Esempio n. 1
0
 def remove_user(self, tenant_id, user_dn, user_id):
     conn = self.get_connection()
     try:
         conn.modify_s(self._id_to_dn(tenant_id),
                       [(ldap.MOD_DELETE, self.member_attribute, user_dn)])
     except ldap.NO_SUCH_ATTRIBUTE:
         raise exception.NotFound(user_id)
     finally:
         conn.unbind_s()
Esempio n. 2
0
 def get_reset_profile(self, user_id, reset_token):
     session = sql.get_session()
     with session.begin():
         profile_ref = session.query(ResetProfile).filter_by(
             reset_token=reset_token, user_id=user_id).first()
     if profile_ref is None:
         raise exception.NotFound(
             _('No Profile found for user: %s' % user_id))
     return profile_ref.to_dict()
Esempio n. 3
0
 def check_user_in_group(self, user_id, group_id):
     session = db_session.get_session()
     self.get_group(group_id)
     self.get_user(user_id)
     query = session.query(UserGroupMembership)
     query = query.filter_by(user_id=user_id)
     query = query.filter_by(group_id=group_id)
     if not query.first():
         raise exception.NotFound(_('User not found in group'))
Esempio n. 4
0
 def remove_user_from_tenant(self, tenant_id, user_id):
     self.get_tenant(tenant_id)
     user_ref = self._get_user(user_id)
     tenants = set(user_ref.get('tenants', []))
     try:
         tenants.remove(tenant_id)
     except KeyError:
         raise exception.NotFound('User not found in tenant')
     self.update_user(user_id, {'tenants': list(tenants)})
Esempio n. 5
0
 def remove_user_from_group(self, user_id, group_id):
     self.get_group(group_id)
     user_ref = self._get_user(user_id)
     groups = set(user_ref.get('groups', []))
     try:
         groups.remove(group_id)
     except KeyError:
         raise exception.NotFound(_('User not found in group'))
     self.update_user(user_id, {'groups': list(groups)})
Esempio n. 6
0
 def _get_project_endpoint_ref(self, session, endpoint_id, project_id):
     endpoint_filter_ref = session.query(ProjectEndpoint).get(
         (endpoint_id, project_id))
     if endpoint_filter_ref is None:
         msg = _('Endpoint %(endpoint_id)s not found in project '
                 '%(project_id)s') % {'endpoint_id': endpoint_id,
                                      'project_id': project_id}
         raise exception.NotFound(msg)
     return endpoint_filter_ref
Esempio n. 7
0
 def get_access_token_by_refresh_token(self, refresh_token):
     session = sql.get_session()
     with session.begin():
         access_token_ref = session.query(AccessToken).filter_by(
             refresh_token=refresh_token).first()
         if access_token_ref is None:
             msg = _('Access Token for refresh token %s not found'
                     ) % refresh_token
             raise exception.NotFound(message=msg)
     return access_token_ref.to_dict()
Esempio n. 8
0
 def get(self, key, default=None):
     try:
         if isinstance(self[key], dict):
             return self[key].copy()
         else:
             return self[key][:]
     except KeyError:
         if default is not None:
             return default
         raise exception.NotFound(target=key)
Esempio n. 9
0
 def _get_endpoint_group_in_project(self, session,
                                    endpoint_group_id, project_id):
     endpoint_group_project_ref = session.query(
         ProjectEndpointGroupMembership).get((endpoint_group_id,
                                              project_id))
     if endpoint_group_project_ref is None:
         msg = _('Endpoint Group Project Association not found')
         raise exception.NotFound(msg)
     else:
         return endpoint_group_project_ref
Esempio n. 10
0
    def get(self, user_id, access_token_id):
        """Get specific access token.

        GET/HEAD /v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}
        """
        ENFORCER.enforce_call(action='identity:get_access_token')
        access_token = PROVIDERS.oauth_api.get_access_token(access_token_id)
        if access_token['authorizing_user_id'] != user_id:
            raise ks_exception.NotFound()
        access_token = _format_token_entity(access_token)
        return self.wrap_member(access_token)
Esempio n. 11
0
 def patch(self, argument_id):
     rbac_enforcer.enforcer.RBACEnforcer.enforce_call(
         action='example:allowed')
     try:
         self._storage_dict[argument_id]
     except KeyError:
         raise exception.NotFound(target=argument_id)
     ref = flask.request.get_json(force=True)
     self._require_matching_id(ref)
     self._storage_dict[argument_id].update(ref)
     return self.wrap_member(self._storage_dict[argument_id])
Esempio n. 12
0
 def check_user_in_group(self, user_id, group_id):
     self.get_user(user_id)
     self.get_group(group_id)
     user_refs = self.list_users_in_group(group_id, driver_hints.Hints())
     found = False
     for x in user_refs:
         if x['id'] == user_id:
             found = True
             break
     if not found:
         raise exception.NotFound(_('User not found in group'))
Esempio n. 13
0
    def get_activation_profile(self, user_id, activation_key=None):
        session = sql.get_session()
        with session.begin():
            query = session.query(ActivationProfile).filter_by(user_id=user_id)
            if activation_key:
                query = query.filter_by(activation_key=activation_key)
            profile_ref = query.first()

