def authenticate(self, credentials): if not isinstance(credentials, auth.PasswordCredentials): raise fault.BadRequestFault("Expecting Password Credentials!") duser = db_api.user_get(credentials.username) if duser == None: raise fault.UnauthorizedFault("Unauthorized") if not duser.enabled: raise fault.UserDisabledFault("Your account has been disabled") if duser.password != credentials.password: raise fault.UnauthorizedFault("Unauthorized") # # Look for an existing token, or create one, # TODO: Handle tenant/token search # # removing following code for multi-token """if not credentials.tenant_id: dtoken = db_api.token_for_user(duser.id) else: dtoken = db_api.token_for_user_tenant(duser.id, credentials.tenant_id) """ # added following code dtoken = db_api.token_for_user_tenant(duser.id, credentials.tenant_id) #--- if not dtoken or dtoken.expires < datetime.now(): dtoken = db_models.Token() dtoken.token_id = str(uuid.uuid4()) dtoken.user_id = duser.id if not duser.tenants: raise fault.IDMFault("Strange: user %s is not associated " "with a tenant!" % duser.id) user = db_api.user_get_by_tenant(duser.id, credentials.tenant_id) if not credentials.tenant_id or not user: raise fault.ForbiddenFault("Error: user %s is " "not associated " "with a tenant! %s" % (duser.id, credentials.tenant_id)) dtoken.tenant_id = credentials.tenant_id #removing following code for multi token """else: dtoken.tenant_id = duser.tenants[0].tenant_id""" dtoken.expires = datetime.now() + timedelta(days=1) db_api.token_create(dtoken) return self.__get_auth_data(dtoken, duser)
def main(): usage = "usage: %prog tenant_id" parser = optparse.OptionParser(usage) options, args = parser.parse_args() if len(args) != 1: parser.error("Incorrect number of arguments") else: tenant_id = args[0] try: u = db_api.user_get_by_tenant(tenant_id) if u == None: raise IndexError("Users not found") for row in u: print row except Exception, e: print 'Error getting users for tenant', tenant_id, ':', str(e)
def authenticate(self, credentials): # Check credentials if not isinstance(credentials, auth.PasswordCredentials): raise fault.BadRequestFault("Expecting Password Credentials!") if not credentials.tenant_id: duser = db_api.user_get(credentials.username) if duser == None: raise fault.UnauthorizedFault("Unauthorized") else: duser = db_api.user_get_by_tenant(credentials.username, credentials.tenant_id) if duser == None: raise fault.UnauthorizedFault("Unauthorized on this tenant") if not duser.enabled: raise fault.UserDisabledFault("Your account has been disabled") if duser.password != credentials.password: raise fault.UnauthorizedFault("Unauthorized") # # Look for an existing token, or create one, # TODO: Handle tenant/token search # if not credentials.tenant_id: dtoken = db_api.token_for_user(duser.id) else: dtoken = db_api.token_for_user_tenant(duser.id, credentials.tenant_id) tenant_id = None if credentials.tenant_id: tenant_id = credentials.tenant_id else: tenant_id = duser.tenant_id if not dtoken or dtoken.expires < datetime.now(): # Create new token dtoken = db_models.Token() dtoken.token_id = str(uuid.uuid4()) dtoken.user_id = duser.id if credentials.tenant_id: dtoken.tenant_id = credentials.tenant_id dtoken.expires = datetime.now() + timedelta(days=1) db_api.token_create(dtoken) #if tenant_id is passed in the call that tenant_id is passed else #user's default tenant_id is used. return self.__get_auth_data(dtoken, tenant_id)
def delete_user(self, admin_token, user_id, tenant_id): self.__validate_token(admin_token) dtenant = db_api.tenant_get(tenant_id) if dtenant == None: raise fault.UnauthorizedFault("Unauthorized") if not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") duser = db_api.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") duser = db_api.user_get_by_tenant(user_id, tenant_id) if not duser: raise fault.ItemNotFoundFault("The user could not be " "found under given tenant") db_api.user_delete_tenant(user_id, tenant_id) return None
def create_user(self, admin_token, tenant_id, user): self.__validate_token(admin_token) print "@" * 80 print tenant_id print user dtenant = db_api.tenant_get(tenant_id) if dtenant == None: raise fault.UnauthorizedFault("Unauthorized") if not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") if not isinstance(user, users.User): raise fault.BadRequestFault("Expecting a User") if user.user_id == None: raise fault.BadRequestFault("Expecting a unique User Id") if db_api.user_get_by_tenant(user.user_id,tenant_id) != None: raise fault.UserConflictFault( "An user with that id already exists in the given tenant") if db_api.user_get(user.user_id) != None: raise fault.UserConflictFault( "An user with that id already exists") if db_api.user_get_email(user.email) != None: raise fault.EmailConflictFault( "Email already exists") duser = db_models.User() duser.id = user.user_id duser.password = user.password duser.email = user.email duser.enabled = user.enabled db_api.user_create(duser) duser_tenant = db_models.UserTenantAssociation() duser_tenant.user_id = user.user_id duser_tenant.tenant_id = tenant_id db_api.user_tenant_create(duser_tenant) return user
def __get_auth_data(self, dtoken, duser): """return AuthData object for a token/user pair""" token = auth.Token(dtoken.expires, dtoken.token_id) gs = [] for ug in duser.groups: dgroup = db_api.group_get(ug.group_id) gs.append(auth.Group(dgroup.id, dgroup.tenant_id)) groups = auth.Groups(gs, []) if len(duser.tenants) == 0: raise fault.IDMFault("Strange: user %s is not associated " "with a tenant!" % duser.id) if not dtoken.tenant_id and \ db_api.user_get_by_tenant(duser.id, dtoken.tenant_id): raise fault.IDMFault("Error: user %s is not associated " "with a tenant! %s" % (duser.id, dtoken.tenant_id)) user = auth.User(duser.id, dtoken.tenant_id, groups) return auth.AuthData(token, user)
def add_user_tenant(self, admin_token, user_id, tenant_id): self.__validate_token(admin_token) dtenant = db_api.tenant_get(tenant_id) if dtenant == None: raise fault.UnauthorizedFault("Unauthorized") if not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") if user_id == None: raise fault.BadRequestFault("Expecting a unique User Id") if db_api.user_get(user_id) is None: raise fault.ItemNotFoundFault( "user does not exists") if db_api.user_get_by_tenant(user_id,tenant_id) != None: raise fault.UserConflictFault( "An user with that id already exists in the given tenant") duser_tenant = db_models.UserTenantAssociation() duser_tenant.user_id = user_id duser_tenant.tenant_id = tenant_id db_api.user_tenant_create(duser_tenant) return None