Ejemplo n.º 1
0
    def _compareResolver(self, userObj, user_def):
        """
        do the user name and resolver comparison -
            the user is separated by a '.' from the resolver

        Remark: the user must not be defined by the target resolver,
                its the ability to lookup in a different resolver for
                the user login

        :params userObj: the comparison user class object
        :param user_def: the user pattern to compare against

        :return: bool
        """

        def_resolver = user_def[:-1]

        # if there is a prefixed user, split it from
        if '.' in def_resolver:
            def_resolver = def_resolver.split('.')[-1]

        # check if the resolver is defined at all
        from linotp.lib.resolver import getResolverList
        resolvers = getResolverList()
        if def_resolver not in resolvers:
            return False

        # if we have no user part and came that far, we ar e done
        if def_resolver == user_def[:-1]:
            return True

        user_resolver = user_def[:-1]
        # remove the resolver from the user and compare
        simple_user_def, _sep, _res = user_resolver.rpartition(".")
        return self._compareUser(userObj, simple_user_def)
Ejemplo n.º 2
0
    def migrate_resolver(self):

        from linotp.lib.tools.migrate_resolver import MigrateResolverHandler

        ret = {}

        try:
            src = self.request_params['from']
            target = self.request_params['to']

            from linotp.lib.resolver import getResolverList
            resolvers = getResolverList()

            src_resolver = resolvers.get(src, None)
            target_resolver = resolvers.get(target, None)

            if not target_resolver or not src_resolver:
                raise Exception('Src or Target resolver is undefined!')

            mg = MigrateResolverHandler()
            ret = mg.migrate_resolver(src=src_resolver, target=target_resolver)

            Session.commit()
            return sendResult(response, ret)

        except Exception as e:
            log.exception("failed: %r" % e)
            Session.rollback()
            return sendError(response, e, 1)

        finally:
            Session.close()
Ejemplo n.º 3
0
    def _do_readonly_param_test(self, param, is_invalid, expected_readonly, mock_get_types):
        """
        Call getresolverlist with given configuration
        """

        conf = {
            'linotp.test.name.UnitTestResolver': 'UnitTestResolver',
            'linotp.test.readonly.UnitTestResolver': param,
            }

        with patch('linotp.lib.resolver.context', return_value=conf) as mock_context:
            mock_context.get.return_value = conf
            with patch('linotp.lib.resolver.log') as mock_log:
                ret = resolver.getResolverList()

                if is_invalid:
                    # Invalid parameter will log a message
                    mock_log.info.assert_called_with(
                        "Failed to convert 'readonly' attribute %r:%r", ANY, param)

                # If readonly, the resulting resolver has config key=readonly, value=True
                # If not readonly, the resulting resolver does not have the readonly key
                r = ret['UnitTestResolver']
                if expected_readonly:
                    assert r['readonly'] == True
                else:
                    assert 'readonly' not in r
Ejemplo n.º 4
0
    def _do_readonly_param_test(self, param, is_invalid, expected_readonly,
                                mock_get_types):
        """
        Call getresolverlist with given configuration
        """

        conf = {
            'linotp.test.name.UnitTestResolver': 'UnitTestResolver',
            'linotp.test.readonly.UnitTestResolver': param,
        }

        with patch('linotp.lib.resolver.context',
                   return_value=conf) as mock_context:
            mock_context.get.return_value = conf
            with patch('linotp.lib.resolver.log') as mock_log:
                ret = resolver.getResolverList()

                if is_invalid:
                    # Invalid parameter will log a message
                    mock_log.info.assert_called_with(
                        "Failed to convert 'readonly' attribute %r:%r", ANY,
                        param)

                # If readonly, the resulting resolver has config key=readonly, value=True
                # If not readonly, the resulting resolver does not have the readonly key
                r = ret['UnitTestResolver']
                if expected_readonly:
                    assert r['readonly'] == True
                else:
                    assert 'readonly' not in r
Ejemplo n.º 5
0
    def migrate_resolver(self):

        from linotp.lib.tools.migrate_resolver import MigrateResolverHandler

        ret = {}

        try:
            src = self.request_params['from']
            target = self.request_params['to']

            from linotp.lib.resolver import getResolverList
            resolvers = getResolverList()

            src_resolver = resolvers.get(src, None)
            target_resolver = resolvers.get(target, None)

            if not target_resolver or not src_resolver:
                raise Exception('Src or Target resolver is undefined!')

