def add_user(username: Optional[str] = None, email: Optional[str] = None, password: Optional[str] = None) -> None: """ Create the admin user. If user already exists, the process will ignore the error. :param username: airflow admin ui's username :param email: email of admin :param password: admin's password """ user = PasswordUser(models.User()) user.username = username if username else os.environ[ AIRFLOW_WEBSERVER_USER_ENV_VAR] user.email = email if email else os.environ[AIRFLOW_WEBSERVER_EMAIL_ENV_VAR] user.password = password if password else os.environ[ AIRFLOW_WEBSERVER_PASSWORD_ENV_VAR] session = settings.Session() try: session.add(user) session.commit() except IntegrityError as error_object: print(error_object) finally: session.close()
def create_superuser(): """ Creates a superuser (admin level) for accessing the web UI for Airflow :return: None """ # get path to config file relative to this file current_dir = os.path.dirname(__file__) filepath = os.path.join(current_dir, 'config.ini') # read config.ini file config = ConfigParser() config.read(filepath) # create User object user = PasswordUser(models.User()) user.username = config['web_authentication']['username'] user.email = config['web_authentication']['email'] user.password = config['web_authentication']['password'] user.superuser = True # Add user to Airflow session session = settings.Session() session.add(user) session.commit() session.close()
def create_user(username: str, password: str, email: str, is_superuser: bool = True): """ Method to create Airflow user :param username: (str) - Airflow User name :param password: (str) - Airflow Password :param email: (str) - Email of the user :param is_superuser: (str) - Is super user - True/False Note: Modified date: 10-04-2021 Author: TB """ user = PasswordUser(models.User()) user.username = username user.email = email user.password = password user.superuser = is_superuser session = settings.Session() session.add(user) session.commit() session.close()
def create_admin_user(admin_user): """ Create a user in Airflow metadata database to allow login with password_auth backend. :param admin_user: User properties as dictionary. :return: Job done. """ print('Creating admin user...') user = PasswordUser(models.User()) user.username = admin_user['username'] user.password = admin_user['password'] user.email = admin_user['email'] session = settings.Session() try: existing = session.query( models.User).filter_by(username=user.username).first() if not existing: session.add(user) session.commit() print('\tCREATED: Admin user %s' % user.username) else: print('\tSKIPPED: Admin user %s already exists' % user.username) finally: session.close()
def load_request(self, request): ''' Reads the header field that has already been verified on the nginx side by google auth. Header field is specified by setting the environment variable AIRFLOW_PROXIED_AUTH_HEADER or else it's defaulted to X-Email. ''' session = settings.Session() header_field = os.getenv('AIRFLOW_PROXIED_AUTH_HEADER', 'X-Email') user_email = request.headers.get(header_field) # this shouldn't happen since nginx should take care of it! if user_email is None: raise AuthenticationError( 'Airflow failed to get fields from request header') # insert user into database if doesn't exist user = session.query(models.User).filter( models.User.username == user_email).first() if not user: user = models.User( username=user_email, is_superuser=True) session.merge(user) session.commit() session.close() return ProxiedUser(user)
def login(self, request): if current_user.is_authenticated: flash("You are already logged in") return redirect(url_for('index')) if 'Authorization' not in request.headers: flash("Missing authorization header") return redirect(url_for('airflow.noaccess')) jwt_bearer = request.headers.get('Authorization') try: authenticate(jwt_bearer) encoded_jwt = jwt_bearer.split(' ')[1].strip() decoded_jwt = decode_jwt(encoded_jwt) username = decoded_jwt[JWT_SUBJECT_KEY] log.debug("Subject is: {}".format(username)) user = models.User(id=username, username=username, is_superuser=False) flask_login.login_user(JWTUser(user), force=True) return redirect(request.args.get("next") or url_for("admin.index")) except AuthenticationError: flash("Invalid JWT") return redirect(url_for('airflow.noaccess'))
def login(u): session = settings.Session() role = 'airpal_topsecret.engineering.airbnb.com' if 'X-Internalauth-Username' not in request.headers: return redirect(url_for('airflow.noaccess')) username = request.headers.get('X-Internalauth-Username') has_access = role in request.headers.get('X-Internalauth-Groups') d = {k: v for k, v in request.headers} cookie = urllib2.unquote(d.get('Cookie', '')) mailsrch = re.compile(r'[\w\-][\w\-\.]+@[\w\-][\w\-\.]+[a-zA-Z]{1,4}') res = mailsrch.findall(cookie) email = res[0] if res else '' if has_access: user = session.query( models.User).filter(models.User.username == username).first() if not user: user = models.User(username=username) user.email = email session.merge(user) session.commit() flask_login.login_user(user) session.commit() session.close() return redirect(request.args.get("next") or url_for("index")) return redirect('/')
