def run(): # Check the consumer username and password if this is not an # anonymous request. if credentials.consumerKey != u'anon': try: user = authenticate(credentials.consumerKey, credentials.consumerPassword) except AuthenticationError as error: session.log.exception(error) raise TPasswordIncorrect() except UnknownUserError as error: session.log.exception(error) raise TNoSuchUser(credentials.consumerKey.encode('utf-8')) # The Consumer has been authenticated (or was anonymous). Use # the OAuthConsumerAPI to get the username the request is being # made for from the OAuth access token. try: user = OAuthConsumerAPI().authenticate(credentials) except AuthenticationError as error: session.log.exception(error) raise TPasswordIncorrect() except UnknownUserError as error: raise TNoSuchUser(error.usernames[0].encode('utf-8')) session.auth.login(user.username, user.objectID) return session
def run(): permissions = SecurePermissionAPI(session.auth.user) try: permissions.set([(path, operation, policy, exceptions)]) except UnknownPathError as error: session.log.exception(error) unknownPath = error.paths[0] if operation in Operation.TAG_OPERATIONS: raise TNonexistentTag(unknownPath.encode('utf-8')) if operation in Operation.NAMESPACE_OPERATIONS: raise TNonexistentNamespace(unknownPath.encode('utf-8')) raise except UnknownUserError as error: # FIXME There could be more than one unknown username, but # TNoSuchUser can only be passed a single username, so we'll # only pass the first one. Ideally, we'd be able to pass all # of them. raise TNoSuchUser(error.usernames[0].encode('utf-8')) except UserNotAllowedInExceptionError as error: raise TInvalidUsername(str(error)) except PermissionDeniedError as error: session.log.exception(error) deniedPath, deniedOperation = error.pathsAndOperations[0] deniedCategory, deniedAction = getCategoryAndAction( deniedOperation) raise TPathPermissionDenied(deniedPath, deniedCategory, deniedAction)
def run(): if not request.isSecure() and not getDevelopmentMode(): raise TBadRequest( '/users/<username>/verify requests must use HTTPS') dictionary = registry.checkRequest(usage, request) user = cachingGetUser(self.username.decode('utf-8')) if not user: raise TNoSuchUser(self.username) password = dictionary['password'] if checkPassword(password, user.passwordHash): # FIXME Hard-coding the 'anon' consumer here isn't great, # but for now it means we don't have to change the public # API. -jkakar api = OAuthConsumerAPI() consumer = cachingGetUser(u'anon') accessToken = api.getAccessToken(consumer, user) renewalToken = api.getRenewalToken(consumer, user) return {'accessToken': accessToken.encrypt(), 'fullname': user.fullname, 'renewalToken': renewalToken.encrypt(), 'role': str(user.role), 'valid': True} else: return {'valid': False}
def run(): recentActivity = SecureRecentActivityAPI(session.auth.user) try: result = recentActivity.getForUsers([username]) except UnknownUserError as error: session.log.exception(error) raise TNoSuchUser(username.encode('utf-8')) return self._formatResult(result)
def run(): users = SecureUserAPI(session.auth.user) result = users.get([username]) if not result: raise TNoSuchUser(username.encode('utf-8')) else: return TUser(username=username, name=result[username]['name'], role=str(result[username]['role']), objectId=str(result[username]['id']))
def run(): try: user = OAuthConsumerAPI().authenticate(credentials) except AuthenticationError as error: session.log.exception(error) raise TPasswordIncorrect() except UnknownUserError as error: raise TNoSuchUser(error.usernames[0].encode('utf-8')) else: session.auth.login(user.username, user.objectID) return session
def run(): try: user = authenticate(username, password) except AuthenticationError as error: session.log.exception(error) session.stop() raise TPasswordIncorrect() except UnknownUserError as error: session.log.exception(error) session.stop() raise TNoSuchUser(username.encode('utf-8')) else: session.auth.login(user.username, user.objectID) return session
def run(): try: SecureUserAPI(session.auth.user).delete([username]) except UnknownUserError as error: session.log.exception(error) raise TNoSuchUser(username) except PermissionDeniedError as error: session.log.exception(error) deniedPath, operation = error.pathsAndOperations[0] deniedPath = deniedPath.encode('utf-8') category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, deniedPath) except NotEmptyError as error: session.log.exception(error) raise TBadRequest("Can't delete user %r because they have " 'data.' % username)
def run(): try: [(objectID, _)] = SecureUserAPI(session.auth.user).set([ (info.username, info.password, info.name, info.email, info.role) ]) except UnknownUserError as error: session.log.exception(error) raise TNoSuchUser(info.username.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) deniedPath, operation = error.pathsAndOperations[0] deniedPath = deniedPath.encode('utf-8') category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, deniedPath) return str(objectID)