def create_new_user(context: Dict[str, Any], new_user_data: Dict[str, Any], project_name: str) -> bool: analizable_list = list(new_user_data.values())[1:-1] if (all(validate_alphanumeric_field(field) for field in analizable_list) and validate_phone_field(new_user_data['phone_number']) and validate_email_address(new_user_data['email'])): email = new_user_data['email'] organization = new_user_data['organization'] responsibility = new_user_data['responsibility'] role = new_user_data['role'] phone_number = new_user_data['phone_number'] else: return False success = False if not user_domain.get_data(email, 'email'): user_domain.create(email.lower(), { 'company': organization.lower(), 'phone': phone_number }) if not user_domain.is_registered(email): user_domain.register(email) user_domain.assign_role(email, role) user_domain.update(email, organization.lower(), 'company') elif user_domain.is_registered(email): user_domain.assign_role(email, role) if project_name and responsibility and len(responsibility) <= 50: project_domain.add_access(email, project_name, 'responsibility', responsibility) else: util.cloudwatch_log( context, 'Security: {email} Attempted to add responsibility to project \ {project} without validation'.format(email=email, project=project_name)) if phone_number and phone_number[1:].isdigit(): user_domain.add_phone_to_user(email, phone_number) if project_name and role == 'customeradmin': project_domain.add_user(project_name.lower(), email.lower(), role) if project_name and user_domain.update_project_access( email, project_name, True): description = project_domain.get_description(project_name.lower()) project_url = \ 'https://fluidattacks.com/integrates/dashboard#!/project/' \ + project_name.lower() + '/indicators' mail_to = [email] context = { 'admin': email, 'project': project_name, 'project_description': description, 'project_url': project_url, } email_send_thread = \ threading.Thread(name='Access granted email thread', target=send_mail_access_granted, args=(mail_to, context,)) email_send_thread.start() success = True return success
def resolve_authorized(self, info): """ Resolve user authorization """ jwt_content = util.get_jwt_content(info.context) user_email = jwt_content.get('user_email') self.authorized = user_domain.is_registered(user_email) return self.authorized
def mutate(_, info, auth_token, provider, push_token): authorized = False session_jwt = '' success = False if provider == 'google': try: user_info = id_token.verify_oauth2_token( auth_token, requests.Request()) if user_info['iss'] not in [ 'accounts.google.com', 'https://accounts.google.com' ]: rollbar.report_message('Error: Invalid oauth2 issuer', 'error', info.context, user_info['iss']) raise GraphQLError('INVALID_AUTH_TOKEN') if user_info['aud'] not in [ FI_GOOGLE_OAUTH2_KEY_ANDROID, FI_GOOGLE_OAUTH2_KEY_IOS ]: rollbar.report_message('Error: Invalid oauth2 audience', 'error', info.context, user_info['aud']) raise GraphQLError('INVALID_AUTH_TOKEN') email = user_info['email'] authorized = user_domain.is_registered(email) if push_token: user_dal.update(email, {'devices_to_notify': set(push_token)}) session_jwt = jwt.encode( { 'user_email': email, 'user_role': user_domain.get_data(email, 'role'), 'company': user_domain.get_data(email, 'company'), 'first_name': user_info['given_name'], 'last_name': user_info['family_name'], 'exp': datetime.utcnow() + timedelta(seconds=settings.SESSION_COOKIE_AGE) }, algorithm='HS512', key=settings.JWT_SECRET, ) success = True except ValueError: util.cloudwatch_log( info.context, 'Security: Sign in attempt using invalid Google token') raise GraphQLError('INVALID_AUTH_TOKEN') else: rollbar.report_message('Error: Unknown auth provider' + provider, 'error') raise GraphQLError('UNKNOWN_AUTH_PROVIDER') return SignIn(authorized, session_jwt, success)
def mutate(_, info, remember): user_email = util.get_jwt_content(info.context)['user_email'] is_registered = user_domain.is_registered(user_email) if is_registered: user_domain.update_legal_remember(user_email, remember) success = True else: success = False return AcceptLegal(success=success)
def resolve_accept_legal(_, info, remember=False): """Resolve accept_legal mutation.""" user_email = util.get_jwt_content(info.context)['user_email'] is_registered = user_domain.is_registered(user_email) if is_registered: user_domain.update_legal_remember(user_email, remember) success = True else: success = False return dict(success=success)
def check_registered(strategy, details, backend, *args, **kwargs): del args del kwargs del backend email = details['email'].lower() is_registered = user_domain.is_registered(email) last_login = user_domain.get_data(email, 'last_login') role = user_domain.get_data(email, 'role') company = user_domain.get_data(email, 'company') strategy.session_set('username', email) strategy.session_set('registered', is_registered) if role == 'customeradmin': role = 'customer' else: # different role pass strategy.session_set('role', role) strategy.session_set('company', company) strategy.session_set('last_login', last_login) strategy.session_set('projects', {})
def is_registered(user: str) -> bool: """ Verify if the user is registered. """ return user_domain.is_registered(user)
def _get_authorized(jwt_content): """Get user authorization.""" user_email = jwt_content.get('user_email') result = user_domain.is_registered(user_email) return dict(authorized=result)