async def update( user_id: int, form: UserEditForm, user_repo: UserRepo = Depends(UserRepo()), token: TokenPayload = Depends( ScopedTo("user:update", "super", satisfy="one")), ): email = getattr(form, "email", None) if email: for u in user_repo.new().all().results(): print("USER:"******"Invalid Email Address", code=422, field="email") data = only(form, ["email", "is_active", "is_superuser"]) if getattr(form, "password", None): data["hashed_password"] = hash_password(form.password) item = user_repo.new().get_or_fail(user_id).update(data).data() return UserResponse(user=item)
async def destroy( user_id: int, user_repo: UserRepo = Depends(UserRepo()), token: TokenPayload = Depends( ScopedTo("user:create", "super", satisfy="one")), user: User = Depends(current_user), ): if user_id == user.id: abort(403, msg="Cannot deactivate self") remaining_supers = len( user_repo.filter( user_repo.label("is_superuser") == True, user_repo.label("is_active") == True, user_repo.label("id") != user_id, ).all().results()) if remaining_supers < 1: abort( 403, msg="Cannot deactivate user. No other active super users available." ) user_repo.clear() messages = [{"text": "Deactivation Succesful", "type": "success"}] if not user_repo.exists(id=user_id): return BaseResponse(messages=messages) user_repo.deactivate(user_id) return BaseResponse(messages=messages)
async def show( user_repo: UserRepo = Depends(UserRepo()), token: TokenPayload = Depends(ScopedTo("profile")), user: User = Depends(current_user), ): logger.critical("Loading user") item = user_repo.set_results(user).data() return UserResponse(user=item)
async def index( sort_qs: SortQS = Depends(SortQS), pagination: PaginationQS = Depends(PaginationQS), user_repo: UserRepo = Depends(UserRepo()), token: TokenPayload = Depends(ScopedTo("user:list")), ): pg, items = user_repo.sort(sort_qs).paginate(pagination).data() return UsersResponse(pagination=pg, users=items)
async def activate( user_id: int, user_repo: UserRepo = Depends(UserRepo()), token: TokenPayload = Depends(ScopedTo("user:create", "super")), ): user = user_repo.get_or_fail(user_id).update({"is_active": True}).data() return UserResponse(user=user)
async def show( user_id: int, user_repo: UserRepo = Depends(UserRepo()), token: TokenPayload = Depends(ScopedTo("user:show", "super")), includes: List[str] = Query(None), ): includes = only(includes, [], values=True) item = user_repo.loads(includes).get_or_fail(user_id).includes( includes).data() return UserResponse(user=item)
async def show( user_repo: UserRepo = Depends(UserRepo), token: TokenPayload = Depends(ScopedTo("profile")), user: User = Depends(current_user), ): item = user_repo.set_results(user).data() return UserResponse(user=item)
async def store( form: UserCreateForm, user_repo: UserRepo = Depends(UserRepo()), token: TokenPayload = Depends( ScopedTo("user:create", "super", satisfy="one")), ): if user_repo.exists(email=form.email): abort_for_input("email", "Email has already been taken.") user_repo.clear() # TODO: data validation against current db & perm checks data = { "email": form.email, "hashed_password": hash_password(form.password), "is_active": getattr(form, "is_superuser", True), "is_superuser": getattr(form, "is_superuser", False), } item = user_repo.create(data).data() return UserResponse(user=item)
async def post( form: UserCreateForm, user_repo: UserRepo = Depends(UserRepo), token: TokenPayload = Depends(ScopedTo("user:create", "super")), ): # TODO: data validation against current db & perm checks data = { "email": form.email, "hashed_password": hash_password(form.password), "is_active": True, "is_superuser": False, } item = user_repo.create(data).data() return UserResponse(user=item)
