def test_getuserlist_case_sensitive_resolver_names(fthsm, app, admin_res): g.request_context["Config"] = getLinotpConfig() # This sucks. g.request_context["CacheManager"] = app.cache # This sucks even worse. g.request_context["UserLookup"] = {} # Don't get me started. admin_realm_name = app.config["ADMIN_REALM_NAME"] admin_resolvers_key = f"useridresolver.group.{admin_realm_name}" admin_resolvers = getFromConfig(admin_resolvers_key, "") _, _, aci = admin_resolvers.rpartition(".") # As before, if we make the RCI uppercase and the `getUserList()` function # still returns a user list, then the comparison must have been # case-insensitive. With a case-sensitive comparison, the result should # be empty. search_user = User( login="******", realm=admin_realm_name, resolver_config_identifier=aci.upper(), ) user_list = getUserList({}, search_user) assert ( not user_list ), "getUserList resolver name comparison is not case-sensitive"
def resolverinfo(self, realm): """ get the resolvers for one realm and the number of users per resolver :param realm: the realm to query :return: dict with resolvernames as keys and number of users as value """ realminfo = context.get('Config').getRealms().get(realm) resolver_specs = realminfo.get('useridresolver', '') realmdict = {} for resolver_spec in resolver_specs: __, config_identifier = parse_resolver_spec(resolver_spec) realmdict[config_identifier] = 0 user = getUserFromParam({'realm': realm}) users = getUserList({'realm': realm, 'username': '******'}, user) for next_one in users: resolver = next_one['useridresolver'].split('.')[-1] if resolver in realmdict: realmdict[resolver] += 1 return realmdict
def resolverinfo(self, realm): """ get the resolvers for one realm and the number of users per resolver :param realm: the realm to query :return: dict with resolvernames as keys and number of users as value """ realminfo = context.get('Config').getRealms().get(realm) resolver_specs = realminfo.get('useridresolver', '') realmdict = {} for resolver_spec in resolver_specs: __, config_identifier = parse_resolver_spec(resolver_spec) realmdict[config_identifier] = 0 user = getUserFromParam({'realm': realm}) users = getUserList({'realm': realm, 'username': '******'}, user) for next_one in users: resolver = next_one['useridresolver'].split('.')[-1] if resolver in realmdict: realmdict[resolver] += 1 return realmdict
def resolverinfo(self, realm): """ get the resolvers for one realm and the number of users per resolver :param realm: the realm to query :return: dict with resolvernames as keys and number of users as value """ realminfo = context.get("Config").getRealms().get(realm) resolver_specs = realminfo.get("useridresolver", "") realmdict = {} for resolver_spec in resolver_specs: __, config_identifier = parse_resolver_spec(resolver_spec) realmdict[config_identifier] = 0 user = getUserFromParam({"realm": realm}) users = getUserList({"realm": realm, "username": "******"}, user) for next_one in users: resolver = next_one["useridresolver"].split(".")[-1] if resolver in realmdict: realmdict[resolver] += 1 return realmdict
def userview_flexi(self): ''' This function is used to fill the flexigrid. Unlike the complex /admin/userlist function, it only returns a simple array of the tokens. ''' param = self.request_params try: c.page = param.get("page") c.filter = param.get("query") qtype = param.get("qtype") c.sort = param.get("sortname") c.dir = param.get("sortorder") c.psize = param.get("rp") c.realm = param.get("realm") user = getUserFromParam(param) # check admin authorization # check if we got a realm or resolver, that is ok! checkPolicyPre('admin', 'userlist', { 'user': user.login, 'realm': c.realm }) if c.filter == "": c.filter = "*" log.debug( "[userview_flexi] page: %s, filter: %s, sort: %s, dir: %s" % (c.page, c.filter, c.sort, c.dir)) if c.page is None: c.page = 1 if c.psize is None: c.psize = 20 c.userArray = getUserList({ qtype: c.filter, 'realm': c.realm }, user) c.userNum = len(c.userArray) lines = [] for u in c.userArray: # shorten the useridresolver, to get a better display value resolver_display = "" if "useridresolver" in u: if len(u['useridresolver'].split(".")) > 3: resolver_display = u['useridresolver'].split(".")