def authenticate(self, request): user = self._internal_auth(request) is_bootstrap_admin = user and user.is_bootstrap_admin if self.external_auth_configured \ and not is_bootstrap_admin \ and not self.token_based_auth: self.logger.debug('using external auth') user = user_handler.get_user_from_auth(request.authorization) response = self.external_auth.authenticate(request, user) if isinstance(response, Response): return response user = response if not user: raise NoAuthProvided() self.logger.debug('Authenticated user: {0}'.format(user)) if request.authorization: # Reset the counter only when using basic authentication # (User + Password), otherwise the counter will be reset on # every UI refresh (every 4 sec) and accounts won't be locked. user.failed_logins_counter = 0 now = datetime.now() if not user.last_login_at: user.first_login_at = now user.last_login_at = now user_datastore.commit() return user
def __init__(self, load_config=True): _detect_debug_environment() super(CloudifyFlaskApp, self).__init__(__name__) if load_config: config.instance.load_configuration() self._set_sql_alchemy() # This must be the first before_request, otherwise db access may break # after db failovers or db proxy restarts self.before_request(cope_with_db_failover) # These two need to be called after the configuration was loaded if config.instance.rest_service_log_path: setup_logger(self.logger) if premium_enabled and config.instance.file_server_root: self.external_auth = configure_auth(self.logger) self.before_request(LicenseHandler.check_license_expiration_date) else: self.external_auth = None self.before_request(log_request) self.before_request(maintenance_mode_handler) self.after_request(log_response) self._set_flask_security() with self.app_context(): roles = config.instance.authorization_roles if roles: for role in roles: user_datastore.find_or_create_role(name=role['name']) user_datastore.commit() with self._prevent_flask_restful_error_handling(): setup_resources(Api(self)) self.register_blueprint(app_errors)
def __init__(self, load_config=True): _detect_debug_environment() super(CloudifyFlaskApp, self).__init__(__name__) if load_config: config.instance.load_configuration() self._set_sql_alchemy() # These two need to be called after the configuration was loaded if config.instance.rest_service_log_path: setup_logger(self.logger) if premium_enabled and config.instance.file_server_root: self.external_auth = configure_auth(self.logger) self.before_request(LicenseHandler.check_license_expiration_date) else: self.external_auth = None self.before_request(log_request) self.before_request(maintenance_mode_handler) self.after_request(log_response) self._set_exception_handlers() self._set_flask_security() with self.app_context(): roles = config.instance.authorization_roles if roles: for role in roles: user_datastore.find_or_create_role(name=role['name']) user_datastore.commit() setup_resources(Api(self)) self.register_blueprint(app_errors)
def __init__(self, load_config=True): _detect_debug_environment() super(CloudifyFlaskApp, self).__init__(__name__) if load_config: config.instance.load_configuration() self._set_sql_alchemy() if load_config: with self.app_context(): config.instance.load_from_db() # These two need to be called after the configuration was loaded setup_logger(self.logger) if premium_enabled: self.external_auth = configure_auth(self.logger) else: self.external_auth = None self.before_request(log_request) self.before_request(maintenance_mode_handler) self.after_request(log_response) self._set_exception_handlers() self._set_flask_security() with self.app_context(): roles = config.instance.authorization_roles if roles: for role in roles: user_datastore.find_or_create_role(name=role['name']) user_datastore.commit() setup_resources(Api(self)) self.register_blueprint(app_errors)
def create_default_user_tenant_and_roles(admin_username, admin_password, amqp_manager, authorization_file_path): """ Create the bootstrap admin, the default tenant and the security roles, as well as a RabbitMQ vhost and user corresponding to the default tenant :return: The default tenant """ admin_role = _create_roles(authorization_file_path) default_tenant = _create_default_tenant() amqp_manager.create_tenant_vhost_and_user(tenant=default_tenant) admin_user = user_datastore.create_user( id=constants.BOOTSTRAP_ADMIN_ID, username=admin_username, password=hash_password(admin_password), roles=[admin_role] ) # User role assigned to admin user as a member of default tenant # This is the default role when adding a user is added to a tenant. # Anyway, `sys_admin` will be the effective role since is the system role. user_role = user_datastore.find_role(constants.DEFAULT_TENANT_ROLE) user_tenant_association = UserTenantAssoc( user=admin_user, tenant=default_tenant, role=user_role, ) admin_user.tenant_associations.append(user_tenant_association) user_datastore.commit() return default_tenant
