def clean_auth() -> Iterator[None]:
"""
clean_auth is a session-level fixture that ensures that we run tests with no preconfigured
authentication, and that any settings we save during tests are cleaned up afterwards.
"""
authentication.TokenStore(conf.make_master_url()).delete_token_cache()
yield None
authentication.TokenStore(conf.make_master_url()).delete_token_cache()
def change_password(parsed_args: Namespace) -> None:
if parsed_args.target_user:
username = parsed_args.target_user
elif parsed_args.user:
username = parsed_args.user
else:
username = authentication.must_cli_auth().get_session_user()
if not username:
# The default user should have been set by now by autologin.
print(
colored("Please log in as an admin or user to change passwords",
"red"))
return
password = getpass.getpass("New password for user '{}': ".format(username))
check_password = getpass.getpass("Confirm password: "******"Passwords do not match", "red"))
return
# Hash the password to avoid sending it in cleartext.
password = api.salt_and_hash(password)
update_user(username, parsed_args.master, password=password)
# If the target user's password isn't being changed by another user, reauthenticate after
# password change so that the user doesn't have to do so manually.
if parsed_args.target_user is None:
token_store = authentication.TokenStore(parsed_args.master)
token = authentication.do_login(parsed_args.master, username, password)
token_store.set_token(username, token)
token_store.set_active(username)
def do_GET(self) -> None:
try:
"""Serve a GET request."""
token = parse_qs(urlparse(self.path).query)["token"][0]
tmp_auth = {"Cookie": "auth={token}".format(token=token)}
me = api.get(master_url,
"/users/me",
headers=tmp_auth,
authenticated=False).json()
token_store = authentication.TokenStore(master_url)
token_store.set_token(me["username"], token)
token_store.set_active(me["username"])
print("Authenticated as {}.".format(me["username"]))
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(b"You can close this window now.")
close_cb(0)
except Exception as e:
print("Error authenticating: {}.".format(e))
close_cb(1)
def log_in_user(parsed_args: Namespace) -> None:
if parsed_args.username is None:
username = input("Username: "******"Password for user '{}': ".format(username)
# In order to not send clear-text passwords, we hash the password.
password = api.salt_and_hash(getpass.getpass(message))
token_store = authentication.TokenStore(parsed_args.master)
token = authentication.do_login(parsed_args.master, username, password)
token_store.set_token(username, token)
token_store.set_active(username)
def log_out_user(parsed_args: Namespace) -> None:
auth = authentication.cli_auth
if auth is None:
return
try:
api.post(
parsed_args.master,
"logout",
headers={
"Authorization": "Bearer {}".format(auth.get_session_token())
},
authenticated=False,
)
except api.errors.APIException as e:
if e.status_code != 401:
raise e
token_store = authentication.TokenStore(parsed_args.master)
token_store.drop_user(auth.get_session_user())