def deleteRealm(realmname): ''' delete the realm from the Database Table with the given name :param realmname: the to be deleted realm :type realmname: string ''' log.debug("deleting realm object with name=%s" % realmname) r = getRealmObject(name=realmname) if r is None: ''' if no realm is found, we re-try the lowercase name for backward compatibility ''' r = getRealmObject(name=realmname.lower()) realmId = 0 if r is not None: realmId = r.id if realmId != 0: log.debug("Deleting token relations for realm with id %i" % realmId) Session.query(TokenRealm).filter(TokenRealm.realm_id == realmId).delete() Session.delete(r) else: log.warning("Realm with name %s was not found." % realmname) return False # now delete all relations, i.e. remove all Tokens from this realm. # finally we delete the 'realmname' cache from linotp.lib.user import delete_realm_resolver_cache delete_realm_resolver_cache(realmname) return True
def deleteRealm(realmname): ''' delete the realm from the Database Table with the given name :param realmname: the to be deleted realm :type realmname: string ''' log.debug("deleting realm object with name=%s" % realmname) r = getRealmObject(name=realmname) if r is None: ''' if no realm is found, we re-try the lowercase name for backward compatibility ''' r = getRealmObject(name=realmname.lower()) realmId = 0 if r is not None: realmId = r.id if realmId != 0: log.debug("Deleting token relations for realm with id %i" % realmId) Session.query(TokenRealm).filter(TokenRealm.realm_id == realmId).delete() Session.delete(r) else: log.warning("Realm with name %s was not found." % realmname) return False # now delete all relations, i.e. remove all Tokens from this realm. # finally we delete the 'realmname' cache from linotp.lib.user import delete_realm_resolver_cache delete_realm_resolver_cache(realmname) return True
def _flush_user_resolver_cache(resolver_spec): """ flush the user realm cache in case of a change of the resolver, all realms which use this resolver must be flushed :param resolver_spec: the resolve which has been updated :return: - nothing - """ from linotp.lib.user import ( delete_realm_resolver_cache, delete_resolver_user_cache, ) delete_resolver_user_cache(resolver_spec) config = context["Config"] realms = config.getRealms() # if a resolver is redefined, we have to refresh the related realm cache for realm_name, realm_spec in list(realms.items()): resolvers = realm_spec.get("useridresolver", []) if resolver_spec in resolvers: delete_realm_resolver_cache(realm_name)
def _check_for_cache_flush(realm_name, realm_definition): """ Check if the realm_resolver cache should be flushed. This detected by checking if the resolver definition in a realm has changed. :param realm_name: the name of the realm :param realm_definition: the new realm definition with its resolvers :return: -nothing- """ # get the resolvers list of the realm definition realm_resolvers = realm_definition.get("useridresolver", []) # and the former definition from the local cache former_realm_resolvers = _lookup_realm_config(realm_name, realm_resolvers) # we check if there has been something dropped from the # former resolver definition by using set().difference former_res_set = set(former_realm_resolvers) new_res_set = set(realm_resolvers) flush_resolvers = former_res_set.difference(new_res_set) if flush_resolvers: # refresh the user resolver lookup in the realm user cache from linotp.lib.user import delete_realm_resolver_cache delete_realm_resolver_cache(realm_name) # maintain the new realm configuration in the cache _delete_from_realm_config_cache(realm_name) _lookup_realm_config(realm_name, realm_resolvers)
def deleteRealm(realmname): """ delete the realm from the Database Table with the given name :param realmname: the to be deleted realm :type realmname: string """ admin_realm_name = context.config["ADMIN_REALM_NAME"].lower() if realmname == admin_realm_name: raise DeleteForbiddenError( f"It is not allowed to delete the admin realm {admin_realm_name}") log.debug("deleting realm object with name=%s", realmname) r = getRealmObject(name=realmname) if r is None: """if no realm is found, we re-try the lowercase name for backward compatibility""" r = getRealmObject(name=realmname.lower()) realmId = 0 if r is not None: try: realmId = r.id if realmId != 0: log.debug("Deleting token relations for realm with id %r", realmId) TokenRealm.query.filter_by(realm_id=realmId).delete() _delete_realm_config(realmname=realmname) db.session.delete(r) from linotp.lib.user import delete_realm_resolver_cache delete_realm_resolver_cache(realmname) return True except Exception as exx: log.error("[delRealm] error deleting realm: %r", exx) db.session.rollback() log.warning("Realm with name %s was not found.", realmname) return False
def _flush_user_resolver_cache(resolver_spec): """ flush the user realm cache in case of a change of the resolver, all realms which use this resolver must be flushed :param resolver_spec: the resolve which has been updated :return: - nothing - """ from linotp.lib.user import delete_resolver_user_cache from linotp.lib.user import delete_realm_resolver_cache delete_resolver_user_cache(resolver_spec) config = context["Config"] realms = config.getRealms() # if a resolver is redefined, we have to refresh the related realm cache for realm_name, realm_spec in realms.items(): resolvers = realm_spec.get('useridresolver', []) if resolver_spec in resolvers: delete_realm_resolver_cache(realm_name)
