def delete(self, uid):
self._authorize(uid)
_users = users.Users(index.Connector(index_suffix='users'))
u = _users.get(uid)
if not u:
abort(404)
_users.delete(uid)
def provision_user(self, request):
raw_token = self._get_raw_token(request)
# verified before so it's totally okay
claims = jwt.decode(raw_token, verify=False)
# TODO assuming the presence of claims, but a specific scope might be
# needed.
# These are expected to be standard though, see
# https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
email = claims['email']
uid = claims['preferred_username']
name = claims['name']
_users = users.Users(index.Connector(index_suffix='users'))
u = _users.get(uid)
infos = {
'uid': uid,
'name': name,
'default-email': email,
'emails': [{
'email': email
}]
}
if u:
_users.update(infos)
else:
_users.create(infos)
def __init__(self, db_path=None, db_default_file=None, vonly=False):
YAMLDefinition.__init__(self, db_path, db_default_file)
self.enriched_groups = False
self.enriched_idents = False
if not vonly:
self._users = users.Users(
index.Connector(index_suffix='users'))
def get(self, uid):
self._authorize(uid)
_users = users.Users(index.Connector(index_suffix='users'))
u = _users.get(uid)
if not u:
abort(404)
u['cid'] = utils.encrypt(xorkey, u['default-email'])
return u
def __init__(self, db_path=None, db_default_file=None, vonly=False,
db_cache_path=None):
self.db_path = db_path or conf.get('db_path')
self.db_default_file = db_default_file or conf.get('db_default_file')
self.db_cache_path = db_cache_path or conf.get('db_cache_path')
YAMLDefinition.__init__(
self, self.db_path, self.db_default_file, self.db_cache_path)
self.enriched_groups = False
self.enriched_idents = False
if not vonly:
self._users = users.Users(
index.Connector(index_suffix='users'))
def put(self, uid):
# We don't pass uid to authorize, then only admin logged with
# admin token will be authorized
self._authorize()
_users = users.Users(index.Connector(index_suffix='users'))
u = _users.get(uid)
if u:
abort(409)
infos = request.json if request.content_length else {}
if not self._validate(infos):
abort(400)
# Need to check infos content
infos['uid'] = uid
_users.create(infos)
response.status = 201
def post(self, uid):
requester = self._authorize(uid)
_users = users.Users(index.Connector(index_suffix='users'))
u = _users.get(uid)
if not u:
abort(404)
infos = request.json if request.content_length else {}
infos['uid'] = uid
# Can be provided by mistake, just remove it
if 'cid' in infos:
del infos['cid']
if not self._validate(infos):
abort(400)
if requester != 'admin':
# User is not allowed to modify some raw_fields
# like adding or removing emails ...
if self._modify_protected_fields(u, infos):
abort(403)
_users.update(infos)