def iter_users(self,
page=None,
search=None,
search_limit=None,
fields=None,
include_pool=False):
spec = {
'org_id': self.id,
'type': CERT_CLIENT,
}
limit = None
skip = None
page_count = settings.user.page_count
if fields:
fields = {key: True for key in fields}
if search is not None:
spec['name'] = {'$regex': '.*%s.*' % search}
limit = search_limit or page_count
elif page is not None:
limit = page_count
skip = page * page_count if page else 0
cursor = user.User.collection.find(spec, fields).sort(
'name', pymongo.ASCENDING)
if skip is not None:
cursor = cursor.skip(page * page_count if page else 0)
if limit is not None:
cursor = cursor.limit(limit + 1)
if search:
self.last_search_count = cursor.count()
if limit is None:
for doc in cursor:
yield user.User(self, doc=doc, fields=fields)
else:
count = 0
for doc in cursor:
count += 1
if count > limit:
return
yield user.User(self, doc=doc, fields=fields)
if include_pool:
spec['type'] = {
'$in': [CERT_SERVER, CERT_CLIENT_POOL, CERT_SERVER_POOL]
}
else:
spec['type'] = CERT_SERVER
cursor = user.User.collection.find(spec, fields).sort(
'name', pymongo.ASCENDING)
for doc in cursor:
yield user.User(self, doc=doc, fields=fields)
def new_user(self, type=CERT_CLIENT, block=True, **kwargs):
# First attempt to get user from pool then attempt to get
# unfinished queued user in pool then queue a new user init
if type in (CERT_SERVER, CERT_CLIENT):
usr = user.reserve_pooled_user(org=self, type=type, **kwargs)
if not usr:
usr = queue.reserve('queued_user', org=self, type=type,
block=block, **kwargs)
if usr:
logger.debug('Reserved queued user', 'organization',
org_id=self.id,
user_id=usr.id,
)
else:
logger.debug('Reserved pooled user', 'organization',
org_id=self.id,
user_id=usr.id,
)
if usr:
user.new_pooled_user(org=self, type=type)
return usr
usr = user.User(org=self, type=type, **kwargs)
usr.queue_initialize(block=block,
priority=HIGH if type in (CERT_SERVER, CERT_CLIENT) else None)
logger.debug('Queued user init', 'organization',
org_id=self.id,
user_id=usr.id,
)
return usr
def reserve_queued_user(org,
name=None,
email=None,
pin=None,
type=None,
groups=None,
auth_type=None,
yubico_id=None,
disabled=None,
bypass_secondary=None,
client_to_client=None,
mac_addresses=None,
dns_servers=None,
dns_suffix=None,
port_forwarding=None,
resource_id=None,
block=False):
reserve_id = str(org.id) + '-' + type
reserve_data = {}
if name is not None:
reserve_data['name'] = name
if email is not None:
reserve_data['email'] = email
if pin is not None:
reserve_data['pin'] = pin
if type is not None:
reserve_data['type'] = type
if groups is not None:
reserve_data['groups'] = groups
if auth_type is not None:
reserve_data['auth_type'] = auth_type
if yubico_id is not None:
reserve_data['yubico_id'] = yubico_id
if disabled is not None:
reserve_data['disabled'] = disabled
if bypass_secondary is not None:
reserve_data['bypass_secondary'] = bypass_secondary
if client_to_client is not None:
reserve_data['client_to_client'] = client_to_client
if mac_addresses is not None:
reserve_data['mac_addresses'] = mac_addresses
if dns_servers is not None:
reserve_data['dns_servers'] = dns_servers
if dns_suffix is not None:
reserve_data['dns_suffix'] = dns_suffix
if port_forwarding is not None:
reserve_data['port_forwarding'] = port_forwarding
if resource_id is not None:
reserve_data['resource_id'] = resource_id
doc = QueueInitUserPooled.reserve(reserve_id, reserve_data, block=block)
if not doc:
return