        if profile_ref is None:
            raise exception.NotFound(
                _('No Profile found for user: %s' % user_id))
        return profile_ref.to_dict()
Esempio n. 14
0
 def check_user_in_group(self, user_id, group_id):
     session = sql.get_session()
     self.get_group(group_id)
     self.get_user(user_id)
     query = session.query(UserGroupMembership)
     query = query.filter_by(user_id=user_id)
     query = query.filter_by(group_id=group_id)
     if not query.first():
         raise exception.NotFound(_("User '%(user_id)s' not found in"
                                    " group '%(group_id)s'") %
                                  {'user_id': user_id,
                                   'group_id': group_id})
Esempio n. 15
0
 def remove_user_from_group(self, user_id, group_id):
     session = sql.get_session()
     # We don't check if user or group are still valid and let the remove
     # be tried anyway - in case this is some kind of clean-up operation
     query = session.query(UserGroupMembership)
     query = query.filter_by(user_id=user_id)
     query = query.filter_by(group_id=group_id)
     membership_ref = query.first()
     if membership_ref is None:
         raise exception.NotFound(_('User not found in group'))
     with session.begin():
         session.delete(membership_ref)
Esempio n. 16
0
    def remove_user_from_project(self, tenant_id, user_id):
        """Remove user from a tenant

        :raises: keystone.exception.ProjectNotFound,
                 keystone.exception.UserNotFound

        """
        roles = self.get_roles_for_user_and_project(user_id, tenant_id)
        if not roles:
            raise exception.NotFound(tenant_id)
        for role_id in roles:
            self.remove_role_from_user_and_project(user_id, tenant_id, role_id)
Esempio n. 17
0
 def put(self, argument_id):
     rbac_enforcer.enforcer.RBACEnforcer.enforce_call(
         action='example:allowed')
     try:
         self._storage_dict[argument_id]
     except KeyError:
         raise exception.NotFound(target=argument_id)
     ref = flask.request.get_json(force=True)
     self._require_matching_id(ref)
     # Maintain the ref id
     ref['id'] = argument_id
     self._storage_dict[argument_id] = ref
     return '', 204
Esempio n. 18
0
 def get(self, argument_id=None):
     # List with no argument, get resource with id, used for HEAD as well.
     rbac_enforcer.enforcer.RBACEnforcer.enforce_call(
         action='example:allowed')
     if argument_id is None:
         # List
         return self._list_arguments()
     else:
         # get resource with id
         try:
             return self.wrap_member(self._storage_dict[argument_id])
         except KeyError:
             raise exception.NotFound(target=argument_id)
Esempio n. 19
0
 def check_user_in_group(self, user_id, group_id):
     user_refs = self.list_users_in_group(group_id, driver_hints.Hints())
     for x in user_refs:
         if x['id'] == user_id:
             break
     else:
         # Try to fetch the user to see if it even exists.  This
         # will raise a more accurate exception.
         self.get_user(user_id)
         raise exception.NotFound(_("User '%(user_id)s' not found in"
                                    " group '%(group_id)s'") %
                                  {'user_id': user_id,
                                   'group_id': group_id})
Esempio n. 20
0
 def check_security_question(self, user_id, two_factor_auth):
     session = sql.get_session()
     twofactor = session.query(TwoFactor).get(user_id)
     if twofactor is None:
         raise exception.NotFound(
             _('Two Factor Authentication is not enabled for user %s.' %
               user_id))
     else:
         if (two_factor_auth['security_answer'] !=
                 twofactor.security_answer):
             return False
         else:
             return True
Esempio n. 21
0
 def remove_user_from_tenant(self, tenant_id, user_id):
     session = self.get_session()
     self.get_tenant(tenant_id)
     self.get_user(user_id)
     query = session.query(UserTenantMembership)
     query = query.filter_by(user_id=user_id)
     query = query.filter_by(tenant_id=tenant_id)
     membership_ref = query.first()
     if membership_ref is None:
         raise exception.NotFound('User not found in tenant')
     with session.begin():
         session.delete(membership_ref)
         session.flush()
Esempio n. 22
0
    def _dispatch(req):
        """Dispatch the request to the appropriate controller.

        Called by self._router after matching the incoming request to a route
        and putting the information into req.environ.  Either returns 404
        or the routed WSGI app's response.

