Esempio n. 1
0
 def change_password(self, old_pwd='', new_pwd=''):
     user_id = self._get_actor_id()
     user_obj = self._validate_resource_id("user_id", user_id,
                                           RT.ActorIdentity)
     self.idm_client.check_actor_credentials(
         user_obj.credentials[0].username, old_pwd)
     IdentityUtils.check_password_policy(new_pwd)
     self.idm_client.set_actor_credentials(user_id,
                                           user_obj.credentials[0].username,
                                           new_pwd)
Esempio n. 2
0
    def define_user(self,
                    user_id='',
                    first_name='',
                    last_name='',
                    username='',
                    password='',
                    email='',
                    attributes=None):
        if user_id:
            raise NotImplementedError("Update not supported: user_id=%s" %
                                      user_id)
        if not email:
            raise BadRequest('Email is required')
        username = username or email

        user = self._get_user_by_email(email)
        if user:
            raise BadRequest("Email already taken")

        if not username or not is_valid_identifier(username,
                                                   valid_chars=EMAIL_VALID):
            raise BadRequest("Argument username invalid: %s" % username)
        if attributes and type(attributes) is not dict:
            raise BadRequest("Argument attributes invalid type")
        if not first_name:
            first_name = username
        attributes = attributes or {}

        full_name = ("%s %s" %
                     (first_name, last_name)) if last_name else first_name

        IdentityUtils.check_password_policy(password)

        contact = ContactInformation(individual_names_given=first_name,
                                     individual_name_family=last_name,
                                     email=email)
        user_profile = UserIdentityDetails(contact=contact, profile=attributes)
        actor_obj = ActorIdentity(name=full_name, details=user_profile)

        # Support fast setting of credentials without expensive compute of bcrypt hash, for quick preload
        pwd_salt, pwd_hash = None, None
        if attributes and "scion_init_pwdsalt" in attributes and "scion_init_pwdhash" in attributes:
            pwd_salt, pwd_hash = attributes.pop(
                "scion_init_pwdsalt"), attributes.pop("scion_init_pwdhash")

        user_exists = self.idm_client.is_user_existing(username)
        if user_exists:
            raise BadRequest("Username already taken")

        actor_id = self.idm_client.create_actor_identity(actor_obj)

        if pwd_salt and pwd_hash:
            # Add to credentials
            actor_obj1 = self.rr.read(actor_id)
            cred_obj = None
            for cred in actor_obj1.credentials:
                if cred.username == username:
                    cred_obj = cred
                    break
            if not cred_obj:
                cred_obj = Credentials()
                cred_obj.username = username
                actor_obj1.credentials.append(cred_obj)
                actor_obj1.alt_ids.append("UNAME:" + username)
            cred_obj.identity_provider = "SciON"
            cred_obj.authentication_service = "SciON IdM"
            cred_obj.password_salt = pwd_salt
            cred_obj.password_hash = pwd_hash
            self.rr.update(actor_obj1)
        else:
            self.idm_client.set_actor_credentials(actor_id, username, password)

        return actor_id
Esempio n. 3
0
    def define_user(self, user_id='', first_name='', last_name='', username='', password='',
                    email='', attributes=None):
        if user_id:
            raise NotImplementedError("Update not supported: user_id=%s" % user_id)
        if not email:
            raise BadRequest('Email is required')
        username = username or email

        user = self._get_user_by_email(email)
        if user:
            raise BadRequest("Email already taken")

        if not username or not is_valid_identifier(username, valid_chars=EMAIL_VALID):
            raise BadRequest("Argument username invalid: %s" % username)
        if attributes and type(attributes) is not dict:
            raise BadRequest("Argument attributes invalid type")
        if not first_name:
            first_name = username
        attributes = attributes or {}

        full_name = ("%s %s" % (first_name, last_name)) if last_name else first_name

        IdentityUtils.check_password_policy(password)

        contact = ContactInformation(individual_names_given=first_name, individual_name_family=last_name, email=email)
        user_profile = UserIdentityDetails(contact=contact, profile=attributes)
        actor_obj = ActorIdentity(name=full_name, details=user_profile)

        # Support fast setting of credentials without expensive compute of bcrypt hash, for quick preload
        pwd_salt, pwd_hash = None, None
        if attributes and "scion_init_pwdsalt" in attributes and "scion_init_pwdhash" in attributes:
            pwd_salt, pwd_hash = attributes.pop("scion_init_pwdsalt"), attributes.pop("scion_init_pwdhash")

        user_exists = self.idm_client.is_user_existing(username)
        if user_exists:
            raise BadRequest("Username already taken")

        actor_id = self.idm_client.create_actor_identity(actor_obj)

        if pwd_salt and pwd_hash:
            # Add to credentials
            actor_obj1 = self.rr.read(actor_id)
            cred_obj = None
            for cred in actor_obj1.credentials:
                if cred.username == username:
                    cred_obj = cred
                    break
            if not cred_obj:
                cred_obj = Credentials()
                cred_obj.username = username
                actor_obj1.credentials.append(cred_obj)
                actor_obj1.alt_ids.append("UNAME:" + username)
            cred_obj.identity_provider = "SciON"
            cred_obj.authentication_service = "SciON IdM"
            cred_obj.password_salt = pwd_salt
            cred_obj.password_hash = pwd_hash
            self.rr.update(actor_obj1)
        else:
            self.idm_client.set_actor_credentials(actor_id, username, password)

        return actor_id
Esempio n. 4
0
 def change_password(self, old_pwd='', new_pwd=''):
     user_id = self._get_actor_id()
     user_obj = self._validate_resource_id("user_id", user_id, RT.ActorIdentity)
     self.idm_client.check_actor_credentials(user_obj.credentials[0].username, old_pwd)
     IdentityUtils.check_password_policy(new_pwd)
     self.idm_client.set_actor_credentials(user_id, user_obj.credentials[0].username , new_pwd)