def delete(projId): # Delete specified project. # If project has own database, with no other projects in it, then delete # database, and records in fpsys. proj = Project.getById(projId) if not isinstance(proj, Project): return "Cannot find project" dbname = proj.dbName() # delete within database first: dbc = proj.db() models.Project.delete(dbc, projId) count = models.Project.countProjects(dbc) dbc.close() # delete from fpsys: try: con = getFpsysDbConnection() cur = con.cursor() cur.execute("delete from project where id = %s", (projId,)) con.commit() cur.close() con.close() # If no projects left in database, delete the database: if count == 0: con = getFpsysDbConnection() cur = con.cursor() cur.execute("drop database {}".format(dbname)) con.commit() cur.close() con.close() except mdb.Error, e: errmsg = 'Error in Project.getById: {0}'.format(str(e)) util.flog(errmsg) return errmsg
def delete(ident): # Returns None on success else error message. rows = 0; try: con = getFpsysDbConnection() qry = "delete from user where login = %s" cur = con.cursor() cur.execute(qry, (ident,)) rows = cur.rowcount con.commit() con.close() except mdb.Error, e: util.flog('Error in User.delete: {0}'.format(str(e))) return 'Error in User.delete: {0}'.format(str(e))
def getAll(): # Return list of all Users, or None on error. try: con = getFpsysDbConnection() qry = "select id, login, name, login_type, permissions, email from user" cur = con.cursor() cur.execute(qry) users = [] for resRow in cur: users.append(User(resRow[0], resRow[1], resRow[2], resRow[3], resRow[4], resRow[5])) return users except mdb.Error: util.flog('Error in User.getAll') return None
def getByLogin(ident): # Return list of all Users, or None on error. try: con = getFpsysDbConnection() qry = "select id, login, name, login_type, permissions, email from user where login = %s" cur = con.cursor() cur.execute(qry, (ident,)) resRow = cur.fetchone() if resRow is None: return None return User(resRow[0], resRow[1], resRow[2], resRow[3], resRow[4], resRow[5]) except mdb.Error, e: util.flog('Error in User.getByLogin: {0}'.format(str(e))) return None # what about error message?
def getById(pid): # Return project instance or None or errormsg # Could be change to get by id or name easily enough.. try: con = getFpsysDbConnection() qry = "select id, name, dbname from project where id = %s" cur = con.cursor() cur.execute(qry, (pid,)) resRow = cur.fetchone() if resRow is None: return None return Project(resRow[0], resRow[1], resRow[2]) except mdb.Error, e: errmsg = 'Error in Project.getById: {0}'.format(str(e)) util.flog(errmsg) return errmsg
def cldapPasswordCheck(username, password): #----------------------------------------------------------------------- # Validate cldap user/password, returning boolean indicating success # cldapServer = cldap.LdapServer(cldap.SERVER_URL) if not cldapServer: util.flog('Cannot connect to cldap server') return False cldapUser = cldapServer.getUserByIdent(username) if cldapUser is None: util.flog('The supplied username is unknown.') return False if not cldapUser.authenticate(password): #util.flog('wrong cldap password') return False return True;
def saveName(self): # Save the current name to database. # Returns None on success, else an error message. try: con = getFpsysDbConnection() qry = "update project set name = %s where id = %s" cur = con.cursor() cur.execute(qry, (self._name, self._id)) # if cur.rowcount != 1: # return 'Error updating project {} {} {}'.format(cur.rowcount,self._name, self._id) con.commit() con.close() return None except mdb.Error, e: errmsg = 'Error updating project: {0}'.format(str(e)) util.flog(errmsg) return errmsg
def save(self): # Update database with current values for name, email. FOR LOCAL users only. # Returns None on success else error message # NB, password is done separately. # if self.getLoginType() != LOGIN_TYPE_LOCAL: return "Operation not allowed for non-local user" try: con = getFpsysDbConnection() qry = "update user set name=%s, email=%s where id = %s" cur = con.cursor() cur.execute(qry, (self.getName(), self.getEmail(), self.getId())) con.commit() con.close() except mdb.Error, e: util.flog('Error in User.save: {0}'.format(str(e))) return 'Error in User.save: {0}'.format(str(e))
def setPassword(self, newPassword): # Returns error message, or None for success. # NB, this only allowed for mysql and local types, and note that mysql get converted # to local types in the process (mysql only supported for historical users). if not isinstance(newPassword, basestring): return 'Unexpected password type' if len(newPassword) < 4: return 'password too short' if not self.allowPasswordChange(): return 'Cannot change this password type' try: con = getFpsysDbConnection() qry = "update user set passhash = %s, login_type = %s where id = %s" cur = con.cursor() cur.execute(qry, (pwd_context.encrypt(newPassword), LOGIN_TYPE_LOCAL, self.getId())) con.commit() con.close() except mdb.Error, e: util.flog('Error in User.setPassword: {0}'.format(str(e))) return 'Error in User.setPassword: {0}'.format(str(e))
def userPasswordCheck(username, password): # Return true if password OK, false if not, or None if something bad happened. # Check if the username exists and get login type: try: con = getFpsysDbConnection() qry = "select login_type, passhash from user where login = %s" cur = con.cursor() cur.execute(qry, (username,)) resRow = cur.fetchone() cur.close() con.close() if resRow is None: util.flog('Login attempt by unknown user: {0}'.format(username)) return None loginType = resRow[0] phash = resRow[1] except mdb.Error, e: util.flog('Error in userPasswordCheck: {0}'.format(str(e))) return None # what about error message?
return None loginType = resRow[0] phash = resRow[1] except mdb.Error, e: util.flog('Error in userPasswordCheck: {0}'.format(str(e))) return None # what about error message? if loginType == LOGIN_TYPE_LOCAL: return pwd_context.verify(password, phash) elif loginType == LOGIN_TYPE_SYSTEM: return systemPasswordCheck(username, password) elif loginType == LOGIN_TYPE_LDAP: return cldapPasswordCheck(username, password) elif loginType == LOGIN_TYPE_MYSQL: return mysql_context.verify(password, phash) else: util.flog('Unexpected login type: {0}'.format(loginType)) return None ### Users: ############################################################################ class User: # In memory instance of fpsys.user. # NB, we don't include passhash for security reasons, but could retrieve # it on demand (not required attow). # PERMISSION_CREATE_USER = 0x1 PERMISSION_CREATE_PROJECT = 0x2 PERMISSION_OMNIPOTENCE = 0x4 def __init__(self, id, ident, name, login_type, permissions, email): self._id = id self._ident = ident