def set_actor_credentials(self, actor_id='', username='', password=''):
        if not username:
            raise BadRequest("Invalid username")
        IdentityUtils.check_password_policy(password)
        actor_obj = self._validate_resource_id("actor_id", actor_id, RT.ActorIdentity)
        cred_obj = None
        for cred in actor_obj.credentials:
            if cred.username == username:
                cred_obj = cred
                break
        if not cred_obj:
            cred_obj = Credentials()
            cred_obj.username = username
            actor_obj.credentials.append(cred_obj)
            actor_obj.alt_ids.append("UNAME:" + username)

        self._generate_password_hash(cred_obj, password)

        # Lower level RR call to avoid credentials clearing
        self.rr.update(actor_obj)
    def set_actor_credentials(self, actor_id='', username='', password=''):
        if not username:
            raise BadRequest("Invalid username")
        IdentityUtils.check_password_policy(password)
        actor_obj = self._validate_resource_id("actor_id", actor_id,
                                               RT.ActorIdentity)
        cred_obj = None
        for cred in actor_obj.credentials:
            if cred.username == username:
                cred_obj = cred
                break
        if not cred_obj:
            cred_obj = Credentials()
            cred_obj.username = username
            actor_obj.credentials.append(cred_obj)
            actor_obj.alt_ids.append("UNAME:" + username)

        self._generate_password_hash(cred_obj, password)

        # Lower level RR call to avoid credentials clearing
        self.rr.update(actor_obj)
예제 #3
0
    def _do_test_credentials(self, actor_id):
        actor_identity = self.identity_management_service.read_actor_identity(
            actor_id)
        self.assertEquals(len(actor_identity.credentials), 0)

        actor_cred = Credentials(username="******",
                                 password_hash="123",
                                 password_salt="foo")
        self.identity_management_service.register_credentials(
            actor_id, actor_cred)

        actor_identity = self.identity_management_service.read_actor_identity(
            actor_id)
        self.assertEquals(len(actor_identity.credentials), 1)
        self.assertEquals(actor_identity.credentials[0].username, "jdoe")

        actor_id1 = self.identity_management_service.find_actor_identity_by_username(
            "jdoe")
        self.assertEquals(actor_id1, actor_id)
        with self.assertRaises(NotFound):
            self.identity_management_service.find_actor_identity_by_username(
                "##FOO USER##")

        self.identity_management_service.unregister_credentials(
            actor_id, "jdoe")
        actor_identity = self.identity_management_service.read_actor_identity(
            actor_id)
        self.assertEquals(len(actor_identity.credentials), 0)

        self.identity_management_service.set_actor_credentials(
            actor_id, "jdoe1", "mypasswd")
        actor_identity = self.identity_management_service.read_actor_identity(
            actor_id)
        self.assertEquals(len(actor_identity.credentials), 1)
        self.assertEquals(actor_identity.credentials[0].username, "jdoe1")
        self.assertNotEquals(actor_identity.credentials[0].password_hash,
                             "mypasswd")

        actor_id1 = self.identity_management_service.check_actor_credentials(
            "jdoe1", "mypasswd")
        self.assertEquals(actor_id1, actor_id)

        with self.assertRaises(NotFound):
            self.identity_management_service.check_actor_credentials(
                "jdoe1", "mypasswd1")

        self.identity_management_service.set_user_password(
            "jdoe1", "mypasswd1")
        actor_id1 = self.identity_management_service.check_actor_credentials(
            "jdoe1", "mypasswd1")
        self.assertEquals(actor_id1, actor_id)

        for i in range(6):
            with self.assertRaises(NotFound):
                self.identity_management_service.check_actor_credentials(
                    "jdoe1", "mypasswd0")

        with self.assertRaises(NotFound):
            self.identity_management_service.check_actor_credentials(
                "jdoe1", "mypasswd1")

        self.identity_management_service.set_actor_auth_status(
            actor_id, AuthStatusEnum.ENABLED)
        actor_id1 = self.identity_management_service.check_actor_credentials(
            "jdoe1", "mypasswd1")
        self.assertEquals(actor_id1, actor_id)
예제 #4
0
    def define_user(self,
                    user_id='',
                    first_name='',
                    last_name='',
                    username='',
                    password='',
                    email='',
                    attributes=None):
        if user_id:
            raise NotImplementedError("Update not supported: user_id=%s" %
                                      user_id)
        if not email:
            raise BadRequest('Email is required')
        username = username or email

        user = self._get_user_by_email(email)
        if user:
            raise BadRequest("Email already taken")

        if not username or not is_valid_identifier(username,
                                                   valid_chars=EMAIL_VALID):
            raise BadRequest("Argument username invalid: %s" % username)
        if attributes and type(attributes) is not dict:
            raise BadRequest("Argument attributes invalid type")
        if not first_name:
            first_name = username
        attributes = attributes or {}

        full_name = ("%s %s" %
                     (first_name, last_name)) if last_name else first_name

