Esempio n. 1
0
class UserController(wsgi.Application):
    def __init__(self):
        self.identity_api = IdentityManager()
        self.token_api = TokenManager()
        self.user_controller = UserManager()

    def set_user_password(self, context, user_id, user):
        token_id = context.get('token_id')
        original_password = user.get('original_password')

        token_ref = self.token_api.get_token(context=context,
                                             token_id=token_id)
        user_id_from_token = token_ref['user']['id']

        if user_id_from_token != user_id:
            raise exception.Forbidden('Token belongs to another user')
        if original_password is None:
            raise exception.ValidationError(target='user',
                                            attribute='original password')

        try:
            user_ref = self.identity_api.authenticate(
                context=context,
                user_id=user_id_from_token,
                password=original_password)[0]
            if not user_ref.get('enabled', True):
                # NOTE(dolph): why can't you set a disabled user's password?
                raise exception.Unauthorized('User is disabled')
        except AssertionError:
            raise exception.Unauthorized()

        update_dict = {'password': user['password'], 'id': user_id}

        admin_context = copy.copy(context)
        admin_context['is_admin'] = True
        self.user_controller.set_user_password(admin_context, user_id,
                                               update_dict)

        token_id = uuid.uuid4().hex
        new_token_ref = copy.copy(token_ref)
        new_token_ref['id'] = token_id
        self.token_api.create_token(context=context,
                                    token_id=token_id,
                                    data=new_token_ref)
        logging.debug('TOKEN_REF %s', new_token_ref)
        return {'access': {'token': new_token_ref}}
Esempio n. 2
0
class UserController(wsgi.Application):
    def __init__(self):
        self.identity_api = IdentityManager()
        self.token_api = TokenManager()
        self.user_controller = UserManager()

    def set_user_password(self, context, user_id, user):
        token_id = context.get('token_id')
        original_password = user.get('original_password')

        token_ref = self.token_api.get_token(context=context,
                                             token_id=token_id)
        user_id_from_token = token_ref['user']['id']

        if user_id_from_token != user_id:
            raise exception.Forbidden('Token belongs to another user')
        if original_password is None:
            raise exception.ValidationError(target='user',
                                            attribute='original password')

        try:
            user_ref = self.identity_api.authenticate(
                context=context,
                user_id=user_id_from_token,
                password=original_password)[0]
            if not user_ref.get('enabled', True):
                # NOTE(dolph): why can't you set a disabled user's password?
                raise exception.Unauthorized('User is disabled')
        except AssertionError:
            raise exception.Unauthorized()

        update_dict = {'password': user['password'], 'id': user_id}

        admin_context = copy.copy(context)
        admin_context['is_admin'] = True
        self.user_controller.set_user_password(admin_context,
                                               user_id,
                                               update_dict)

        token_id = uuid.uuid4().hex
        new_token_ref = copy.copy(token_ref)
        new_token_ref['id'] = token_id
        self.token_api.create_token(context=context, token_id=token_id,
                                    data=new_token_ref)
        logging.debug('TOKEN_REF %s', new_token_ref)
        return {'access': {'token': new_token_ref}}
Esempio n. 3
0
 def __init__(self):
     self.identity_api = IdentityManager()
     self.token_api = TokenManager()
     self.user_controller = UserManager()