def create_user(self, account_name, username, password=None, user_type=UserTypes.native): """ Create a new user as a unit-of-work (e.g. a single db transaction :param account_name: the str account name :param username: the str username :param password: the password to set :param user_type: The type of user to create :return: """ assert (user_type in [UserTypes.internal, UserTypes.external] and password is None) or user_type == UserTypes.native account = db_accounts.get(account_name, session=self.session) if not account: raise AccountNotFoundError('Account does not exist') usr_record = db_account_users.add(account_name=account_name, username=username, user_type=user_type, session=self.session) if password is not None: db_account_users.add_user_credential( username=username, credential_type=UserAccessCredentialTypes.password, value=password, session=self.session) usr_record = db_account_users.get(username, session=self.session) return usr_record
def create_user(self, account_name, username, creator_name, password=None): """ Create a new user as a unit-of-work (e.g. a single db transaction :param account_name: :param username: :param access_type: :param creator_name: the username of creator :return: """ account = db_accounts.get(account_name, session=self.session) if not account: raise AccountNotFoundError('Account does not exist') usr_record = db_account_users.add(account_name=account_name, username=username, created_by=creator_name, session=self.session) if password is not None: db_account_users.add_user_credential(creator=creator_name, username=username, credential_type=UserAccessCredentialTypes.password, value=password, session=self.session) usr_record = db_account_users.get(username, session=self.session) return usr_record
def _get_system_user_credentials(self): rec = db_accounts.get(localconfig.SYSTEM_USERNAME, session=self.session) if rec: cred = db_account_users.get(localconfig.SYSTEM_USERNAME, session=self.session) return cred['username'], cred.get('credentials', {}).get(UserAccessCredentialTypes.password, {}).get( 'value') else: return None, None
def create_user( self, account_name, username, password=None, user_type=UserTypes.native, user_source=None, ): """ Create a new user as a unit-of-work (e.g. a single db transaction :param account_name: the str account name :param username: the str username :param password: the password to set :param user_type: The type of user to create a :return: """ if not is_valid_username(username): raise ValueError( "username must match regex {}".format(name_validator_regex)) if user_type in [UserTypes.external] and password is not None: raise AssertionError("Cannot set password for external user type") if user_type == UserTypes.external and user_source is None: raise ValueError( "user_source cannot be None with user_type = external") account = db_accounts.get(account_name, session=self.session) if not account: raise AccountNotFoundError("Account does not exist") usr_record = db_account_users.add( account_name=account_name, username=username, user_type=user_type, user_source=user_source, session=self.session, ) if password is not None: db_account_users.add_user_credential( username=username, credential_type=UserAccessCredentialTypes.password, value=password, session=self.session, ) usr_record = db_account_users.get(username, session=self.session) return usr_record
def get_account(self, accountname): account = db_accounts.get(accountname, session=self.session) return account
def _get_system_user_credentials(self): """ Returns an AccessCredential object representing the system user :return: """ cred = None exp = None # Credential expiration, if needed logger.debug('Loading system user creds') with IdentityManager._cache_lock: cached_cred = IdentityManager._credential_cache.lookup( localconfig.SYSTEM_USERNAME) if cached_cred is not None: if cached_cred.is_expired(): # Flush it logger.debug( 'Cached system credential is expired, flushing') IdentityManager._credential_cache.delete( localconfig.SYSTEM_USERNAME) else: logger.debug('Cached system credential still ok') # Use it cred = cached_cred if cred is None: logger.debug('Doing refresh/initial system cred load') try: tok_mgr = token_manager() except OauthNotConfiguredError: tok_mgr = None # Generate one if tok_mgr: # Generate a token usr = db_account_users.get(localconfig.SYSTEM_USERNAME, session=self.session) system_user_uuid = usr['uuid'] tok, exp = tok_mgr.generate_token(system_user_uuid, return_expiration=True) logger.debug( 'Generated token with expiration {}'.format(exp)) cred = HttpBearerCredential(tok, exp) else: rec = db_accounts.get(localconfig.SYSTEM_USERNAME, session=self.session) usr = db_account_users.get(localconfig.SYSTEM_USERNAME, session=self.session) if not rec or not usr: logger.error( 'Could not find a system account or user. This is not an expected state' ) raise Exception('No system account or user found') # This will not work if the system admin has configured hashed passwords but not oauth. But, that should be caught at config validation. cred = HttpBasicCredential( usr['username'], usr.get('credentials', {}).get(UserAccessCredentialTypes.password, {}).get('value')) if cred is not None: logger.debug('Caching system creds') IdentityManager._credential_cache.cache_it( localconfig.SYSTEM_USERNAME, cred) return cred