def createUser(dbSession, user, requester):
# drop invalid fields
user = {k: user[k] for k in user if k in User.fillable}
checkUser(user)
anotherUser = dbSession.query(User.id) \
.filter_by(username=user['username']).one_or_none()
if anotherUser:
raise HTTPRequestError(400, "username '"
+ user['username']
+ "' is in use.")
anotherUser = dbSession.query(User.id) \
.filter_by(email=user['email']).one_or_none()
if anotherUser:
raise HTTPRequestError(400, "Email '" + user['email'] + "' is in use.")
if conf.emailHost == 'NOEMAIL':
user['salt'], user['hash'] = passwd.createPwd(conf.temporaryPassword)
user['created_by'] = requester['userid']
newUser = User(**user)
log().info('user ' + user['username'] + ' created by '
+ requester['username'],
newUser.safeDict())
return newUser
def create_users():
predef_users = [
{
"name": "testadm",
"username": "******",
"service": "admin",
"email": "*****@*****.**",
"profile": "testadm",
"passwd": "admin"
}
]
for user in predef_users:
# check if the user already exists
# if the user exist, chances are this scrip has been run before
print("Querying database for user {}".format(user))
another_user = db.session.query(User.id) \
.filter_by(username=user['username']) \
.one_or_none()
if another_user:
print("This is not the first container run. Skipping")
exit(0)
print("Database access returned.")
# mark the user as automatically created
user['created_by'] = 0
# hash the password
user['salt'] = str(binascii.hexlify(os.urandom(8)), 'ascii')
user['hash'] = crypt(user['passwd'],
user['salt'],
1000).split('$').pop()
del user['passwd']
print("Creating a new instance of this user.")
new_user = User(**user)
print("New instance created.")
# configure kong shared secret
kong_data = kong.configure_kong(new_user.username)
if kong_data is None:
print('failed to configure verification subsystem')
exit(-1)
new_user.secret = kong_data['secret']
new_user.key = kong_data['key']
new_user.kongId = kong_data['kongid']
db.session.add(new_user)
db.session.commit()
def createUsers():
predefusers = [
{
"name": "Admin (superuser)",
"username": "******",
"service": "admin",
"email": "*****@*****.**",
"profile": "admin",
"passwd": "admin"
}
]
for user in predefusers:
# check if the user already exist
# if the user exist, chances are this scrip has been run before
anotherUser = db.session.query(User.id) \
.filter_by(username=user['username']) \
.one_or_none()
if anotherUser:
print("That not the first container run. Skipping")
exit(0)
# mark the user as automatically created
user['created_by'] = 0
# hash the password
user['salt'] = str(binascii.hexlify(os.urandom(8)), 'ascii')
user['hash'] = crypt(user['passwd'],
user['salt'],
1000).split('$').pop()
del user['passwd']
newUser = User(**user)
# configure kong shared secret
kongData = kong.configureKong(newUser.username)
if kongData is None:
print('failed to configure verification subsystem')
exit(-1)
newUser.secret = kongData['secret']
newUser.key = kongData['key']
newUser.kongId = kongData['kongid']
db.session.add(newUser)
db.session.commit()
def create_user(db_session, user: User, requester):
"""
Create a new user.
:param db_session: The postgres db session to be used
:param user: User The user to be created. This is a simple dictionary with all 'fillable' field
listed in Models.User class.
:param requester: Who is creating this user. This is a dictionary with two keys:
"userid" and "username"
:return: The result of creating this user.
:raises HTTPRequestError: If username is already in use
:raises HTTPRequestError: If e-mail is already in use
:raises HTTPRequestError: If any problem occurs while configuring Kong
"""
# Drop invalid fields
user = {k: user[k] for k in user if k in User.fillable}
LOGGER.debug("Checking user data...")
check_user(user)
LOGGER.debug("... user data is OK.")
if not user.get('profile', ""):
raise HTTPRequestError(400, "Missing profile")
if len(user['profile']) > UserLimits.profile:
raise HTTPRequestError(400, "Profile name too long")
# Sanity checks
# Check whether username and e-mail are unique.
LOGGER.debug("Checking whether user already exist...")
if db_session.query(
User.id).filter_by(username=user['username']).one_or_none():
LOGGER.warning("User already exists.")
raise HTTPRequestError(400, f"Username {user['username']} is in use.")
LOGGER.debug("... user doesn't exist.")
LOGGER.debug("Checking whether user e-mail is already being used...")
if db_session.query(User.id).filter_by(email=user['email']).one_or_none():
LOGGER.warning("User e-mail is already being used.")
raise HTTPRequestError(400, f"E-mail {user['email']} is in use.")
