def add_user(body=None):
if connexion.request.is_json:
body = models.UserData.from_dict(
connexion.request.get_json()) # noqa: E501
if not body.data.attributes.user_name:
abort(400)
record = database.User()
record.user_name = body.data.attributes.user_name
record.last_name = body.data.attributes.last_name
record.first_name = body.data.attributes.first_name
record.email = body.data.attributes.email
if body.data.attributes.password:
record.password = hash_password(body.data.attributes.password)
record.permissions.clear()
if body.data.attributes.permissions:
for p in body.data.attributes.permissions:
permission = database.Permission(
permission_label_table[p.permission])
record.permissions.append(permission)
try:
with database.session_scope() as session:
session.add(record)
session.commit()
return models.UserData(data=__create_user(record)), 201
except sqlalchemy.exc.IntegrityError as e:
if e.orig.args[0] == database.ErrorCodes.DUPLICATE_ENTRY:
abort(409)
abort(400)
def create_user(parameters):
user = database.User()
user.user_name = parameters.get("user.user_name", "user")
user.first_name = "Joe"
user.last_name = "Doe"
user.password = hash_password("password")
admin = database.Permission(database.PermissionLabel.admin)
user.permissions.append(admin)
write = database.Permission(database.PermissionLabel.write)
user.permissions.append(write)
read = database.Permission(database.PermissionLabel.read)
user.permissions.append(read)
return user
def update_user(user_id, body=None):
if connexion.request.is_json:
body = models.UserData.from_dict(
connexion.request.get_json()) # noqa: E501
try:
user_is_admin = database.PermissionLabel.admin in current_permissions()
with database.session_scope() as session:
record = session.query(database.User).filter_by(id=user_id).first()
if not record:
abort(404)
# only admins can change other users
if user_id != current_user.id and not user_is_admin:
abort(403)
# the password of the current user can only be changed if the old password is provided
if body.data.attributes.password and user_id == current_user.id:
if not body.data.attributes.old_password:
abort(403)
if not test_password(body.data.attributes.old_password,
record.password):
abort(403)
if body.data.attributes.password:
record.password = hash_password(body.data.attributes.password)
record.user_name = body.data.attributes.user_name
record.last_name = body.data.attributes.last_name
record.first_name = body.data.attributes.first_name
record.email = body.data.attributes.email
# a user can not change her permissions
if user_id != current_user.id:
record.permissions.clear()
if body.data.attributes.permissions:
for p in body.data.attributes.permissions:
permission = database.Permission(
permission_label_table[p.permission])
record.permissions.append(permission)
return models.EcosystemData(data=__create_user(record))
except sqlalchemy.exc.IntegrityError as e:
if e.orig.args[0] == database.ErrorCodes.DUPLICATE_ENTRY:
abort(409)
abort(400)
def insert_first_user(name: str, password: str):
if not name or not password:
logger.warning("No initial user/password provided")
return
with session_scope() as session:
password_hash = hash_password(password)
statement = \
User.__table__.insert(). \
from_select([User.user_name, User.password],
select([literal(name), literal(password_hash)]).
where(~exists().where(User.__table__)))
result = session.execute(statement)
if result.lastrowid:
user = session.query(User).filter_by(id=result.lastrowid).first()
user.permissions = [
Permission(PermissionLabel.read),
Permission(PermissionLabel.write),
Permission(PermissionLabel.admin)
]
logger.info("Created initial user with ID %d", user.id)
def test_test_password(self):
hashed = ssh.hash_password("password")
self.assertTrue(ssh.test_password("password", hashed))
def test_hash_password(self):
self.assertEqual("$2b$12$", ssh.hash_password("password")[:7])