def update_user(self, user_id, user):
with sql.session_for_write() as session:
user_ref = self._get_user(session, user_id)
old_user_dict = user_ref.to_dict()
for k in user:
old_user_dict[k] = user[k]
new_user = model.User.from_dict(old_user_dict)
for attr in model.User.attributes:
if attr not in model.User.readonly_attributes:
setattr(user_ref, attr, getattr(new_user, attr))
# Move the "_resource_options" attribute over to the real user_ref
# so that resource_options.resource_options_ref_to_mapper can
# handle the work.
setattr(user_ref, '_resource_options',
getattr(new_user, '_resource_options', {}))
# Move options into the proper attribute mapper construct
resource_options.resource_options_ref_to_mapper(
user_ref, model.UserOption)
if 'password' in user:
user_ref.password = user['password']
if self._change_password_required(user_ref):
expires_now = datetime.datetime.utcnow()
user_ref.password_ref.expires_at = expires_now
user_ref.extra = new_user.extra
return base.filter_user(
user_ref.to_dict(include_extra_dict=True))
def create_user(self, user_id, user):
user = utils.hash_user_password(user)
with sql.session_for_write() as session:
user_ref = model.User.from_dict(user)
user_ref.created_at = datetime.datetime.utcnow()
session.add(user_ref)
return base.filter_user(user_ref.to_dict())
def get_federated_users(self, hints):
with sql.session_for_read() as session:
query = session.query(model.User).outerjoin(model.LocalUser)
query = query.filter(model.User.id == model.FederatedUser.user_id)
query = self._update_query_with_federated_statements(hints, query)
user_refs = sql.filter_limit_query(model.User, query, hints)
return [identity_base.filter_user(x.to_dict()) for x in user_refs]
def get_federated_users(self, hints):
with sql.session_for_read() as session:
query = session.query(model.User).outerjoin(model.LocalUser)
query = query.filter(model.User.id == model.FederatedUser.user_id)
query = self._update_query_with_federated_statements(hints, query)
user_refs = sql.filter_limit_query(model.User, query, hints)
return [identity_base.filter_user(x.to_dict()) for x in user_refs]
def create_user(self, user_id, user):
user = utils.hash_user_password(user)
with sql.session_for_write() as session:
user_ref = model.User.from_dict(user)
user_ref.created_at = datetime.datetime.utcnow()
session.add(user_ref)
return base.filter_user(user_ref.to_dict())
def list_users(self, hints):
with sql.session_for_read() as session:
query = session.query(model.User).outerjoin(model.LocalUser)
query, hints = self._create_password_expires_query(
session, query, hints)
user_refs = sql.filter_limit_query(model.User, query, hints)
return [base.filter_user(x.to_dict()) for x in user_refs]
def _create_user(self, user_dict, last_active_at):
user_dict['id'] = uuid.uuid4().hex
with sql.session_for_write() as session:
user_ref = model.User.from_dict(user_dict)
user_ref.last_active_at = last_active_at
session.add(user_ref)
return base.filter_user(user_ref.to_dict())
def update_user(self, user_id, user):
with sql.session_for_write() as session:
user_ref = self._get_user(session, user_id)
old_user_dict = user_ref.to_dict()
for k in user:
old_user_dict[k] = user[k]
new_user = model.User.from_dict(old_user_dict)
for attr in model.User.attributes:
if attr not in model.User.readonly_attributes:
setattr(user_ref, attr, getattr(new_user, attr))