def getRealms(aRealmName=""): ''' lookup for a defined realm or all realms :note: the realms dict is inserted into the LinOtp Config object so that a lookup has not to reparse the whole config again :param aRealmName: a realmname - the realm, that is of interestet, if empty, all realms are returned :type aRealmName: string :return: a dict with realm description like :rtype : dict : { u'myotherrealm': { 'realmname': u'myotherrealm', 'useridresolver': [ 'useridresolver.PasswdIdResolver.IdResolver.myOtherRes' ], 'entry': u'linotp.useridresolver.group.myotherrealm'}, u'mydefrealm': { 'default': 'true', 'realmname': u'mydefrealm', 'useridresolver': [ 'useridresolver.PasswdIdResolver.IdResolver.myDefRes' ], 'entry': u'linotp.useridresolver.group.mydefrealm'}, u'mymixrealm': { 'realmname': u'mymixrealm', 'useridresolver': [ 'useridresolver.PasswdIdResolver.IdResolver.myOtherRes', 'useridresolver.PasswdIdResolver.IdResolver.myDefRes' ], entry': u'linotp.useridresolver.group.mymixrealm'}} ''' config = context["Config"] realms = config.getRealms() # only parse once per session if realms is None: realms = _initalGetRealms() config.setRealms(realms) # -- ------------------------------------------------------------ -- # for each realm definition we check if there are some # resolvers dropped from the former resolver list # in this case, we have to delete the realm_resolver_cache # which is used for the user resolver lookup for a given realm # -- ------------------------------------------------------------ -- for realm_name, realm_defintion in list(realms.items()): # get the resolvers list of the realm definition realm_resolvers = realm_defintion.get('useridresolver', []) # and the former definition from the local cache former_realm_resolvers = _lookup_realm_config(realm_name, realm_resolvers) # we check if there has been something dropped from the # former resolver definition by using set().difference former_res_set = set(former_realm_resolvers) new_res_set = set(realm_resolvers) flush_resolvers = former_res_set.difference(new_res_set) if flush_resolvers: # refresh the user resolver lookup in the realm user cache from linotp.lib.user import delete_realm_resolver_cache delete_realm_resolver_cache(realm_name) # maintain the new realm configuration in the cache _delete_from_realm_config_cache(realm_name) _lookup_realm_config(realm_name, realm_resolvers) # check if any realm is searched if aRealmName is None or aRealmName.strip() in ["", "*"]: return realms # check if only one realm is searched if aRealmName.lower() in realms: ret = {} ret[aRealmName.lower()] = realms.get(aRealmName.lower()) return ret return {}
def getRealms(aRealmName=""): ''' lookup for a defined realm or all realms :note: the realms dict is inserted into the LinOtp Config object so that a lookup has not to reparse the whole config again :param aRealmName: a realmname - the realm, that is of interestet, if empty, all realms are returned :type aRealmName: string :return: a dict with realm description like :rtype : dict : { u'myotherrealm': { 'realmname': u'myotherrealm', 'useridresolver': [ 'useridresolver.PasswdIdResolver.IdResolver.myOtherRes' ], 'entry': u'linotp.useridresolver.group.myotherrealm'}, u'mydefrealm': { 'default': 'true', 'realmname': u'mydefrealm', 'useridresolver': [ 'useridresolver.PasswdIdResolver.IdResolver.myDefRes' ], 'entry': u'linotp.useridresolver.group.mydefrealm'}, u'mymixrealm': { 'realmname': u'mymixrealm', 'useridresolver': [ 'useridresolver.PasswdIdResolver.IdResolver.myOtherRes', 'useridresolver.PasswdIdResolver.IdResolver.myDefRes' ], entry': u'linotp.useridresolver.group.mymixrealm'}} ''' config = context["Config"] realms = config.getRealms() # only parse once per session if realms is None: realms = _initalGetRealms() config.setRealms(realms) # -- ------------------------------------------------------------ -- # for each realm definition we check if there are some # resolvers dropped from the former resolver list # in this case, we have to delete the realm_resolver_cache # which is used for the user resolver lookup for a given realm # -- ------------------------------------------------------------ -- for realm_name, realm_defintion in realms.items(): # get the resolvers list of the realm definition realm_resolvers = realm_defintion.get('useridresolver', []) # and the former definition from the local cache former_realm_resolvers = _lookup_realm_config(realm_name, realm_resolvers) # we check if there has been something dropped from the # former resolver definition by using set().difference former_res_set = set(former_realm_resolvers) new_res_set = set(realm_resolvers) flush_resolvers = former_res_set.difference(new_res_set) if flush_resolvers: # refresh the user resolver lookup in the realm user cache from linotp.lib.user import delete_realm_resolver_cache delete_realm_resolver_cache(realm_name) # maintain the new realm configuration in the cache _delete_from_realm_config_cache(realm_name) _lookup_realm_config(realm_name, realm_resolvers) # check if any realm is searched if aRealmName is None or aRealmName.strip() in ["", "*"]: return realms # check if only one realm is searched if aRealmName.lower() in realms: ret = {} ret[aRealmName.lower()] = realms.get(aRealmName.lower()) return ret return {}