            mg = MigrateResolverHandler()
            ret = mg.migrate_resolver(src=src_resolver,
                                      target=target_resolver)

            Session.commit()
            return sendResult(response, ret)

        except Exception as e:
            log.exception("failed: %r" % e)
            Session.rollback()
            return sendError(response, e, 1)

        finally:
            Session.close()
Ejemplo n.º 6
0
    def migrate_resolver(self):

        from linotp.lib.tools.migrate_resolver import MigrateResolverHandler

        ret = {}

        try:
            src = self.request_params["from"]
            target = self.request_params["to"]

            from linotp.lib.resolver import getResolverList

            resolvers = getResolverList()

            src_resolver = resolvers.get(src, None)
            target_resolver = resolvers.get(target, None)

            if not target_resolver or not src_resolver:
                raise Exception("Src or Target resolver is undefined!")

            mg = MigrateResolverHandler()
            ret = mg.migrate_resolver(src=src_resolver, target=target_resolver)

            db.session.commit()
            return sendResult(response, ret)

        except Exception as e:
            log.error("migrate resolver failed")
            db.session.rollback()
            return sendError(response, e, 1)
Ejemplo n.º 7
0
 def get_fq_resolver(res):
     fq_resolver = None
     resolvers = getResolverList()
     if res in resolvers:
         match_res = resolvers.get(res)
         fq_resolver = getResolverClassName(match_res['type'],
                                            match_res['resolvername'])
     return fq_resolver
Ejemplo n.º 8
0
 def get_fq_resolver(res):
     fq_resolver = None
     resolvers = getResolverList()
     if res in resolvers:
         match_res = resolvers.get(res)
         fq_resolver = getResolverClassName(match_res['type'],
                                            match_res['resolvername'])
     return fq_resolver
Ejemplo n.º 9
0
    def _do_readonly_param_test(
        self,
        param,
        is_invalid,
        expected_readonly,
        mock_get_types,
        mock_admin_resolvers,
    ):
        """
        Call getresolverlist with given configuration
        """

        conf = {
            "linotp.sqlresolver.name.UnitTestResolver": "UnitTestResolver",
            "linotp.sqlresolver.readonly.UnitTestResolver": param,
        }

        with patch("linotp.lib.resolver.context",
                   return_value=conf) as mock_context:
            mock_context.get.return_value = conf
            with patch("linotp.lib.resolver.log") as mock_log:
                ret = resolver.getResolverList()

                if is_invalid:
                    # Invalid parameter will log a message
                    mock_log.info.assert_called_with(
                        "Failed to convert 'readonly' attribute %r:%r",
                        ANY,
                        param,
                    )

                # If readonly, the resulting resolver has config key=readonly, value=True
                # If not readonly, the resulting resolver does not have the
                # readonly key
                r = ret["UnitTestResolver"]
                if expected_readonly:
                    assert r["readonly"]
                else:
                    assert "readonly" not in r
Ejemplo n.º 10
0
    def _compareResolver(self, userObj, user_def):
        """
        do the user name and resolver comparison -
            the user is separated by a '.' from the resolver

        Remark: the user must not be defined by the target resolver,
                its the ability to lookup in a different resolver for
                the user login

        :params userObj: the comparison user class object
        :param user_def: the user pattern to compare against

        :return: bool
        """

        def_resolver = user_def[:-1]

        # if there is a prefixed user, split it from
        if "." in def_resolver:
            def_resolver = def_resolver.split(".")[-1]

        # check if the resolver is defined at all
        from linotp.lib.resolver import getResolverList

        resolvers = getResolverList()
        if def_resolver not in resolvers:
            return False

        # if we have no user part and came that far, we are done
        if def_resolver == user_def[:-1]:
            return True

        user_resolver = user_def[:-1]
        # remove the resolver from the user and compare
        simple_user_def = user_resolver
        if "." in user_resolver:
            simple_user_def, _sep, _res = user_resolver.rpartition(".")