LOGGER.debug("... user e-mail is not being used.")
if conf.emailHost == 'NOEMAIL':
user['salt'], user['hash'] = password.create_pwd(
conf.temporaryPassword)
# Last field to be filled automatically, before parsing
user['created_by'] = requester['userid']
# User structure is finished.
LOGGER.debug("Creating user instance...")
new_user = User(**user)
LOGGER.debug("... user instance was created.")
LOGGER.debug(
f"User data is: {user['username']} created by {requester['username']}")
# If no problems occur to create user (no exceptions), configure kong
LOGGER.debug("Configuring Kong...")
kong_data = kongUtils.configure_kong(new_user.username)
if kong_data is None:
LOGGER.warning("Could not configure Kong.")
raise HTTPRequestError(500,
'failed to configure verification subsystem')
LOGGER.debug("... Kong was successfully configured.")
new_user.secret = kong_data['secret']
new_user.key = kong_data['key']
new_user.kongId = kong_data['kongid']
# Add the new user to the database
LOGGER.debug("Adding new user to database session...")
db_session.add(new_user)
LOGGER.debug("... new user was added to database session.")
LOGGER.debug("Committing database changes...")
db_session.commit()
LOGGER.debug("... database changes were committed.")
# Configuring groups and user profiles
group_success = []
group_failed = []
LOGGER.debug("Configuring user profile...")
if 'profile' in user.keys():
group_success, group_failed = rship. \
add_user_many_groups(db_session, new_user.id,
user['profile'], requester)
db_session.commit()
LOGGER.debug("... user profile was configured.")
LOGGER.debug("Configuring user password...")
if conf.emailHost != 'NOEMAIL':
try:
pwdc.create_password_set_request(db_session, new_user)
db_session.commit()
except Exception as e:
LOGGER.warning(e)
LOGGER.debug("... user password was configured.")
LOGGER.debug("Sending tenant creation message to other components...")
if count_tenant_users(db_session, new_user.service) == 1:
LOGGER.info(
f"Will emit tenant lifecycle event {new_user.service} - CREATE")
Publisher.send_notification({
"type": 'CREATE',
'tenant': new_user.service
})
LOGGER.debug("... tenant creation message was sent.")
ret = {
"user": new_user.safe_dict(),
"groups": group_success,
"could not add": group_failed,
"message": "user created"
}
return ret
def create_user(db_session, user: User, requester):
"""
Create a new user.
:param db_session: The postgres db session to be used
:param user: User The user to be created. This is a simple dictionary with all 'fillable' field
listed in Models.User class.
:param requester: Who is creating this user. This is a dictionary with two keys:
"userid" and "username"
:return: The result of creating this user.
:raises HTTPRequestError: If username is already in use
:raises HTTPRequestError: If e-mail is already in use
:raises HTTPRequestError: If any problem occurs while configuring Kong
"""
# Drop invalid fields
user = {k: user[k] for k in user if k in User.fillable}
check_user(user)
# Sanity checks
# Check whether username and e-mail are unique.
if db_session.query(
User.id).filter_by(username=user['username']).one_or_none():
raise HTTPRequestError(400, f"Username {user['username']} is in use.")
if db_session.query(User.id).filter_by(email=user['email']).one_or_none():
raise HTTPRequestError(400, f"E-mail {user['email']} is in use.")
if conf.emailHost == 'NOEMAIL':
user['salt'], user['hash'] = password.create_pwd(
conf.temporaryPassword)
# Last field to be filled automatically, before parsing
user['created_by'] = requester['userid']
# User structure is finished.
new_user = User(**user)
log().info(f"User {user['username']} created by {requester['username']}")
log().info(new_user)
# If no problems occur to create user (no exceptions), configure kong
kong_data = kongUtils.configure_kong(new_user.username)
if kong_data is None:
raise HTTPRequestError(500,
'failed to configure verification subsystem')
new_user.secret = kong_data['secret']
new_user.key = kong_data['key']
new_user.kongId = kong_data['kongid']
# Add the new user to the database
db_session.add(new_user)
db_session.commit()
# Configuring groups and user profiles
group_success = []
group_failed = []
if 'profile' in user.keys():
group_success, group_failed = rship. \
add_user_many_groups(db_session, new_user.id,
user['profile'], requester)
db_session.commit()
if conf.emailHost != 'NOEMAIL':
pwdc.create_password_set_request(db_session, new_user)
db_session.commit()
if count_tenant_users(db_session, new_user.service) == 1:
log().info(
f"Will emit tenant lifecycle event {new_user.service} - CREATE")
send_notification({"type": 'CREATE', 'tenant': new_user.service})
ret = {
"user": new_user.safe_dict(),
"groups": group_success,
"could not add": group_failed,
"message": "user created"
}
return ret