[ 3] + " (" + u['useridresolver'].split(".")[1] + ")" else: resolver_display = u['useridresolver'] lines.append({ 'id': u['username'], 'cell': [ (u['username']) if 'username' in u else (""), (resolver_display), (u['surname']) if 'surname' in u else (""), (u['givenname']) if 'givenname' in u else (""), (u['email']) if 'email' in u else (""), (u['mobile']) if 'mobile' in u else (""), (u['phone']) if 'phone' in u else (""), (u['userid']) if 'userid' in u else (""), ] }) # sorting reverse = False sortnames = { 'username': 0, 'useridresolver': 1, 'surname': 2, 'givenname': 3, 'email': 4, 'mobile': 5, 'phone': 6, 'userid': 7 } if c.dir == "desc": reverse = True lines = sorted(lines, key=lambda user: user['cell'][sortnames[c.sort]], reverse=reverse) # end: sorting # reducing the page if c.page and c.psize: page = int(c.page) psize = int(c.psize) start = psize * (page - 1) end = start + psize lines = lines[start:end] # We need to return 'page', 'total', 'rows' res = {"page": int(c.page), "total": c.userNum, "rows": lines} c.audit['success'] = True Session.commit() return sendResult(response, res) except PolicyException as pe: log.exception( "[userview_flexi] Error during checking policies: %r" % pe) Session.rollback() return sendError(response, str(pe), 1) except Exception as e: log.exception("[userview_flexi] failed: %r" % e) Session.rollback() return sendError(response, e) finally: Session.close()
def userview_flexi(self): """ This function is used to fill the flexigrid. Unlike the complex /admin/userlist function, it only returns a simple array of the tokens. """ param = request.params try: # serial = getParam(param,"serial",optional) c.page = getParam(param, "page", optional) c.filter = getParam(param, "query", optional) qtype = getParam(param, "qtype", optional) c.sort = getParam(param, "sortname", optional) c.dir = getParam(param, "sortorder", optional) c.psize = getParam(param, "rp", optional) c.realm = getParam(param, "realm", optional) user = getUserFromParam(param, optional) # check admin authorization # check if we got a realm or resolver, that is ok! checkPolicyPre("admin", "userlist", {"user": user.login, "realm": c.realm}) if c.filter == "": c.filter = "*" log.debug("[userview_flexi] page: %s, filter: %s, sort: %s, dir: %s" % (c.page, c.filter, c.sort, c.dir)) if c.page is None: c.page = 1 if c.psize is None: c.psize = 20 c.userArray = getUserList({qtype: c.filter, "realm": c.realm}, user) c.userNum = len(c.userArray) lines = [] for u in c.userArray: # shorten the useridresolver, to get a better display value resolver_display = "" if "useridresolver" in u: if len(u["useridresolver"].split(".")) > 3: resolver_display = ( u["useridresolver"].split(".")[3] + " (" + u["useridresolver"].split(".")[1] + ")" ) else: resolver_display = u["useridresolver"] lines.append( { "id": u["username"], "cell": [ (u["username"]) if u.has_key("username") else (""), (resolver_display), (u["surname"]) if u.has_key("surname") else (""), (u["givenname"]) if u.has_key("givenname") else (""), (u["email"]) if u.has_key("email") else (""), (u["mobile"]) if u.has_key("mobile") else (""), (u["phone"]) if u.has_key("phone") else (""), (u["userid"]) if u.has_key("userid") else (""), ], } ) # sorting reverse = False sortnames = { "username": 0, "useridresolver": 1, "surname": 2, "givenname": 3, "email": 4, "mobile": 5, "phone": 6, "userid": 7, } if c.dir == "desc": reverse = True lines = sorted( lines, key=lambda user: user["cell"][sortnames[c.sort]], reverse=reverse, cmp=unicode_compare ) # end: sorting # reducing the page if c.page and c.psize: page = int(c.page) psize = int(c.psize) start = psize * (page - 1) end = start + psize lines = lines[start:end] # We need to return 'page', 'total', 'rows' response.content_type = "application/json" res = {"page": int(c.page), "total": c.userNum, "rows": lines} c.audit["success"] = True Session.commit() return json.dumps(res, indent=3) except PolicyException as pe: log.error("[userview_flexi] Error during checking policies: %r" % pe) log.error("[userview_flexi] %s" % traceback.format_exc()) Session.rollback() return sendError(response, unicode(pe), 1) except Exception as e: log.error("[userview_flexi] failed: %r" % e) log.error("[userview_flexi] %s" % traceback.format_exc()) Session.rollback() return sendError(response, e) finally: Session.close() log.debug("[userview_flexi] done")