# Move the "_resource_options" attribute over to the real user_ref
# so that resource_options.resource_options_ref_to_mapper can
# handle the work.
setattr(user_ref, '_resource_options',
getattr(new_user, '_resource_options', {}))
# Move options into the proper attribute mapper construct
resource_options.resource_options_ref_to_mapper(
user_ref, model.UserOption)
if 'password' in user:
user_ref.password = user['password']
if self._change_password_required(user_ref):
expires_now = datetime.datetime.utcnow()
user_ref.password_ref.expires_at = expires_now
user_ref.extra = new_user.extra
return base.filter_user(user_ref.to_dict(include_extra_dict=True))
def _create_user(self, user_dict):
user_dict['id'] = uuid.uuid4().hex
user_dict = utils.hash_user_password(user_dict)
with sql.session_for_write() as session:
user_ref = model.User.from_dict(user_dict)
session.add(user_ref)
return base.filter_user(user_ref.to_dict())
def list_users(self, hints):
with sql.session_for_read() as session:
query = session.query(model.User).outerjoin(model.LocalUser)
query, hints = self._create_password_expires_query(session, query,
hints)
user_refs = sql.filter_limit_query(model.User, query, hints)
return [base.filter_user(x.to_dict()) for x in user_refs]
def _create_user(self, user_dict, last_active_at):
user_dict['id'] = uuid.uuid4().hex
with sql.session_for_write() as session:
user_ref = model.User.from_dict(user_dict)
user_ref.last_active_at = last_active_at
session.add(user_ref)
return base.filter_user(user_ref.to_dict())
def list_users_in_group(self, group_id, hints):
with sql.session_for_read() as session:
self.get_group(group_id)
query = session.query(User).outerjoin(LocalUser)
query = query.join(UserGroupMembership)
query = query.filter(UserGroupMembership.group_id == group_id)
query = sql.filter_limit_query(User, query, hints)
return [base.filter_user(u.to_dict()) for u in query]
def _create_user_with_federated_user(self, user, fed_dict):
with sql.session_for_write() as session:
federated_ref = model.FederatedUser.from_dict(fed_dict)
user_ref = model.User.from_dict(user)
user_ref.created_at = datetime.datetime.utcnow()
user_ref.federated_users.append(federated_ref)
session.add(user_ref)
return identity_base.filter_user(user_ref.to_dict())
def create_federated_user(self, federated_dict):
user = {"id": uuid.uuid4().hex, "enabled": True}
with sql.session_for_write() as session:
federated_ref = model.FederatedUser.from_dict(federated_dict)
user_ref = model.User.from_dict(user)
user_ref.federated_users.append(federated_ref)
session.add(user_ref)
return identity_base.filter_user(user_ref.to_dict())
def create_federated_user(self, federated_dict):
user = {'id': uuid.uuid4().hex, 'enabled': True}
with sql.session_for_write() as session:
federated_ref = model.FederatedUser.from_dict(federated_dict)
user_ref = model.User.from_dict(user)
user_ref.federated_users.append(federated_ref)
session.add(user_ref)
return identity_base.filter_user(user_ref.to_dict())
def _create_user(self, user_dict, password_created_at):
user_dict = utils.hash_user_password(user_dict)
with sql.session_for_write() as session:
user_ref = model.User.from_dict(user_dict)
user_ref.password_ref.created_at = password_created_at
user_ref.password_ref.expires_at = (
user_ref._get_password_expires_at(password_created_at))
session.add(user_ref)
return base.filter_user(user_ref.to_dict())
def _create_user(self, user_dict, password_created_at):
user_dict = utils.hash_user_password(user_dict)
with sql.session_for_write() as session:
user_ref = model.User.from_dict(user_dict)
user_ref.password_ref.created_at = password_created_at
user_ref.password_ref.expires_at = (
user_ref._get_password_expires_at(password_created_at))
session.add(user_ref)
return base.filter_user(user_ref.to_dict())
def get_federated_user(self, idp_id, protocol_id, unique_id):
# NOTE(notmorgan): Open a session here to ensure .to_dict is called
# within an active session context. This will prevent lazy-load
# relationship failure edge-cases
# FIXME(notmorgan): Eventually this should not call `to_dict` here and
# rely on something already in the session context to perform the
# `to_dict` call.
with sql.session_for_read():
user_ref = self._get_federated_user(idp_id, protocol_id, unique_id)
return identity_base.filter_user(user_ref.to_dict())
def get_user_by_name(self, user_name, domain_id):
LOG.debug("Called get_user_by_name %s, %s" % (user_name, domain_id))
# try SQL first
try:
user = super(Identity, self).get_user_by_name(user_name, domain_id)
except exception.UserNotFound:
# then try LDAP
return base.filter_user(self.user.get_by_name(user_name))
else:
return user
def get_user(self, user_id):
LOG.debug("Called get_user %s" % user_id)
with sql.session_for_read() as session:
user = self._get_user(session, user_id)
try:
user = user.to_dict()
except AttributeError:
# LDAP Users are already dicts which is fine
pass
return base.filter_user(user)
def get_federated_user(self, idp_id, protocol_id, unique_id):
