def delete(self, uid): self._authorize(uid) _users = users.Users(index.Connector(index_suffix='users')) u = _users.get(uid) if not u: abort(404) _users.delete(uid)
def provision_user(self, request): raw_token = self._get_raw_token(request) # verified before so it's totally okay claims = jwt.decode(raw_token, verify=False) # TODO assuming the presence of claims, but a specific scope might be # needed. # These are expected to be standard though, see # https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims email = claims['email'] uid = claims['preferred_username'] name = claims['name'] _users = users.Users(index.Connector(index_suffix='users')) u = _users.get(uid) infos = { 'uid': uid, 'name': name, 'default-email': email, 'emails': [{ 'email': email }] } if u: _users.update(infos) else: _users.create(infos)
def __init__(self, db_path=None, db_default_file=None, vonly=False): YAMLDefinition.__init__(self, db_path, db_default_file) self.enriched_groups = False self.enriched_idents = False if not vonly: self._users = users.Users( index.Connector(index_suffix='users'))
def get(self, uid): self._authorize(uid) _users = users.Users(index.Connector(index_suffix='users')) u = _users.get(uid) if not u: abort(404) u['cid'] = utils.encrypt(xorkey, u['default-email']) return u
def __init__(self, db_path=None, db_default_file=None, vonly=False, db_cache_path=None): self.db_path = db_path or conf.get('db_path') self.db_default_file = db_default_file or conf.get('db_default_file') self.db_cache_path = db_cache_path or conf.get('db_cache_path') YAMLDefinition.__init__( self, self.db_path, self.db_default_file, self.db_cache_path) self.enriched_groups = False self.enriched_idents = False if not vonly: self._users = users.Users( index.Connector(index_suffix='users'))
def put(self, uid): # We don't pass uid to authorize, then only admin logged with # admin token will be authorized self._authorize() _users = users.Users(index.Connector(index_suffix='users')) u = _users.get(uid) if u: abort(409) infos = request.json if request.content_length else {} if not self._validate(infos): abort(400) # Need to check infos content infos['uid'] = uid _users.create(infos) response.status = 201
def post(self, uid): requester = self._authorize(uid) _users = users.Users(index.Connector(index_suffix='users')) u = _users.get(uid) if not u: abort(404) infos = request.json if request.content_length else {} infos['uid'] = uid # Can be provided by mistake, just remove it if 'cid' in infos: del infos['cid'] if not self._validate(infos): abort(400) if requester != 'admin': # User is not allowed to modify some raw_fields # like adding or removing emails ... if self._modify_protected_fields(u, infos): abort(403) _users.update(infos)