def deleteRealm(realmname):
'''
delete the realm from the Database Table with the given name
:param realmname: the to be deleted realm
:type realmname: string
'''
log.debug("deleting realm object with name=%s" % realmname)
r = getRealmObject(name=realmname)
if r is None:
''' if no realm is found, we re-try the lowercase name for backward compatibility '''
r = getRealmObject(name=realmname.lower())
realmId = 0
if r is not None:
realmId = r.id
if realmId != 0:
log.debug("Deleting token relations for realm with id %i" % realmId)
Session.query(TokenRealm).filter(TokenRealm.realm_id == realmId).delete()
Session.delete(r)
else:
log.warning("Realm with name %s was not found." % realmname)
return False
# now delete all relations, i.e. remove all Tokens from this realm.
# finally we delete the 'realmname' cache
from linotp.lib.user import delete_realm_resolver_cache
delete_realm_resolver_cache(realmname)
return True
def deleteRealm(realmname):
'''
delete the realm from the Database Table with the given name
:param realmname: the to be deleted realm
:type realmname: string
'''
log.debug("deleting realm object with name=%s" % realmname)
r = getRealmObject(name=realmname)
if r is None:
''' if no realm is found, we re-try the lowercase name for backward compatibility '''
r = getRealmObject(name=realmname.lower())
realmId = 0
if r is not None:
realmId = r.id
if realmId != 0:
log.debug("Deleting token relations for realm with id %i" % realmId)
Session.query(TokenRealm).filter(TokenRealm.realm_id == realmId).delete()
Session.delete(r)
else:
log.warning("Realm with name %s was not found." % realmname)
return False
# now delete all relations, i.e. remove all Tokens from this realm.
# finally we delete the 'realmname' cache
from linotp.lib.user import delete_realm_resolver_cache
delete_realm_resolver_cache(realmname)
return True
def _flush_user_resolver_cache(resolver_spec):
"""
flush the user realm cache
in case of a change of the resolver, all realms which use
this resolver must be flushed
:param resolver_spec: the resolve which has been updated
:return: - nothing -
"""
from linotp.lib.user import (
delete_realm_resolver_cache,
delete_resolver_user_cache,
)
delete_resolver_user_cache(resolver_spec)
config = context["Config"]
realms = config.getRealms()
# if a resolver is redefined, we have to refresh the related realm cache
for realm_name, realm_spec in list(realms.items()):
resolvers = realm_spec.get("useridresolver", [])
if resolver_spec in resolvers:
delete_realm_resolver_cache(realm_name)
def _check_for_cache_flush(realm_name, realm_definition):
"""
Check if the realm_resolver cache should be flushed. This detected by
checking if the resolver definition in a realm has changed.
:param realm_name: the name of the realm
:param realm_definition: the new realm definition with its resolvers
:return: -nothing-
"""
# get the resolvers list of the realm definition
realm_resolvers = realm_definition.get("useridresolver", [])
# and the former definition from the local cache
former_realm_resolvers = _lookup_realm_config(realm_name, realm_resolvers)
# we check if there has been something dropped from the
# former resolver definition by using set().difference
former_res_set = set(former_realm_resolvers)
new_res_set = set(realm_resolvers)
flush_resolvers = former_res_set.difference(new_res_set)
if flush_resolvers:
# refresh the user resolver lookup in the realm user cache
from linotp.lib.user import delete_realm_resolver_cache
delete_realm_resolver_cache(realm_name)
# maintain the new realm configuration in the cache
_delete_from_realm_config_cache(realm_name)
_lookup_realm_config(realm_name, realm_resolvers)
def deleteRealm(realmname):
"""
delete the realm from the Database Table with the given name
:param realmname: the to be deleted realm
:type realmname: string
"""
admin_realm_name = context.config["ADMIN_REALM_NAME"].lower()
if realmname == admin_realm_name:
raise DeleteForbiddenError(
f"It is not allowed to delete the admin realm {admin_realm_name}")
log.debug("deleting realm object with name=%s", realmname)
r = getRealmObject(name=realmname)
if r is None:
"""if no realm is found, we re-try the lowercase name for backward compatibility"""
r = getRealmObject(name=realmname.lower())
realmId = 0
if r is not None:
try:
realmId = r.id
if realmId != 0:
log.debug("Deleting token relations for realm with id %r",
realmId)
TokenRealm.query.filter_by(realm_id=realmId).delete()
_delete_realm_config(realmname=realmname)
db.session.delete(r)
from linotp.lib.user import delete_realm_resolver_cache
delete_realm_resolver_cache(realmname)
return True
except Exception as exx:
log.error("[delRealm] error deleting realm: %r", exx)
db.session.rollback()
log.warning("Realm with name %s was not found.", realmname)
return False
def _flush_user_resolver_cache(resolver_spec):
"""
flush the user realm cache
in case of a change of the resolver, all realms which use
this resolver must be flushed
:param resolver_spec: the resolve which has been updated
:return: - nothing -
"""
from linotp.lib.user import delete_resolver_user_cache
from linotp.lib.user import delete_realm_resolver_cache
delete_resolver_user_cache(resolver_spec)
config = context["Config"]
realms = config.getRealms()
# if a resolver is redefined, we have to refresh the related realm cache
for realm_name, realm_spec in realms.items():
resolvers = realm_spec.get('useridresolver', [])
