예제 #1
0
def set_auth_cfg(plan: LandUsePlanEnum, auth_cfg_id: str, username: str,
                 password: str) -> None:
    """
    Set auth config id to be used as Qaava connection

    :param plan:
    :param auth_cfg_id:
    :param username:
    :param password:
    """
    # noinspection PyArgumentList
    auth_mgr: QgsAuthManager = QgsApplication.authManager()
    if auth_cfg_id in auth_mgr.availableAuthMethodConfigs().keys():
        config = QgsAuthMethodConfig()
        auth_mgr.loadAuthenticationConfig(auth_cfg_id, config, True)
        config.setConfig('username', username)
        config.setConfig('password', password)
        if not config.isValid():
            raise QaavaAuthConfigException('Invalid username or password')
        auth_mgr.updateAuthenticationConfig(config)
    else:
        config = QgsAuthMethodConfig()
        config.setId(auth_cfg_id)
        config.setName(auth_cfg_id)
        config.setMethod('Basic')
        config.setConfig('username', username)
        config.setConfig('password', password)
        if not config.isValid():
            raise QaavaAuthConfigException('Invalid username or password')
        auth_mgr.storeAuthenticationConfig(config)

    set_setting(plan.value.auth_cfg_key, auth_cfg_id, internal=False)
예제 #2
0
def ScopedCertAuthority(username, password, sslrootcert_path=None):
    """
    Sets up the certificate authority in the authentication manager
    for the lifetime of this class and removes it when the class is deleted.
    """
    authm = QgsApplication.authManager()
    auth_config = QgsAuthMethodConfig("Basic")
    auth_config.setConfig('username', username)
    auth_config.setConfig('password', password)
    auth_config.setName('test_password_auth_config')
    if sslrootcert_path:
        sslrootcert = QSslCertificate.fromPath(sslrootcert_path)
        assert sslrootcert is not None
        authm.storeCertAuthorities(sslrootcert)
        authm.rebuildCaCertsCache()
        authm.rebuildTrustedCaCertsCache()
        authm.rebuildCertTrustCache()
    assert (authm.storeAuthenticationConfig(auth_config)[0])
    assert auth_config.isValid()
    yield auth_config
    if sslrootcert_path:
        for cert in sslrootcert:
            authm.removeCertAuthority(cert)
    authm.rebuildCaCertsCache()
    authm.rebuildTrustedCaCertsCache()
    authm.rebuildCertTrustCache()
예제 #3
0
    def setUpClass(cls):
        super().setUpClass()
        # Prepare DB
        for path in (AUTH_DB_PATH, MASTER_PASSWORD_PATH):
            assert os.path.isfile(path)

        cls.am = QgsApplication.instance().authManager()
        assert cls.am.configIds() == []
        assert cls.am.setMasterPassword(True)
        assert cls.am.masterPasswordIsSet()

        config = QgsAuthMethodConfig()
        config.setName("alice")
        config.setMethod('Basic')
        config.setConfig("username", "my user")
        config.setConfig("password", "my password")
        assert config.isValid()

        res, cfg = cls.am.storeAuthenticationConfig(config)
        assert res
        assert config.id() != ''
        assert cfg.id() != ''
        assert cfg.id() == config.id()

        # Store fakelayer datasource
        cls.fakelayer = Layer.objects.get(name='fakelayer')
        cls.fakelayer_datasource = cls.fakelayer.datasource
예제 #4
0
 def setUpAuth(cls, username, password):
     """Run before all tests and set up authentication"""
     assert (cls.authm.setMasterPassword('masterpassword', True))
     # Client side
     auth_config = QgsAuthMethodConfig("Basic")
     auth_config.setConfig('username', username)
     auth_config.setConfig('password', password)
     auth_config.setName('test_basic_auth_config')
     assert (cls.authm.storeAuthenticationConfig(auth_config)[0])
     assert auth_config.isValid()
     return auth_config
예제 #5
0
def populatePKITestCerts():
    """
    Populate AuthManager with test certificates.

