async def revoke_user(
self,
organization_id: OrganizationID,
user_id: UserID,
revoked_user_certificate: bytes,
revoked_user_certifier: DeviceID,
revoked_on: pendulum.Pendulum = None,
) -> None:
org = self._organizations[organization_id]
try:
user = org.users[user_id]
except KeyError:
raise UserNotFoundError(user_id)
if user.revoked_on:
raise UserAlreadyRevokedError()
org.users[user_id] = user.evolve(
revoked_on=revoked_on or pendulum.now(),
revoked_user_certificate=revoked_user_certificate,
revoked_user_certifier=revoked_user_certifier,
)
if user.human_handle:
del org.human_handle_to_user_id[user.human_handle]
await self._send_event("user.revoked",
organization_id=organization_id,
user_id=user_id)
async def query_revoke_user(
conn,
organization_id: OrganizationID,
user_id: UserID,
revoked_user_certificate: bytes,
revoked_user_certifier: DeviceID,
revoked_on: pendulum.Pendulum = None,
) -> None:
result = await conn.execute(
_q_revoke_user,
organization_id,
user_id,
revoked_user_certificate,
revoked_user_certifier,
revoked_on or pendulum.now(),
)
if result != "UPDATE 1":
# TODO: avoid having to do another query to find the error
err_result = await conn.fetchrow(_q_revoke_user_error, organization_id,
user_id)
if not err_result:
raise UserNotFoundError(user_id)
elif err_result[0]:
raise UserAlreadyRevokedError()
else:
raise UserError(f"Update error: {result}")
else:
await send_signal(conn,
"user.revoked",
organization_id=organization_id,
user_id=user_id)
async def query_revoke_user(
conn,
organization_id: OrganizationID,
user_id: UserID,
revoked_user_certificate: bytes,
revoked_user_certifier: DeviceID,
revoked_on: Optional[pendulum.DateTime] = None,
) -> None:
result = await conn.execute(*_q_revoke_user(
organization_id=organization_id,
user_id=user_id,
revoked_user_certificate=revoked_user_certificate,
revoked_user_certifier=revoked_user_certifier,
revoked_on=revoked_on or pendulum.now(),
))
if result != "UPDATE 1":
# TODO: avoid having to do another query to find the error
err_result = await conn.fetchrow(*_q_revoke_user_error(
organization_id=organization_id, user_id=user_id))
if not err_result:
raise UserNotFoundError(user_id)
elif err_result[0]:
raise UserAlreadyRevokedError()
else:
raise UserError(f"Update error: {result}")
else:
await send_signal(conn,
BackendEvent.USER_REVOKED,
organization_id=organization_id,
user_id=user_id)
async def revoke_device(
self,
organization_id: OrganizationID,
device_id: DeviceID,
certified_revocation: bytes,
revocation_certifier: DeviceID,
) -> None:
org = self._organizations[organization_id]
user = await self.get_user(organization_id, device_id.user_id)
try:
if user.devices[device_id.device_name].revocated_on:
raise UserAlreadyRevokedError()
except KeyError:
raise UserNotFoundError(device_id)
patched_devices = []
for device in user.devices.values():
if device.device_id == device_id:
device = device.evolve(
revocated_on=pendulum.now(),
certified_revocation=certified_revocation,
revocation_certifier=revocation_certifier,
)
patched_devices.append(device)
org._users[device_id.user_id] = user.evolve(devices=DevicesMapping(
*patched_devices))
async def revoke_device(
self,
organization_id: OrganizationID,
device_id: DeviceID,
certified_revocation: bytes,
revocation_certifier: DeviceID,
) -> None:
async with self.dbh.pool.acquire() as conn:
async with conn.transaction():
result = await conn.execute(
"""
UPDATE devices SET
certified_revocation = $3,
revocation_certifier = (
SELECT _id FROM devices WHERE device_id = $4
),
revocated_on = $5
WHERE
organization = (
SELECT _id from organizations WHERE organization_id = $1
)
AND device_id = $2
AND revocated_on IS NULL
""",
organization_id,
device_id,
certified_revocation,
revocation_certifier,
pendulum.now(),
)
if result != "UPDATE 1":
# TODO: avoid having to do another query to find the error
err_result = await conn.fetchrow(
"""
SELECT revocated_on
FROM devices
WHERE
organization = (
SELECT _id from organizations WHERE organization_id = $1
)
AND device_id = $2
""",
organization_id,
device_id,
)
if not err_result:
raise UserNotFoundError(device_id)
if err_result[0]:
raise UserAlreadyRevokedError()
else:
raise UserError(f"Update error: {result}")