def decroated(self, data, req_info, curs): auth = Authenticator() session_id = data.get('session_id') session = auth.get_session(session_id) f = UserFilter(session, {'id': session.user_id}, {}, {}) user = f.filter_one_obj(curs) try: if user.environment_id != session.environment_id: raise HelixauthError('User and session from different environments') if not user.is_active: raise UserInactive() auth.check_access(session, Service.TYPE_AUTH, method.__name__, req_info) data.pop('session_id', None) custom_actor_info = data.pop('custom_actor_info', None) try: result = method(self, data, req_info, session, curs) except Exception, e: data['environment_id'] = session.environment_id _add_log_info(data, session, custom_actor_info) raise e _add_log_info(data, session, custom_actor_info) return result
def register_user(self, data, req_info, curs=None): env_name = data.get('environment_name') env_f = EnvironmentFilter({'name': env_name}, {}, None) env = env_f.filter_one_obj(curs) # creating user a = Authenticator() salt = a.salt() lang = data.get('lang', User.DEFAULT_LANG) u_data = {'environment_id': env.id, 'email': data.get('email'), 'password': a.encrypt_password(data.get('password'), salt), 'salt': salt, 'role': User.ROLE_USER, 'lang': lang} group_f = GroupFilter(env.id, {'is_default': True}, {}, None) groups = group_f.filter_objs(curs) groups_ids = [g.id for g in groups] u_data['groups_ids'] = groups_ids user = User(**u_data) # For correct action logging data['environment_id'] = env.id try: mapping.save(curs, user) except ObjectCreationError: raise UserAlreadyExists auth = Authenticator() session = auth.create_session(curs, env, user, req_info) _add_log_info(data, session) n = Notifier() n_process = n.register_user(curs, user, session) return response_ok(session_id=session.session_id, id=user.id, notification=n_process)
def add_user(self, data, req_info, session, curs=None): a = Authenticator() env_id = session.environment_id salt = a.salt() u_data = {'environment_id': env_id, 'email': data.get('email'), 'role': data.get('role', User.ROLE_USER), 'password': a.encrypt_password(data.get('password'), salt), 'salt': salt, 'is_active': data.get('is_active', True), 'lang': data.get('lang', User.DEFAULT_LANG) } if u_data['role'] == User.ROLE_SUPER: raise SuperUserCreationDenied groups_ids = data.get('groups_ids', []) filtered_g_ids = self._filter_existed_groups(curs, session, groups_ids) u_data['groups_ids'] = filtered_g_ids user = User(**u_data) try: mapping.save(curs, user) except ObjectCreationError: raise HelixauthObjectAlreadyExists # For correct action logging data['id'] = [user.id] n = Notifier() n_process = n.register_user(curs, user, session) return response_ok(id=user.id, notification=n_process)
def add_environment(self, data, req_info, curs=None): env_data = {'name': data.get('name')} env = Environment(**env_data) try: mapping.save(curs, env) except ObjectCreationError: raise HelixauthObjectAlreadyExists('Environment %s already exists' % env.name) # creating user a = Authenticator() salt = a.salt() u_data = {'environment_id': env.id, 'email': data.get('su_email'), 'password': a.encrypt_password(data.get('su_password'), salt), 'salt': salt, 'role': User.ROLE_SUPER, 'lang': User.DEFAULT_LANG} user = User(**u_data) mapping.save(curs, user) # creating default services and groups self._create_default_objects(req_info, curs, env) # creating session for super user auth = Authenticator() session = auth.create_session(curs, env, user, req_info) _add_log_info(data, session) return response_ok(session_id=session.session_id, environment_id=env.id, user_id=session.user_id)
def login(self, data, req_info, curs=None): f = EnvironmentFilter(data, {}, None) env = f.filter_one_obj(curs) # Required for proper logging action data['environment_id'] = env.id f_params = {'environment_id': env.id, 'email': data.get('email')} f = SubjectUserFilter(env.id, f_params, {}, None) try: user = f.filter_one_obj(curs) except UserNotFound: raise UserAuthError if not user.is_active: raise UserInactive() # checking password auth = Authenticator() enc_p = auth.encrypt_password(data.get('password'), user.salt) if enc_p != user.password: raise UserAuthError # creating session bind_to_ip = data.get('bind_to_ip', False) lt_minutes = data.get('fixed_lifetime_minutes') session = auth.create_session(curs, env, user, req_info, bind_to_ip=bind_to_ip, lifetime_minutes=lt_minutes) _add_log_info(data, session) return response_ok(session_id=session.session_id, user_id=session.user_id, environment_id=session.environment_id)
