def setUp(self): self.client = make_logged_in_client(username='******', groupname=get_default_user_group(), recreate=True, is_superuser=False) self.user = User.objects.get(username='******') self.user = rewrite_user(self.user) self.alone_client = make_logged_in_client( username='******', groupname='alone', # Not in default group recreate=True, is_superuser=False) self.alone_user = User.objects.get(username='******') self.alone_user = rewrite_user(self.alone_user)
def setUp(self): if not QUERY_DATABASE.HOST.get(): raise SkipTest self.client = make_logged_in_client(username="******", groupname="default", recreate=True, is_superuser=False) self.user = rewrite_user(User.objects.get(username="******")) self.filters = { 'endTime': 1602146114116, 'facets': [], 'limit': 2, 'offset': 0, 'sortText': "startTime:DESC", 'startTime': 1601541314116, 'text': "select" } self.query1 = HiveQuery() self.query2 = HiveQuery() self.query3 = HiveQuery() with connection.schema_editor() as schema_editor: schema_editor.create_model(HiveQuery) if HiveQuery._meta.db_table not in connection.introspection.table_names( ): raise ValueError( "Table `{table_name}` is missing in test database.".format( table_name=HiveQuery._meta.db_table))
def handle_on_link_shared(host_domain, channel_id, message_ts, links, user_id): for item in links: path = urlsplit(item['url'])[2] id_type, qid = urlsplit(item['url'])[3].split('=') query_id = {'id': qid} if qid.isdigit() else {'uuid': qid} try: if path == '/hue/editor' and id_type == 'editor': doc = Document2.objects.get(**query_id) doc_type = 'query' elif path == '/hue/gist' and id_type == 'uuid': doc = _get_gist_document(**query_id) doc_type = 'gist' else: raise PopupException(_("Cannot unfurl link")) except Document2.DoesNotExist: msg = "Document with {key} does not exist".format(key=query_id) raise PopupException(_(msg)) # Permission check for Slack user to be Hue user slack_user = check_slack_user_permission(host_domain, user_id) user = get_user(channel_id, slack_user) if not slack_user['is_bot'] else doc.owner doc.can_read_or_exception(user) request = MockRequest(user=rewrite_user(user)) payload = _make_unfurl_payload(request, item['url'], id_type, doc, doc_type) try: slack_client.chat_unfurl(channel=channel_id, ts=message_ts, unfurls=payload['payload']) except Exception as e: raise PopupException(_("Cannot unfurl link"), detail=e) # Generate and upload result xlsx file only if result available if payload['file_status']: send_result_file(request, channel_id, message_ts, doc, 'xls')
def install_custom_examples(): if EXAMPLES.AUTO_LOAD.get(): from desktop.auth.backend import rewrite_user from beeswax.management.commands import beeswax_install_examples from useradmin.models import install_sample_user user = rewrite_user(install_sample_user()) if has_connectors(): interpreters = [{ 'type': connector['id'], 'dialect': connector['dialect'] } for connector in _get_installed_connectors(category='editor')] else: interpreters = [ { 'type': interpreter['dialect'], 'dialect': interpreter['dialect'] } for interpreter in get_ordered_interpreters(user) # Only for hive/impala currently, would also need to port to Notebook install examples. if interpreter['dialect'] in ('hive', 'impala') ] queries = EXAMPLES.QUERIES.get() tables = EXAMPLES.TABLES.get( ) # No-op. Only for the saved query samples, not the tables currently. LOG.info( 'Installing custom examples queries: %(queries)s, tables: %(tables)s for dialects %(dialects)s ' 'belonging to user %(user)s' % { 'queries': queries, 'tables': tables, 'dialects': [interpreter['dialect'] for interpreter in interpreters], 'user': user }) result = [] for interpreter in interpreters: successes, errors = beeswax_install_examples.Command().handle( dialect=interpreter['dialect'], user=user, interpreter=interpreter, queries=queries, tables=tables, request=None) LOG.info( 'Dialect %(dialect)s installed samples: %(successes)s, %(errors)s,' % { 'dialect': interpreter['dialect'], 'successes': successes, 'errors': errors, }) result.append((successes, errors)) return result
def setUp(self): self.client = make_logged_in_client(username='******', groupname=get_default_user_group(), recreate=True, is_superuser=False) self.user = User.objects.get(username='******') self.user = rewrite_user(self.user)
def _get_request(postdict=None, user_id=None): request = HttpRequest() request.POST = postdict user = User.objects.get(id=user_id) user = rewrite_user(user) request.user = user return request