# NOTE(notmorgan): Open a session here to ensure .to_dict is called
# within an active session context. This will prevent lazy-load
# relationship failure edge-cases
# FIXME(notmorgan): Eventually this should not call `to_dict` here and
# rely on something already in the session context to perform the
# `to_dict` call.
with sql.session_for_read():
user_ref = self._get_federated_user(idp_id, protocol_id, unique_id)
return identity_base.filter_user(user_ref.to_dict())
def authenticate(self, user_id, password):
with sql.session_for_read() as session:
user_ref = None
try:
user_ref = self._get_user(session, user_id)
except exception.UserNotFound:
raise AssertionError(_('Invalid user / password'))
if not self._check_password(password, user_ref):
raise AssertionError(_('Invalid user / password'))
return base.filter_user(user_ref.to_dict())
def get_user_by_name(self, user_name, domain_id):
with sql.session_for_read() as session:
query = session.query(User).join(LocalUser)
query = query.filter(sqlalchemy.and_(LocalUser.name == user_name,
LocalUser.domain_id == domain_id))
try:
user_ref = query.one()
except sql.NotFound:
raise exception.UserNotFound(user_id=user_name)
return base.filter_user(user_ref.to_dict())
def _create_user(self, user_dict, password_created_at):
# Bypass business logic and go straight for the identity driver
# (SQL in this case)
driver = self.identity_api.driver
driver.create_user(user_dict['id'], user_dict)
with sql.session_for_write() as session:
user_ref = session.query(model.User).get(user_dict['id'])
user_ref.password_ref.created_at = password_created_at
user_ref.password_ref.expires_at = (
user_ref._get_password_expires_at(password_created_at))
return base.filter_user(user_ref.to_dict())
def create_user(self, user_id, user):
with sql.session_for_write() as session:
user_ref = model.User.from_dict(user)
if self._change_password_required(user_ref):
user_ref.password_ref.expires_at = datetime.datetime.utcnow()
user_ref.created_at = datetime.datetime.utcnow()
session.add(user_ref)
# Set resource options passed on creation
resource_options.resource_options_ref_to_mapper(
user_ref, model.UserOption)
return base.filter_user(user_ref.to_dict())
def _create_user(self, user_dict, password_created_at):
# Bypass business logic and go straight for the identity driver
# (SQL in this case)
driver = PROVIDERS.identity_api.driver
driver.create_user(user_dict['id'], user_dict)
with sql.session_for_write() as session:
user_ref = session.query(model.User).get(user_dict['id'])
user_ref.password_ref.created_at = password_created_at
user_ref.password_ref.expires_at = (
user_ref._get_password_expires_at(password_created_at))
return base.filter_user(user_ref.to_dict())
def create_user(self, user_id, user):
with sql.session_for_write() as session:
user_ref = model.User.from_dict(user)
if self._change_password_required(user_ref):
user_ref.password_ref.expires_at = datetime.datetime.utcnow()
user_ref.created_at = datetime.datetime.utcnow()
session.add(user_ref)
# Set resource options passed on creation
resource_options.resource_options_ref_to_mapper(
user_ref, model.UserOption)
return base.filter_user(user_ref.to_dict())
def filter_attributes(self, user):
# make sure inactive users are disabled
if 'sapObjectStatus' in user:
if user['sapObjectStatus'] != STATUS_ACTIVE:
user['enabled'] = False
if 'camObjectStatus' in user:
if user['camObjectStatus'] != CAM_STATUS_ACTIVE:
user['enabled'] = False
if 'ccObjectStatus' in user:
if user['ccObjectStatus'] != STATUS_ACTIVE:
user['enabled'] = False
# keep CAM from messing with temporary T-users
elif re.match(T_REGEX, user['name']):
user['enabled'] = True
else:
# special case for fresh priovisioned CAM users: we transiently enable them to allow a initial login
# the following pasword update will take care of setting the ccObjectStatus
if not user['enabled'] and user[
'camObjectStatus'] == CAM_STATUS_ACTIVE:
user['enabled'] = True
user.pop('sAMAccountName', None)