        """
        match = req.environ['wsgiorg.routing_args'][1]
        if not match:
            return render_exception(
                exception.NotFound(message='The resource could not be found.'))
        app = match['controller']
        return app
Esempio n. 23
0
 def check_user_in_group(self, user_id, group_id):
     # Before doing anything, check that the user exists. This will raise
     # a not found error if the user doesn't exist so we avoid doing extra
     # work.
     self.get_user(user_id)
     member_list = self.group.list_group_users(group_id)
     for group_member_id in self._transform_group_member_ids(member_list):
         if group_member_id == user_id:
             break
     else:
         raise exception.NotFound(_("User '%(user_id)s' not found in"
                                    " group '%(group_id)s'") %
                                  {'user_id': user_id,
                                   'group_id': group_id})
Esempio n. 24
0
    def get(self, user_id, access_token_id):
        """List roles for a user access token.

        GET/HEAD /v3/users/{user_id}/OS-OAUTH1/access_tokens/
                 {access_token_id}/roles
        """
        ENFORCER.enforce_call(action='identity:list_access_token_roles')
        access_token = PROVIDERS.oauth_api.get_access_token(access_token_id)
        if access_token['authorizing_user_id'] != user_id:
            raise ks_exception.NotFound()
        authed_role_ids = access_token['role_ids']
        authed_role_ids = jsonutils.loads(authed_role_ids)
        refs = ([_format_role_entity(x) for x in authed_role_ids])
        return self.wrap_collection(refs)
Esempio n. 25
0
 def get_multi(self, keys):
     """Get multiple values in a single call from the KVS backend."""
     self._assert_configured()
     values = self._region.get_multi(keys)
     not_found = []
     for index, key in enumerate(keys):
         if values[index] is NO_VALUE:
             not_found.append(key)
     if not_found:
         # NOTE(morganfainberg): If any of the multi-get values are non-
         # existent, we should raise a NotFound error to mimic the .get()
         # method's behavior.  In all cases the internal dogpile NO_VALUE
         # should be masked from the consumer of the KeyValueStore.
         raise exception.NotFound(target=not_found)
     return values
Esempio n. 26
0
 def get_consumer_credentials(self, client_id, user_id):
     session = sql.get_session()
     with session.begin():
         # NOTE(garcianavalon) I have decided to keep the credentials stored
         # after the client grants the authorization, so the client can POST
         # again to get a new authorization code with out needing the redirect
         # with the query string before. Therefore, this query retrieves the
         #last row for that user-client tuple
         query = (session.query(ConsumerCredentials).filter_by(
             user_id=user_id, client_id=client_id).order_by(
                 sql.sql.desc(ConsumerCredentials.created_at)))
         credentials_ref = query.first()
     if credentials_ref is None:
         raise exception.NotFound(_('Credentials not found'))
     return credentials_ref.to_dict()
Esempio n. 27
0
    def _dispatch(req):
        """Dispatch the request to the appropriate controller.

        Called by self._router after matching the incoming request to a route
        and putting the information into req.environ.  Either returns 404
        or the routed WSGI app's response.

        """
        match = req.environ['wsgiorg.routing_args'][1]
        if not match:
            msg = (_('(%(url)s): The resource could not be found.') %
                   {'url': req.url})
            return render_exception(exception.NotFound(msg),
                                    request=req,
                                    user_locale=best_match_language(req))
        app = match['controller']
        return app
Esempio n. 28
0
 def remove_user_from_group(self, user_id, group_id):
     # We don't check if user or group are still valid and let the remove
     # be tried anyway - in case this is some kind of clean-up operation
     with sql.session_for_write() as session:
         query = session.query(model.UserGroupMembership)
         query = query.filter_by(user_id=user_id)
         query = query.filter_by(group_id=group_id)
         membership_ref = query.first()
         if membership_ref is None:
             # Check if the group and user exist to return descriptive
             # exceptions.
             self.get_group(group_id)
             self.get_user(user_id)
             raise exception.NotFound(_("User '%(user_id)s' not found in"
                                        " group '%(group_id)s'") %
                                      {'user_id': user_id,
                                       'group_id': group_id})
         session.delete(membership_ref)
Esempio n. 29
0
    def remove_user_from_project(self, tenant_id, user_id):
        """Remove user from a tenant

        :raises: keystone.exception.ProjectNotFound,
                 keystone.exception.UserNotFound

        """
        roles = self.get_roles_for_user_and_project(user_id, tenant_id)
        if not roles:
            raise exception.NotFound(tenant_id)
        for role_id in roles:
            try:
                self.driver.remove_role_from_user_and_project(
                    user_id, tenant_id, role_id)
            except exception.RoleNotFound:
                LOG.debug(
                    _("Removing role %s failed because it does not "
                      "exist."), role_id)
Esempio n. 30
0
 def get_catalog(self, user_id, tenant_id):
     try:
         return self.driver.get_catalog(user_id, tenant_id)
     except exception.NotFound:
         raise exception.NotFound('Catalog not found for user and tenant')