def handle_on_link_shared(channel_id, message_ts, links): for item in links: path = urlsplit(item['url'])[2] id_type, qid = urlsplit(item['url'])[3].split('=') try: if path == '/hue/editor' and id_type == 'editor': doc = Document2.objects.get(id=qid) doc_type = 'Query' elif path == '/hue/gist' and id_type == 'uuid' and ENABLE_GIST_PREVIEW.get(): doc = _get_gist_document(uuid=qid) doc_type = 'Gist' else: raise PopupException(_("Cannot unfurl link")) except Document2.DoesNotExist: msg = "Document with {key}={value} does not exist".format(key='uuid' if id_type == 'uuid' else 'id', value=qid) raise PopupException(_(msg)) # Mock request for query execution and fetch result user = rewrite_user(User.objects.get(username=doc.owner.username)) request = MockRequest(user=user) payload = _make_unfurl_payload(request, item['url'], id_type, doc, doc_type) try: slack_client.chat_unfurl(channel=channel_id, ts=message_ts, unfurls=payload['payload']) except Exception as e: raise PopupException(_("Cannot unfurl link"), detail=e) # Generate and upload result xlsx file only if result available if payload['file_status']: send_result_file(request, channel_id, message_ts, doc, 'xls')
def setUp(self): if not QUERY_DATABASE.HOST.get(): raise SkipTest self.client = make_logged_in_client(username="******", groupname="default", recreate=True, is_superuser=False) self.user = rewrite_user(User.objects.get(username="******")) self.filters = { "endTime": 10, "facets": [{ "field": "status", "values": ["SUCCESS"] }], "limit": 2, "offset": 0, "sortText": "", "startTime": 1, "text": "select" } with connection.schema_editor() as schema_editor: schema_editor.create_model(HiveQuery) if HiveQuery._meta.db_table not in connection.introspection.table_names( ): raise ValueError( "Table `{table_name}` is missing in test database.".format( table_name=HiveQuery._meta.db_table))
def setup_class(cls): cls.client = make_logged_in_client(username='******', is_superuser=False) cls.user = User.objects.get(username='******') cls.user = rewrite_user(cls.user) add_to_group('test') grant_access("test", "test", "metadata") grant_access("test", "test", "optimizer")
def update_user(self, user, attributes, attribute_mapping, force_save=False): # Do this check up here, because the auth call creates a django user upon first login per user is_super = False if not UserProfile.objects.filter(creation_method=str(UserProfile.CreationMethod.EXTERNAL)).exists(): # If there are no LDAP users already in the system, the first one will # become a superuser is_super = True elif User.objects.filter(username=user.username).exists(): # If the user already exists, we shouldn't change its superuser # privileges. However, if there's a naming conflict with a non-external # user, we should do the safe thing and turn off superuser privs. user = User.objects.get(username=user.username) existing_profile = get_profile(user) if existing_profile.creation_method == str(UserProfile.CreationMethod.EXTERNAL): is_super = user.is_superuser user = super(SAML2Backend, self).update_user(user, attributes, attribute_mapping, force_save) if user is not None and user.is_active: profile = get_profile(user) profile.creation_method = UserProfile.CreationMethod.EXTERNAL profile.save() user.is_superuser = is_super user = rewrite_user(user) default_group = get_default_user_group() if default_group is not None: user.groups.add(default_group) user.save() return user return None
def setUp(self): self.client = make_logged_in_client(username="******", groupname="default", recreate=True, is_superuser=False) self.user = rewrite_user(User.objects.get(username="******")) grant_access("test", "default", "notebook")
def setUp(self): self.sample_token = "some_jwt_token" self.client = make_logged_in_client(username="******", groupname="default", recreate=True, is_superuser=False) self.user = rewrite_user(User.objects.get(username="******"))
def _get_request(postdict=None, user_id=None): request = HttpRequest() request.POST = postdict LOG.info('fetching user with id ' + user_id) user = User.objects.get(id=user_id) user = rewrite_user(user) request.user = user return request
def authenticate(self, request): LOG.debug('DummyCustomAuthentication: %s' % request.path) user = find_or_create_user(username='******', password='******') ensure_has_a_group(user) user = rewrite_user(user) user.is_active = True return (user, None)
