def run(args): """This function return the status and service info""" status = 0 message = None service = None service = get_service_info() status = 0 message = "Success" return_value = create_return_value(status, message) if service: return_value["service_info"] = service.to_data() return return_value
def run(args): """This function is called to handle admin setup of the service, e.g. setting admin passwords, introducing trusted services etc. """ status = 0 message = None provisioning_uri = None try: password = args["password"] except: password = None try: otpcode = args["otpcode"] except: otpcode = None try: new_service = args["new_service"] except: new_service = None try: remove_service = args["remove_service"] except: remove_service = None try: new_password = args["new_password"] except: new_password = None try: remember_device = args["remember_device"] except: remember_device = False # first, do we have an existing Service object? If not, # we grant access to the first user! bucket = login_to_service_account() # The data is stored in the object store at the key _service_info # and is encrypted using the value of $SERVICE_PASSWORD try: service = get_service_info(True) except MissingServiceAccountError: service = None if service: if not service.is_accounting_service(): raise ServiceSetupError( "Why is the accounting service info " "for a service of type %s" % service.service_type()) provisioning_uri = service.verify_admin_user(password, otpcode, remember_device) else: # we need to create the service service_url = args["service_url"] service_type = "accounting" service = Service(service_type, service_url) provisioning_uri = service.set_admin_password(password) # write the service data, encrypted using the service password service_password = os.getenv("SERVICE_PASSWORD") if service_password is None: raise ServiceSetupError( "You must supply $SERVICE_PASSWORD " "to setup a new service!") service_data = service.to_data(service_password) ObjectStore.set_object_from_json(bucket, "_service_info", service_data) # we are definitely the admin user, so let's add or remove remote services if remove_service: remove_trusted_service_info(remove_service) if new_service: service = get_remote_service_info(new_service) if new_service: set_trusted_service_info(new_service, service) status = 0 message = "Success" return_value = create_return_value(status, message) if provisioning_uri: return_value["provisioning_uri"] = provisioning_uri return return_value
def run(args): """This function will allow a user to request a new session that will be validated by the passed public key and public signing certificate. This will return a URL that the user must connect to to then log in and validate that request. """ status = 0 message = None login_url = None login_uid = None user_uid = None username = args["username"] public_key = PublicKey.from_data(args["public_key"]) public_cert = PublicKey.from_data(args["public_certificate"]) ip_addr = None hostname = None login_message = None try: ip_addr = args["ipaddr"] except: pass try: hostname = args["hostname"] except: pass try: login_message = args["message"] except: pass # generate a sanitised version of the username user_account = UserAccount(username) # Now generate a login session for this request login_session = LoginSession(public_key, public_cert, ip_addr, hostname, login_message) # now log into the central identity account to record # that a request to open a login session has been opened bucket = login_to_service_account() # first, make sure that the user exists... account_key = "accounts/%s" % user_account.sanitised_name() try: existing_data = ObjectStore.get_object_from_json(bucket, account_key) except: existing_data = None if existing_data is None: raise InvalidLoginError("There is no user with name '%s'" % username) user_account = UserAccount.from_data(existing_data) user_uid = user_account.uid() # first, make sure that the user doens't have too many open # login sessions at once - this prevents denial of service user_session_root = "sessions/%s" % user_account.sanitised_name() open_sessions = ObjectStore.get_all_object_names(bucket, user_session_root) # take the opportunity to prune old user login sessions prune_expired_sessions(bucket, user_account, user_session_root, open_sessions) # this is the key for the session in the object store user_session_key = "%s/%s" % (user_session_root, login_session.uuid()) ObjectStore.set_object_from_json(bucket, user_session_key, login_session.to_data()) # we will record a pointer to the request using the short # UUID. This way we can give a simple URL. If there is a clash, # then we will use the username provided at login to find the # correct request from a much smaller pool (likely < 3) request_key = "requests/%s/%s" % (login_session.short_uuid(), login_session.uuid()) ObjectStore.set_string_object(bucket, request_key, user_account.name()) status = 0 # the login URL is the URL of this identity service plus the # short UID of the session login_url = "%s/s?id=%s" % (get_service_info().service_url(), login_session.short_uuid()) login_uid = login_session.uuid() message = "Success: Login via %s" % login_url return_value = create_return_value(status, message) if login_uid: return_value["session_uid"] = login_uid if login_url: return_value["login_url"] = login_url else: return_value["login_url"] = None if user_uid: return_value["user_uid"] = user_uid return return_value