def ensure_user(self, username, is_active=True, first_name=None, last_name=None, email=None, **kwargs): from noc.aaa.models.user import User changed = False try: u = User.objects.get(username=username) except User.DoesNotExist: self.logger.info("Creating local user %s", username) u = User(username=username, is_active=is_active) u.set_unusable_password() changed = True for k, v in [ ("is_active", is_active), ("first_name", first_name), ("last_name", last_name), ("email", email), ]: cv = getattr(u, k) if cv != v and v is not None: self.logger.info("Changing user %s %s: %s -> %s", username, k, cv, v) setattr(u, k, v) changed = True # Check changes if changed: u.save() return u
def handle_add(self, *args, **options): if "username" not in options: raise CommandError("Username is not set") if "email" not in options: raise CommandError("Email is not set") if "pwgen" in options: passwd = "".join( random.choice(self.pwset) for _ in range(self.PWLEN)) else: passwd = None if not passwd: raise CommandError("Password is not set") permissions = set() if not options.get("template"): raise CommandError("template permission not set") for t in options["template"]: if t not in self.TEMPLATES: raise CommandError("Invalid template '%s'" % t) permissions.update(self.TEMPLATES[t]) if not permissions: raise CommandError("No permissions set") # Create user u = User(username=options["username"], email=options["email"], is_active=True) u.set_password(passwd) u.save() for p in permissions: try: perm = Permission.objects.get(name=p) except Permission.DoesNotExist: perm = Permission(name=p) perm.save() perm.users.add(u) print(passwd)
def get_current_user(remote_user: Optional[str] = Header(None, alias="Remote-User")) -> User: """ Get request current user :param remote_user: :return: """ if not remote_user: raise HTTPException(403, "Not authorized") user = User.get_by_username(remote_user) if not user: raise HTTPException(403, "Not authorized") if not user.is_active: raise HTTPException(403, "Not authorized") return user
def get_user_scope( scopes: SecurityScopes, remote_user: Optional[str] = Header(None, alias="Remote-User") ) -> User: """ Get request current user, when having scope access :param scopes: :param remote_user: :return: """ if not remote_user: raise HTTPException(403, "Not authorized") user = User.get_by_username(remote_user) if not user: raise HTTPException(403, "Not authorized") if not user.is_active: raise HTTPException(403, "Not authorized") # @todo: Check user's active scopes against {scopes.scopes} return user
def authenticate(self, handler, credentials): """ Authenticate user. Returns True when user is authenticated """ c = credentials.copy() for f in self.HIDDEN_FIELDS: if f in c: c[f] = "***" le = "No active auth methods" for method in self.iter_methods(): bc = BaseAuthBackend.get_backend(method) if not bc: self.logger.error("Cannot initialize backend '%s'", method) continue backend = bc(self) self.logger.info("Authenticating credentials %s using method %s", c, method) try: user = backend.authenticate(**credentials) metrics["auth_try", ("method", method)] += 1 except backend.LoginError as e: self.logger.info("[%s] Login Error: %s", method, smart_text(e)) metrics["auth_fail", ("method", method)] += 1 le = smart_text(e) continue self.logger.info("Authorized credentials %s as user %s", c, user) metrics["auth_success", ("method", method)] += 1 # Set cookie handler.set_secure_cookie("noc_user", user, expires_days=config.login.session_ttl, httponly=True, secure=True) # Register last login if config.login.register_last_login: u = User.get_by_username(user) if u: u.register_login() return True self.logger.error("Login failed for %s: %s", c, le) return False
def getter(): u = User.get_by_username(user) if not u: metrics["error", ("type", "user_not_found")] += 1 return u