Esempio n. 1
0
def _check_username_password_local(username, password=None):
    """
    Check a username and password against the local database.
    Return None if the username and password are not valid
    @type username: str
    @param username: the login of the user
    @type password: str or None
    @param password: password of the user, None => do not validate the password
    @rtype: L{pulp.server.db.model.User} instance or None
    @return: user corresponding to the credentials
    """
    user_query_manager = factory.user_query_manager()
    user = user_query_manager.find_by_login(username)
    if user is None:
        _log.error('User [%s] specified in certificate was not found in the system' %
                   username)
        return None
    if user['password'] is None and password is not None:
        _log.error('This is an ldap user %s' % user)
        return None
    if password is not None:
        if not factory.password_manager().check_password(user['password'], password):
            _log.error('Password for user [%s] was incorrect' % username)
            return None
    return user
Esempio n. 2
0
    def _check_username_password_local(self, username, password=None):
        """
        Check a username and password against the local database.
        Return None if the username and password are not valid

        :type username: str
        :param username: the login of the user

        :type password: str or None
        :param password: password of the user, None => do not validate the password

        :rtype: L{pulp.server.db.model.auth.User} instance or None
        :return: user corresponding to the credentials
        """
        user_query_manager = factory.user_query_manager()
        user = user_query_manager.find_by_login(username)
        if user is None:
            _logger.debug(_('User [%(u)s] specified in certificate was not found in the system') %
                          {'u': username})
            return None

        if user['password'] is None and password is not None:
            _logger.debug('This is an ldap user %s' % user)
            return None

        if password is not None:
            if not factory.password_manager().check_password(user['password'], password):
                _logger.debug('Password for user [%s] was incorrect' % username)
                return None

        return user
Esempio n. 3
0
    def test_syntactic_sugar_methods(self):
        """
        Tests the syntactic sugar methods for retrieving specific managers.
        """
        # Setup
        factory.initialize()

        # Test
        self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager))
        self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager))
        self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager))
        self.assertTrue(isinstance(factory.password_manager(), PasswordManager))
        self.assertTrue(isinstance(factory.permission_manager(), PermissionManager))
        self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager))
        self.assertTrue(isinstance(factory.role_manager(), RoleManager))
        self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager))
        self.assertTrue(isinstance(factory.user_manager(), UserManager))
        self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager))
        self.assertTrue(isinstance(factory.repo_manager(), RepoManager))
        self.assertTrue(isinstance(factory.repo_unit_association_manager(),
                                   RepoUnitAssociationManager))
        self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager))
        self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager))
        self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager))
        self.assertTrue(isinstance(factory.content_manager(), ContentManager))
        self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager))
        self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager))
        self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager))
        self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))
Esempio n. 4
0
    def test_syntactic_sugar_methods(self):
        """
        Tests the syntactic sugar methods for retrieving specific managers.
        """
        # Setup
        factory.initialize()

        # Test
        self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager))
        self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager))
        self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager))
        self.assertTrue(isinstance(factory.password_manager(), PasswordManager))
        self.assertTrue(isinstance(factory.permission_manager(), PermissionManager))
        self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager))
        self.assertTrue(isinstance(factory.role_manager(), RoleManager))
        self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager))
        self.assertTrue(isinstance(factory.user_manager(), UserManager))             
        self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager))
        self.assertTrue(isinstance(factory.repo_manager(), RepoManager))
        self.assertTrue(isinstance(factory.repo_unit_association_manager(), RepoUnitAssociationManager))
        self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager))
        self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager))
        self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager))
        self.assertTrue(isinstance(factory.content_manager(), ContentManager))
        self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager))
        self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager))
        self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager))
        self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))
Esempio n. 5
0
    def create_user(login, password=None, name=None, roles=None):
        """
        Creates a new Pulp user and adds it to specified to roles.

