def reset_password_for_anon_user(user_info: dict, user_name, token_info: Dict = None): """Reset the password of the user.""" user = UserModel.find_by_username(user_name) membership = MembershipModel.find_membership_by_userid(user.id) org_id = membership.org_id org = OrgModel.find_by_org_id(org_id) if not org or org.access_type != AccessType.ANONYMOUS.value: raise BusinessException(Error.INVALID_INPUT, None) check_auth(org_id=org_id, token_info=token_info, one_of_roles=(ADMIN, STAFF)) update_user_request = KeycloakUser() update_user_request.user_name = user_name.replace( IdpHint.BCROS.value + '/', '') update_user_request.password = user_info['password'] update_user_request.update_password_on_login() try: kc_user = KeycloakService.update_user(update_user_request) except HTTPError as err: current_app.logger.error('update_user in keycloak failed {}', err) raise BusinessException(Error.UNDEFINED_ERROR, err) return kc_user
def create_user_and_add_membership(memberships: List[dict], org_id, token_info: Dict = None, skip_auth: bool = False): """ Create user(s) in the DB and upstream keycloak. accepts a list of memberships ie.a list of objects with username,password and membershipTpe skip_auth can be used if called method already perfomed the authenticaiton skip_auth= true is used now incase of invitation for admin users scenarion other cases should be invoked with skip_auth=false """ if skip_auth: # make sure no bulk operation and only owner is created using if no auth if len(memberships) > 1 or memberships[0].get('membershipType') not in [OWNER, ADMIN]: raise BusinessException(Error.INVALID_USER_CREDENTIALS, None) else: check_auth(org_id=org_id, token_info=token_info, one_of_roles=(ADMIN, OWNER)) # check if anonymous org ;these actions cannot be performed on normal orgs org = OrgModel.find_by_org_id(org_id) if not org or org.access_type != AccessType.ANONYMOUS.value: raise BusinessException(Error.INVALID_INPUT, None) current_app.logger.debug('create_user') users = [] for membership in memberships: create_user_request = KeycloakUser() current_app.logger.debug(f"create user username: {membership['username']}") create_user_request.first_name = membership['username'] create_user_request.user_name = membership['username'] create_user_request.password = membership['password'] create_user_request.enabled = True create_user_request.attributes = {'access_type': AccessType.ANONYMOUS.value} if membership.get('update_password_on_login', True): # by default , reset needed create_user_request.update_password_on_login() try: # TODO may be this method itself throw the business exception;can handle different exceptions? kc_user = KeycloakService.add_user(create_user_request) except HTTPError as err: current_app.logger.error('create_user in keycloak failed', err) raise BusinessException(Error.FAILED_ADDING_USER_IN_KEYCLOAK, None) username = IdpHint.BCROS.value + '/' + membership['username'] existing_user = UserModel.find_by_username(username) if existing_user: current_app.logger.debug('Existing users found in DB') raise BusinessException(Error.DATA_ALREADY_EXISTS, None) user_model: UserModel = UserModel(username=username, # BCROS is temporary value.Will be overwritten when user logs in is_terms_of_use_accepted=False, status=Status.ACTIVE.value, type=AccessType.ANONYMOUS.value, email=membership.get('email', None), firstname=kc_user.first_name, lastname=kc_user.last_name) user_model.save() User._add_org_membership(org_id, user_model.id, membership['membershipType']) users.append(User(user_model).as_dict()) return {'users': users}