def change_user_keys(geniuser, pubkey=None):
"""
<Purpose>
Sets a new public/private key for the user and initiates the change
of user keys on all vessels the user has access to. If pubkey is
provided, that is used as the user's new pubkey. If pubkey is not
provided, a new public/private keypair is generated for the user.
<Arguments>
geniuser
A GeniUser object of the user whose keys are to be updated.
<Exceptions>
ValidationError
If the pubkey is provided and is invalid.
<Side Effects>
The public and private keys of the user are replaced in the database with
new keys (if pubkey was provided, the private key in the database will
be empty, otherwise it will be the generated private key). All vessels the
user has access to are marked as needing to have their user keys sync'd.
<Returns>
None
"""
assert_geniuser(geniuser)
if pubkey is not None:
validations.validate_pubkey_string(pubkey)
# Lock the user.
lockserver_handle = lockserver.create_lockserver_handle()
lockserver.lock_user(lockserver_handle, geniuser.username)
try:
# Make sure the user still exists now that we hold the lock. Also makes
# sure that we see any changes made to the user before we obtained the lock.
# We don't use the user object we retrieve because we want the
# object passed in to the function to reflect changes we make to the object.
try:
maindb.get_user(geniuser.username)
except DoesNotExistError:
raise InternalError(traceback.format_exc())
# Get a key pair from the keygen api if the user didn't supply their own pubkey.
if pubkey is None:
(pubkey, privkey) = keygen.generate_keypair()
else:
privkey = None
maindb.set_user_keys(geniuser, pubkey, privkey)
# Now we need to find all of the vessels the user has access to and set
# them to have their user keys updated by the backend.
vessel_list = maindb.get_vessels_accessible_by_user(geniuser)
if vessel_list:
vessels.flag_vessels_for_user_keys_sync(lockserver_handle,
vessel_list)
finally:
# Unlock the user.
lockserver.unlock_user(lockserver_handle, geniuser.username)
lockserver.destroy_lockserver_handle(lockserver_handle)
def change_user_keys(geniuser, pubkey=None):
"""
<Purpose>
Sets a new public/private key for the user and initiates the change
of user keys on all vessels the user has access to. If pubkey is
provided, that is used as the user's new pubkey. If pubkey is not
provided, a new public/private keypair is generated for the user.
<Arguments>
geniuser
A GeniUser object of the user whose keys are to be updated.
<Exceptions>
ValidationError
If the pubkey is provided and is invalid.
<Side Effects>
The public and private keys of the user are replaced in the database with
new keys (if pubkey was provided, the private key in the database will
be empty, otherwise it will be the generated private key). All vessels the
user has access to are marked as needing to have their user keys sync'd.
<Returns>
None
"""
assert_geniuser(geniuser)
if pubkey is not None:
validations.validate_pubkey_string(pubkey)
# Lock the user.
lockserver_handle = lockserver.create_lockserver_handle()
lockserver.lock_user(lockserver_handle, geniuser.username)
try:
# Make sure the user still exists now that we hold the lock. Also makes
# sure that we see any changes made to the user before we obtained the lock.
# We don't use the user object we retrieve because we want the
# object passed in to the function to reflect changes we make to the object.
try:
maindb.get_user(geniuser.username)
except DoesNotExistError:
raise InternalError(traceback.format_exc())
# Get a key pair from the keygen api if the user didn't supply their own pubkey.
if pubkey is None:
(pubkey, privkey) = keygen.generate_keypair()
else:
privkey = None
maindb.set_user_keys(geniuser, pubkey, privkey)
# Now we need to find all of the vessels the user has access to and set
# them to have their user keys updated by the backend.
vessel_list = maindb.get_vessels_accessible_by_user(geniuser)
if vessel_list:
vessels.flag_vessels_for_user_keys_sync(lockserver_handle, vessel_list)
finally:
# Unlock the user.
lockserver.unlock_user(lockserver_handle, geniuser.username)
lockserver.destroy_lockserver_handle(lockserver_handle)
def clean(self,value,initial):
forms.FileField.clean(self,value,initial)
if value is None:
return None
if value.size > MAX_PUBKEY_UPLOAD_SIZE:
raise forms.ValidationError, "Public key too large, file size limit is " + str(MAX_PUBKEY_UPLOAD_SIZE) + " bytes"
# get the pubkey out of the uploaded file
pubkey = value.read()
try:
validations.validate_pubkey_string(pubkey)
except ValidationError, err:
raise forms.ValidationError, str(err)
def clean(self,value,initial):
forms.FileField.clean(self,value,initial)
if value is None:
return None
if value.size > MAX_PUBKEY_UPLOAD_SIZE:
raise forms.ValidationError, "Public key too large, file size limit is " + str(MAX_PUBKEY_UPLOAD_SIZE) + " bytes"
# get the pubkey out of the uploaded file
pubkey = value.read()
try:
validations.validate_pubkey_string(pubkey)
except ValidationError, err:
raise forms.ValidationError, str(err)
def change_key(request):
try:
user = _validate_and_get_geniuser(request)
except LoggedInButFailedGetGeniUserError:
return _show_failed_get_geniuser_page(request)
info = ""
if request.method == 'GET':
return render_to_response('control/change_key.html',
{'username' : user.username,
'error_msg' : ""},
context_instance=RequestContext(request))
# This is a POST, so figure out if a file was uploaded or if we are supposed
# to generate a new key for the user.
if request.POST.get('generate', False):
interface.change_user_keys(user, pubkey=None)
msg = "Your new keys have been generated. You should download them now."
return profile(request, msg)
else:
file = request.FILES.get('pubkey', None)
if file is None:
msg = "You didn't select a public key file to upload."
return profile(request, info, msg)
if file.size == 0 or file.size > forms.MAX_PUBKEY_UPLOAD_SIZE:
msg = "Invalid file uploaded. The file size limit is "
msg += str(forms.MAX_PUBKEY_UPLOAD_SIZE) + " bytes."
return profile(request, info, msg)
pubkey = file.read()
try:
validations.validate_pubkey_string(pubkey)
except ValidationError:
msg = "Invalid public key uploaded."
return profile(request, info, msg)
# If we made it here, the uploaded key is good.
interface.change_user_keys(user, pubkey=pubkey)
msg = "Your public key has been successfully changed."
return profile(request, msg)
def change_key(request):
try:
user = _validate_and_get_geniuser(request)
except LoggedInButFailedGetGeniUserError:
return _show_failed_get_geniuser_page(request)
info = ""
if request.method == 'GET':
return render_to_response('control/change_key.html',
{'username' : user.username,
'error_msg' : ""},
context_instance=RequestContext(request))
# This is a POST, so figure out if a file was uploaded or if we are supposed
# to generate a new key for the user.
if request.POST.get('generate', False):
interface.change_user_keys(user, pubkey=None)
msg = "Your new keys have been generated. You should download them now."
return profile(request, msg)
else:
file = request.FILES.get('pubkey', None)
if file is None:
msg = "You didn't select a public key file to upload."
return profile(request, info, msg)
if file.size == 0 or file.size > forms.MAX_PUBKEY_UPLOAD_SIZE:
msg = "Invalid file uploaded. The file size limit is "
msg += str(forms.MAX_PUBKEY_UPLOAD_SIZE) + " bytes."
return profile(request, info, msg)
pubkey = file.read()
try:
validations.validate_pubkey_string(pubkey)
except ValidationError:
msg = "Invalid public key uploaded."
return profile(request, info, msg)
# If we made it here, the uploaded key is good.
interface.change_user_keys(user, pubkey=pubkey)
msg = "Your public key has been successfully changed."
return profile(request, msg)
def register_user(username, password, email, affiliation, pubkey=None):
"""
<Purpose>
Creates a user record with the specified information and sets any additional
information necessary for the user record to be complete.
<Arguments>
username
password
email
affiliation
pubkey
Optional. A string. If not provided, a key pair will be generated for this user.
<Exceptions>
UsernameAlreadyExistsError
If there is already a user with the specified username.
ValidationError
If any of the arguments contains invalid values or if the username is the
same as the password.