def create_default_user_tenant_and_roles(admin_username, admin_password, amqp_manager, authorization_file_path): """ Create the bootstrap admin, the default tenant and the security roles, as well as a RabbitMQ vhost and user corresponding to the default tenant :return: The default tenant """ admin_role = _create_roles(authorization_file_path) default_tenant = _create_default_tenant() amqp_manager.create_tenant_vhost_and_user(tenant=default_tenant) admin_user = user_datastore.create_user( id=constants.BOOTSTRAP_ADMIN_ID, username=admin_username, password=encrypt_password(admin_password), roles=[admin_role]) # User role assigned to admin user as a member of default tenant # This is the default role when adding a user is added to a tenant. # Anyway, `sys_admin` will be the effective role since is the system role. user_role = user_datastore.find_role(constants.DEFAULT_TENANT_ROLE) user_tenant_association = UserTenantAssoc( user=admin_user, tenant=default_tenant, role=user_role, ) admin_user.tenant_associations.append(user_tenant_association) user_datastore.commit() return default_tenant
def authenticate(self, request): user = None auth = request.authorization token = user_handler.get_token_from_request(request) api_token = user_handler.get_api_token_from_request(request) if auth: # Basic authentication (User + Password) user = user_handler.get_user_from_auth(auth) user = self._authenticate_password(user, auth) elif token: # Token authentication user = self._authenticate_token(token) elif api_token: # API token authentication user, user_token_key = user_handler.extract_api_token(api_token) if not user or user.api_token_key != user_token_key: raise_unauthorized_user_error( 'API token authentication failed') elif self.okta_configured and \ current_app.okta.okta_saml_inside(request): user = user_handler.get_okta_user(request.data, logger=self.logger) if not user: raise_unauthorized_user_error('OKTA authentication failed') if not user: raise_unauthorized_user_error('No authentication info provided') self.logger.info('Authenticated user: {0}'.format(user)) user.last_login_at = datetime.now() user_datastore.commit() return user
def _update_admin_password(new_password): """Update the admin user's password.""" with setup_flask_app().app_context(): user = user_datastore.get_user('admin') user.password = hash_password(new_password) # Unlock account user.failed_logins_counter = 0 user_datastore.commit()
def _update_admin_password(new_password): """Update the admin user's password.""" with setup_flask_app().app_context(): config.instance.load_configuration() user = user_datastore.get_user('admin') user.password = hash_password(new_password) # Unlock account user.failed_logins_counter = 0 user.active = True user_datastore.commit()
def add_users_to_db(user_list): default_tenant = Tenant.query.get(DEFAULT_TENANT_ID) for user in user_list: role = user_datastore.find_role(user['role']) user_obj = user_datastore.create_user(username=user['username'], password=encrypt_password( user['password']), roles=[role]) user_obj.active = user.get('active', True) user_obj.tenants.append(default_tenant) user_datastore.commit()
def authenticate(self, request): user = self._internal_auth(request) is_bootstrap_admin = user and user.is_bootstrap_admin if self.external_auth \ and not is_bootstrap_admin \ and not self.token_based_auth: self.logger.debug('using external auth') user = user_handler.get_user_from_auth(request.authorization) user = self.external_auth.authenticate(request, user) if not user: raise_unauthorized_user_error('No authentication info provided') self.logger.info('Authenticated user: {0}'.format(user)) user.last_login_at = datetime.now() user_datastore.commit() return user
