def set_actor_credentials(self, actor_id='', username='', password=''):
if not username:
raise BadRequest("Invalid username")
IdentityUtils.check_password_policy(password)
actor_obj = self._validate_resource_id("actor_id", actor_id, RT.ActorIdentity)
cred_obj = None
for cred in actor_obj.credentials:
if cred.username == username:
cred_obj = cred
break
if not cred_obj:
cred_obj = Credentials()
cred_obj.username = username
actor_obj.credentials.append(cred_obj)
actor_obj.alt_ids.append("UNAME:" + username)
self._generate_password_hash(cred_obj, password)
# Lower level RR call to avoid credentials clearing
self.rr.update(actor_obj)
def set_actor_credentials(self, actor_id='', username='', password=''):
if not username:
raise BadRequest("Invalid username")
IdentityUtils.check_password_policy(password)
actor_obj = self._validate_resource_id("actor_id", actor_id,
RT.ActorIdentity)
cred_obj = None
for cred in actor_obj.credentials:
if cred.username == username:
cred_obj = cred
break
if not cred_obj:
cred_obj = Credentials()
cred_obj.username = username
actor_obj.credentials.append(cred_obj)
actor_obj.alt_ids.append("UNAME:" + username)
self._generate_password_hash(cred_obj, password)
# Lower level RR call to avoid credentials clearing
self.rr.update(actor_obj)
def _do_test_credentials(self, actor_id):
actor_identity = self.identity_management_service.read_actor_identity(
actor_id)
self.assertEquals(len(actor_identity.credentials), 0)
actor_cred = Credentials(username="******",
password_hash="123",
password_salt="foo")
self.identity_management_service.register_credentials(
actor_id, actor_cred)
actor_identity = self.identity_management_service.read_actor_identity(
actor_id)
self.assertEquals(len(actor_identity.credentials), 1)
self.assertEquals(actor_identity.credentials[0].username, "jdoe")
actor_id1 = self.identity_management_service.find_actor_identity_by_username(
"jdoe")
self.assertEquals(actor_id1, actor_id)
with self.assertRaises(NotFound):
self.identity_management_service.find_actor_identity_by_username(
"##FOO USER##")
self.identity_management_service.unregister_credentials(
actor_id, "jdoe")
actor_identity = self.identity_management_service.read_actor_identity(
actor_id)
self.assertEquals(len(actor_identity.credentials), 0)
self.identity_management_service.set_actor_credentials(
actor_id, "jdoe1", "mypasswd")
actor_identity = self.identity_management_service.read_actor_identity(
actor_id)
self.assertEquals(len(actor_identity.credentials), 1)
self.assertEquals(actor_identity.credentials[0].username, "jdoe1")
self.assertNotEquals(actor_identity.credentials[0].password_hash,
"mypasswd")
actor_id1 = self.identity_management_service.check_actor_credentials(
"jdoe1", "mypasswd")
self.assertEquals(actor_id1, actor_id)
with self.assertRaises(NotFound):
self.identity_management_service.check_actor_credentials(
"jdoe1", "mypasswd1")
self.identity_management_service.set_user_password(
"jdoe1", "mypasswd1")
actor_id1 = self.identity_management_service.check_actor_credentials(
"jdoe1", "mypasswd1")
self.assertEquals(actor_id1, actor_id)
for i in range(6):
with self.assertRaises(NotFound):
self.identity_management_service.check_actor_credentials(
"jdoe1", "mypasswd0")
with self.assertRaises(NotFound):
self.identity_management_service.check_actor_credentials(
"jdoe1", "mypasswd1")
self.identity_management_service.set_actor_auth_status(
actor_id, AuthStatusEnum.ENABLED)
actor_id1 = self.identity_management_service.check_actor_credentials(
"jdoe1", "mypasswd1")
self.assertEquals(actor_id1, actor_id)
def define_user(self,
user_id='',
first_name='',
last_name='',
username='',
password='',
email='',
attributes=None):
if user_id:
raise NotImplementedError("Update not supported: user_id=%s" %
user_id)
if not email:
raise BadRequest('Email is required')
username = username or email
user = self._get_user_by_email(email)
if user:
raise BadRequest("Email already taken")
