def get(self, username, org):
"""
List user's sessions
"""
parser = reqparse.RequestParser()
parser.add_argument('key', type=str, required=True,
help='Valid session key',
location=['headers', 'args'])
args = parser.parse_args()
sessionValid, sessionUser, sessionOrg = \
AuthDB.validateSessionKey(args['key'])
try:
if sessionValid:
if username == sessionUser and org == sessionOrg:
sessions = AuthDB.getUserSessions(org, username)
response = {'message': 'Found %d sessions for %s@%s' %
(len(sessions), username, org)}
response['sessions'] = list()
for session in sessions:
response['sessions'].append(
{'sessionid': str(session.sessionid),
'startdate': str(session.startdate),
'lastupdate': str(session.lastupdate)})
return response, 200
else:
return {'message':
'You are not authorized to view this resource'}, 403
else:
return {'message': 'Key expired or invalid'}, 401
except Exception as e:
log.critical('Error in Sessions.get: %s' % (e,))
def delete(self, username, org, sessionId=None):
"""
Delete (invalidate) a user's session
"""
parser = reqparse.RequestParser()
parser.add_argument('key', type=str, required=True,
help='Valid session key',
location=['headers', 'args'])
args = parser.parse_args()
sessionValid, sessionUser, sessionOrg = \
AuthDB.validateSessionKey(args['key'])
if not sessionValid:
return {'message':
'Invalid session key'}, 401
elif not (sessionUser == username and sessionOrg == org):
return {'message':
'You do not have permission to access this resource'}, 403
try:
if sessionId is None:
AuthDB.deleteUserSessionByKey(args['key'])
else:
AuthDB.deleteUserSession(org, username, sessionId)
return {'message': 'Session deleted'}, 200
except Exception as e:
log.error('Exception in Session.delete: %s' % (str(e),))
return {'message': 'Unexpected error deleting the session'}, 500
def get(self, username, org, sessionId=None):
"""
List information about a user's session
"""
parser = reqparse.RequestParser()
parser.add_argument('key', type=str, required=True,
help='Valid session key',
location=['headers', 'args'])
args = parser.parse_args()
sessionValid, sessionUser, sessionOrg = \
AuthDB.validateSessionKey(args['key'])
if not sessionValid:
return {'message':
'Invalid session key'}, 401
elif not (sessionUser == username and sessionOrg == org):
return {'message':
'You do not have permission to view this resource'}, 403
if sessionId is None:
session = AuthDB.getUserSessionByKey(args['key'])
if session is None:
return {'message': 'Server Error: Unable to get information ' +
'for current session'}, 500
else:
session = AuthDB.getUserSession(org, username, sessionId)
if session is None:
return {'message': 'Unable to find session %s' %
(str(sessionId),)}, 404
return {'message': 'Information for session %s' % (str(sessionId),),
'session': {
'username': session.username,
'org': session.org,
'sessionid': str(session.sessionid),
'startdate': str(session.startdate),
'lastupdate': str(session.lastupdate)
}}, 200
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('username', type=str, required=True,
help='Username')
parser.add_argument('org', type=str, required=True,
help='Org for user membership')
parser.add_argument('email', type=str, required=True,
help='Email address for user')
parser.add_argument('parentuser', type=str, required=False,
help='Parent user in form of user@org',
default=None)
parser.add_argument('key', type=str, required=False,
help='Valid session key of parentuser',
default=None, location=['headers', 'form', 'args'])
args = parser.parse_args()
parentusername, parentuserorg = '', ''
try:
parentusername, parentuserorg = args['parentuser'].split('@')
except:
pass
if args['key'] is not None:
sessionValid, sessionUser, sessionOrg = \
AuthDB.validateSessionKey(args['key'])
else:
sessionValid, sessionUser, sessionOrg = (False, '', '')
try:
if not AuthDB.userExists(args['org'], args['username']):
regOpen = AuthDB.getOrgSetting(args['org'],
'registrationOpen').current_rows
if len(regOpen) == 0 or regOpen[0].value == 0:
return {'Message':
'Cannot create user "%s@%s". Organization is ' %
(args['username'], args['org']) +
'closed for registrations or does not exist.'}, 400
elif (args['parentuser'] is not None and
(len(parentusername) == 0 or len(parentuserorg) == 0 or
not AuthDB.userExists(parentuserorg, parentusername))):
return {'Message':
'Cannot create user "%s@%s". ' %
(args['username'], args['org']) +
'Parent user "%s" does not exist.' %
(args['parentuser'],)}, 400
elif (args['parentuser'] is not None and
args['key'] is None):
return {'Message':
'Cannot create user "%s@%s". ' %
(args['username'], args['org']) +
'Must provide valid session key for "%s" ' %
(args['parentuser'],)}, 401
elif (args['parentuser'] is not None and
not (sessionValid and sessionUser == parentusername and
sessionOrg == parentuserorg)):
return {'Message':
'Cannot create user "%s@%s". ' %
(args['username'], args['org']) +
'Session key not valid for parent user "%s".' %
(args['parentuser'],)}, 403
else:
AuthDB.createUser(args['org'], args['username'],
args['email'], args['parentuser'],
ConsistencyLevel.QUORUM)
else:
return {'Message':
'Cannot create user "%s@%s", as it already exists.' %
(args['username'], args['org'])}, 400
except Exception as e:
log.error('Exception in Users.Post: %s' % (e,))
return {'ServerError': 500, 'Message':
'There was an error fulfiling your request'}, 500
return {'Message':
'User "%s@%s" created.' % (args['username'], args['org'])}