def userview_flexi(self): ''' This function is used to fill the flexigrid. Unlike the complex /admin/userlist function, it only returns a simple array of the tokens. ''' param = request.params try: #serial = getParam(param,"serial",optional) c.page = getParam(param, "page", optional) c.filter = getParam(param, "query", optional) qtype = getParam(param, "qtype", optional) c.sort = getParam(param, "sortname", optional) c.dir = getParam(param, "sortorder", optional) c.psize = getParam(param, "rp", optional) c.realm = getParam(param, "realm", optional) user = getUserFromParam(param, optional) # check admin authorization # check if we got a realm or resolver, that is ok! checkPolicyPre('admin', 'userlist', { 'user': user.login, 'realm': c.realm }) if c.filter == "": c.filter = "*" log.debug( "[userview_flexi] page: %s, filter: %s, sort: %s, dir: %s" % (c.page, c.filter, c.sort, c.dir)) if c.page is None: c.page = 1 if c.psize is None: c.psize = 20 c.userArray = getUserList({ qtype: c.filter, 'realm': c.realm }, user) c.userNum = len(c.userArray) lines = [] for u in c.userArray: # shorten the useridresolver, to get a better display value resolver_display = "" if "useridresolver" in u: if len(u['useridresolver'].split(".")) > 3: resolver_display = u['useridresolver'].split(".")[ 3] + " (" + u['useridresolver'].split(".")[1] + ")" else: resolver_display = u['useridresolver'] # Arrange the table more helpfully. lines.append({ 'id': u['username'], 'cell': [ (u['username']) if u.has_key('username') else (""), (u['givenname']) if u.has_key('givenname') else (""), (u['surname']) if u.has_key('surname') else (""), (u['email']) if u.has_key('email') else (""), (u['userid']) if u.has_key('userid') else (""), ] }) log.debug("[userview_flexi] Elements in c.userArray: %s" % len(c.userArray)) # sorting reverse = False sortnames = { 'username': 0, 'givenname': 1, 'surname': 2, 'email': 3, 'userid': 4 } if c.dir == "desc": reverse = True lines = sorted(lines, key=lambda user: user['cell'][sortnames[c.sort]], reverse=reverse, cmp=unicode_compare) # end: sorting # reducing the page if c.page and c.psize: page = int(c.page) psize = int(c.psize) start = psize * (page - 1) end = start + psize lines = lines[start:end] # We need to return 'page', 'total', 'rows' response.content_type = 'application/json' res = {"page": int(c.page), "total": c.userNum, "rows": lines} c.audit['success'] = True Session.commit() return json.dumps(res, indent=3) except PolicyException as pe: log.error("[userview_flexi] Error during checking policies: %r" % pe) log.error("[userview_flexi] %s" % traceback.format_exc()) Session.rollback() return sendError(response, unicode(pe), 1) except Exception as e: log.error("[userview_flexi] failed: %r" % e) log.error("[userview_flexi] %s" % traceback.format_exc()) Session.rollback() return sendError(response, e) finally: Session.close() log.debug('[userview_flexi] done')
def userview_flexi(self): ''' This function is used to fill the flexigrid. Unlike the complex /admin/userlist function, it only returns a simple array of the tokens. ''' param = request.params try: #serial = getParam(param,"serial",optional) c.page = getParam(param, "page", optional) c.filter = getParam(param, "query", optional) qtype = getParam(param, "qtype", optional) c.sort = getParam(param, "sortname", optional) c.dir = getParam(param, "sortorder", optional) c.psize = getParam(param, "rp", optional) c.realm = getParam(param, "realm", optional) user = getUserFromParam(param, optional) # check admin authorization # check if we