def setUp(self): if not QUERY_DATABASE.HOST.get(): raise SkipTest self.client = make_logged_in_client(username="******", groupname="default", recreate=True, is_superuser=False) self.user = rewrite_user(User.objects.get(username="******"))
def setup_class(cls): cls.client = make_logged_in_client(username='******', is_superuser=False) cls.user = User.objects.get(username='******') cls.user = rewrite_user(cls.user) add_to_group('test') grant_access("test", "test", "metadata") if not is_live_cluster() or not has_navigator(cls.user): raise SkipTest
def setup_class(cls): cls.client = make_logged_in_client(username='******', is_superuser=False) cls.user = User.objects.get(username='******') cls.user = rewrite_user(cls.user) add_to_group('test') grant_access("test", "test", "metadata") cls.api = NavigatorApi(cls.user) cls.api._root = MockedRoot()
def setup_class(cls): if not ENABLE_SQOOP.get(): raise SkipTest if not rdbms.get_query_server_config(server='mysql'): raise SkipTest cls.client = make_logged_in_client() cls.user = User.objects.get(username='******') cls.user = rewrite_user(cls.user) cls.indexer = RdbmsIndexer(cls.user, db_conf_name='mysql')
def setUp(self): if not QUERY_DATABASE.HOST.get( ) or True: # Note: table migrations / non auto model to add before it can be enabled raise SkipTest self.client = make_logged_in_client(username="******", groupname="default", recreate=True, is_superuser=False) self.user = rewrite_user(User.objects.get(username="******"))
def setUp(self): self.client = make_logged_in_client(username="******", groupname="default", recreate=True, is_superuser=False) self.user = rewrite_user(User.objects.get(username="******")) self.interpreter = { 'name': 'hive', 'options': { 'url': 'mysql://*****:*****@hue:3306/hue' }, }
def setUp(self): self.client = make_logged_in_client(username="******", groupname="default", recreate=True, is_superuser=False) self.user = rewrite_user(User.objects.get(username="******")) self.sample_token = "eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOlsid29ya2xvYWQtYXBwIiwicmFuZ2VyIl0sImV4cCI6MTYyNjI1Njg5MywiaWF0IjoxNjI2MjU2NTkzLCJpc3MiOiJDbG91ZGVyYTEiLCJqdGkiOiJpZDEiLCJzdWIiOiJ0ZXN0LXN1YmplY3QiLCJ1c2VyIjoidGVzdF91c2VyIn0.jvyVDxbWTAik0jbdUcIc9ZANNrJZUCWH-Pg7FloRhg0ZYAETd_AO3p5v_ppoMmVcPD2xBSrngA5J3_A_zPBvQ_hdDlpb0_-mCCJfGhC5tju4bI9EE9Akdn2FrrsqrvQQ8cPyGsIlvoIxrK1De4f74MmUaxfN7Hrrcue1PTY4u4IB9cWQqV9vIcX99Od5PUaNekLIee-I8gweqvfGEEsW7qWUM63nh59_TOB3LLq-YcEuaX1h_oiTATeCssjk_ee9RrJGLNyKmC0WJ4UrEWn8a_T3bwCy8CMe0zV5PSuuvPHy0FvnTo2il5SDjGimxKcbpgNiJdfblslu6i35DlfiWg" self.request = MagicMock( META={"HTTP_AUTHORIZATION": "Bearer " + self.sample_token})
def _get_request(postdict=None, user_id=None): request = HttpRequest() request.POST = postdict request.fs_ref = 'default' request.fs = fsmanager.get_filesystem(request.fs_ref) request.jt = None user = User.objects.get(id=user_id) user = rewrite_user(user) request.user = user return request
def _make_select_statement_gist(host_domain, is_http_secure, user, channel_id, statement): default_dialect = get_cluster_config( rewrite_user(user))['main_button_action']['dialect'] gist_response = _gist_create(host_domain, is_http_secure, user, statement, default_dialect) msg = 'Here is the gist link\n {gist_link}'.format( gist_link=gist_response['link']) _send_message(channel_id, message=msg)
def _remove_session_info_from_user(self): self.user = rewrite_user(self.user) session_key = self._get_session_key() if self.user.profile.data.get(session_key): json_data = self.user.profile.data json_data.pop(session_key) self.user.profile.json_data = json.dumps(json_data) self.user.profile.save()
def setup_class(cls): if not is_live_cluster() or not is_optimizer_enabled(): raise SkipTest cls.client = make_logged_in_client(username='******', is_superuser=False) cls.user = User.objects.get(username='******') cls.user = rewrite_user(cls.user) add_to_group('test') grant_access("test", "test", "metadata") grant_access("test", "test", "optimizer") cls.api = OptimizerApi()
def _has_access(self, fs): from desktop.auth.backend import rewrite_user # Avoid cyclic loop try: filebrowser_action = fs.filebrowser_action() #if not filebrowser_action (hdfs) then handle permission via doas else check permission in hue if not filebrowser_action: return True user = rewrite_user(User.objects.get(username=self.user)) return user.is_authenticated() and user.is_active and (is_admin(user) or not filebrowser_action or user.has_hue_permission(action=filebrowser_action, app="filebrowser")) except User.DoesNotExist: LOG.exception('proxyfs.has_access()') return False
