def create_user(self, params, domain_vo):
def _rollback(user_vo):
_LOGGER.info(
f'[create_user._rollback] Delete user : {user_vo.name} ({user_vo.user_id})'
)
user_vo.delete()
params['state'] = params.get('state', 'ENABLED')
# Password might None when a domain using OAuth plugin.
if params.get('password'):
hashed_pw = PasswordCipher().hashpw(params['password'])
params['password'] = hashed_pw
else:
# TODO: should I create random generated password?
...
# If authentication plugin backed Domain, call find action.
if domain_vo.plugin_info:
found_users, count = self.find_user({'user_id': params['user_id']},
domain_vo)
if count == 1:
params['state'] = found_users[0]['state']
elif count > 1:
_LOGGER.warning(
f'[create_user] Too many users found. count: {count}')
else:
_LOGGER.warning('[create_user] No such user.')
user_vo = self.user_model.create(params)
self.transaction.add_rollback(_rollback, user_vo)
return user_vo
def update_owner(self, params):
def _rollback(old_vo):
_LOGGER.info(f'[update_owner._rollback] Revert domain owner : {old_vo["name"]} ({old_vo["domain_id"]})')
domain_owner.update(old_vo)
if params.get('password'):
self._check_password_format(params['password'])
hashed_pw = PasswordCipher().hashpw(params['password'])
params['password'] = hashed_pw
domain_owner: DomainOwner = self.domain_owner_model.get(owner_id=params['owner_id'], domain_id=params['domain_id'])
self.transaction.add_rollback(_rollback, domain_owner.to_dict())
return domain_owner.update(params)
def create_owner(self, params):
def _rollback(vo):
_LOGGER.info(f'[create_owner._rollback] Delete domain owner : {vo["owner_id"]} ({vo["domain_id"]})')
vo.delete()
if params.get('password'):
self._check_password_format(params['password'])
hashed_pw = PasswordCipher().hashpw(params['password'])
params['password'] = hashed_pw
domain_owner: DomainOwner = self.domain_owner_model.create(params)
self.transaction.add_rollback(_rollback, domain_owner)
return domain_owner
def authenticate(self, credentials, domain_id):
user_id, pw_to_check = self._parse_user_id_and_password(credentials)
self.user = self.user_mgr.get_user(user_id, domain_id)
self._check_user_state()
# TODO: decrypt pw
is_correct = PasswordCipher().checkpw(pw_to_check, self.user.password)
_LOGGER.debug(f'[authenticate] is_correct: {is_correct}, pw_to_check: {pw_to_check}, hashed_pw: {self.user.password}')
if is_correct:
self.is_authenticated = True
else:
raise ERROR_AUTHENTICATION_FAILURE(user_id=self.user.user_id)
def authenticate(self, user_id, domain_id, credentials):
pw_to_check = self._parse_password(credentials)
self.user = self.domain_owner_mgr.get_owner(owner_id=user_id,
domain_id=domain_id)
is_correct = PasswordCipher().checkpw(pw_to_check, self.user.password)
_LOGGER.debug(
f'[authenticate] is_correct: {is_correct}, pw_to_check: {pw_to_check}, hashed_pw: {self.user.password}'
)
if is_correct:
self.is_authenticated = True
else:
raise ERROR_AUTHENTICATION_FAILURE(user_id=self.user.owner_id)
def update_user(self, params):
def _rollback(old_data):
_LOGGER.info(
f'[update_user._rollback] Revert Data : {old_data["name"], ({old_data["user_id"]})}'
)
user_vo.update(old_data)
if len(params.get('password', '')) > 0:
hashed_pw = PasswordCipher().hashpw(params['password'])
params['password'] = hashed_pw
user_vo: User = self.get_user(params['user_id'], params['domain_id'])
self.transaction.add_rollback(_rollback, user_vo.to_dict())
user_vo.update(params)
return user_vo
def create_user(self, params, domain_vo: Domain):
def _rollback(user_vo):
_LOGGER.info(
f'[create_user._rollback] Delete user : {user_vo.name} ({user_vo.user_id})'
)
user_vo.delete()
params['state'] = params.get('state', 'ENABLED')
# If user create external authentication, call find action.
if params['backend'] == 'EXTERNAL':
found_users, count = self.find_user({'user_id': params['user_id']},
domain_vo)
if count == 1:
if found_users[0].get('state') in ['ENABLED', 'DISABLED']:
params['state'] = found_users[0]['state']
else:
params['state'] = 'PENDING'
elif count > 1:
raise ERROR_TOO_MANY_USERS_IN_EXTERNAL_AUTH(
user_id=params['user_id'])
else:
raise ERROR_NOT_FOUND_USER_IN_EXTERNAL_AUTH(
user_id=params['user_id'])
else:
if params['user_type'] == 'API_USER':
params['password'] = None
else:
self._check_user_id_format(params['user_id'])
password = params.get('password')
if password:
self._check_password_format(password)
else:
raise ERROR_REQUIRED_PARAMETER(key='password')
hashed_pw = PasswordCipher().hashpw(password)
params['password'] = hashed_pw
user_vo = self.user_model.create(params)
self.transaction.add_rollback(_rollback, user_vo)
return user_vo