got a realm or resolver, that is ok! checkPolicyPre('admin', 'userlist', { 'user': user.login, 'realm' : c.realm }, context=self.request_context) if c.filter == "": c.filter = "*" log.debug("[userview_flexi] page: %s, filter: %s, sort: %s, dir: %s" % (c.page, c.filter, c.sort, c.dir)) if c.page is None: c.page = 1 if c.psize is None: c.psize = 20 c.userArray = getUserList({ qtype:c.filter, 'realm':c.realm }, user) c.userNum = len(c.userArray) lines = [] for u in c.userArray: # shorten the useridresolver, to get a better display value resolver_display = "" if "useridresolver" in u: if len(u['useridresolver'].split(".")) > 3: resolver_display = u['useridresolver'].split(".")[3] + " (" + u['useridresolver'].split(".")[1] + ")" else: resolver_display = u['useridresolver'] lines.append( { 'id' : u['username'], 'cell': [ (u['username']) if u.has_key('username') else (""), (resolver_display), (u['surname']) if u.has_key('surname') else (""), (u['givenname']) if u.has_key('givenname') else (""), (u['email']) if u.has_key('email') else (""), (u['mobile']) if u.has_key('mobile') else (""), (u['phone']) if u.has_key('phone') else (""), (u['userid']) if u.has_key('userid') else (""), ] } ) # sorting reverse = False sortnames = { 'username' : 0, 'useridresolver' : 1, 'surname' : 2, 'givenname' : 3, 'email' : 4, 'mobile' :5, 'phone' : 6, 'userid' : 7 } if c.dir == "desc": reverse = True lines = sorted(lines, key=lambda user: user['cell'][sortnames[c.sort]], reverse=reverse, cmp=unicode_compare) # end: sorting # reducing the page if c.page and c.psize: page = int(c.page) psize = int(c.psize) start = psize * (page - 1) end = start + psize lines = lines[start:end] # We need to return 'page', 'total', 'rows' response.content_type = 'application/json' res = { "page": int(c.page), "total": c.userNum, "rows": lines } c.audit['success'] = True Session.commit() return sendResult(response, res) except PolicyException as pe: log.exception("[userview_flexi] Error during checking policies: %r" % pe) Session.rollback() return sendError(response, unicode(pe), 1) except Exception as e: log.exception("[userview_flexi] failed: %r" % e) Session.rollback() return sendError(response, e) finally: Session.close() log.debug('[userview_flexi] done')
def userview_flexi(self): """ This function is used to fill the flexigrid. Unlike the complex /admin/userlist function, it only returns a simple array of the tokens. """ param = self.request_params try: c.page = param.get("page") c.filter = param.get("query") qtype = param.get("qtype") c.sort = param.get("sortname") c.dir = param.get("sortorder") c.psize = param.get("rp") c.realm = param.get("realm") user = getUserFromParam(param) # check admin authorization # check if we got a realm or resolver, that is ok! checkPolicyPre( "admin", "userlist", {"user": user.login, "realm": c.realm} ) if c.filter == "": c.filter = "*" log.debug( "[userview_flexi] page: %s, filter: %s, sort: %s, dir: %s", c.page, c.filter, c.sort, c.dir, ) if c.page is None: c.page = 1 if c.psize is None: c.psize = 20 c.userArray = getUserList( {qtype: c.filter, "realm": c.realm}, user ) c.userNum = len(c.userArray) lines = [] for u in c.userArray: # shorten the useridresolver, to get a better display value resolver_display = "" if "useridresolver" in u: if len(u["useridresolver"].split(".")) > 3: resolver_display = ( u["useridresolver"].split(".")[3] + " (" + u["useridresolver"].split(".")[1] + ")" ) else: resolver_display = u["useridresolver"] lines.append( { "id": u["username"], "cell": [ (u["username"]) if "username" in u else (""), (resolver_display), (u["surname"]) if "surname" in u else (""), (u["givenname"]) if "givenname" in u else (""), (u["email"]) if "email" in u else (""), (u["mobile"]) if "mobile" in u else (""), (u["phone"]) if "phone" in u else (""), (u["userid"]) if "userid" in u else (""), ], } ) # sorting reverse = False sortnames = { "username": 0, "useridresolver": 1, "surname": 2, "givenname": 3, "email": 4, "mobile": 5, "phone": 6, "userid": 7, } if c.dir == "desc": reverse = True