def get(self, username, org): """ List user's sessions """ parser = reqparse.RequestParser() parser.add_argument('key', type=str, required=True, help='Valid session key', location=['headers', 'args']) args = parser.parse_args() sessionValid, sessionUser, sessionOrg = \ AuthDB.validateSessionKey(args['key']) try: if sessionValid: if username == sessionUser and org == sessionOrg: sessions = AuthDB.getUserSessions(org, username) response = {'message': 'Found %d sessions for %s@%s' % (len(sessions), username, org)} response['sessions'] = list() for session in sessions: response['sessions'].append( {'sessionid': str(session.sessionid), 'startdate': str(session.startdate), 'lastupdate': str(session.lastupdate)}) return response, 200 else: return {'message': 'You are not authorized to view this resource'}, 403 else: return {'message': 'Key expired or invalid'}, 401 except Exception as e: log.critical('Error in Sessions.get: %s' % (e,))
def delete(self, username, org, sessionId=None): """ Delete (invalidate) a user's session """ parser = reqparse.RequestParser() parser.add_argument('key', type=str, required=True, help='Valid session key', location=['headers', 'args']) args = parser.parse_args() sessionValid, sessionUser, sessionOrg = \ AuthDB.validateSessionKey(args['key']) if not sessionValid: return {'message': 'Invalid session key'}, 401 elif not (sessionUser == username and sessionOrg == org): return {'message': 'You do not have permission to access this resource'}, 403 try: if sessionId is None: AuthDB.deleteUserSessionByKey(args['key']) else: AuthDB.deleteUserSession(org, username, sessionId) return {'message': 'Session deleted'}, 200 except Exception as e: log.error('Exception in Session.delete: %s' % (str(e),)) return {'message': 'Unexpected error deleting the session'}, 500
def get(self, username, org, sessionId=None): """ List information about a user's session """ parser = reqparse.RequestParser() parser.add_argument('key', type=str, required=True, help='Valid session key', location=['headers', 'args']) args = parser.parse_args() sessionValid, sessionUser, sessionOrg = \ AuthDB.validateSessionKey(args['key']) if not sessionValid: return {'message': 'Invalid session key'}, 401 elif not (sessionUser == username and sessionOrg == org): return {'message': 'You do not have permission to view this resource'}, 403 if sessionId is None: session = AuthDB.getUserSessionByKey(args['key']) if session is None: return {'message': 'Server Error: Unable to get information ' + 'for current session'}, 500 else: session = AuthDB.getUserSession(org, username, sessionId) if session is None: return {'message': 'Unable to find session %s' % (str(sessionId),)}, 404 return {'message': 'Information for session %s' % (str(sessionId),), 'session': { 'username': session.username, 'org': session.org, 'sessionid': str(session.sessionid), 'startdate': str(session.startdate), 'lastupdate': str(session.lastupdate) }}, 200
def post(self): parser = reqparse.RequestParser() parser.add_argument('username', type=str, required=True, help='Username') parser.add_argument('org', type=str, required=True, help='Org for user membership') parser.add_argument('email', type=str, required=True, help='Email address for user') parser.add_argument('parentuser', type=str, required=False, help='Parent user in form of user@org', default=None) parser.add_argument('key', type=str, required=False, help='Valid session key of parentuser', default=None, location=['headers', 'form', 'args']) args = parser.parse_args() parentusername, parentuserorg = '', '' try: parentusername, parentuserorg = args['parentuser'].split('@') except: pass if args['key'] is not None: sessionValid, sessionUser, sessionOrg = \ AuthDB.validateSessionKey(args['key']) else: sessionValid, sessionUser, sessionOrg = (False, '', '') try: if not AuthDB.userExists(args['org'], args['username']): regOpen = AuthDB.getOrgSetting(args['org'], 'registrationOpen').current_rows if len(regOpen) == 0 or regOpen[0].value == 0: return {'Message': 'Cannot create user "%s@%s". Organization is ' % (args['username'], args['org']) + 'closed for registrations or does not exist.'}, 400 elif (args['parentuser'] is not None and (len(parentusername) == 0 or len(parentuserorg) == 0 or not AuthDB.userExists(parentuserorg, parentusername))): return {'Message': 'Cannot create user "%s@%s". ' % (args['username'], args['org']) + 'Parent user "%s" does not exist.' % (args['parentuser'],)}, 400 elif (args['parentuser'] is not None and args['key'] is None): return {'Message': 'Cannot create user "%s@%s". ' % (args['username'], args['org']) + 'Must provide valid session key for "%s" ' % (args['parentuser'],)}, 401 elif (args['parentuser'] is not None and not (sessionValid and sessionUser == parentusername and sessionOrg == parentuserorg)): return {'Message': 'Cannot create user "%s@%s". ' % (args['username'], args['org']) + 'Session key not valid for parent user "%s".' % (args['parentuser'],)}, 403 else: AuthDB.createUser(args['org'], args['username'], args['email'], args['parentuser'], ConsistencyLevel.QUORUM) else: return {'Message': 'Cannot create user "%s@%s", as it already exists.' % (args['username'], args['org'])}, 400 except Exception as e: log.error('Exception in Users.Post: %s' % (e,)) return {'ServerError': 500, 'Message': 'There was an error fulfiling your request'}, 500 return {'Message': 'User "%s@%s" created.' % (args['username'], args['org'])}