        @param login: login name / unique identifier for the user
        @type  login: str

        @param password: password for login credentials
        @type  password: str

        @param name: user's full name
        @type  name: str

        @param roles: list of roles user will belong to
        @type  roles: list

        @raise DuplicateResource: if there is already a user with the requested login
        @raise InvalidValue: if any of the fields are unacceptable
        """

        existing_user = User.get_collection().find_one({'login': login})
        if existing_user is not None:
            raise DuplicateResource(login)

        invalid_values = []

        if login is None or _USER_LOGIN_REGEX.match(login) is None:
            invalid_values.append('login')
        if invalid_type(name, basestring):
            invalid_values.append('name')
        if invalid_type(roles, list):
            invalid_values.append('roles')

        if invalid_values:
            raise InvalidValue(invalid_values)

        # Use the login for name of the user if one was not specified
        name = name or login
        roles = roles or None

        # Encode plain-text password
        hashed_password = None
        if password:
            hashed_password = factory.password_manager().hash_password(password)

        # Creation
        create_me = User(login=login, password=hashed_password, name=name, roles=roles)
        User.get_collection().save(create_me)

        # Grant permissions
        permission_manager = factory.permission_manager()
        permission_manager.grant_automatic_permissions_for_user(create_me['login'])

        # Retrieve the user to return the SON object
        created = User.get_collection().find_one({'login': login})
        created.pop('password')

        return created
Esempio n. 6
0
    def setUp(self):
        super(AuthControllersTests, self).setUp()
        self.user_manager = manager_factory.user_manager()
        self.user_query_manager = manager_factory.user_query_manager()
        self.role_manager = manager_factory.role_manager()
        self.role_query_manager = manager_factory.role_query_manager()
        self.permission_manager = manager_factory.permission_manager()
        self.permission_query_manager = manager_factory.permission_query_manager()
        self.password_manager = manager_factory.password_manager()

        self.role_manager.ensure_super_user_role()
        self.user_manager.ensure_admin()
Esempio n. 7
0
    def setUp(self):
        super(AuthControllersTests, self).setUp()
        self.user_manager = manager_factory.user_manager()
        self.user_query_manager = manager_factory.user_query_manager()
        self.role_manager = manager_factory.role_manager()
        self.role_query_manager = manager_factory.role_query_manager()
        self.permission_manager = manager_factory.permission_manager()
        self.permission_query_manager = manager_factory.permission_query_manager(
        )
        self.password_manager = manager_factory.password_manager()

        self.role_manager.ensure_super_user_role()
        self.user_manager.ensure_admin()
Esempio n. 8
0
    def update_user(login, delta):
        """
        Updates the user. Following fields may be updated through this call:
        * password
        * name
        * roles

        Other fields found in delta will be ignored.

        @param login: identifies the user
        @type  login: str

        @param delta: list of attributes and their new values to change
        @type  delta: dict

        @raise MissingResource: if there is no user with login
        """

        user = User.get_collection().find_one({'login': login})
        if user is None:
            raise MissingResource(login)

        # Check invalid values
        invalid_values = []
        if 'password' in delta:
            password = delta.pop('password')
            if password is None or invalid_type(password, basestring):
                invalid_values.append('password')
            else:
                user['password'] = factory.password_manager().hash_password(password)

        if 'name' in delta:
            name = delta.pop('name')
            if name is None or invalid_type(name, basestring):
                invalid_values.append('name')
            else:
                user['name'] = name

        if 'roles' in delta:
            roles = delta.pop('roles')
            if roles is None or invalid_type(roles, list):
                invalid_values.append('roles')
            else:
                # Add new roles to the user and remove deleted roles from the user according to
                # delta
                role_manager = factory.role_manager()
                old_roles = user['roles']
                for new_role in roles:
                    if new_role not in old_roles:
                        role_manager.add_user_to_role(new_role, login)
                for old_role in old_roles:
                    if old_role not in roles:
                        role_manager.remove_user_from_role(old_role, login)
                user['roles'] = roles

        if invalid_values:
            raise InvalidValue(invalid_values)
        if delta:
            raise InvalidValue(delta.keys())

        User.get_collection().save(user)

        # Retrieve the user to return the SON object
        updated = User.get_collection().find_one({'login': login})
        updated.pop('password')

        return updated
Esempio n. 9
0
 def setUp(self):
     super(PasswordManagerTests, self).setUp()
     self.password_manager = manager_factory.password_manager()