lines = sorted( lines, key=lambda user: user["cell"][sortnames[c.sort]], reverse=reverse, ) # end: sorting # reducing the page if c.page and c.psize: page = int(c.page) psize = int(c.psize) start = psize * (page - 1) end = start + psize lines = lines[start:end] # We need to return 'page', 'total', 'rows' res = {"page": int(c.page), "total": c.userNum, "rows": lines} g.audit["success"] = True db.session.commit() return sendResult(response, res) except PolicyException as pe: log.error( "[userview_flexi] Error during checking policies: %r", pe ) db.session.rollback() return sendError(response, pe, 1) except Exception as exx: log.error("[userview_flexi] failed: %r", exx) db.session.rollback() return sendError(response, exx)
def users(self): ''' This function is used to fill the flexigrid. Unlike the complex /admin/userlist function, it only returns a simple array of the tokens. ''' param = self.request_params try: page = param.get("page", 1) qfilter = param.get("query", '*') or '*' qtype = param.get("qtype", 'username') sort = param.get("sortname", 'username') direction = param.get("sortorder", 'asc') psize = param.get("rp", 20) user = getUserFromParam(param) realms = get_realms_from_params( param, getAdminPolicies('userlist', scope='admin')) uniqueUsers = {} for realm in realms: # ---------------------------------------------------------- -- # check admin authorization: checkPolicyPre('admin',... # admin policies are special as they are acl which define # - for user (policy entry) # - the actions (policy entry) # - in the realm (policy entry) # is allowed. while the user.login is not evaluated, the # user.realm is. # # the admin policies are acls and are defined in contradiction # to the other policy scopes where actions are either defiend # for user or realm!! # so we have to check for every user.realm if isinstance(user, User): user.realm = realm checkPolicyPre('admin', 'userlist', param=param, user=user) users_list = getUserList( {qtype: qfilter, 'realm': realm}, user) # now create a unique list of users with the unique key of # userid + useridresolver for u in users_list: pkey = u['userid'] + ':' + u['useridresolver'] user_realms = uniqueUsers.get(pkey, {}).get('realms', []) user_realms.append(realm) u['realms'] = user_realms uniqueUsers[pkey] = u userNum = len(uniqueUsers) lines = [] for u in uniqueUsers.values(): # shorten the useridresolver, to get a better display value resolver_display = "" if "useridresolver" in u: if len(u['useridresolver'].split(".")) > 3: resolver_display = u['useridresolver'].split( ".")[3] + " (" + u['useridresolver'].split(".")[1] + ")" else: resolver_display = u['useridresolver'] lines.append( {'id': u['username'], 'cell': [ (u['username']) if u.has_key('username') else (""), (resolver_display), (u['surname']) if u.has_key('surname') else (""), (u['givenname']) if u.has_key( 'givenname') else (""), (u['email']) if u.has_key('email') else (""), (u['mobile']) if u.has_key('mobile') else (""), (u['phone']) if u.has_key('phone') else (""), (u['userid']) if u.has_key('userid') else (""), (u['realms']), ] } ) # sorting reverse = False sortnames = { 'username': 0, 'useridresolver': 1, 'surname': 2, 'givenname': 3, 'email': 4, 'mobile': 5, 'phone': 6, 'userid': 7 } if direction == "desc": reverse = True lines = sorted(lines, key=lambda user: user['cell'][sortnames[sort]], reverse=reverse, cmp=unicode_compare) # end: sorting # reducing the page if page and psize: page = int(page) psize = int(psize) start = psize * (page - 1) end = start + psize lines = lines[start:end] # We need to return 'page', 'total', 'rows' res = { "page": int(page), "total": userNum, "rows": lines } c.audit['success'] = True Session.commit() return sendResult(response, res) except PolicyException as pe: log.exception( "[userview_flexi] Error during checking policies: %r" % pe) Session.rollback() return sendError(response, unicode(pe), 1) except Exception as e: log.exception("[userview_flexi] failed: %r" % e) Session.rollback() return sendError(response, e) finally: Session.close()