user_doc = doc['user_doc']
user_doc.update(reserve_data)
org = organization.Organization(doc=doc['org_doc'])
return user.User(org=org, doc=user_doc)
def reserve_queued_user(org,
name=None,
email=None,
type=None,
disabled=None,
resource_id=None,
block=False):
reserve_id = str(org.id) + '-' + type
reserve_data = {}
if name is not None:
reserve_data['name'] = name
if email is not None:
reserve_data['email'] = email
if type is not None:
reserve_data['type'] = type
if disabled is not None:
reserve_data['disabled'] = disabled
if resource_id is not None:
reserve_data['resource_id'] = resource_id
doc = QueueInitUserPooled.reserve(reserve_id, reserve_data, block=block)
if not doc:
return
org = organization.Organization(doc=doc['org_doc'])
return user.User(org=org, doc=doc['user_doc'])
def reserve_queued_user(org, name=None, email=None, pin=None, type=None,
disabled=None, bypass_secondary=None, dns_servers=None,
dns_suffix=None, resource_id=None, block=False):
reserve_id = str(org.id) + '-' + type
reserve_data = {}
if name is not None:
reserve_data['name'] = name
if email is not None:
reserve_data['email'] = email
if pin is not None:
reserve_data['pin'] = pin
if type is not None:
reserve_data['type'] = type
if disabled is not None:
reserve_data['disabled'] = disabled
if bypass_secondary is not None:
reserve_data['bypass_secondary'] = bypass_secondary
if dns_servers is not None:
reserve_data['dns_servers'] = dns_servers
if dns_suffix is not None:
reserve_data['dns_suffix'] = dns_suffix
if resource_id is not None:
reserve_data['resource_id'] = resource_id
doc = QueueInitUserPooled.reserve(reserve_id, reserve_data, block=block)
if not doc:
return
user_doc = doc['user_doc']
user_doc.update(reserve_data)
org = organization.Organization(doc=doc['org_doc'])
return user.User(org=org, doc=user_doc)
def initialize(self, queue_user_init=True):
ca_user = user.User(org=self, type=CERT_CA)
if queue_user_init:
ca_user.queue_initialize(block=True,
priority=HIGH if self.type == ORG_DEFAULT else None)
else:
ca_user.initialize()
ca_user.commit()
self.ca_private_key = ca_user.private_key
self.ca_certificate = ca_user.certificate
def iter_users(self,
page=None,
search=None,
search_limit=None,
fields=None,
include_pool=False):
spec = {
'org_id': self.id,
'type': {
'$in': [CERT_CLIENT, CERT_SERVER]
},
}
limit = None
skip = None
page_count = settings.user.page_count
if include_pool:
spec['type']['$in'].append(CERT_CLIENT_POOL)
spec['type']['$in'].append(CERT_SERVER_POOL)
if fields:
fields = {key: True for key in fields}
if search is not None:
spec['name'] = {'$regex': '.*%s.*' % search}
limit = search_limit or page_count
elif page is not None:
limit = page_count
skip = page * page_count if page else 0
sort = [
('type', pymongo.ASCENDING),
('name', pymongo.ASCENDING),
]
cursor = user.User.collection.find(spec, fields).sort(sort)
if skip is not None:
cursor = cursor.skip(page * page_count if page else 0)
if limit is not None:
cursor = cursor.limit(limit)
if search:
self.last_search_count = cursor.count()
for doc in cursor:
yield user.User(self, doc=doc, fields=fields)
def initialize(self, queue_user_init=True):
ca_user = user.User(org=self, type=CERT_CA)
if queue_user_init:
ca_user.queue_initialize(block=True,
priority=HIGH if self.type == ORG_DEFAULT else None)
else:
ca_user.initialize()
ca_user.commit()
logger.debug('Init ca_user', 'organization',
org_id=self.id,
user_id=ca_user.id,
)
self.ca_private_key = ca_user.private_key
