def updateGroup(group):
try:
requester = auth.getJwtPayload(request.headers.get('Authorization'))
groupData = loadJsonFromRequest(request)
crud.updateGroup(db.session, group, groupData, requester)
db.session.commit()
return formatResponse(200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def deleteGroup(group):
try:
requester = auth.getJwtPayload(request.headers.get('Authorization'))
crud.deleteGroup(db.session, group, requester)
MVGroupPermission.refresh()
db.session.commit()
return formatResponse(200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def passwdResetRequest(username):
if conf.emailHost == 'NOEMAIL':
return formatResponse(501, "Feature not configured")
try:
pwdc.createPasswordResetRequest(db.session, username)
db.session.commit()
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
else:
return formatResponse(200)
def updatePasswd():
try:
userId = auth.userIdFromJWT(request.headers.get('Authorization'))
updateData = loadJsonFromRequest(request)
pwdc.updateEndpoint(db.session, userId, updateData)
db.session.commit()
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
else:
return formatResponse(200)
def addUserToGroup(user, group):
try:
requester = auth.getJwtPayload(request.headers.get('Authorization'))
if request.method == 'POST':
rship.addUserGroup(db.session, user, group, requester)
else:
rship.removeUserGroup(db.session, user, group, requester)
db.session.commit()
return formatResponse(200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def removeUser(user):
try:
requester = auth.getJwtPayload(request.headers.get('Authorization'))
oldUsername = crud.getUser(db.session, user).username
crud.deleteUser(db.session, user, requester)
kong.removeFromKong(oldUsername)
MVUserPermission.refresh()
MVGroupPermission.refresh()
db.session.commit()
return formatResponse(200, "User removed")
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def addGroupPermission(group, permission):
try:
requester = auth.getJwtPayload(request.headers.get('Authorization'))
if request.method == 'POST':
rship.addGroupPermission(db.session, group, permission, requester)
else:
rship.removeGroupPermission(db.session, group,
permission, requester)
MVGroupPermission.refresh()
db.session.commit()
return formatResponse(200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def authenticate():
try:
authData = loadJsonFromRequest(request)
jwt = auth.authenticate(db.session, authData)
return make_response(json.dumps({'jwt': jwt}), 200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def getPermission(permid):
try:
perm = crud.getPerm(db.session, permid)
return make_response(json.dumps(perm.safeDict(),
default=json_util.default), 200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def getUserGrups(user):
try:
groups = reports.getUserGrups(db.session, user)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
else:
groupsSafe = list(map(lambda p: p.safeDict(), groups))
return make_response(json.dumps({"groups": groupsSafe}), 200)
def getGroup(group):
try:
group = crud.getGroup(db.session, group)
group = group.safeDict()
group['created_date'] = group['created_date'].isoformat()
return make_response(json.dumps(group), 200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def getGroupUsers(group):
try:
users = reports.getGroupUsers(db.session, group)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
else:
usersSafe = list(map(lambda p: p.safeDict(), users))
return make_response(json.dumps({"users": usersSafe}), 200)
def getAllUserPermissions(user):
try:
permissions = reports.getAllUserPermissions(db.session, user)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
else:
permissionsSafe = list(map(lambda p: p.safeDict(), permissions))
return make_response(json.dumps({
"permissions": permissionsSafe
}), 200)
def pdpRequest():
try:
pdpData = loadJsonFromRequest(request)
veredict = pdpc.pdpMain(db.session, pdpData)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
else:
return make_response(json.dumps({
"decision": veredict,
"status": "ok"
}), 200)
def listUsers():
try:
users = crud.searchUser(
db.session,
# Optional search filters
request.args['username'] if 'username' in request.args else None
)
usersSafe = list(map(lambda u: u.safeDict(), users))
return make_response(json.dumps({"users": usersSafe}), 200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def createGroup():
try:
requester = auth.getJwtPayload(request.headers.get('Authorization'))
groupData = loadJsonFromRequest(request)
newGroup = crud.createGroup(db.session, groupData, requester)
db.session.add(newGroup)
db.session.commit()
return make_response(json.dumps({
"status": 200,
"id": newGroup.id
}), 200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def updateUser(user):
try:
requester = auth.getJwtPayload(request.headers.get('Authorization'))
authData = loadJsonFromRequest(request)
oldUser = crud.updateUser(db.session, user, authData, requester)
# Create a new kong secret and delete the old one
kongData = kong.configureKong(oldUser.username)
if kongData is None:
return formatResponse(500,
'failed to configure verification subsystem')
kong.revokeKongSecret(oldUser.username, oldUser.kongId)
oldUser.secret = kongData['secret']
oldUser.key = kongData['key']
oldUser.kongid = kongData['kongid']
db.session.add(oldUser)
db.session.commit()
return formatResponse(200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def listGroup():
try:
groups = crud.searchGroup(
db.session,
# search filters
request.args['name'] if 'name' in request.args else None
)
groupsSafe = list(map(lambda p: p.safeDict(), groups))
for g in groupsSafe:
g['created_date'] = g['created_date'].isoformat()
return make_response(json.dumps({"groups": groupsSafe}), 200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def passwdReset():
try:
link = request.args.get('link')
resetData = loadJsonFromRequest(request)
updatingUser = pwdc.resetPassword(db.session, link, resetData)
# password updated. Should reconfigure kong and Invalidate
# all previous logins
kongData = kong.configureKong(updatingUser.username)
if kongData is None:
return formatResponse(500,
'failed to configure verification subsystem')
kong.revokeKongSecret(updatingUser.username, updatingUser.kongId)
updatingUser.secret = kongData['secret']
updatingUser.key = kongData['key']
updatingUser.kongid = kongData['kongid']
db.session.add(updatingUser)
db.session.commit()
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
else:
return formatResponse(200)
def createUser():
try:
requester = auth.getJwtPayload(request.headers.get('Authorization'))
authData = loadJsonFromRequest(request)
# Create user
newUser = crud.createUser(db.session, authData, requester)
# If no problems occur to create user (no exceptions), configure kong
kongData = kong.configureKong(newUser.username)
if kongData is None:
return formatResponse(500,
'failed to configure verification subsystem')
newUser.secret = kongData['secret']
newUser.key = kongData['key']
newUser.kongId = kongData['kongid']
db.session.add(newUser)
db.session.commit()
groupSuccess = []
groupFailed = []
if 'profile' in authData.keys():
groupSuccess, groupFailed = rship. \
addUserManyGroups(db.session, newUser.id,
authData['profile'], requester)
db.session.commit()
if conf.emailHost != 'NOEMAIL':
pwdc.createPasswordSetRequest(db.session, newUser)
db.session.commit()
return make_response(json.dumps({
"user": newUser.safeDict(),
"groups": groupSuccess,
"could not add": groupFailed,
"message": "user created"
}), 200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def listPermissions():
try:
permissions = crud.searchPerm(
db.session,
# search filters
request.args['path'] if 'path' in request.args else None,
request.args['method'] if 'method' in request.args else None,
request.args['permission']
if 'permission' in request.args else None
)
permissionsSafe = list(map(lambda p: p.safeDict(), permissions))
return make_response(json.dumps({
"permissions": permissionsSafe
}, default=json_util.default), 200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def getUser(user):
try:
user = crud.getUser(db.session, user)
return make_response(json.dumps({"user": user.safeDict()}), 200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def dropCache():
cache.deleteKey()
return formatResponse(200)