if resolver_spec in resolvers:
delete_realm_resolver_cache(realm_name)
def getRealms(aRealmName=""):
'''
lookup for a defined realm or all realms
:note: the realms dict is inserted into the LinOtp Config object
so that a lookup has not to reparse the whole config again
:param aRealmName: a realmname - the realm, that is of interestet,
if empty, all realms are returned
:type aRealmName: string
:return: a dict with realm description like
:rtype : dict : {
u'myotherrealm': {
'realmname': u'myotherrealm',
'useridresolver': [
'useridresolver.PasswdIdResolver.IdResolver.myOtherRes'
],
'entry': u'linotp.useridresolver.group.myotherrealm'},
u'mydefrealm': {
'default': 'true',
'realmname': u'mydefrealm',
'useridresolver': [
'useridresolver.PasswdIdResolver.IdResolver.myDefRes'
],
'entry': u'linotp.useridresolver.group.mydefrealm'},
u'mymixrealm': {
'realmname': u'mymixrealm',
'useridresolver': [
'useridresolver.PasswdIdResolver.IdResolver.myOtherRes',
'useridresolver.PasswdIdResolver.IdResolver.myDefRes'
],
entry': u'linotp.useridresolver.group.mymixrealm'}}
'''
config = context["Config"]
realms = config.getRealms()
# only parse once per session
if realms is None:
realms = _initalGetRealms()
config.setRealms(realms)
# -- ------------------------------------------------------------ --
# for each realm definition we check if there are some
# resolvers dropped from the former resolver list
# in this case, we have to delete the realm_resolver_cache
# which is used for the user resolver lookup for a given realm
# -- ------------------------------------------------------------ --
for realm_name, realm_defintion in list(realms.items()):
# get the resolvers list of the realm definition
realm_resolvers = realm_defintion.get('useridresolver', [])
# and the former definition from the local cache
former_realm_resolvers = _lookup_realm_config(realm_name,
realm_resolvers)
# we check if there has been something dropped from the
# former resolver definition by using set().difference
former_res_set = set(former_realm_resolvers)
new_res_set = set(realm_resolvers)
flush_resolvers = former_res_set.difference(new_res_set)
if flush_resolvers:
# refresh the user resolver lookup in the realm user cache
from linotp.lib.user import delete_realm_resolver_cache
delete_realm_resolver_cache(realm_name)
# maintain the new realm configuration in the cache
_delete_from_realm_config_cache(realm_name)
_lookup_realm_config(realm_name, realm_resolvers)
# check if any realm is searched
if aRealmName is None or aRealmName.strip() in ["", "*"]:
return realms
# check if only one realm is searched
if aRealmName.lower() in realms:
ret = {}
ret[aRealmName.lower()] = realms.get(aRealmName.lower())
return ret
return {}
def getRealms(aRealmName=""):
'''
lookup for a defined realm or all realms
:note: the realms dict is inserted into the LinOtp Config object
so that a lookup has not to reparse the whole config again
:param aRealmName: a realmname - the realm, that is of interestet,
if empty, all realms are returned
:type aRealmName: string
:return: a dict with realm description like
:rtype : dict : {
u'myotherrealm': {
'realmname': u'myotherrealm',
'useridresolver': [
'useridresolver.PasswdIdResolver.IdResolver.myOtherRes'
],
'entry': u'linotp.useridresolver.group.myotherrealm'},
u'mydefrealm': {
'default': 'true',
'realmname': u'mydefrealm',
'useridresolver': [
'useridresolver.PasswdIdResolver.IdResolver.myDefRes'
],
'entry': u'linotp.useridresolver.group.mydefrealm'},
u'mymixrealm': {
'realmname': u'mymixrealm',
'useridresolver': [
'useridresolver.PasswdIdResolver.IdResolver.myOtherRes',
'useridresolver.PasswdIdResolver.IdResolver.myDefRes'
],
entry': u'linotp.useridresolver.group.mymixrealm'}}
'''
config = context["Config"]
realms = config.getRealms()
# only parse once per session
if realms is None:
realms = _initalGetRealms()
config.setRealms(realms)
# -- ------------------------------------------------------------ --
# for each realm definition we check if there are some
# resolvers dropped from the former resolver list
# in this case, we have to delete the realm_resolver_cache
# which is used for the user resolver lookup for a given realm
# -- ------------------------------------------------------------ --
for realm_name, realm_defintion in realms.items():
# get the resolvers list of the realm definition
realm_resolvers = realm_defintion.get('useridresolver', [])
# and the former definition from the local cache
former_realm_resolvers = _lookup_realm_config(realm_name,
realm_resolvers)
# we check if there has been something dropped from the
# former resolver definition by using set().difference
former_res_set = set(former_realm_resolvers)
new_res_set = set(realm_resolvers)
flush_resolvers = former_res_set.difference(new_res_set)
if flush_resolvers:
# refresh the user resolver lookup in the realm user cache
from linotp.lib.user import delete_realm_resolver_cache
delete_realm_resolver_cache(realm_name)
# maintain the new realm configuration in the cache
_delete_from_realm_config_cache(realm_name)
_lookup_realm_config(realm_name, realm_resolvers)
# check if any realm is searched
if aRealmName is None or aRealmName.strip() in ["", "*"]:
return realms
# check if only one realm is searched
if aRealmName.lower() in realms:
ret = {}
ret[aRealmName.lower()] = realms.get(aRealmName.lower())
return ret
return {}