        return self._compareUser(userObj, simple_user_def)
Ejemplo n.º 11
0
    def migrate_resolver(self):

        from linotp.lib.tools.migrate_resolver import MigrateResolverHandler

        params = {}
        ret = {}

        try:
            params.update(request.params)

            src = params['from']
            target = params['to']

            from linotp.lib.resolver import getResolverList
            resolvers = getResolverList()

            src_resolver = resolvers.get(src, None)
            target_resolver = resolvers.get(target, None)

            if not target_resolver or not src_resolver:
                raise Exception('Src or Target resolver is undefined!')

            mg = MigrateResolverHandler(context=self.request_context)
            ret = mg.migrate_resolver(src=src_resolver,
                                      target=target_resolver)

            Session.commit()
            return sendResult(response, ret)

        except Exception as e:
            log.exception("failed: %r" % e)
            Session.rollback()
            log.error('error getting token owner')
            return sendError(response, e, 1)

        finally:
            Session.close()
            log.debug('[enable] done')
Ejemplo n.º 12
0
    def import_users(self):
        """
        import users from a csv file into an dedicated sql resolver
        """

        try:

            params = {}
            params.update(request.POST)

            # -------------------------------------------------------------- --
            # processing required arguments
            try:

                data_file = request.POST['file']
                resolver_name = params['resolver']

            except KeyError as exx:

                log.exception("Missing parameter: %r", exx)
                raise ParameterError("Missing parameter: %r" % exx)

            groupid = resolver_name

            # process file upload data

            data = data_file

            # -- ----------------------------------------------------------- --
            # In case of form post requests, it is a "instance" of FieldStorage
            # i.e. the Filename is selected in the browser and the data is
            # transferred in an iframe.
            #     see: http://jquery.malsup.com/form/#sample4
            # -- ----------------------------------------------------------- --

            if isinstance(data_file, FieldStorage):
                data = data_file.value

            # -------------------------------------------------------------- --

            # process the other arguments
            dryrun = boolean(params.get('dryrun', False))

            passwords_in_plaintext = boolean(
                params.get('passwords_in_plaintext', False))

            file_format = params.get('format', "csv")

            if file_format in ('password', 'passwd'):

                column_mapping = {
                    "userid": 2,
                    "username": 0,
                    "phone": 8,
                    "mobile": 7,
                    "email": 9,
                    "surname": 5,
                    "givenname": 4,
                    "password": 1
                }

                format_reader = PasswdFormatReader()

            elif file_format in ('csv'):

                skip_header = boolean(params.get('skip_header', False))
                if skip_header:
                    data = '\n'.join(data.split('\n')[1:])

                column_mapping = {
                    "username": 0,
                    "userid": 1,
                    "surname": 2,
                    "givenname": 3,
                    "email": 4,
                    "phone": 5,
                    "mobile": 6,
                    "password": 7
                }

                delimiter = str(params.get('delimiter', ","))
                quotechar = str(params.get('quotechar', '"'))

                format_reader = DefaultFormatReader()
                format_reader.delimiter = delimiter
                format_reader.quotechar = quotechar

                column_mapping = params.get('column_mapping', column_mapping)

            else:

                raise Exception('unspecified file foramt')

            # we have to convert the column_mapping back into an dict

            if (isinstance(column_mapping, str)
                    or isinstance(column_mapping, unicode)):
                column_mapping = json.loads(column_mapping)

            # prevent overwrite of existing unmanaged resolver

            resolvers = getResolverList()
            if resolver_name in resolvers:
                if not resolvers[resolver_name].get('readonly', False):
                    raise Exception("Unmanged resolver with same name: %r"
                                    " already exists!" % resolver_name)
            # -------------------------------------------------------------- --

            # feed the engine :)

            # use a LinOTP Database context for Sessions and Engine

            db_context = LinOTP_DatabaseContext(
                SqlSession=Session, SqlEngine=linotp.model.meta.engine)

            # define the import into an SQL database + resolver

            import_handler = SQLImportHandler(groupid=groupid,
                                              resolver_name=resolver_name,
                                              database_context=db_context)

            # create the UserImporter with the required mapping

            user_import = UserImport(import_handler)

            user_import.set_mapping(column_mapping)

