def oauth(self, request):
response = {}
request_data = request.json
username = request_data.get(Constants.USERNAME_KEY)
email = request_data.get(Constants.EMAIL_KEY)
display_name = request_data.get(Constants.DISPLAY_NAME_KEY)
privilege = {
"model": False,
"asset": False,
"datacenters": [],
"power": False,
"audit": False,
"admin": False,
}
datacenters = privilege["datacenters"]
password = Constants.NETID_PASSWORD.encode("utf-8")
client_id = request_data.get("client_id")
token = request_data.get(Constants.TOKEN_KEY)
headers = {"x-api-key": client_id, "Authorization": f"Bearer {token}"}
duke_response = requests.get("https://api.colab.duke.edu/identity/v1/",
headers=headers)
data_matches = self.__match_oauth(request_data, duke_response.json())
if not data_matches:
raise UserException(f"Cannot confirm NetID user {username}")
user = User(username, display_name, email, password, privilege,
datacenters)
try:
self.VALIDATOR.validate_shibboleth_login(user)
except UserException as e:
raise UserException(e.message)
except Exception as e:
print(str(e))
raise UserException("Could not authorize shibboleth login")
existing_user = self.USER_TABLE.get_user(user.username)
if existing_user is None:
self.USER_TABLE.add_user(user)
else:
privilege = existing_user.privilege
# TODO: FIgure out what to do when adding netID user overwrites existing user
response[Constants.TOKEN_KEY] = self.AUTH_MANAGER.encode_auth_token(
username)
response[Constants.PRIVILEGE_KEY] = privilege
response[Constants.MESSAGE_KEY] = Constants.API_SUCCESS
response[Constants.USERNAME_KEY] = username
# print("RESPONSE")
# print(response)
return response
def validate_edit_user(self, user: User, original_username: str):
old_user = self.validate_existing_username(original_username)
# if old_user.password.decode("utf-8") == Constants.NETID_PASSWORD:
# raise UserException("Cannot edit NetID user")
if old_user == user:
raise NoEditsError("No edits made")
if not (user.email == old_user.email):
self.validate_email(user.email)
# if user.password is not None:
# self.validate_password(user.password)
if not (user.privilege == old_user.privilege):
self.validate_privilege(user.privilege, user.username)
if not (original_username == user.username):
self.validate_new_username(user.username)
if not (set(user.datacenters) == set(old_user.datacenters)):
self.validate_datacenters(user.datacenters)
user.password = old_user.password
return [user, old_user]
def __make_user_from_json(json) -> User:
privilege = json.get(Constants.PRIVILEGE_KEY)
# if json.get(Constants.USERNAME_KEY) is None:
# raise TypeError("Username cannot be None. Requires type str.")
# if json.get(Constants.DISPLAY_NAME_KEY) is None:
# raise TypeError("Username cannot be None. Requires type str.")
# if json.get(Constants.EMAIL_KEY) is None:
# raise TypeError("Username cannot be None. Requires type str.")
# if json.get(Constants.PASSWORD_KEY) is None:
# raise TypeError("Username cannot be None. Requires type str.")
# if json.get(Constants.PRIVILEGE_KEY) is None:
# raise TypeError("Username cannot be None. Requires type dict.")
return User(
username=json.get(Constants.USERNAME_KEY),
display_name=json.get(Constants.DISPLAY_NAME_KEY),
email=json.get(Constants.EMAIL_KEY),
password=json.get(Constants.PASSWORD_KEY),
privilege=privilege,
datacenters=privilege.get(PermissionConstants.DATACENTERS),
)
def new_user():
""" Create a new user """
data: JSON = request.get_json()
user_table: UserTable = UserTable()
try:
username: str = data["username"]
password: str = data["password"]
display_name: str = data["display_name"]
email: str = data["email"]
privilege: str = data["privilege"]
user: User = User(
username=username,
display_name=display_name,
email=email,
password=password,
privilege=privilege,
)
user_table.add_user(user=user)
except KeyError:
return HTTPStatus.BAD_REQUEST
except DBWriteException:
return HTTPStatus.INTERNAL_SERVER_ERROR
return HTTPStatus.OK
def get_user_by_email(self, email: str) -> Optional[User]:
""" Get the user for the given username """
user: UserEntry = UserEntry.query.filter_by(email=email).first()
if user is None:
return None
return User(
username=user.username,
display_name=user.display_name,
email=user.email,
password=user.password_hash,
privilege=user.privilege,
datacenters=user.datacenters,
)
def get_all_users(self) -> List[User]:
""" Get a list of all users """
all_users: List[UserEntry] = UserEntry.query.all()
return [
User(
username=entry.username,
display_name=entry.display_name,
email=entry.email,
password=entry.password_hash,
privilege=entry.privilege,
datacenters=entry.datacenters,
) for entry in all_users
]
def search_users(
self,
username: Optional[str],