        IdentityUtils.check_password_policy(password)

        contact = ContactInformation(individual_names_given=first_name,
                                     individual_name_family=last_name,
                                     email=email)
        user_profile = UserIdentityDetails(contact=contact, profile=attributes)
        actor_obj = ActorIdentity(name=full_name, details=user_profile)

        # Support fast setting of credentials without expensive compute of bcrypt hash, for quick preload
        pwd_salt, pwd_hash = None, None
        if attributes and "scion_init_pwdsalt" in attributes and "scion_init_pwdhash" in attributes:
            pwd_salt, pwd_hash = attributes.pop(
                "scion_init_pwdsalt"), attributes.pop("scion_init_pwdhash")

        user_exists = self.idm_client.is_user_existing(username)
        if user_exists:
            raise BadRequest("Username already taken")

        actor_id = self.idm_client.create_actor_identity(actor_obj)

        if pwd_salt and pwd_hash:
            # Add to credentials
            actor_obj1 = self.rr.read(actor_id)
            cred_obj = None
            for cred in actor_obj1.credentials:
                if cred.username == username:
                    cred_obj = cred
                    break
            if not cred_obj:
                cred_obj = Credentials()
                cred_obj.username = username
                actor_obj1.credentials.append(cred_obj)
                actor_obj1.alt_ids.append("UNAME:" + username)
            cred_obj.identity_provider = "SciON"
            cred_obj.authentication_service = "SciON IdM"
            cred_obj.password_salt = pwd_salt
            cred_obj.password_hash = pwd_hash
            self.rr.update(actor_obj1)
        else:
            self.idm_client.set_actor_credentials(actor_id, username, password)

        return actor_id
예제 #5
0
    def define_user(self, user_id='', first_name='', last_name='', username='', password='',
                    email='', attributes=None):
        if user_id:
            raise NotImplementedError("Update not supported: user_id=%s" % user_id)
        if not email:
            raise BadRequest('Email is required')
        username = username or email

        user = self._get_user_by_email(email)
        if user:
            raise BadRequest("Email already taken")

        if not username or not is_valid_identifier(username, valid_chars=EMAIL_VALID):
            raise BadRequest("Argument username invalid: %s" % username)
        if attributes and type(attributes) is not dict:
            raise BadRequest("Argument attributes invalid type")
        if not first_name:
            first_name = username
        attributes = attributes or {}

        full_name = ("%s %s" % (first_name, last_name)) if last_name else first_name

        IdentityUtils.check_password_policy(password)

        contact = ContactInformation(individual_names_given=first_name, individual_name_family=last_name, email=email)
        user_profile = UserIdentityDetails(contact=contact, profile=attributes)
        actor_obj = ActorIdentity(name=full_name, details=user_profile)

        # Support fast setting of credentials without expensive compute of bcrypt hash, for quick preload
        pwd_salt, pwd_hash = None, None
        if attributes and "scion_init_pwdsalt" in attributes and "scion_init_pwdhash" in attributes:
            pwd_salt, pwd_hash = attributes.pop("scion_init_pwdsalt"), attributes.pop("scion_init_pwdhash")

        user_exists = self.idm_client.is_user_existing(username)
        if user_exists:
            raise BadRequest("Username already taken")

        actor_id = self.idm_client.create_actor_identity(actor_obj)

        if pwd_salt and pwd_hash:
            # Add to credentials
            actor_obj1 = self.rr.read(actor_id)
            cred_obj = None
            for cred in actor_obj1.credentials:
                if cred.username == username:
                    cred_obj = cred
                    break
            if not cred_obj:
                cred_obj = Credentials()
                cred_obj.username = username
                actor_obj1.credentials.append(cred_obj)
                actor_obj1.alt_ids.append("UNAME:" + username)
            cred_obj.identity_provider = "SciON"
            cred_obj.authentication_service = "SciON IdM"
            cred_obj.password_salt = pwd_salt
            cred_obj.password_hash = pwd_hash
            self.rr.update(actor_obj1)
        else:
            self.idm_client.set_actor_credentials(actor_id, username, password)

        return actor_id