            # and run the data processing

            result = user_import.import_csv_users(
                data,
                dryrun=dryrun,
                format_reader=format_reader,
                passwords_in_plaintext=passwords_in_plaintext)

            if dryrun:

                return sendResult(response, result)

            # -------------------------------------------------------------- --

            # create / extend target realm for the resolver

            resolver_spec = import_handler.get_resolver_spec()

            Session.commit()

            return sendResult(response, result)

        except PolicyException as pexx:

            log.exception("Error during user import: %r", pexx)

            Session.rollback()

            return sendError(response, "%r" % pexx, 1)

        except Exception as exx:

            log.exception("Error during user import: %r" % exx)

            Session.rollback()

            return sendError(response, "%r" % exx)

        finally:
            Session.close()
            log.debug('done')
Ejemplo n.º 13
0
    def create_context(self, request, environment):
        """
        create the request context for all controllers
        """

        linotp_config = getLinotpConfig()

        # make the request id available in the request context
        request_context['RequestId'] = environment['REQUEST_ID']

        # a request local cache to get the user info from the resolver
        request_context['UserLookup'] = {}

        # a request local cache to get the resolver from user and realm
        request_context['UserRealmLookup'] = {}

        request_context['Config'] = linotp_config
        request_context['Policies'] = parse_policies(linotp_config)
        request_context['translate'] = translate
        request_context['CacheManager'] = environment['beaker.cache']

        routes = environment.get('pylons.routes_dict', {})
        path = "/%s/%s" % (routes['controller'], routes['action'])
        request_context['Path'] = path

        request_context['hsm'] = self.hsm

        initResolvers()

        client = None
        try:
            client = get_client(request=request)
        except UnicodeDecodeError as exx:
            log.error("Failed to decode request parameters %r" % exx)

        request_context['Client'] = client

        request_context['Audit'] = Audit
        request_context['audit'] = Audit.initialize(request, client=client)

        authUser = None
        try:
            authUser = getUserFromRequest(request)
        except UnicodeDecodeError as exx:
            log.error("Failed to decode request parameters %r" % exx)

        request_context['AuthUser'] = authUser
        request_context['UserLookup'] = {}

        # ------------------------------------------------------------------ --
        # get the current resolvers

        resolvers = []
        try:
            resolvers = getResolverList(config=linotp_config)
        except UnicodeDecodeError as exx:
            log.error("Failed to decode request parameters %r" % exx)

        request_context['Resolvers'] = resolvers

        # ------------------------------------------------------------------ --
        # get the current realms

        realms = {}
        try:
            realms = getRealms()
        except UnicodeDecodeError as exx:
            log.error("Failed to decode request parameters %r" % exx)

        request_context['Realms'] = realms

        # ------------------------------------------------------------------ --

        defaultRealm = ""
        try:
            defaultRealm = getDefaultRealm(linotp_config)
        except UnicodeDecodeError as exx:
            log.error("Failed to decode request parameters %r" % exx)

        request_context['defaultRealm'] = defaultRealm

        # ------------------------------------------------------------------ --
        # load the requesting user

        from linotp.useridresolver.UserIdResolver import (
            ResolverNotAvailable)

        requestUser = None
        try:
            requestUser = getUserFromParam(self.request_params)
        except UnicodeDecodeError as exx:
            log.error("Failed to decode request parameters %r", exx)
        except (ResolverNotAvailable, NoResolverFound) as exx:
            log.error("Failed to connect to server %r", exx)

        request_context['RequestUser'] = requestUser

        # ------------------------------------------------------------------ --
        # load the providers

        from linotp.provider import Provider_types
        from linotp.provider import getProvider

        provider = {}
        for provider_type in Provider_types.keys():
            provider[provider_type] = getProvider(provider_type)

        request_context['Provider'] = provider

        # ------------------------------------------------------------------ --

        # for the setup of encrypted data, we require the hsm is instatiated
        # and available in the request context

        if not self.secret_key:
            init_key_partition(linotp_config, partition=0)

