def reset_password_for_anon_user(user_info: dict,
user_name,
token_info: Dict = None):
"""Reset the password of the user."""
user = UserModel.find_by_username(user_name)
membership = MembershipModel.find_membership_by_userid(user.id)
org_id = membership.org_id
org = OrgModel.find_by_org_id(org_id)
if not org or org.access_type != AccessType.ANONYMOUS.value:
raise BusinessException(Error.INVALID_INPUT, None)
check_auth(org_id=org_id,
token_info=token_info,
one_of_roles=(ADMIN, STAFF))
update_user_request = KeycloakUser()
update_user_request.user_name = user_name.replace(
IdpHint.BCROS.value + '/', '')
update_user_request.password = user_info['password']
update_user_request.update_password_on_login()
try:
kc_user = KeycloakService.update_user(update_user_request)
except HTTPError as err:
current_app.logger.error('update_user in keycloak failed {}', err)
raise BusinessException(Error.UNDEFINED_ERROR, err)
return kc_user
def _create_kc_user(membership):
create_user_request = KeycloakUser()
create_user_request.first_name = membership['username']
create_user_request.user_name = membership['username']
create_user_request.password = membership['password']
create_user_request.enabled = True
create_user_request.attributes = {'access_type': AccessType.ANONYMOUS.value}
return create_user_request
def create_user_by_user_info(user_info: dict):
"""Return create user request."""
create_user_request = KeycloakUser()
create_user_request.user_name = user_info['preferred_username']
create_user_request.password = '******'
create_user_request.first_name = user_info['firstname']
create_user_request.last_name = user_info['lastname']
create_user_request.attributes = {'source': user_info['loginSource']}
create_user_request.enabled = True
return create_user_request
def create_user_and_add_membership(memberships: List[dict], org_id, token_info: Dict = None,
skip_auth: bool = False):
"""
Create user(s) in the DB and upstream keycloak.
accepts a list of memberships ie.a list of objects with username,password and membershipTpe
skip_auth can be used if called method already perfomed the authenticaiton
skip_auth= true is used now incase of invitation for admin users scenarion
other cases should be invoked with skip_auth=false
"""
if skip_auth: # make sure no bulk operation and only owner is created using if no auth
if len(memberships) > 1 or memberships[0].get('membershipType') not in [OWNER, ADMIN]:
raise BusinessException(Error.INVALID_USER_CREDENTIALS, None)
else:
check_auth(org_id=org_id, token_info=token_info, one_of_roles=(ADMIN, OWNER))
# check if anonymous org ;these actions cannot be performed on normal orgs
org = OrgModel.find_by_org_id(org_id)
if not org or org.access_type != AccessType.ANONYMOUS.value:
raise BusinessException(Error.INVALID_INPUT, None)
current_app.logger.debug('create_user')
users = []
for membership in memberships:
create_user_request = KeycloakUser()
current_app.logger.debug(f"create user username: {membership['username']}")
create_user_request.first_name = membership['username']
create_user_request.user_name = membership['username']
create_user_request.password = membership['password']
create_user_request.enabled = True
create_user_request.attributes = {'access_type': AccessType.ANONYMOUS.value}
if membership.get('update_password_on_login', True): # by default , reset needed
create_user_request.update_password_on_login()
try:
# TODO may be this method itself throw the business exception;can handle different exceptions?
kc_user = KeycloakService.add_user(create_user_request)
except HTTPError as err:
current_app.logger.error('create_user in keycloak failed', err)
raise BusinessException(Error.FAILED_ADDING_USER_IN_KEYCLOAK, None)
username = IdpHint.BCROS.value + '/' + membership['username']
existing_user = UserModel.find_by_username(username)
if existing_user:
current_app.logger.debug('Existing users found in DB')
raise BusinessException(Error.DATA_ALREADY_EXISTS, None)
user_model: UserModel = UserModel(username=username,
# BCROS is temporary value.Will be overwritten when user logs in
is_terms_of_use_accepted=False, status=Status.ACTIVE.value,
type=AccessType.ANONYMOUS.value, email=membership.get('email', None),
firstname=kc_user.first_name, lastname=kc_user.last_name)
user_model.save()
User._add_org_membership(org_id, user_model.id, membership['membershipType'])
users.append(User(user_model).as_dict())
return {'users': users}
def create_user_request():
"""Return create user request."""
create_user_request = KeycloakUser()
create_user_request.user_name = 'testuser1'
create_user_request.password = '******'
create_user_request.first_name = 'test_first'
create_user_request.last_name = 'test_last'
create_user_request.email = '*****@*****.**'
create_user_request.attributes = {'corp_type': 'CP', 'source': 'BCSC'}
create_user_request.enabled = True
return create_user_request
def create_user_request():
"""Return create user request."""
create_user_request = KeycloakUser()
user_name = ''.join(choice(ascii_lowercase) for i in range(5))
create_user_request.user_name = user_name
create_user_request.password = '******'
create_user_request.first_name = 'test_first'
create_user_request.last_name = 'test_last'
create_user_request.email = f'{user_name}@gov.bc.ca'
create_user_request.attributes = {'corp_type': 'CP', 'source': 'BCSC'}
create_user_request.enabled = True
return create_user_request