if not username or not is_valid_identifier(username,
valid_chars=EMAIL_VALID):
raise BadRequest("Argument username invalid: %s" % username)
if attributes and type(attributes) is not dict:
raise BadRequest("Argument attributes invalid type")
if not first_name:
first_name = username
attributes = attributes or {}
full_name = ("%s %s" %
(first_name, last_name)) if last_name else first_name
IdentityUtils.check_password_policy(password)
contact = ContactInformation(individual_names_given=first_name,
individual_name_family=last_name,
email=email)
user_profile = UserIdentityDetails(contact=contact, profile=attributes)
actor_obj = ActorIdentity(name=full_name, details=user_profile)
# Support fast setting of credentials without expensive compute of bcrypt hash, for quick preload
pwd_salt, pwd_hash = None, None
if attributes and "scion_init_pwdsalt" in attributes and "scion_init_pwdhash" in attributes:
pwd_salt, pwd_hash = attributes.pop(
"scion_init_pwdsalt"), attributes.pop("scion_init_pwdhash")
user_exists = self.idm_client.is_user_existing(username)
if user_exists:
raise BadRequest("Username already taken")
actor_id = self.idm_client.create_actor_identity(actor_obj)
if pwd_salt and pwd_hash:
# Add to credentials
actor_obj1 = self.rr.read(actor_id)
cred_obj = None
for cred in actor_obj1.credentials:
if cred.username == username:
cred_obj = cred
break
if not cred_obj:
cred_obj = Credentials()
cred_obj.username = username
actor_obj1.credentials.append(cred_obj)
actor_obj1.alt_ids.append("UNAME:" + username)
cred_obj.identity_provider = "SciON"
cred_obj.authentication_service = "SciON IdM"
cred_obj.password_salt = pwd_salt
cred_obj.password_hash = pwd_hash
self.rr.update(actor_obj1)
else:
self.idm_client.set_actor_credentials(actor_id, username, password)
return actor_id
def define_user(self, user_id='', first_name='', last_name='', username='', password='',
email='', attributes=None):
if user_id:
raise NotImplementedError("Update not supported: user_id=%s" % user_id)
if not email:
raise BadRequest('Email is required')
username = username or email
user = self._get_user_by_email(email)
if user:
raise BadRequest("Email already taken")
if not username or not is_valid_identifier(username, valid_chars=EMAIL_VALID):
raise BadRequest("Argument username invalid: %s" % username)
if attributes and type(attributes) is not dict:
raise BadRequest("Argument attributes invalid type")
if not first_name:
first_name = username
attributes = attributes or {}
full_name = ("%s %s" % (first_name, last_name)) if last_name else first_name
IdentityUtils.check_password_policy(password)
contact = ContactInformation(individual_names_given=first_name, individual_name_family=last_name, email=email)
user_profile = UserIdentityDetails(contact=contact, profile=attributes)
actor_obj = ActorIdentity(name=full_name, details=user_profile)
# Support fast setting of credentials without expensive compute of bcrypt hash, for quick preload
pwd_salt, pwd_hash = None, None
if attributes and "scion_init_pwdsalt" in attributes and "scion_init_pwdhash" in attributes:
pwd_salt, pwd_hash = attributes.pop("scion_init_pwdsalt"), attributes.pop("scion_init_pwdhash")
user_exists = self.idm_client.is_user_existing(username)
if user_exists:
raise BadRequest("Username already taken")
actor_id = self.idm_client.create_actor_identity(actor_obj)
if pwd_salt and pwd_hash:
# Add to credentials
actor_obj1 = self.rr.read(actor_id)
cred_obj = None
for cred in actor_obj1.credentials:
if cred.username == username:
cred_obj = cred
break
if not cred_obj:
cred_obj = Credentials()
cred_obj.username = username
actor_obj1.credentials.append(cred_obj)
actor_obj1.alt_ids.append("UNAME:" + username)
cred_obj.identity_provider = "SciON"
cred_obj.authentication_service = "SciON IdM"
cred_obj.password_salt = pwd_salt
cred_obj.password_hash = pwd_hash
self.rr.update(actor_obj1)
else:
self.idm_client.set_actor_credentials(actor_id, username, password)
return actor_id