def set_password_self(self, data, req_info, session, curs=None): f = UserFilter(session, {'id': session.user_id}, {}, None) d = {} a = Authenticator() salt = a.salt() d['new_salt'] = salt d['new_password'] = a.encrypt_password(data['new_password'], salt) loader = partial(f.filter_one_obj, curs, for_update=True) self.update_obj(curs, d, loader) return response_ok()
def test_encrypt_password(self): a = Authenticator() p = a.encrypt_password('pass', 'salt') self.assertNotEquals(None, p) self.assertNotEquals('', p) enc_p1 = a.encrypt_password('1', '2') enc_p2 = a.encrypt_password('1', '2') self.assertEquals(enc_p1, enc_p2) enc_p2 = a.encrypt_password(u'чук', '2')
def _change_session_ip(self, sess_id, curs=None): # changing ip in session f = SessionFilter({"session_id": sess_id}, {}, None) s = f.filter_one_obj(curs) data = json.loads(s.serialized_data) data["ip"] = "new_%s" % data["ip"] s.serialized_data = json.dumps(data) mapping.save(curs, s) a = Authenticator() a._save_session_to_cache(s)
def check_access(self, data, req_info, session, curs=None): a = Authenticator() srv_type = data.get('service_type', None) p = data.get('property', None) try: a.check_access(session, srv_type, p, req_info) return response_ok(user_id=session.user_id, environment_id=session.environment_id, access='granted') except (UserAccessDenied, SessionIpChanged): return response_ok(user_id=session.user_id, environment_id=session.environment_id, access='denied')
def test_create_restore_password_session(self, curs=None): a = Authenticator() self.create_actor_env() env = self.get_environment_by_name(self.actor_env_name) user = self.get_subj_user(env.id, self.actor_login) req_info = RequestInfo() sess = a.create_restore_password_session(curs, env, user, req_info, bind_to_ip=False, lifetime_minutes=None) sess_data = json.loads(sess.serialized_data) rights = sess_data['rights'] self.assertEquals({Service.TYPE_AUTH: ['set_password_self']}, rights)
def modify_users(self, data, req_info, session, curs=None): u_ids = data['ids'] f = UserFilter(session, {'roles': [User.ROLE_SUPER]}, {}, None) su = f.filter_one_obj(curs) if su.id in u_ids: raise SuperUserModificationDenied() groups_ids = data.get('new_groups_ids', []) filtered_g_ids = self._filter_existed_groups(curs, session, groups_ids) data['new_groups_ids'] = filtered_g_ids if 'new_password' in data: a = Authenticator() salt = a.salt() data['new_password'] = a.encrypt_password(data['new_password'], salt) data['new_salt'] = salt f = UserFilter(session, {'ids': u_ids}, {}, None) loader = partial(f.filter_objs, curs, for_update=True) self.update_objs(curs, data, loader) return response_ok()
def modify_user_self(self, data, req_info, session, curs=None): f = UserFilter(session, {'id': session.user_id}, {}, None) user = f.filter_one_obj(curs) old_password = data.get('old_password') new_password = data.get('new_password') d = {} if 'new_lang' in data: d['new_lang'] = data['new_lang'] if old_password is not None: if new_password is None or len(new_password) == 0: raise UserNewPasswordNotSet("Empty new password can't be set") a = Authenticator() if user.password != a.encrypt_password(old_password, user.salt): raise UserWrongOldPassword() salt = a.salt() d['new_salt'] = salt d['new_password'] = a.encrypt_password(data['new_password'], salt) loader = partial(f.filter_one_obj, curs, for_update=True) self.update_obj(curs, d, loader) return response_ok()
def restore_password(self, data, req_info, curs=None): env_name = data.get('environment_name') env_f = EnvironmentFilter({'name': env_name}, {}, None) env = env_f.filter_one_obj(curs) # For correct action logging data['environment_id'] = env.id user_f = SubjectUserFilter(env.id, {'email': data.get('email')}, {}, None) user = user_f.filter_one_obj(curs) # creating user session auth = Authenticator() session = auth.create_restore_password_session(curs, env, user, req_info, lifetime_minutes=settings.session_restore_password_lifetime_minutes) _add_log_info(data, session) n = Notifier() n_process = n.restore_password(curs, user, session) return response_ok(notification=n_process)
def test_salt(self): a = Authenticator() for _ in xrange(1000): s = a.salt() self.assertNotEquals(None, s) self.assertNotEquals('', s)
def get_api_actions(self, data, req_info): a = Authenticator() actions = a.get_auth_api_actions() return response_ok(actions=actions)