def post(self, username, org): """ Create a session for the user. """ parser = reqparse.RequestParser() parser.add_argument('password', type=str, required=True, help='PBKDF2 hash of the user\'s password using ' + '"user@org" as the salt and count=10000') args = parser.parse_args() try: if AuthDB.userExists(org, username): if AuthDB.validatePassword(org, username, args['password']): sessionId = AuthDB.createUserSession(org, username) sessionKey = AuthDB.createUserSessionKey(org, username, sessionId) if sessionId and sessionKey: return {'message': 'Session created', 'id': str(sessionId), 'key': sessionKey} else: return {'message': 'Failed to open session'}, 500 else: return {'message': 'Password authentication failed for "%s@%s".' % (username, org)}, 400 else: return {'message': 'Cannot open session for invalid user "%s@%s".' % (username, org)}, 404 except Exception as e: log.critical("Error in Sessions.post: %s" % (e,))
def post(self, username, org): parser = reqparse.RequestParser() parser.add_argument('resetid', type=str, required=True, help='ResetID of the reset request') parser.add_argument('password', type=str, required=True, help='New password equivelent created from the ' + 'output of the pbkdf2 function salted with ' + '"username@org" and a count of 100000') args = parser.parse_args() if AuthDB.userExists(org, username): if AuthDB.validatePasswordReset(org, username, args['resetid']): try: salt = passwordutils.generateSalt() passwordHash = passwordutils.hashPassword( args['password'], salt, algo='argon2', params={'t': 5}) AuthDB.setPassword(org, username, passwordHash, salt) except Exception as e: log.error('Exeption in CompletePasswordReset Post: %s' % (e,)) return {'message': 'Error changing password for "%s"@"%s"' % (username, org)}, 500 finally: AuthDB.deletePasswordReset(org, username) return {'message': 'Password updated for "%s"@"%s".' % (username, org)}, 200 else: return {'message': 'Cannot change password for "%s"@"%s". ' % (username, org) + 'Invalid or expired resetid'}, 400 else: return {'message': 'Cannot change password for invalid user "%s"@"%s"' % (username, org)}, 400
def post(self, username, org): try: if AuthDB.userExists(org, username): resetid = AuthDB.createPasswordReset(org, username) if resetid: # TODO: Email ResetID return {'Message': 'Password reset for "%s"@"%s"' % (username, org)}, 200 else: return {'Message': 'Unable to reset password for "%s"@"%s"' % (username, org)}, 500 else: return {'Message': 'Cannot reset password for invalid user "%s"@"%s"' % (username, org)}, 400 except Exception as e: log.error('Exception in PasswordReset.Post: %s' % (e,)) return {'ServerError': 500, 'Message': 'There was an error fulfiling your request'}, 500
def post(self): parser = reqparse.RequestParser() parser.add_argument('username', type=str, required=True, help='Username') parser.add_argument('org', type=str, required=True, help='Org for user membership') parser.add_argument('email', type=str, required=True, help='Email address for user') parser.add_argument('parentuser', type=str, required=False, help='Parent user in form of user@org', default=None) parser.add_argument('key', type=str, required=False, help='Valid session key of parentuser', default=None, location=['headers', 'form', 'args']) args = parser.parse_args() parentusername, parentuserorg = '', '' try: parentusername, parentuserorg = args['parentuser'].split('@') except: pass if args['key'] is not None: sessionValid, sessionUser, sessionOrg = \ AuthDB.validateSessionKey(args['key']) else: sessionValid, sessionUser, sessionOrg = (False, '', '') try: if not AuthDB.userExists(args['org'], args['username']): regOpen = AuthDB.getOrgSetting(args['org'], 'registrationOpen').current_rows if len(regOpen) == 0 or regOpen[0].value == 0: return {'Message': 'Cannot create user "%s@%s". Organization is ' % (args['username'], args['org']) + 'closed for registrations or does not exist.'}, 400 elif (args['parentuser'] is not None and (len(parentusername) == 0 or len(parentuserorg) == 0 or not AuthDB.userExists(parentuserorg, parentusername))): return {'Message': 'Cannot create user "%s@%s". ' % (args['username'], args['org']) + 'Parent user "%s" does not exist.' % (args['parentuser'],)}, 400 elif (args['parentuser'] is not None and args['key'] is None): return {'Message': 'Cannot create user "%s@%s". ' % (args['username'], args['org']) + 'Must provide valid session key for "%s" ' % (args['parentuser'],)}, 401 elif (args['parentuser'] is not None and not (sessionValid and sessionUser == parentusername and sessionOrg == parentuserorg)): return {'Message': 'Cannot create user "%s@%s". ' % (args['username'], args['org']) + 'Session key not valid for parent user "%s".' % (args['parentuser'],)}, 403 else: AuthDB.createUser(args['org'], args['username'], args['email'], args['parentuser'], ConsistencyLevel.QUORUM) else: return {'Message': 'Cannot create user "%s@%s", as it already exists.' % (args['username'], args['org'])}, 400 except Exception as e: log.error('Exception in Users.Post: %s' % (e,)) return {'ServerError': 500, 'Message': 'There was an error fulfiling your request'}, 500 return {'Message': 'User "%s@%s" created.' % (args['username'], args['org'])}