def authenticate(self, credentials):
if not isinstance(credentials, auth.PasswordCredentials):
raise fault.BadRequestFault("Expecting Password Credentials!")
duser = db_api.user_get(credentials.username)
if duser == None:
raise fault.UnauthorizedFault("Unauthorized")
if not duser.enabled:
raise fault.UserDisabledFault("Your account has been disabled")
if duser.password != credentials.password:
raise fault.UnauthorizedFault("Unauthorized")
#
# Look for an existing token, or create one,
# TODO: Handle tenant/token search
#
# removing following code for multi-token
"""if not credentials.tenant_id:
dtoken = db_api.token_for_user(duser.id)
else:
dtoken = db_api.token_for_user_tenant(duser.id,
credentials.tenant_id)
"""
# added following code
dtoken = db_api.token_for_user_tenant(duser.id, credentials.tenant_id)
#---
if not dtoken or dtoken.expires < datetime.now():
dtoken = db_models.Token()
dtoken.token_id = str(uuid.uuid4())
dtoken.user_id = duser.id
if not duser.tenants:
raise fault.IDMFault("Strange: user %s is not associated "
"with a tenant!" % duser.id)
user = db_api.user_get_by_tenant(duser.id, credentials.tenant_id)
if not credentials.tenant_id or not user:
raise fault.ForbiddenFault("Error: user %s is "
"not associated "
"with a tenant! %s" % (duser.id,
credentials.tenant_id))
dtoken.tenant_id = credentials.tenant_id
#removing following code for multi token
"""else:
dtoken.tenant_id = duser.tenants[0].tenant_id"""
dtoken.expires = datetime.now() + timedelta(days=1)
db_api.token_create(dtoken)
return self.__get_auth_data(dtoken, duser)
def main():
usage = "usage: %prog tenant_id"
parser = optparse.OptionParser(usage)
options, args = parser.parse_args()
if len(args) != 1:
parser.error("Incorrect number of arguments")
else:
tenant_id = args[0]
try:
u = db_api.user_get_by_tenant(tenant_id)
if u == None:
raise IndexError("Users not found")
for row in u:
print row
except Exception, e:
print 'Error getting users for tenant', tenant_id, ':', str(e)
def authenticate(self, credentials):
# Check credentials
if not isinstance(credentials, auth.PasswordCredentials):
raise fault.BadRequestFault("Expecting Password Credentials!")
if not credentials.tenant_id:
duser = db_api.user_get(credentials.username)
if duser == None:
raise fault.UnauthorizedFault("Unauthorized")
else:
duser = db_api.user_get_by_tenant(credentials.username,
credentials.tenant_id)
if duser == None:
raise fault.UnauthorizedFault("Unauthorized on this tenant")
if not duser.enabled:
raise fault.UserDisabledFault("Your account has been disabled")
if duser.password != credentials.password:
raise fault.UnauthorizedFault("Unauthorized")
#
# Look for an existing token, or create one,
# TODO: Handle tenant/token search
#
if not credentials.tenant_id:
dtoken = db_api.token_for_user(duser.id)
else:
dtoken = db_api.token_for_user_tenant(duser.id,
credentials.tenant_id)
tenant_id = None
if credentials.tenant_id:
tenant_id = credentials.tenant_id
else:
tenant_id = duser.tenant_id
if not dtoken or dtoken.expires < datetime.now():
# Create new token
dtoken = db_models.Token()
dtoken.token_id = str(uuid.uuid4())
dtoken.user_id = duser.id
if credentials.tenant_id:
dtoken.tenant_id = credentials.tenant_id
dtoken.expires = datetime.now() + timedelta(days=1)
db_api.token_create(dtoken)
#if tenant_id is passed in the call that tenant_id is passed else
#user's default tenant_id is used.
return self.__get_auth_data(dtoken, tenant_id)
def delete_user(self, admin_token, user_id, tenant_id):
self.__validate_token(admin_token)
dtenant = db_api.tenant_get(tenant_id)
if dtenant == None:
raise fault.UnauthorizedFault("Unauthorized")
if not dtenant.enabled:
raise fault.TenantDisabledFault("Your account has been disabled")
duser = db_api.user_get(user_id)
if not duser:
raise fault.ItemNotFoundFault("The user could not be found")
duser = db_api.user_get_by_tenant(user_id, tenant_id)
if not duser:
raise fault.ItemNotFoundFault("The user could not be "
"found under given tenant")
db_api.user_delete_tenant(user_id, tenant_id)
return None
def create_user(self, admin_token, tenant_id, user):
self.__validate_token(admin_token)
print "@" * 80
print tenant_id
print user
dtenant = db_api.tenant_get(tenant_id)
if dtenant == None:
raise fault.UnauthorizedFault("Unauthorized")
if not dtenant.enabled:
raise fault.TenantDisabledFault("Your account has been disabled")
if not isinstance(user, users.User):
raise fault.BadRequestFault("Expecting a User")
if user.user_id == None:
raise fault.BadRequestFault("Expecting a unique User Id")
if db_api.user_get_by_tenant(user.user_id,tenant_id) != None:
raise fault.UserConflictFault(
"An user with that id already exists in the given tenant")
if db_api.user_get(user.user_id) != None:
raise fault.UserConflictFault(
"An user with that id already exists")
if db_api.user_get_email(user.email) != None:
raise fault.EmailConflictFault(
"Email already exists")
duser = db_models.User()
duser.id = user.user_id
duser.password = user.password
duser.email = user.email
duser.enabled = user.enabled
db_api.user_create(duser)
duser_tenant = db_models.UserTenantAssociation()
duser_tenant.user_id = user.user_id
duser_tenant.tenant_id = tenant_id
db_api.user_tenant_create(duser_tenant)
return user
def __get_auth_data(self, dtoken, duser):
"""return AuthData object for a token/user pair"""
token = auth.Token(dtoken.expires, dtoken.token_id)
gs = []
for ug in duser.groups:
dgroup = db_api.group_get(ug.group_id)
gs.append(auth.Group(dgroup.id, dgroup.tenant_id))
groups = auth.Groups(gs, [])
if len(duser.tenants) == 0:
raise fault.IDMFault("Strange: user %s is not associated "
"with a tenant!" % duser.id)
if not dtoken.tenant_id and \
db_api.user_get_by_tenant(duser.id, dtoken.tenant_id):
raise fault.IDMFault("Error: user %s is not associated "
"with a tenant! %s" % (duser.id,
dtoken.tenant_id))
user = auth.User(duser.id, dtoken.tenant_id, groups)
return auth.AuthData(token, user)
def add_user_tenant(self, admin_token, user_id, tenant_id):
self.__validate_token(admin_token)
dtenant = db_api.tenant_get(tenant_id)
if dtenant == None:
raise fault.UnauthorizedFault("Unauthorized")
if not dtenant.enabled:
raise fault.TenantDisabledFault("Your account has been disabled")
if user_id == None:
raise fault.BadRequestFault("Expecting a unique User Id")
if db_api.user_get(user_id) is None:
raise fault.ItemNotFoundFault(
"user does not exists")
if db_api.user_get_by_tenant(user_id,tenant_id) != None:
raise fault.UserConflictFault(
"An user with that id already exists in the given tenant")
duser_tenant = db_models.UserTenantAssociation()
duser_tenant.user_id = user_id
duser_tenant.tenant_id = tenant_id
db_api.user_tenant_create(duser_tenant)
return None