<Side Effects>
The user record in the django db is created as well as a user record in the
corresponding user profile table that stores our custom information. A port
will be assigned to the user and the user's donation keys will be set.
<Returns>
GeniUser instance (our GeniUser model, not the django User) corresponding to the
newly registered user.
"""
# If the frontend code that called this function wants to know which field
# is invalid, it must call the validation functions itself before making the
# call to register_user().
# These will raise a ValidationError if any of the fields are invalid.
# These ensure that the data is of the correct type (e.g. a string) as well as
# that we like the content of the variable.
validations.validate_username(username)
validations.validate_password(password)
validations.validate_username_and_password_different(username, password)
validations.validate_email(email)
validations.validate_affiliation(affiliation)
if pubkey is not None:
validations.validate_pubkey_string(pubkey)
# Lock the user.
lockserver_handle = lockserver.create_lockserver_handle()
lockserver.lock_user(lockserver_handle, username)
try:
# Ensure there is not already a user with this username.
try:
# Raises a DoesNotExistError if the user doesn't exist.
maindb.get_user(username)
raise UsernameAlreadyExistsError
except DoesNotExistError:
# This is what we wanted: the username isn't already taken.
pass
# Get a key pair from the keygen api if the user didn't supply their own pubkey.
if pubkey is None:
(pubkey, privkey) = keygen.generate_keypair()
else:
privkey = None
# Generate a donor key for this user. This is done through the backend
# as the private key must be stored in the keydb, which the website cannot
# directly access.
keydescription = "donor:" + username
donor_pubkey = backend.generate_key(keydescription)
# Create the user record.
geniuser = maindb.create_user(username, password, email, affiliation, pubkey, privkey, donor_pubkey)
finally:
# Unlock the user.
lockserver.unlock_user(lockserver_handle, username)
lockserver.destroy_lockserver_handle(lockserver_handle)
return geniuser
def register_user(username, password, email, affiliation, pubkey=None):
"""
<Purpose>
Creates a user record with the specified information and sets any additional
information necessary for the user record to be complete.
<Arguments>
username
password
email
affiliation
pubkey
Optional. A string. If not provided, a key pair will be generated for this user.
<Exceptions>
UsernameAlreadyExistsError
If there is already a user with the specified username.
ValidationError
If any of the arguments contains invalid values or if the username is the
same as the password.
<Side Effects>
The user record in the django db is created as well as a user record in the
corresponding user profile table that stores our custom information. A port
will be assigned to the user and the user's donation keys will be set.
<Returns>
GeniUser instance (our GeniUser model, not the django User) corresponding to the
newly registered user.
"""
# If the frontend code that called this function wants to know which field
# is invalid, it must call the validation functions itself before making the
# call to register_user().
# These will raise a ValidationError if any of the fields are invalid.
# These ensure that the data is of the correct type (e.g. a string) as well as
# that we like the content of the variable.
validations.validate_username(username)
validations.validate_password(password)
validations.validate_username_and_password_different(username, password)
validations.validate_email(email)
validations.validate_affiliation(affiliation)
if pubkey is not None:
validations.validate_pubkey_string(pubkey)
# Lock the user.
lockserver_handle = lockserver.create_lockserver_handle()
lockserver.lock_user(lockserver_handle, username)
try:
# Ensure there is not already a user with this username.
try:
# Raises a DoesNotExistError if the user doesn't exist.
maindb.get_user(username)
raise UsernameAlreadyExistsError
except DoesNotExistError:
# This is what we wanted: the username isn't already taken.
pass
# Get a key pair from the keygen api if the user didn't supply their own pubkey.
if pubkey is None:
(pubkey, privkey) = keygen.generate_keypair()
else:
privkey = None
# Generate a donor key for this user. This is done through the backend
# as the private key must be stored in the keydb, which the website cannot
# directly access.
keydescription = "donor:" + username
donor_pubkey = backend.generate_key(keydescription)
# Create the user record.
geniuser = maindb.create_user(username, password, email, affiliation, pubkey, privkey, donor_pubkey)
finally:
# Unlock the user.
lockserver.unlock_user(lockserver_handle, username)
lockserver.destroy_lockserver_handle(lockserver_handle)
return geniuser