user.pop('sapObjectStatus', None)
user.pop('ccObjectStatus', None)
user.pop('camObjectStatus', None)
# evaluate password_expires_at
if 'password_expires_at' in user:
if user['password_expires_at'] == '0' or user[
'password_expires_at'] == '9223372036854775807':
user['password_expires_at'] = None
else:
# convert pwdLastSet to unix epoch
ts = (int(user['password_expires_at']) /
10000000) - 11644473600
# TODO: this is over simplified and actually potentially dynamic (AD policy based)
# add max 180 days AD policy based password age
ts += 15552000
user['password_expires_at'] = datetime.datetime.fromtimestamp(
ts)
if 'userAccountControl' in user:
do_not_expire = int(user['userAccountControl']
) & 0x10000 # AD PASSWORD_NEVER_EXPIRES bit
if do_not_expire:
user['password_expires_at'] = None
user.pop('userAccountControl', None)
if 'password_failures' in user:
if user['password_failures'] == '0':
user.pop('password_failures', None)
return base.filter_user(common_ldap.filter_entity(user))
def create_nonlocal_user(self, user_dict):
new_user_dict = copy.deepcopy(user_dict)
new_nonlocal_user_dict = {
'domain_id': user_dict['domain_id'],
'name': user_dict['name']
}
with sql.session_for_write() as session:
new_nonlocal_user_ref = model.NonLocalUser.from_dict(
new_nonlocal_user_dict)
new_user_ref = model.User.from_dict(new_user_dict)
new_user_ref.nonlocal_users.append(new_nonlocal_user_ref)
session.add(new_user_ref)
return identity_base.filter_user(new_user_ref.to_dict())
def create_federated_user(self, domain_id, federated_dict):
user = {
'id': uuid.uuid4().hex,
'domain_id': domain_id,
'enabled': True
}
with sql.session_for_write() as session:
federated_ref = model.FederatedUser.from_dict(federated_dict)
user_ref = model.User.from_dict(user)
user_ref.created_at = datetime.datetime.utcnow()
user_ref.federated_users.append(federated_ref)
session.add(user_ref)
return identity_base.filter_user(user_ref.to_dict())
def update_user(self, user_id, user):
with sql.session_for_write() as session:
user_ref = self._get_user(session, user_id)
old_user_dict = user_ref.to_dict()
user = utils.hash_user_password(user)
for k in user:
old_user_dict[k] = user[k]
new_user = model.User.from_dict(old_user_dict)
for attr in model.User.attributes:
if attr not in model.User.readonly_attributes:
setattr(user_ref, attr, getattr(new_user, attr))
user_ref.extra = new_user.extra
return base.filter_user(user_ref.to_dict(include_extra_dict=True))
def update_user(self, user_id, user):
with sql.session_for_write() as session:
user_ref = self._get_user(session, user_id)
old_user_dict = user_ref.to_dict()
user = utils.hash_user_password(user)
for k in user:
old_user_dict[k] = user[k]
new_user = model.User.from_dict(old_user_dict)
for attr in model.User.attributes:
if attr != 'id':
setattr(user_ref, attr, getattr(new_user, attr))
user_ref.extra = new_user.extra
return base.filter_user(
user_ref.to_dict(include_extra_dict=True))
def create_nonlocal_user(self, user_dict):
new_user_dict = copy.deepcopy(user_dict)
# remove local_user attributes from new_user_dict
new_user_dict.pop('name', None)
new_user_dict.pop('password', None)
# create nonlocal_user dict
new_nonlocal_user_dict = {'name': user_dict['name']}
with sql.session_for_write() as session:
new_nonlocal_user_ref = model.NonLocalUser.from_dict(
new_nonlocal_user_dict)
new_user_ref = model.User.from_dict(new_user_dict)
new_user_ref.created_at = datetime.datetime.utcnow()
new_user_ref.nonlocal_user = new_nonlocal_user_ref
session.add(new_user_ref)
return identity_base.filter_user(new_user_ref.to_dict())
def create_federated_user(self, domain_id, federated_dict, email=None):
user = {
'id': uuid.uuid4().hex,
'domain_id': domain_id,
'enabled': True
}
if email:
user['email'] = email
with sql.session_for_write() as session:
federated_ref = model.FederatedUser.from_dict(federated_dict)
user_ref = model.User.from_dict(user)
user_ref.created_at = datetime.datetime.utcnow()
