def __init__(self, group_manager, settings): OAuth2PGCBasedUserManager.logger.info( "Initializing OAuth2PGCBasedUserManager") self._group_manager = group_manager self._settings = settings FilebasedUserManager.__init__(self, group_manager, None, settings)
def __init__(self, plugin, ldap, **kwargs): DependentOnSettingsPlugin.__init__(self, plugin) DependentOnLDAPConnection.__init__(self, ldap) FilebasedUserManager.__init__(self, group_manager=LDAPGroupManager( plugin=plugin, ldap=ldap), **kwargs)
def login_user(self, user): """ This method logs in the user into OctoPrint using authorization OAuth2. After that, user is added into users.yaml config file. """ self._cleanup_sessions() if user is None or user.is_anonymous: return if isinstance(user, LocalProxy): user = user._get_current_object() return user if not isinstance(user, User): return None # -- Overridden parts ----------------------------------------------- if isinstance(user, OAuth2PGCUser): username = user.get_id() user = FilebasedUserManager.find_user(self, username) if user is None: FilebasedUserManager.add_user(self, username, '', active=True) user = FilebasedUserManager.find_user(self, username) # -- Overridden parts ----------------------------------------------- if not isinstance(user, SessionUser): user = SessionUser(user) self._session_users_by_session[user.session] = user user_id = user.get_id() if user_id not in self._sessionids_by_userid: self._sessionids_by_userid[user_id] = set() self._sessionids_by_userid[user_id].add(user.session) for listener in self._login_status_listeners: try: listener.on_user_logged_in(user) except Exception: self._logger.exception( "Error in on_user_logged_in on {!r}".format(listener), extra=dict(callback=fqcn(listener))) self._logger.info("Logged in user: {}".format(user.get_id())) return user
def user(ctx): """ User management. Note that this currently only supports managing user accounts stored in the configured user manager, not any user managers added through plugins and the "octoprint.users.factory" hook. """ try: logging.basicConfig( level=logging.DEBUG if get_ctx_obj_option(ctx, "verbosity", 0) > 0 else logging.WARN) settings = init_settings(get_ctx_obj_option(ctx, "basedir", None), get_ctx_obj_option(ctx, "configfile", None)) group_manager_name = settings.get(["accessControl", "groupManager"]) try: clazz = get_class(group_manager_name) group_manager = clazz() except AttributeError: click.echo("Could not instantiate group manager {}, " "falling back to FilebasedGroupManager!".format( group_manager_name), err=True) group_manager = FilebasedGroupManager() ctx.obj.group_manager = group_manager name = settings.get(["accessControl", "userManager"]) try: clazz = get_class(name) user_manager = clazz(group_manager=group_manager, settings=settings) except Exception: click.echo( "Could not instantiate user manager {}, falling back to FilebasedUserManager!" .format(name), err=True) user_manager = FilebasedUserManager(group_manager, settings=settings) finally: user_manager.enabled = settings.getBoolean( ["accessControl", "enabled"]) ctx.obj.user_manager = user_manager except Exception: click.echo("Could not instantiate user manager", err=True) return
def check_password(self, username, password): user = self.find_user(userid=username) if isinstance(user, LDAPUser): # in case group settings changed either in auth_ldap settings OR on LDAP directory if user.is_active and (self.settings.get([OU]) is None or len( self.refresh_ldap_group_memberships_for(user)) > 0): self.logger.debug("Checking %s password via LDAP" % user.get_id()) client = self.ldap.get_client(user.distinguished_name, password) authenticated = client is not None self.logger.debug( "%s was %sauthenticated" % (user.get_name(), "" if authenticated else "not ")) return authenticated else: self.logger.debug( "%s is inactive or no longer a member of required groups" % user.get_id()) else: self.logger.debug("Checking %s password via users.yaml" % user.get_name()) return FilebasedUserManager.check_password(self, user.get_name(), password) return False