def create_default_user_tenant_and_roles(admin_username, admin_password): """Create the bootstrap admin, the default tenant and the security roles :return: The default tenant """ admin_role = _create_roles() default_tenant = _create_default_tenant() admin_user = user_datastore.create_user( id=constants.BOOTSTRAP_ADMIN_ID, username=admin_username, password=encrypt_password(admin_password), roles=[admin_role]) admin_user.tenants.append(default_tenant) user_datastore.commit() return default_tenant
def add_users_to_db(user_list): default_tenant = Tenant.query.get(DEFAULT_TENANT_ID) for user in user_list: role = user_datastore.find_role(user['role']) user_obj = user_datastore.create_user(username=user['username'], password=hash_password( user['password']), roles=[role]) default_tenant_role = user_datastore.find_role(DEFAULT_TENANT_ROLE) user_obj.active = user.get('active', True) user_tenant_association = UserTenantAssoc( user=user_obj, tenant=default_tenant, role=default_tenant_role, ) user_obj.tenant_associations.append(user_tenant_association) user_datastore.commit()
def authenticate(self, request): auth = request.authorization token = user_handler.get_token_from_request(request) api_token = user_handler.get_api_token_from_request(request) if auth: # User + Password authentication user = user_handler.get_user_from_auth(auth) user = self._authenticate_password(user, auth) elif token: # Token authentication user = self._authenticate_token(token) elif api_token: # API token authentication user, user_token_key = user_handler.extract_api_token(api_token) if not user or user.api_token_key != user_token_key: raise_unauthorized_user_error( 'API token authentication failed') else: raise_unauthorized_user_error('No authentication ' 'info provided') user.last_login_at = datetime.now() user_datastore.commit() return user
def create_default_user_tenant_and_roles(admin_username, admin_password, amqp_manager): """ Create the bootstrap admin, the default tenant and the security roles, as well as a RabbitMQ vhost and user corresponding to the default tenant :return: The default tenant """ admin_role = _create_roles() default_tenant = _create_default_tenant() amqp_manager.create_tenant_vhost_and_user(tenant=default_tenant) admin_user = user_datastore.create_user( id=constants.BOOTSTRAP_ADMIN_ID, username=admin_username, password=encrypt_password(admin_password), roles=[admin_role] ) admin_user.tenants.append(default_tenant) user_datastore.commit() return default_tenant
def create_status_reporter_user_and_assign_role(username, password, role, user_id): """Creates a user and assigns its given role. """ user = user_datastore.create_user(username=username, password=hash_password(password), roles=[role], id=user_id) default_tenant = Tenant.query.filter_by( id=constants.DEFAULT_TENANT_ID).first() reporter_role = user_datastore.find_role(role) if not reporter_role: raise NotFoundError("The username \"{0}\" cannot have the role \"{1}\"" " as the role doesn't exist" "".format(username, role)) user_tenant_association = UserTenantAssoc( user=user, tenant=default_tenant, role=reporter_role, ) user.tenant_associations.append(user_tenant_association) user_datastore.commit() return user
def authenticate(self, request): user = self._internal_auth(request) is_bootstrap_admin = user and user.is_bootstrap_admin if self.external_auth_configured \ and not is_bootstrap_admin \ and not self.token_based_auth: self.logger.debug('using external auth') user = user_handler.get_user_from_auth(request.authorization) response = self.external_auth.authenticate(request, user) if isinstance(response, Response): return response user = response if not user: raise_unauthorized_user_error('No authentication info provided') self.logger.debug('Authenticated user: {0}'.format(user)) if request.authorization: # Reset the counter only when using basic authentication # (User + Password), otherwise the counter will be reset on # every UI refresh (every 4 sec) and accounts won't be locked. user.failed_logins_counter = 0 user.last_login_at = datetime.now() user_datastore.commit() return user
def _update_admin_password(new_password): adm = user_datastore.get_user('admin') if verify_password(new_password, adm.password): # no change return adm.password = hash_password(new_password) user_datastore.commit()
def _increment_failed_logins_counter(user): user.last_failed_login_at = datetime.now() user.failed_logins_counter += 1 user_datastore.commit()
def _increment_failed_logins_counter(user): user.last_failed_login_at = datetime.now() user.failed_logins_counter += 1 user_datastore.commit()