user_ref.federated_users.append(federated_ref)
session.add(user_ref)
return identity_base.filter_user(user_ref.to_dict())
def get_federated_users(self, hints):
with sql.session_for_read() as session:
query = session.query(model.User).outerjoin(
model.LocalUser).outerjoin(model.FederatedUser)
query = query.filter(model.User.id == model.FederatedUser.user_id)
query = self._update_query_with_federated_statements(hints, query)
name_filter = None
for filter_ in hints.filters:
if filter_['name'] == 'name':
name_filter = filter_
query = query.filter(model.FederatedUser.display_name ==
name_filter['value'])
break
if name_filter:
hints.filters.remove(name_filter)
user_refs = sql.filter_limit_query(model.User, query, hints)
return [identity_base.filter_user(x.to_dict()) for x in user_refs]
def create_nonlocal_user(self, user_dict):
new_user_dict = copy.deepcopy(user_dict)
# remove local_user attributes from new_user_dict
new_user_dict.pop('name', None)
new_user_dict.pop('password', None)
# create nonlocal_user dict
new_nonlocal_user_dict = {
'name': user_dict['name']
}
with sql.session_for_write() as session:
new_nonlocal_user_ref = model.NonLocalUser.from_dict(
new_nonlocal_user_dict)
new_user_ref = model.User.from_dict(new_user_dict)
new_user_ref.created_at = datetime.datetime.utcnow()
new_user_ref.nonlocal_user = new_nonlocal_user_ref
session.add(new_user_ref)
return identity_base.filter_user(new_user_ref.to_dict())
def authenticate(self, user_id, password):
with sql.session_for_read() as session:
try:
user_ref = self._get_user(session, user_id)
except exception.UserNotFound:
raise AssertionError(_('Invalid user / password'))
if self._is_account_locked(user_id, user_ref):
raise exception.AccountLocked(user_id=user_id)
elif not self._check_password(password, user_ref):
self._record_failed_auth(user_id)
raise AssertionError(_('Invalid user / password'))
elif not user_ref.enabled:
raise exception.UserDisabled(user_id=user_id)
# successful auth, reset failed count if present
if user_ref.local_user.failed_auth_count:
self._reset_failed_auth(user_id)
return base.filter_user(user_ref.to_dict())
def get_federated_users(self, hints):
with sql.session_for_read() as session:
query = session.query(model.User).outerjoin(
model.LocalUser).outerjoin(model.FederatedUser)
query = query.filter(model.User.id == model.FederatedUser.user_id)
query = self._update_query_with_federated_statements(hints, query)
name_filter = None
for filter_ in hints.filters:
if filter_['name'] == 'name':
name_filter = filter_
query = query.filter(
model.FederatedUser.display_name == name_filter[
'value'])
break
if name_filter:
hints.filters.remove(name_filter)
user_refs = sql.filter_limit_query(model.User, query, hints)
return [identity_base.filter_user(x.to_dict()) for x in user_refs]
def authenticate(self, user_id, password):
"""Authenticate based on a user and password.
Tries to authenticate using the SQL backend first, if that fails
it tries the LDAP backend.
"""
if not password:
raise AssertionError('Invalid user / password')
with sql.session_for_read() as session:
try:
user_ref = self._get_user(session, user_id)
except exception.UserNotFound:
raise AssertionError('Invalid user / password')
# if the user_ref has a password, it's from the SQL backend and
# we can just check if it coincides with the one we got
conn = None
try:
assert utils.check_password(password, user_ref.password)
except TypeError:
raise AssertionError('Invalid user / password')
except (KeyError, AssertionError
): # if it doesn't have a password, it must be LDAP
try:
user_name = user_ref['name']
# get_connection does a bind for us which checks the password
conn = self.user.get_connection(
self.user._id_to_dn(user_name),
password,
end_user_auth=True)
assert conn
except Exception:
raise AssertionError('Invalid user / password')
else:
LOG.debug("Authenticated user with LDAP.")
self.domain_aware = False
finally:
if conn:
conn.unbind_s()
else:
LOG.debug("Authenticated user with SQL.")
