def user_add(self):
"""add a user method via RESTAPI."""
data = request.get_json()
first_name = data['fn'].strip()
last_name = data['ln'].strip()
user_name = data['un'].strip().lower()
password = data['password'].strip()
email = data['email'].strip()
# check if user name exists or not
query = self.appbuilder.get_session.query(
func.count('*')).select_from(MyUser).filter(
MyUser.username == user_name)
count = query.scalar()
if count > 0:
return jsonify({'msg': 'Login name already exists.'}), 400
else:
# fetch role
roles = self.appbuilder.get_session.query(Role).filter(
Role.id.in_(data['rolesSelect'])).all()
item = MyUser()
item.extinfo = UserExtInfo(user_type='local')
item.first_name = first_name
item.last_name = last_name
item.username = user_name
item.active = True if data['active'] else False
item.email = email
item.password = generate_password_hash(password)
item.roles = roles
result = self.datamodel.add(item)
if result:
log.debug("Successfully add user %s by %s", user_name,
g.user.username)
return jsonify(
{'msg': "Add user {0} success".format(user_name)})
else:
log.error("Failed add user %s by %s", user_name,
g.user.username)
return make_response(
jsonify({'msg': "Add user {0} failed".format(user_name)}),
500)
def sync_ldap_user(self):
data = request.get_json()
if data.get('coreId'):
# search user from ldap
con = ldap.initialize(self.appbuilder.sm.auth_ldap_server)
con.set_option(ldap.OPT_REFERRALS, 0)
if self.appbuilder.sm.auth_ldap_use_tls:
try:
con.start_tls_s()
except Exception:
log.info(
LOGMSG_ERR_SEC_AUTH_LDAP_TLS.format(
self.appbuilder.sm.auth_ldap_server))
return jsonify(
{'msg': 'Init LDAP with SSL connection failed'}), 500
filter_str = ""
coreIds = data.get('coreId').split("\n")
for coreId in coreIds:
filter_str += "({0}={1})".format(
self.appbuilder.sm.auth_ldap_uid_field, coreId.strip())
filter_str = "(|{0})".format(filter_str)
users = con.search_s(
self.appbuilder.sm.auth_ldap_search, ldap.SCOPE_SUBTREE,
filter_str, [
self.appbuilder.sm.auth_ldap_uid_field,
self.appbuilder.sm.auth_ldap_firstname_field,
self.appbuilder.sm.auth_ldap_lastname_field,
self.appbuilder.sm.auth_ldap_email_field
])
# fetch roles
if data.get('rolesSelect') and len(data['rolesSelect']) > 0:
roles = self.appbuilder.get_session.query(Role).filter(
Role.id.in_(data['rolesSelect'])).all()
else:
roles = None
# sync into local
success_list = []
for user_ldapinfo in users:
motGUID = self.appbuilder.sm.ldap_extract(
user_ldapinfo[1], self.appbuilder.sm.auth_ldap_uid_field,
None)
local_user = self.datamodel.session.query(MyUser).filter(
MyUser.username == motGUID.lower()).one_or_none()
if not local_user:
local_user = MyUser()
local_user.username = motGUID.lower()
local_user.active = True
local_user.extinfo = UserExtInfo(user_type='ldap')
local_user.first_name = self.appbuilder.sm.ldap_extract(user_ldapinfo[1], \
self.appbuilder.sm.auth_ldap_firstname_field, local_user.first_name)
local_user.last_name = self.appbuilder.sm.ldap_extract(user_ldapinfo[1], \
self.appbuilder.sm.auth_ldap_lastname_field, local_user.last_name)
local_user.email = self.appbuilder.sm.ldap_extract(user_ldapinfo[1], \
self.appbuilder.sm.auth_ldap_email_field, local_user.email)
if roles:
local_user.roles = roles
result = self.datamodel.edit(local_user)
if result:
log.debug("Successfully sync ldap user %s by %s",
local_user.username, g.user.username)
success_list.append(local_user.username)
coreIds.remove(local_user.username)
else:
log.debug("Failed sync ldap user %s by %s",
local_user.username, g.user.username)
return jsonify({
'success_list': success_list,
'failed_list': coreIds
})
else:
return jsonify({'msg': 'Wrong parameter, coreId is null'}), 400