def create_user(username, password, email): # This import depends on flask_bcrypt # You should get it via installation of: 'apache-airflow[google_auth]' # More info: http://airflow.apache.org/docs/stable/security.html from airflow.contrib.auth.backends.password_auth import PasswordUser from airflow import models from airflow.settings import Session # Create user for experimental api users session = Session() print("sql_alchemy_conn: %s" % str(session.bind)) try: user = ( session.query(PasswordUser) .filter(PasswordUser.username == username) .one_or_none() ) if not user: user = PasswordUser(models.User()) user.username = username user.password = password user.email = email session.add(user) session.commit() session.close() print("User %s created successfully." % username) except Exception as e: print("Could not create user. %s" % e)
def oauth_callback(self): _log.debug('GHE OAuth callback called') next_url = request.args.get('next') or url_for('admin.index') resp = self.ghe_oauth.authorized_response() try: if resp is None: raise AuthenticationError( 'Null response from GHE, denying access.') ghe_token = resp['access_token'] username, email = self.get_ghe_user_profile_info(ghe_token) except AuthenticationError: return redirect(url_for('airflow.noaccess')) session = settings.Session() user = session.query( models.User).filter(models.User.username == username).first() if not user: user = models.User(username=username, email=email, is_superuser=False) session.merge(user) session.commit() login_user(KeyCloakUser(user)) session.commit() session.close() return redirect(next_url)
def create_account(name, password): user = PasswordUser(models.User()) user.username = name user.password = password session = settings.Session() session.add(user) session.commit() session.close()
def add_user(username, email, password): user = PasswordUser(models.User()) user.username = username user.email = email user.password = password session = settings.Session() session.add(user) session.commit() session.close()
def create_user(): user = PasswordUser(models.User()) user.username = '******' user.email = '*****@*****.**' user.password = '******' session = settings.Session() session.add(user) session.commit() session.close()
def userSetUp(apiUser, apiPassword): session = Session() user = models.User() password_user = PasswordUser(user) password_user.username = apiUser password_user.password = apiPassword session.add(password_user) session.commit() session.close()
def setUpClass(cls): super(TestVarImportView, cls).setUpClass() session = Session() session.query(models.User).delete() session.commit() user = models.User(username='******') session.add(user) session.commit() session.close()
def make_user(username, email): user = PasswordUser(models.User()) user.username = username user.email = email user.superuser = True user.password = click.prompt("Password") session = settings.Session() session.add(user) session.commit() session.close()
def generate_admin_user(password): """ Creates the new Airflow admin user. """ user = PasswordUser(models.User()) user.username = '******' user.email = get_email_address() user.password = password user.superuser = True return user
def login(self, request, session=None): user = session.query( models.User).filter(models.User.username == DEFAULT_USERNAME).first() if not user: user = models.User(username=DEFAULT_USERNAME, is_superuser=True) session.merge(user) session.commit() flask_login.login_user(DefaultUser(user)) session.commit() return redirect(request.args.get("next") or url_for("index"))
def login(self, request): if current_user.is_authenticated(): flash("You are already logged in") return redirect(url_for('admin.index')) username = None password = None form = LoginForm(request.form) if request.method == 'POST' and form.validate(): username = request.form.get("username") password = request.form.get("password") if not username or not password: return self.render('airflow/login.html', title="Airflow - Login", form=form) try: LdapUser.try_login(username, password) log.info("User %s successfully authenticated", username) session = settings.Session() user = session.query( models.User).filter(models.User.username == username).first() if not user: user = models.User(username=username, is_superuser=False) session.merge(user) session.commit() ldap_user = LdapUser(user) if not ldap_user.is_superuser(): flash("Airflow UI temporarily enabled only to admins") log.info("Disallowed login for user %s (non-admin)", username) return self.render('airflow/login.html', title="Airflow - Login", form=form) flask_login.login_user(ldap_user) session.commit() session.close() return redirect(request.args.get("next") or url_for("admin.index")) except (LdapException, AuthenticationError) as e: if type(e) == LdapException: flash(e, "error") else: flash("Incorrect login details") return self.render('airflow/login.html', title="Airflow - Login", form=form)
def setUpClass(cls): super(TestKnownEventView, cls).setUpClass() session = Session() session.query(models.KnownEvent).delete() session.query(models.User).delete() session.commit() user = models.User(username='******') session.add(user) session.commit() cls.user_id = user.id session.close()
def setUp(self): self.app = application.create_app(testing=True) session = Session() user = models.User() password_user = PasswordUser(user) password_user.username = '******' password_user.password = '******' session.add(password_user) session.commit() session.close()
def main(): print(">>>> create airflow user...") user = PasswordUser(models.User()) user.username = '******' user.email = '*****@*****.**' user.password = '******' session = settings.Session() session.add(user) session.commit() session.close() print(">>>> create airflow user OK : user_id : user, password : 123")