display_name: Optional[str],
email: Optional[str],
privilege: Optional[JSON],
datacenters: Optional[List[str]],
limit: int,
) -> List[User]:
""" Get a list of all users matching the given criteria """
criteria = []
if username is not None and username != "":
criteria.append(UserEntry.username == username)
if display_name is not None and display_name != "":
criteria.append(UserEntry.display_name == display_name)
if email is not None and email != "":
criteria.append(UserEntry.email == email)
if privilege is not None:
for key in privilege:
if privilege[key] and key != PermissionConstants.DATACENTERS:
criteria.append(UserEntry.privilege[key].astext.cast(
Boolean) == privilege[key])
if datacenters is not None:
for center in datacenters:
print(center)
# criteria.append(UserEntry.datacenters.any([f"{{{center}}}"]))
# criteria.append(UserEntry.datacenters.all(center))
criteria.append(center == any_(UserEntry.datacenters))
filtered_users: List[UserEntry] = UserEntry.query.filter(
and_(*criteria)).limit(limit)
return [
User(
username=user.username,
display_name=user.display_name,
email=user.email,
password=user.password_hash,
privilege=user.privilege,
datacenters=user.datacenters,
) for user in filtered_users
]
def create_user():
print("Please enter new user information")
print()
username: str = input("Username: "******"Password: "******"Display name: ")
email: str = input("Email: ")
privilege: str = input("Privilege: ")
encrypted_password = AuthManager().encrypt_pw(password=password)
user: User = User(
username=username,
display_name=display_name,
email=email,
password=encrypted_password,
privilege=privilege,
)
user_table.add_user(user=user)
print()
db.drop_all()
db.create_all()
db.session.commit()
encrypted_password = AuthManager().encrypt_pw(password="******")
datacenters = ["*"]
priv: Permission = Permission(
model=True,
asset=True,
datacenters=datacenters,
power=True,
audit=True,
admin=True,
)
user: User = User(
username="******",
display_name="Admin",
email="*****@*****.**",
password=encrypted_password,
privilege=priv.make_json(),
datacenters=datacenters,
)
UserTable().add_user(user=user)
model: Model = Model(vendor="dell",
model_number="1234",
mount_type="rackmount",
height=3)
ModelTable().add_model(model=model)
def create_user(self, request):
"""Route for creating users
Username Criteria:
- Between 4 and 20 characters
- Contains only alphanumeric characters and ".", "_"
- No "." or "_" at the beginning
- No doubles of special characters (".." or "__")
- Not already taken by another user
Email Criteria:
- Valid email address compliant with RCF 5322 standard
- Not already associated with another account
Password Criteria:
- Contains at least one number.
- Contains at least one uppercase and one lowercase character.
- Contains at least one special symbol.
- Between 8 to 20 characters long.
Returns:
string: Success or failure, if failure provide message
"""
response = {}
request_data = request.get_json()
print(request_data)
try:
username = request_data.get(Constants.USERNAME_KEY)
password = request_data.get(Constants.PASSWORD_KEY)
email = request_data.get(Constants.EMAIL_KEY)
display_name = request_data.get(Constants.DISPLAY_NAME_KEY)
privilege = request_data.get(Constants.PRIVILEGE_KEY)
datacenters = privilege.get(PermissionConstants.DATACENTERS)
except:
raise InvalidInputsError(
"Incorrectly formatted message. Application error on the frontend"
)
try:
user = self.__make_user_from_json(request_data)
self.VALIDATOR.validate_create_user(user)
except UserException as e:
raise UserException(e.message)
except:
raise UserException("Could not create user")
# dcs = []
# for datacenter in datacenters:
# dcs.append(f"{}")
try:
encrypted_password = self.AUTH_MANAGER.encrypt_pw(password)
user = User(
username=username,
display_name=display_name,
email=email,
password=encrypted_password,
privilege=privilege,
datacenters=datacenters,
)
print(user)
self.USER_TABLE.add_user(user)
except:
raise UserException("Could not create user")
return self.__add_message_to_JSON(response, "success")
# Admin user
encrypted_password = AuthManager().encrypt_pw(password="******")
datacenters = ["*"]
priv: Permission = Permission(
model=True,
asset=True,
datacenters=datacenters,
power=True,
audit=True,
admin=True,
)
user: User = User(
username="******",
display_name="Admin",
email="*****@*****.**",
password=encrypted_password,
privilege=priv.make_json(),
datacenters=datacenters,
)
UserTable().add_user(user=user)
# Basic user
encrypted_password = AuthManager().encrypt_pw(password="******")
datacenters = []
basic_priv: Permission = Permission(
model=False,
asset=False,
datacenters=datacenters,
power=False,
audit=False,
admin=False,