self.ca_certificate = ca_user.certificate
def new_user(self, type=CERT_CLIENT, block=True, pool=True, **kwargs):
# First attempt to get user from pool then attempt to get
# unfinished queued user in pool then queue a new user init
if type in (CERT_SERVER, CERT_CLIENT) and pool:
usr = user.reserve_pooled_user(org=self, type=type, **kwargs)
if not usr:
usr = queue.reserve('queued_user', org=self, type=type,
block=block, **kwargs)
if usr:
user.new_pooled_user(org=self, type=type)
return usr
usr = user.User(org=self, type=type, **kwargs)
usr.queue_initialize(block=block,
priority=HIGH if type in (CERT_SERVER, CERT_CLIENT) else None)
return usr
def iter_users(self,
page=None,
search=None,
search_limit=None,
fields=None,
include_pool=False):
spec = {
'org_id': self.id,
'type': CERT_CLIENT,
}
searched = False
type_search = False
limit = None
skip = None
page_count = settings.user.page_count
if fields:
fields = {key: True for key in fields}
if search is not None:
searched = True
n = search.find('id:')
if n != -1:
user_id = search[n + 3:].split(None, 1)
user_id = user_id[0] if user_id else ''
if user_id:
type_search = True
spec['_id'] = database.ParseObjectId(user_id)
search = search[:n] + search[n + 3 + len(user_id):].strip()
n = search.find('type:')
if n != -1:
user_type = search[n + 5:].split(None, 1)
user_type = user_type[0] if user_type else ''
if user_type:
type_search = True
spec['type'] = user_type
search = search[:n] + search[n + 5 + len(user_type):].strip()
n = search.find('group:')
if n != -1:
user_group = search[n + 6:].split(None, 1)
user_group = user_group[0] if user_group else ''
if user_group:
spec['groups'] = user_group
search = search[:n] + search[n + 6 + len(user_group):].strip()
n = search.find('email:')
if n != -1:
email = search[n + 6:].split(None, 1)
email = email[0] if email else ''
if email:
spec['email'] = {
'$regex': '.*%s.*' % re.escape(email),
'$options': 'i',
}
search = search[:n] + search[n + 6 + len(email):].strip()
n = search.find('status:')
if n != -1:
status = search[n + 7:].split(None, 1)
status = status[0] if status else ''
search = search[:n] + search[n + 7 + len(status):].strip()
if status not in (ONLINE, OFFLINE):
return
user_ids = self.clients_collection.find(
None, {
'_id': True,
'user_id': True,
}).distinct('user_id')
if status == ONLINE:
spec['_id'] = {'$in': user_ids}
else:
spec['_id'] = {'$nin': user_ids}
spec['name'] = {
'$regex': '.*%s.*' % re.escape(search).strip(),
'$options': 'i',
}
limit = search_limit or page_count
elif page is not None:
limit = page_count
skip = page * page_count if page else 0
cursor = user.User.collection.find(spec, fields).sort(
'name', pymongo.ASCENDING)
if skip is not None:
cursor = cursor.skip(page * page_count if page else 0)
if limit is not None:
cursor = cursor.limit(limit + 1)
if searched:
self.last_search_count = cursor.count()
if limit is None:
for doc in cursor:
yield user.User(self, doc=doc, fields=fields)
else:
count = 0
for doc in cursor:
count += 1
if count > limit:
return
yield user.User(self, doc=doc, fields=fields)
if type_search:
return
if include_pool:
spec['type'] = {
'$in': [CERT_SERVER, CERT_CLIENT_POOL, CERT_SERVER_POOL]
}
else:
spec['type'] = CERT_SERVER
cursor = user.User.collection.find(spec, fields).sort(
'name', pymongo.ASCENDING)
for doc in cursor:
yield user.User(self, doc=doc, fields=fields)
def user(self):
usr = user.User(org=self.org, doc=self.user_doc)
usr.exists = False
return usr
