def create_users(): predef_users = [ { "name": "testadm", "username": "******", "service": "admin", "email": "*****@*****.**", "profile": "testadm", "passwd": "admin" } ] for user in predef_users: # check if the user already exists # if the user exist, chances are this scrip has been run before print("Querying database for user {}".format(user)) another_user = db.session.query(User.id) \ .filter_by(username=user['username']) \ .one_or_none() if another_user: print("This is not the first container run. Skipping") exit(0) print("Database access returned.") # mark the user as automatically created user['created_by'] = 0 # hash the password user['salt'] = str(binascii.hexlify(os.urandom(8)), 'ascii') user['hash'] = crypt(user['passwd'], user['salt'], 1000).split('$').pop() del user['passwd'] print("Creating a new instance of this user.") new_user = User(**user) print("New instance created.") # configure kong shared secret kong_data = kong.configure_kong(new_user.username) if kong_data is None: print('failed to configure verification subsystem') exit(-1) new_user.secret = kong_data['secret'] new_user.key = kong_data['key'] new_user.kongId = kong_data['kongid'] db.session.add(new_user) db.session.commit()
def createUsers(): predefusers = [ { "name": "Admin (superuser)", "username": "******", "service": "admin", "email": "*****@*****.**", "profile": "admin", "passwd": "admin" } ] for user in predefusers: # check if the user already exist # if the user exist, chances are this scrip has been run before anotherUser = db.session.query(User.id) \ .filter_by(username=user['username']) \ .one_or_none() if anotherUser: print("That not the first container run. Skipping") exit(0) # mark the user as automatically created user['created_by'] = 0 # hash the password user['salt'] = str(binascii.hexlify(os.urandom(8)), 'ascii') user['hash'] = crypt(user['passwd'], user['salt'], 1000).split('$').pop() del user['passwd'] newUser = User(**user) # configure kong shared secret kongData = kong.configureKong(newUser.username) if kongData is None: print('failed to configure verification subsystem') exit(-1) newUser.secret = kongData['secret'] newUser.key = kongData['key'] newUser.kongId = kongData['kongid'] db.session.add(newUser) db.session.commit()
def create_user(db_session, user: User, requester): """ Create a new user. :param db_session: The postgres db session to be used :param user: User The user to be created. This is a simple dictionary with all 'fillable' field listed in Models.User class. :param requester: Who is creating this user. This is a dictionary with two keys: "userid" and "username" :return: The result of creating this user. :raises HTTPRequestError: If username is already in use :raises HTTPRequestError: If e-mail is already in use :raises HTTPRequestError: If any problem occurs while configuring Kong """ # Drop invalid fields user = {k: user[k] for k in user if k in User.fillable} LOGGER.debug("Checking user data...") check_user(user) LOGGER.debug("... user data is OK.") if not user.get('profile', ""): raise HTTPRequestError(400, "Missing profile") if len(user['profile']) > UserLimits.profile: raise HTTPRequestError(400, "Profile name too long") # Sanity checks # Check whether username and e-mail are unique. LOGGER.debug("Checking whether user already exist...") if db_session.query( User.id).filter_by(username=user['username']).one_or_none(): LOGGER.warning("User already exists.") raise HTTPRequestError(400, f"Username {user['username']} is in use.") LOGGER.debug("... user doesn't exist.") LOGGER.debug("Checking whether user e-mail is already being used...") if db_session.query(User.id).filter_by(email=user['email']).one_or_none(): LOGGER.warning("User e-mail is already being used.") raise HTTPRequestError(400, f"E-mail {user['email']} is in use.") LOGGER.debug("... user e-mail is not being used.") if conf.emailHost == 'NOEMAIL': user['salt'], user['hash'] = password.create_pwd( conf.temporaryPassword) # Last field to be filled automatically, before parsing user['created_by'] = requester['userid'] # User structure is finished. LOGGER.debug("Creating user instance...") new_user = User(**user) LOGGER.debug("... user instance was created.") LOGGER.debug( f"User data is: {user['username']} created by {requester['username']}") # If