def _check_username_password_local(username, password=None):
"""
Check a username and password against the local database.
Return None if the username and password are not valid
@type username: str
@param username: the login of the user
@type password: str or None
@param password: password of the user, None => do not validate the password
@rtype: L{pulp.server.db.model.User} instance or None
@return: user corresponding to the credentials
"""
user_query_manager = factory.user_query_manager()
user = user_query_manager.find_by_login(username)
if user is None:
_log.error('User [%s] specified in certificate was not found in the system' %
username)
return None
if user['password'] is None and password is not None:
_log.error('This is an ldap user %s' % user)
return None
if password is not None:
if not factory.password_manager().check_password(user['password'], password):
_log.error('Password for user [%s] was incorrect' % username)
return None
return user
def _check_username_password_local(self, username, password=None):
"""
Check a username and password against the local database.
Return None if the username and password are not valid
:type username: str
:param username: the login of the user
:type password: str or None
:param password: password of the user, None => do not validate the password
:rtype: L{pulp.server.db.model.auth.User} instance or None
:return: user corresponding to the credentials
"""
user_query_manager = factory.user_query_manager()
user = user_query_manager.find_by_login(username)
if user is None:
_logger.debug(_('User [%(u)s] specified in certificate was not found in the system') %
{'u': username})
return None
if user['password'] is None and password is not None:
_logger.debug('This is an ldap user %s' % user)
return None
if password is not None:
if not factory.password_manager().check_password(user['password'], password):
_logger.debug('Password for user [%s] was incorrect' % username)
return None
return user
def test_syntactic_sugar_methods(self):
"""
Tests the syntactic sugar methods for retrieving specific managers.
"""
# Setup
factory.initialize()
# Test
self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager))
self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager))
self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager))
self.assertTrue(isinstance(factory.password_manager(), PasswordManager))
self.assertTrue(isinstance(factory.permission_manager(), PermissionManager))
self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager))
self.assertTrue(isinstance(factory.role_manager(), RoleManager))
self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager))
self.assertTrue(isinstance(factory.user_manager(), UserManager))
self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager))
self.assertTrue(isinstance(factory.repo_manager(), RepoManager))
self.assertTrue(isinstance(factory.repo_unit_association_manager(),
RepoUnitAssociationManager))
self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager))
self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager))
self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager))
self.assertTrue(isinstance(factory.content_manager(), ContentManager))
self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager))
self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager))
self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager))
self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))
def test_syntactic_sugar_methods(self):
"""
Tests the syntactic sugar methods for retrieving specific managers.
"""
# Setup
factory.initialize()
# Test
self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager))
self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager))
self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager))
self.assertTrue(isinstance(factory.password_manager(), PasswordManager))
self.assertTrue(isinstance(factory.permission_manager(), PermissionManager))
self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager))
self.assertTrue(isinstance(factory.role_manager(), RoleManager))
self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager))
self.assertTrue(isinstance(factory.user_manager(), UserManager))
self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager))
self.assertTrue(isinstance(factory.repo_manager(), RepoManager))
self.assertTrue(isinstance(factory.repo_unit_association_manager(), RepoUnitAssociationManager))
self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager))
self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager))
self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager))
self.assertTrue(isinstance(factory.content_manager(), ContentManager))
self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager))
self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager))
self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager))
self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))
def create_user(login, password=None, name=None, roles=None):
"""
Creates a new Pulp user and adds it to specified to roles.
@param login: login name / unique identifier for the user
@type login: str
@param password: password for login credentials
@type password: str
@param name: user's full name
@type name: str
@param roles: list of roles user will belong to
@type roles: list
@raise DuplicateResource: if there is already a user with the requested login
@raise InvalidValue: if any of the fields are unacceptable
"""
existing_user = User.get_collection().find_one({'login': login})
if existing_user is not None:
raise DuplicateResource(login)
invalid_values = []
if login is None or _USER_LOGIN_REGEX.match(login) is None:
invalid_values.append('login')
if invalid_type(name, basestring):
invalid_values.append('name')
if invalid_type(roles, list):
invalid_values.append('roles')
if invalid_values:
raise InvalidValue(invalid_values)
# Use the login for name of the user if one was not specified
name = name or login
roles = roles or None
# Encode plain-text password
hashed_password = None
if password:
hashed_password = factory.password_manager().hash_password(password)
# Creation
create_me = User(login=login, password=hashed_password, name=name, roles=roles)
User.get_collection().save(create_me)
# Grant permissions
permission_manager = factory.permission_manager()
permission_manager.grant_automatic_permissions_for_user(create_me['login'])
# Retrieve the user to return the SON object
created = User.get_collection().find_one({'login': login})
created.pop('password')
return created
def setUp(self):
super(AuthControllersTests, self).setUp()
self.user_manager = manager_factory.user_manager()
self.user_query_manager = manager_factory.user_query_manager()
self.role_manager = manager_factory.role_manager()
self.role_query_manager = manager_factory.role_query_manager()
self.permission_manager = manager_factory.permission_manager()
self.permission_query_manager = manager_factory.permission_query_manager()
self.password_manager = manager_factory.password_manager()
self.role_manager.ensure_super_user_role()
self.user_manager.ensure_admin()
def setUp(self):
super(AuthControllersTests, self).setUp()
self.user_manager = manager_factory.user_manager()
self.user_query_manager = manager_factory.user_query_manager()
self.role_manager = manager_factory.role_manager()
self.role_query_manager = manager_factory.role_query_manager()
self.permission_manager = manager_factory.permission_manager()
self.permission_query_manager = manager_factory.permission_query_manager(
)
self.password_manager = manager_factory.password_manager()
self.role_manager.ensure_super_user_role()
self.user_manager.ensure_admin()
def update_user(login, delta):
"""
Updates the user. Following fields may be updated through this call:
* password
* name
* roles
Other fields found in delta will be ignored.
@param login: identifies the user
@type login: str
@param delta: list of attributes and their new values to change
@type delta: dict
@raise MissingResource: if there is no user with login
"""
user = User.get_collection().find_one({'login': login})
if user is None:
raise MissingResource(login)
# Check invalid values
invalid_values = []
if 'password' in delta:
password = delta.pop('password')
if password is None or invalid_type(password, basestring):
invalid_values.append('password')
else:
user['password'] = factory.password_manager().hash_password(password)
if 'name' in delta:
name = delta.pop('name')
if name is None or invalid_type(name, basestring):
invalid_values.append('name')
else:
user['name'] = name
if 'roles' in delta:
roles = delta.pop('roles')
if roles is None or invalid_type(roles, list):
invalid_values.append('roles')
else:
# Add new roles to the user and remove deleted roles from the user according to
# delta
role_manager = factory.role_manager()
old_roles = user['roles']
for new_role in roles:
if new_role not in old_roles:
role_manager.add_user_to_role(new_role, login)
for old_role in old_roles:
if old_role not in roles:
role_manager.remove_user_from_role(old_role, login)
user['roles'] = roles
if invalid_values:
raise InvalidValue(invalid_values)
if delta:
raise InvalidValue(delta.keys())
User.get_collection().save(user)
# Retrieve the user to return the SON object
updated = User.get_collection().find_one({'login': login})
updated.pop('password')
return updated
def setUp(self):
super(PasswordManagerTests, self).setUp()
self.password_manager = manager_factory.password_manager()