def oauth_callback(self, session=None): log.debug('OAuth callback called') next_url = request.args.get('state') or url_for('admin.index') if get_config_param('base_url') in next_url: next_url = url_for('admin.index') resp = self.oauth.authorized_response() try: if resp is None: raise AuthenticationError( 'Null response from OAuth service, denying access.' ) access_token = resp['access_token'] user_info = self.get_user_profile_info(access_token) username_key = get_config_param("username_key") email_key = get_config_param("email_key") username = self.dict_get(user_info, username_key) email = self.dict_get(user_info, email_key) authorized, superuser = self.authorize(resp, user_info) except AuthenticationError: return redirect(url_for('airflow.noaccess')) user = session.query(models.User).filter( models.User.username == username).first() if not authorized: if user: session.delete(user) session.commit() return redirect(url_for('airflow.noaccess')) if not user: user = models.User( username=username, email=email, superuser=superuser) user.superuser = superuser session.merge(user) session.commit() login_user(OAuthUser(user)) session.commit() return redirect(next_url)
def login(self, request): session = settings.Session() user = session.query( models.User).filter(models.User.username == DEFAULT_USERNAME).first() if not user: user = models.User(username=DEFAULT_USERNAME, is_superuser=True) session.merge(user) session.expunge_all() session.commit() session.close() flask_login.login_user(user) return redirect(request.args.get("next") or url_for("index"))
def create(self): """ create user """ user = PasswordUser(models.User()) user.username = self.params.get('name') user.email = self.params.get('email') user.password = self.params.get('password') session = settings.Session() session.add(user) session.commit() session.close()
def create_user(username, password, email): """This programm creates users for airflow.""" user = PasswordUser(models.User()) user.username = username user.email = email user.password = password session = settings.Session() session.add(user) session.commit() session.close() click.echo(f'Account {username} created successfully!')
def set_user(username, password): print('Creating user {0}...'.format(username)) user = PasswordUser(models.User()) user.username = username user.password = password session = settings.Session() session.add(user) session.commit() session.close() print('Done.') exit()
def add_default_user(session=None): from airflow import models from airflow.contrib.auth.backends.password_auth import PasswordUser user = PasswordUser(models.User()) user.username = '******' user.email = '*****@*****.**' user.password = '******' user.superuser = True session.add(user) session.commit()
def create_user(opts): from airflow.contrib.auth.backends.password_auth import PasswordUser from airflow import models, settings u = PasswordUser(models.User()) u.username = opts['username'] u.email = opts['email'] u._set_password = opts['password'] s = settings.Session() s.add(u) s.commit() s.close()
def login(self, request): if current_user.is_authenticated: flash("You are already logged in") return redirect(url_for('admin.index')) username = None password = None form = LoginForm(request.form) if request.method == 'POST' and form.validate(): username = request.form.get("username") password = request.form.get("password") if not username or not password: return self.render('airflow/login.html', title="Airflow - Login", form=form) try: LdapUser.try_login(username, password) LOG.info("User %s successfully authenticated", username) session = settings.Session() user = session.query( models.User).filter(models.User.username == username).first() if not user: mail = LdapUser.user_mail(username) is_admin = LdapUser.is_admin(username) user = models.User(username=username, email=mail, superuser=is_admin) session.add(user) session.commit() session.merge(user) flask_login.login_user(LdapUser(user)) session.commit() session.close() return redirect(request.args.get("next") or url_for("admin.index")) except (LdapException, AuthenticationError) as e: if type(e) == LdapException: flash(e, "error") else: flash("Incorrect login details") return self.render('airflow/login.html', title="Airflow - Login", form=form)
def createuser(): userdata = json.loads(request.data) username = userdata.get('user') or '' email = userdata.get('email') or '' password = userdata.get('password') or username + '123' superuser = userdata.get('superuser') or False if not superuser: superuser = 0 else: superuser = 1 data = {} try: if not username: data['status'] = '200' data[ 'message'] = "Username has missed, unable to create user in Airflow server" return jsonify(data) session = settings.Session() user = session.query( models.User).filter(models.User.username == username).first() if user: user.superuser = superuser session.commit() data['status'] = '200' data['message'] = 'SuperUser status is updated successfully!' else: user = PasswordUser(models.User()) user.username = username user.email = email user.password = password user.superuser = superuser session.add(user) session.commit() data['status'] = '200' data['message'] = "User Created successfully!" except Exception as e: data['status'] = '400' data['message'] = e.message return jsonify(data)