        # ------------------------------------------------------------------ --

        # copy some system entries from pylons
        syskeys = {
            "radius.nas_identifier": "LinOTP",
            "radius.dictfile": "/etc/linotp2/dictionary"
        }

        sysconfig = {}
        for key, default in syskeys.items():
            sysconfig[key] = config.get(key, default)

        request_context['SystemConfig'] = sysconfig
Ejemplo n.º 14
0
    def import_users(self):
        """
        import users from a csv file into an dedicated sql resolver
        """

        try:

            params = {}
            params.update(request.POST)

            # -------------------------------------------------------------- --
            # processing required arguments
            try:

                data_file = request.POST['file']
                resolver_name = params['resolver']

            except KeyError as exx:

                log.exception("Missing parameter: %r", exx)
                raise ParameterError("Missing parameter: %r" % exx)

            groupid = resolver_name

            # process file upload data

            data = data_file

            # -- ----------------------------------------------------------- --
            # In case of form post requests, it is a "instance" of FieldStorage
            # i.e. the Filename is selected in the browser and the data is
            # transferred in an iframe.
            #     see: http://jquery.malsup.com/form/#sample4
            # -- ----------------------------------------------------------- --

            if isinstance(data_file, FieldStorage):
                data = data_file.value

            # -------------------------------------------------------------- --

            # process the other arguments
            dryrun = boolean(params.get('dryrun', False))

            passwords_in_plaintext = boolean(params.get(
                                                'passwords_in_plaintext',
                                                False))

            file_format = params.get('format', "csv")

            if file_format in ('password', 'passwd'):

                column_mapping = {
                        "userid": 2,
                        "username": 0,
                        "phone": 8,
                        "mobile": 7,
                        "email": 9,
                        "surname": 5,
                        "givenname": 4,
                        "password": 1}

                format_reader = PasswdFormatReader()

            elif file_format in ('csv'):

                skip_header = boolean(params.get('skip_header', False))
                if skip_header:
                    data = '\n'.join(data.split('\n')[1:])

                column_mapping = {
                        "username": 0,
                        "userid": 1,
                        "surname": 2,
                        "givenname": 3,
                        "email": 4,
                        "phone": 5,
                        "mobile": 6,
                        "password": 7}

                delimiter = str(params.get('delimiter', ","))
                quotechar = str(params.get('quotechar', '"'))

                format_reader = DefaultFormatReader()
                format_reader.delimiter = delimiter
                format_reader.quotechar = quotechar

                column_mapping = params.get('column_mapping', column_mapping)

            else:

                raise Exception('unspecified file foramt')

            # we have to convert the column_mapping back into an dict

            if (isinstance(column_mapping, str) or
                isinstance(column_mapping, unicode)):
                column_mapping = json.loads(column_mapping)

            # prevent overwrite of existing unmanaged resolver

            resolvers = getResolverList()
            if resolver_name in resolvers:
                if not resolvers[resolver_name].get('readonly', False):
                    raise Exception("Unmanged resolver with same name: %r"
                                    " already exists!" % resolver_name)
            # -------------------------------------------------------------- --

            # feed the engine :)

            # use a LinOTP Database context for Sessions and Engine

            db_context = LinOTP_DatabaseContext(
                                        SqlSession=Session,
                                        SqlEngine=linotp.model.meta.engine)

            # define the import into an SQL database + resolver

            import_handler = SQLImportHandler(
                                        groupid=groupid,
                                        resolver_name=resolver_name,
                                        database_context=db_context)

            # create the UserImporter with the required mapping

            user_import = UserImport(import_handler)

            user_import.set_mapping(column_mapping)

            # and run the data processing

            result = user_import.import_csv_users(
                                data,
                                dryrun=dryrun,
                                format_reader=format_reader,
                                passwords_in_plaintext=passwords_in_plaintext
                                )

            if dryrun:

                return sendResult(response, result)

            # -------------------------------------------------------------- --

            # create / extend target realm for the resolver

            resolver_spec = import_handler.get_resolver_spec()

            Session.commit()

            return sendResult(response, result)

        except PolicyException as pexx:

            log.exception("Error during user import: %r", pexx)

            Session.rollback()

            return sendError(response, "%r" % pexx, 1)

        except Exception as exx:

            log.exception("Error during user import: %r" % exx)