def setup_class(cls): if not ENABLE_SQOOP.get(): raise SkipTest if not rdbms.get_query_server_config(server='mysql'): raise SkipTest cls.client = make_logged_in_client() cls.user = User.objects.get(username='******') cls.user = rewrite_user(cls.user) request = Bag() request.user = cls.user request.POST = {'source': '{"rdbmsMode":"configRdbms", "rdbmsType": "mysql", "inputFormat": "rdbms"}'} cls.indexer = _get_api(request)
def setUp(self): if not QUERY_DATABASE.HOST.get(): raise SkipTest self.client = make_logged_in_client(username="******", groupname="default", recreate=True, is_superuser=False) self.user = rewrite_user(User.objects.get(username="******")) with connection.schema_editor() as schema_editor: schema_editor.create_model(HiveQuery) if HiveQuery._meta.db_table not in connection.introspection.table_names(): raise ValueError("Table `{table_name}` is missing in test database.".format(table_name=HiveQuery._meta.db_table))
def _has_access(self, fs): from desktop.auth.backend import rewrite_user # Avoid cyclic loop try: filebrowser_action = fs.filebrowser_action() # If not filebrowser_action (hdfs) then handle permission via doas else check permission in hue if not filebrowser_action: return True user = rewrite_user(User.objects.get(username=self.getuser())) return user.is_authenticated() and user.is_active and (is_admin(user) or not filebrowser_action or user.has_hue_permission(action=filebrowser_action, app="filebrowser")) except User.DoesNotExist: LOG.exception('proxyfs.has_access()') return False
def get_django_request(request): django_request = request._request django_request.user = rewrite_user(django_request.user) # Workaround ClusterMiddleware not being applied if django_request.path.startswith('/api/') and django_request.fs is None: django_request.fs = fsmanager.get_filesystem(django_request.fs_ref) if django_request.user.is_authenticated and django_request.fs is not None: django_request.fs.setuser(django_request.user.username) return django_request
def authenticate(self, request): authorization_header = request.META.get('HTTP_AUTHORIZATION') if not authorization_header: LOG.debug('JwtAuthentication: no authorization header') return None header, access_token = authorization_header.split(' ') if header != 'Bearer': LOG.debug('JwtAuthentication: no Bearer header') return None if not access_token: LOG.debug('JwtAuthentication: no Bearer value') return None LOG.debug('JwtAuthentication: got access token %s' % access_token) try: payload = jwt.decode( access_token, 'secret', algorithms=["RS256"], verify=AUTH.VERIFY_CUSTOM_JWT.get() ) except jwt.DecodeError: raise exceptions.AuthenticationFailed('JwtAuthentication: Invalid token') except jwt.ExpiredSignatureError: raise exceptions.AuthenticationFailed('JwtAuthentication: Token expired') except Exception as e: raise exceptions.AuthenticationFailed(e) if payload.get('user') is None: LOG.debug('JwtAuthentication: no user ID in token') return None LOG.debug('JwtAuthentication: got user ID %s and tenant ID %s' % (payload.get('user'), payload.get('tenantId'))) user = find_or_create_user(payload.get('user'), is_superuser=False) ensure_has_a_group(user) user = rewrite_user(user) # Persist the token (to reuse for communicating with external services as the user, e.g. Impala) if ENABLE_ORGANIZATIONS.get(): user.token = access_token else: user.profile.update_data({'jwt_access_token': access_token}) user.profile.save() return (user, None)
def _get_scheme(self, path): if path.lower().startswith(S3A_ROOT): from desktop.auth.backend import rewrite_user # Avoid cyclic loop try: user = User.objects.get(username=self.user) if not has_s3_access(rewrite_user(user)): raise IOError(errno.EPERM, "Missing permissions for %s on %s" % (self.user, path,)) except User.DoesNotExist: raise IOError(errno.EPERM, "Can't check permissions for %s on %s" % (self.user, path)) split = urlparse(path) if split.scheme: return split.scheme if path and path[0] == posixpath.sep: return self._default_scheme
def get_user(self, user_id): user = super(SAML2Backend, self).get_user(user_id) user = rewrite_user(user) return user
def get_user(self, user_id): if isinstance(user_id, str): user_id = force_username_case(user_id) user = super(SAML2Backend, self).get_user(user_id) user = rewrite_user(user) return user
def get_user(self, user_id): return rewrite_user(User.objects.get(id=user_id))