def find_user(self, userid=None, apikey=None, session=None): self.logger.debug("Search for userid=%s, apiKey=%s, session=%s" % (userid, apikey, session)) user = FilebasedUserManager.find_user(self, userid=userid, apikey=apikey, session=session) user, userid = self._find_user_with_transformation( apikey, session, user, userid) if not user and userid: user = self._find_user_via_ldap(user, userid) return user
def add_user(self, username, password=None, active=False, permissions=None, groups=None, apikey=None, overwrite=False, dn=None): if dn is None: FilebasedUserManager.add_user(self, username=username, password=password, active=active, permissions=permissions, groups=groups, apikey=apikey, overwrite=overwrite) else: if username in self._users.keys() and not overwrite: raise UserAlreadyExists(username) if not permissions: permissions = [] permissions = self._to_permissions(*permissions) if not groups: groups = self._group_manager.default_groups groups = self._to_groups(*groups) self._users[username] = LDAPUser(username=username, active=active, permissions=permissions, groups=groups, dn=dn, apikey=apikey) self._dirty = True self._save()
def _find_user_with_transformation(self, apikey, session, user, userid): transformation = self.settings.get([SEARCH_TERM_TRANSFORM]) if not user and userid and transformation: self.logger.debug("Transforming %s using %s" % (userid, transformation)) transformed = getattr(str, transformation)(str(userid)) self.logger.debug("Search for user userid=%s" % transformed) if transformed != userid: userid = transformed user = FilebasedUserManager.find_user(self, userid=userid, apikey=apikey, session=session) return user, userid
def find_user(self, userid=None, apikey=None, session=None): self._logger.debug("Search for userid=%s, apiKey=%s, session=%s" % (userid, apikey, session)) user = FilebasedUserManager.find_user(self, userid=userid, apikey=apikey, session=session) transformation = self.plugin_settings().get(["search_term_transform"]) if not user and userid and transformation: self._logger.debug("Transforming %s using %s" % (userid, transformation)) transformed = getattr(str, transformation)(str(userid)) self._logger.debug("Search for user userid=%s" % transformed) if transformed != userid: userid = transformed user = FilebasedUserManager.find_user(self, userid=userid, apikey=apikey, session=session) if not user and userid: self._logger.debug("User %s not found locally, treating as LDAP" % userid) search_filter = self.plugin_settings().get(["search_filter"]) """ operating on the wildly unsafe assumption that the admin who configures this plugin will have their head screwed on right and NOT escaping their search strings... only escaping unsafe user-entered text that is passed directly to search filters """ ldap_user = self.ldap_search(filter_format(search_filter, (userid,))) if ldap_user is not None: self._logger.debug("User %s found as dn=%s" % (userid, ldap_user["dn"])) groups = self.group_filter(ldap_user["dn"]) if isinstance(groups, list): self._logger.debug("Creating new LDAPUser %s" % userid) # TODO: make username configurable or make dn configurable (e.g. could be userPrincipalName?) if self.plugin_settings().get(["local_cache"]): self.add_user(username=userid, dn=ldap_user["dn"], groups=groups, active=True) user = self._users[userid] else: user = LDAPUser(username=userid, dn=ldap_user["dn"], groups=groups, active=True, ) return user
def check_password(self, username, password): user = self.find_user(userid=username) self._logger.debug("%s is a %s" % (username, type(user))) if isinstance(user, LDAPUser): # in case group settings changed either in auth_ldap settings OR on LDAP directory groups = self.group_filter(user.get_distinguished_name()) if user.is_active() and isinstance(groups, list): self.changeUserGroups(user.get_name(), groups) self._logger.debug("Checking %s password via LDAP" % user.get_name()) client = self.get_ldap_client(user.get_distinguished_name(), password) return client is not None else: self._logger.debug("%s is inactive or no longer a member of required groups" % user.get_name()) else: self._logger.debug("Checking %s password via users.yaml" % user.get_name()) return FilebasedUserManager.check_password(self, user.get_name(), password) return False
def __init__(self, plugin, **kwargs): self._plugin = plugin # noinspection PyArgumentList ldapgroups = LDAPGroupManager(self) FilebasedUserManager.__init__(self, ldapgroups, **kwargs)