async def broadcast_auth(websocket: WebSocket): try: await websocket.accept() except Exception as e: logger.critical( f"[email protected] - Accept Error: {str(type(e))}") logger.critical( f"[email protected] - Accept Trace: {str(e)}") return 1 params = parse_qs(urlparse(str(websocket.url)).query) token = verify_jwt_token(params["ws_access_token"][0]) if not token_has_required_scopes(token, []): # TODO: check scopes later raise HTTPException(403, detail="Forbidden") user_repo = UserRepo(session()) user = await current_user(token, user_repo) subscriber, channel = await make_subscriber("auth") try: while await channel.wait_message(): logger.info("[email protected] - Waiting for message") msg = await channel.get(encoding="utf-8") logger.info("[email protected] - Received message: " + str(msg)) data = json.loads(msg) logger.info("[email protected] - Sending message: " + str(data)) await websocket.send_json(data) except Exception as e: logger.critical( f"[email protected] - Receieve/Send: Error: {str(type(e))}" ) logger.critical( f"[email protected] - Receieve/Send: Trace:{str(e)}") logger.critical( f"[email protected] - Receieve/Send: Not closing or unsubscribing" ) return 1 logger.info(f"[email protected] - Attempting to unsuscribe") await subscriber.unsubscribe("channel:auth") logger.info( f"[email protected]: Websocket - Attempting to close socket" ) await websocket.close()
async def broadcast_authed_index(websocket: WebSocket): await websocket.accept() params = parse_qs(urlparse(str(websocket.url)).query) token = verify_jwt_token(params["ws_access_token"][0]) if not token_has_required_scopes(token, []): # TODO: check scopes later raise HTTPException(403, detail="Forbidden") user_repo = UserRepo(session()) user = current_user(token, user_repo) subscriber, channel = await make_subscriber("auth") while await channel.wait_message(): msg = await channel.get(encoding="utf-8") print("broadcasting message", msg) data = json.loads(msg) await websocket.send_json(data) await subscriber.unsubscribe("channel:auth") await websocket.close()
def seed_from_env(self): from bountydns.core.user import UserRepo from bountydns.core.zone import ZoneRepo from bountydns.core.dns_server import DnsServerRepo from bountydns.db.session import _scoped_session session = _scoped_session for i in range(9): i = str(i) user_data = {} email_key = f"SEED_USER_{i}_EMAIL" email = environ.get(email_key, None) password_key = f"SEED_USER_{i}_PASSWORD" password = environ.get(password_key, None) superuser_key = f"SEED_USER_{i}_SUPERUSER" is_superuser = int(environ.get(superuser_key, 0)) if email and password: email = email.lower() hashed_password = hash_password(password) repo = UserRepo(db=session) if not repo.exists(email=email): logger.info(f"seeding user {email}") user = factory("UserFactory", session=session).create( email=email, hashed_password=hashed_password, is_superuser=is_superuser, ) else: logger.info(f"seeded user {email} already exists") for i in range(9): i = str(i) name_key = f"SEED_DNS_SERVER_{i}_NAME" name = environ.get(name_key, None) if name: repo = DnsServerRepo(db=session) if not repo.exists(name=name): logger.info(f"seeding domain {name}") domain = factory("DnsServerFactory", session=session).create(name=name) for i in range(9): i = str(i) ip_key = f"SEED_ZONE_{i}_IP" domain_key = f"SEED_ZONE_{i}_DOMAIN" dns_server_name_key = f"SEED_ZONE_{i}_DNS_SERVER_NAME" ip = environ.get(ip_key, None) domain = environ.get(domain_key, None) if domain: domain = domain.lower() dns_server_name = environ.get(dns_server_name_key, None) if ip and domain: if dns_server_name: dns_server_repo = DnsServerRepo(db=session) if dns_server_repo.exists(name=dns_server_name): dns_server = dns_server_repo.results() else: logger.info( f"seeding dns server as zone dependency: {name}") dns_server = factory( "DnsServerFactory", session=session).create(name=dns_server_name) factory("ZoneFactory", session=session).create(ip=ip, domain=domain, dns_server=dns_server) else: repo = ZoneRepo(db=session) if not repo.exists(ip=ip, domain=domain): logger.info( f"seeding zone without dns server: {ip}, {domain}") factory("GlobalZoneFactory", session=session).create(ip=ip, domain=domain)
async def current_user(token: TokenPayload = Depends(ScopedTo()), user_repo: UserRepo = Depends(UserRepo())) -> User: user = user_repo.get_by_sub(token.sub) if not user: raise HTTPException(404, detail="Not Found") return user