']
     f = UserFilter(session, {'roles': [User.ROLE_SUPER]}, {}, None)
     su = f.filter_one_obj(curs)
     if su.id in u_ids:
         raise SuperUserModificationDenied()
     groups_ids = data.get('new_groups_ids', [])
     filtered_g_ids = self._filter_existed_groups(curs, session, groups_ids)
     data['new_groups_ids'] = filtered_g_ids
     if 'new_password' in data:
         a = Authenticator()
         salt = a.salt()
         data['new_password'] = a.encrypt_password(data['new_password'], salt)
         data['new_salt'] = salt
     f = UserFilter(session, {'ids': u_ids}, {}, None)
     loader = partial(f.filter_objs, curs, for_update=True)
     self.update_objs(curs, data, loader)
     return response_ok()
Ejemplo n.º 12
0
 def modify_user_self(self, data, req_info, session, curs=None):
     f = UserFilter(session, {'id': session.user_id}, {}, None)
     user = f.filter_one_obj(curs)
     old_password = data.get('old_password')
     new_password = data.get('new_password')
     d = {}
     if 'new_lang' in data:
         d['new_lang'] = data['new_lang']
     if old_password is not None:
         if new_password is None or len(new_password) == 0:
             raise UserNewPasswordNotSet("Empty new password can't be set")
         a = Authenticator()
         if user.password != a.encrypt_password(old_password, user.salt):
             raise UserWrongOldPassword()
         salt = a.salt()
         d['new_salt'] = salt
         d['new_password'] = a.encrypt_password(data['new_password'], salt)
     loader = partial(f.filter_one_obj, curs, for_update=True)
     self.update_obj(curs, d, loader)
     return response_ok()
Ejemplo n.º 13
0
    def restore_password(self, data, req_info, curs=None):
        env_name = data.get('environment_name')
        env_f = EnvironmentFilter({'name': env_name}, {}, None)
        env = env_f.filter_one_obj(curs)

        # For correct action logging
        data['environment_id'] = env.id

        user_f = SubjectUserFilter(env.id, {'email': data.get('email')}, {}, None)
        user = user_f.filter_one_obj(curs)

        # creating user session
        auth = Authenticator()
        session = auth.create_restore_password_session(curs, env, user, req_info,
            lifetime_minutes=settings.session_restore_password_lifetime_minutes)
        _add_log_info(data, session)

        n = Notifier()
        n_process = n.restore_password(curs, user, session)
        return response_ok(notification=n_process)
Ejemplo n.º 14
0
 def test_salt(self):
     a = Authenticator()
     for _ in xrange(1000):
         s = a.salt()
         self.assertNotEquals(None, s)
         self.assertNotEquals('', s)
Ejemplo n.º 15
0
 def get_api_actions(self, data, req_info):
     a = Authenticator()
     actions = a.get_auth_api_actions()
     return response_ok(actions=actions)