return base.filter_user(user_ref.to_dict())
def authenticate(self, user_id, password):
with sql.session_for_read() as session:
try:
user_ref = self._get_user(session, user_id)
except exception.UserNotFound:
raise AssertionError(_('Invalid user / password'))
if self._is_account_locked(user_id, user_ref):
raise exception.AccountLocked(user_id=user_id)
elif not self._check_password(password, user_ref):
self._record_failed_auth(user_id)
raise AssertionError(_('Invalid user / password'))
elif not user_ref.enabled:
raise exception.UserDisabled(user_id=user_id)
elif user_ref.password_is_expired:
raise exception.PasswordExpired(user_id=user_id)
# successful auth, reset failed count if present
if user_ref.local_user.failed_auth_count:
self._reset_failed_auth(user_id)
return base.filter_user(user_ref.to_dict())
def create_federated_user(self, domain_id, federated_dict, email=None):
local_entity = {
'domain_id': domain_id,
'local_id': federated_dict['unique_id'],
'entity_type': 'user'
}
public_id = PROVIDERS.id_generator_api.generate_public_ID(local_entity)
user = {'id': public_id, 'domain_id': domain_id, 'enabled': True}
if email:
user['email'] = email
with sql.session_for_write() as session:
federated_ref = model.FederatedUser.from_dict(federated_dict)
user_ref = model.User.from_dict(user)
user_ref.created_at = datetime.datetime.utcnow()
user_ref.federated_users.append(federated_ref)
session.add(user_ref)
return identity_base.filter_user(user_ref.to_dict())
def create_nonlocal_user(self, user_dict):
new_user_dict = copy.deepcopy(user_dict)
# remove local_user attributes from new_user_dict
keys_to_delete = ['domain_id', 'name', 'password']
for key in keys_to_delete:
if key in new_user_dict:
del new_user_dict[key]
# create nonlocal_user dict
new_nonlocal_user_dict = {
'domain_id': user_dict['domain_id'],
'name': user_dict['name']
}
with sql.session_for_write() as session:
new_nonlocal_user_ref = model.NonLocalUser.from_dict(
new_nonlocal_user_dict)
new_user_ref = model.User.from_dict(new_user_dict)
new_user_ref.created_at = datetime.datetime.utcnow()
new_user_ref.nonlocal_users.append(new_nonlocal_user_ref)
session.add(new_user_ref)
return identity_base.filter_user(new_user_ref.to_dict())
def create_nonlocal_user(self, user_dict):
new_user_dict = copy.deepcopy(user_dict)
# remove local_user attributes from new_user_dict
keys_to_delete = ['domain_id', 'name', 'password']
for key in keys_to_delete:
if key in new_user_dict:
del new_user_dict[key]
# create nonlocal_user dict
new_nonlocal_user_dict = {
'domain_id': user_dict['domain_id'],
'name': user_dict['name']
}
with sql.session_for_write() as session:
new_nonlocal_user_ref = model.NonLocalUser.from_dict(
new_nonlocal_user_dict)
new_user_ref = model.User.from_dict(new_user_dict)
new_user_ref.created_at = datetime.datetime.utcnow()
new_user_ref.nonlocal_users.append(new_nonlocal_user_ref)
session.add(new_user_ref)
return identity_base.filter_user(new_user_ref.to_dict())
def create_federated_user(self, domain_id, federated_dict, email=None):
local_entity = {'domain_id': domain_id,
'local_id': federated_dict['unique_id'],
'entity_type': 'user'}
public_id = PROVIDERS.id_generator_api.generate_public_ID(local_entity)
user = {
'id': public_id,
'domain_id': domain_id,
'enabled': True
}
if email:
user['email'] = email
with sql.session_for_write() as session:
federated_ref = model.FederatedUser.from_dict(federated_dict)
user_ref = model.User.from_dict(user)
user_ref.created_at = datetime.datetime.utcnow()
user_ref.federated_users.append(federated_ref)
session.add(user_ref)
return identity_base.filter_user(user_ref.to_dict())
def get_federated_user(self, idp_id, protocol_id, unique_id):
user_ref = self._get_federated_user(idp_id, protocol_id, unique_id)
return identity_base.filter_user(user_ref.to_dict())
def list_users(self, hints):
with sql.session_for_read() as session:
query = session.query(User).outerjoin(LocalUser)
user_refs = sql.filter_limit_query(User, query, hints)
return [base.filter_user(x.to_dict()) for x in user_refs]
def get_federated_user(self, idp_id, protocol_id, unique_id):
user_ref = self._get_federated_user(idp_id, protocol_id, unique_id)
return identity_base.filter_user(user_ref.to_dict())
def get_user(self, user_id):
with sql.session_for_read() as session:
user_ref = self._get_user(session, user_id)
return identity_base.filter_user(user_ref.to_dict())
def get_user(self, user_id):
with sql.session_for_read() as session:
user_ref = self._get_user(session, user_id)
return identity_base.filter_user(user_ref.to_dict())
def filter_attributes(self, user):
return base.filter_user(common_ldap.filter_entity(user))
def filter_attributes(self, user):
return base.filter_user(common_ldap.filter_entity(user))
def get_user(self, user_id):
with sql.session_for_read() as session:
return base.filter_user(
self._get_user(session, user_id).to_dict())
def create_user(self, user_id, user):
user = utils.hash_user_password(user)
with sql.session_for_write() as session:
user_ref = User.from_dict(user)
session.add(user_ref)
return base.filter_user(user_ref.to_dict())