            Session.rollback()

            return sendError(response, "%r" % exx)

        finally:
            Session.close()
            log.debug('done')
Ejemplo n.º 15
0
    def import_users(self):
        """
        import users from a csv file into an dedicated sql resolver
        """

        try:

            params = self.request_params

            # -------------------------------------------------------------- --
            # processing required arguments
            try:

                data_file = request.files["file"]
                resolver_name = params["resolver"]

            except KeyError as exx:

                log.error("Missing parameter: %r", exx)
                raise ParameterError("Missing parameter: %r" % exx)

            if resolver_name == current_app.config["ADMIN_RESOLVER_NAME"]:
                raise DeleteForbiddenError(
                    f"default admin resolver {resolver_name} is not allowed "
                    "to be overwritten!")

            groupid = resolver_name

            # process file upload data

            data = data_file

            # -- ----------------------------------------------------------- --
            # In case of form post requests, it is a "instance" of FileStorage
            # i.e. the Filename is selected in the browser and the data is
            # transferred in an iframe.
            #     see: http://jquery.malsup.com/form/#sample4
            # -- ----------------------------------------------------------- --

            if isinstance(data_file, FileStorage):
                data = data_file.read()

            data = data.decode()

            # -------------------------------------------------------------- --

            # process the other arguments
            dryrun = boolean(params.get("dryrun", False))

            passwords_in_plaintext = boolean(
                params.get("passwords_in_plaintext", False))

            file_format = params.get("format", "csv")

            if file_format in ("password", "passwd"):

                column_mapping = {
                    "userid": 2,
                    "username": 0,
                    "phone": 8,
                    "mobile": 7,
                    "email": 9,
                    "surname": 5,
                    "givenname": 4,
                    "password": 1,
                }

                format_reader = PasswdFormatReader()

            elif file_format in ("csv"):

                skip_header = boolean(params.get("skip_header", False))
                if skip_header:
                    data = "\n".join(data.split("\n")[1:])

                column_mapping = {
                    "username": 0,
                    "userid": 1,
                    "surname": 2,
                    "givenname": 3,
                    "email": 4,
                    "phone": 5,
                    "mobile": 6,
                    "password": 7,
                }

                delimiter = str(params.get("delimiter", ","))
                quotechar = str(params.get("quotechar", '"'))

                format_reader = DefaultFormatReader()
                format_reader.delimiter = delimiter
                format_reader.quotechar = quotechar

                column_mapping = params.get("column_mapping", column_mapping)

            else:

                raise Exception("unspecified file foramt")

            # we have to convert the column_mapping back into an dict

            if isinstance(column_mapping, str):
                column_mapping = json.loads(column_mapping)

            # prevent overwrite of existing unmanaged resolver

            checkPolicyPre("system", "setResolver")

            resolvers = getResolverList()
            if resolver_name in resolvers:
                if not resolvers[resolver_name].get("readonly", False):
                    raise Exception("Unmanged resolver with same name: %r"
                                    " already exists!" % resolver_name)
            # -------------------------------------------------------------- --

            # feed the engine :)

            # use a LinOTP Database context for Sessions and Engine

            db_context = LinOTP_DatabaseContext(SqlSession=db.session,
                                                SqlEngine=db.engine)

            # define the import into an SQL database + resolver

            import_handler = SQLImportHandler(
                groupid=groupid,
                resolver_name=resolver_name,
                database_context=db_context,
            )

            # create the UserImporter with the required mapping

            user_import = UserImport(import_handler)

            user_import.set_mapping(column_mapping)

            # and run the data processing

            result = user_import.import_csv_users(
                data,
                dryrun=dryrun,
                format_reader=format_reader,
                passwords_in_plaintext=passwords_in_plaintext,
            )

            if dryrun:

                return sendResult(response, result)

            # -------------------------------------------------------------- --

            # create / extend target realm for the resolver

            resolver_spec = import_handler.get_resolver_spec()

            db.session.commit()

            return sendResult(response, result)

        except PolicyException as pexx:

            log.error("Error during user import: %r", pexx)

            db.session.rollback()

            return sendError(response, "%r" % pexx, 1)

        except Exception as exx:

            log.error("Error during user import: %r", exx)

            db.session.rollback()

            return sendError(response, exx)

        finally:
            log.debug("done")