no problems occur to create user (no exceptions), configure kong LOGGER.debug("Configuring Kong...") kong_data = kongUtils.configure_kong(new_user.username) if kong_data is None: LOGGER.warning("Could not configure Kong.") raise HTTPRequestError(500, 'failed to configure verification subsystem') LOGGER.debug("... Kong was successfully configured.") new_user.secret = kong_data['secret'] new_user.key = kong_data['key'] new_user.kongId = kong_data['kongid'] # Add the new user to the database LOGGER.debug("Adding new user to database session...") db_session.add(new_user) LOGGER.debug("... new user was added to database session.") LOGGER.debug("Committing database changes...") db_session.commit() LOGGER.debug("... database changes were committed.") # Configuring groups and user profiles group_success = [] group_failed = [] LOGGER.debug("Configuring user profile...") if 'profile' in user.keys(): group_success, group_failed = rship. \ add_user_many_groups(db_session, new_user.id, user['profile'], requester) db_session.commit() LOGGER.debug("... user profile was configured.") LOGGER.debug("Configuring user password...") if conf.emailHost != 'NOEMAIL': try: pwdc.create_password_set_request(db_session, new_user) db_session.commit() except Exception as e: LOGGER.warning(e) LOGGER.debug("... user password was configured.") LOGGER.debug("Sending tenant creation message to other components...") if count_tenant_users(db_session, new_user.service) == 1: LOGGER.info( f"Will emit tenant lifecycle event {new_user.service} - CREATE") Publisher.send_notification({ "type": 'CREATE', 'tenant': new_user.service }) LOGGER.debug("... tenant creation message was sent.") ret = { "user": new_user.safe_dict(), "groups": group_success, "could not add": group_failed, "message": "user created" } return ret
def create_user(db_session, user: User, requester): """ Create a new user. :param db_session: The postgres db session to be used :param user: User The user to be created. This is a simple dictionary with all 'fillable' field listed in Models.User class. :param requester: Who is creating this user. This is a dictionary with two keys: "userid" and "username" :return: The result of creating this user. :raises HTTPRequestError: If username is already in use :raises HTTPRequestError: If e-mail is already in use :raises HTTPRequestError: If any problem occurs while configuring Kong """ # Drop invalid fields user = {k: user[k] for k in user if k in User.fillable} check_user(user) # Sanity checks # Check whether username and e-mail are unique. if db_session.query( User.id).filter_by(username=user['username']).one_or_none(): raise HTTPRequestError(400, f"Username {user['username']} is in use.") if db_session.query(User.id).filter_by(email=user['email']).one_or_none(): raise HTTPRequestError(400, f"E-mail {user['email']} is in use.") if conf.emailHost == 'NOEMAIL': user['salt'], user['hash'] = password.create_pwd( conf.temporaryPassword) # Last field to be filled automatically, before parsing user['created_by'] = requester['userid'] # User structure is finished. new_user = User(**user) log().info(f"User {user['username']} created by {requester['username']}") log().info(new_user) # If no problems occur to create user (no exceptions), configure kong kong_data = kongUtils.configure_kong(new_user.username) if kong_data is None: raise HTTPRequestError(500, 'failed to configure verification subsystem') new_user.secret = kong_data['secret'] new_user.key = kong_data['key'] new_user.kongId = kong_data['kongid'] # Add the new user to the database db_session.add(new_user) db_session.commit() # Configuring groups and user profiles group_success = [] group_failed = [] if 'profile' in user.keys(): group_success, group_failed = rship. \ add_user_many_groups(db_session, new_user.id, user['profile'], requester) db_session.commit() if conf.emailHost != 'NOEMAIL': pwdc.create_password_set_request(db_session, new_user) db_session.commit() if count_tenant_users(db_session, new_user.service) == 1: log().info( f"Will emit tenant lifecycle event {new_user.service} - CREATE") send_notification({"type": 'CREATE', 'tenant': new_user.service}) ret = { "user": new_user.safe_dict(), "groups": group_success, "could not add": group_failed, "message": "user created" } return ret