    heavily based on testqgsauthmanager.cpp.
    """
    global AUTHM
    global AUTHCFGID
    global AUTHTYPE
    assert (AUTHM is not None)
    if AUTHCFGID:
        removePKITestCerts()
    assert (AUTHCFGID is None)
    # set alice PKI data
    p_config = QgsAuthMethodConfig()
    p_config.setName("alice")
    p_config.setMethod("PKI-Paths")
    p_config.setUri("http://example.com")
    p_config.setConfig("certpath", os.path.join(PKIDATA, 'alice-cert.pem'))
    p_config.setConfig("keypath", os.path.join(PKIDATA, 'alice-key.pem'))
    assert p_config.isValid()
    # add authorities
    cacerts = QSslCertificate.fromPath(
        os.path.join(PKIDATA,
                     'subissuer-issuer-root-ca_issuer-2-root-2-ca_chains.pem'))
    assert cacerts is not None
    AUTHM.storeCertAuthorities(cacerts)
    AUTHM.rebuildCaCertsCache()
    AUTHM.rebuildTrustedCaCertsCache()
    # add alice cert
    # boundle = QgsPkiBundle.fromPemPaths(os.path.join(PKIDATA, 'alice-cert.pem'),
    #                                    os.path.join(PKIDATA, 'alice-key_w-pass.pem'),
    #                                    'password',
    #                                    cacerts)
    # assert boundle is not None
    # assert boundle.isValid()

    # register alice data in auth
    AUTHM.storeAuthenticationConfig(p_config)
    AUTHCFGID = p_config.id()
    assert (AUTHCFGID is not None)
    assert (AUTHCFGID != '')
    AUTHTYPE = p_config.method()
예제 #6
0
def get_db_connection_params(plan: LandUsePlanEnum) -> Dict[str, str]:
    """
    :return: Psycopg2 connection params for Qaava database
    """

    s = QSettings()
    s.beginGroup(f"{PG_CONNECTIONS}/{get_qaava_connection_name(plan)}")
    auth_cfg_id = parse_value(s.value("authcfg"))
    username_saved = parse_value(s.value("saveUsername"))
    pwd_saved = parse_value(s.value("savePassword"))

    params = {}

    for qgs_key, psyc_key in QGS_SETTINGS_PSYCOPG2_PARAM_MAP.items():
        params[psyc_key] = parse_value(s.value(qgs_key))

    s.endGroup()
    # username or password might have to be asked separately
    if not username_saved:
        params["user"] = None

    if not pwd_saved:
        params["password"] = None

    if auth_cfg_id is not None and auth_cfg_id != "":
        LOGGER.debug(f"Auth cfg: {auth_cfg_id}")
        # Auth config is being used to store the username and password
        auth_config = QgsAuthMethodConfig()
        # noinspection PyArgumentList
        QgsApplication.authManager().loadAuthenticationConfig(
            auth_cfg_id, auth_config, True)

        if auth_config.isValid():
            params["user"] = auth_config.configMap().get("username")
            params["password"] = auth_config.configMap().get("password")
        else:
            raise QaavaAuthConfigException(
                tr("Auth config error occurred while fetching database connection parameters"
                   ),
                bar_msg=bar_msg(
                    tr(f"Check auth config with id: {auth_cfg_id}")))

    return params
예제 #7
0
def populatePKITestCerts():
    """
    Populate AuthManager with test certificates.

    heavily based on testqgsauthmanager.cpp.
    """
    global AUTHM
    global AUTHCFGID
    global AUTHTYPE
    assert (AUTHM is not None)
    if AUTHCFGID:
        removePKITestCerts()
    assert (AUTHCFGID is None)
    # set alice PKI data
    p_config = QgsAuthMethodConfig()
    p_config.setName("alice")
    p_config.setMethod("PKI-Paths")
    p_config.setUri("http://example.com")
    p_config.setConfig("certpath", os.path.join(PKIDATA, 'alice-cert.pem'))
    p_config.setConfig("keypath", os.path.join(PKIDATA, 'alice-key.pem'))
    assert p_config.isValid()
    # add authorities
    cacerts = QSslCertificate.fromPath(os.path.join(PKIDATA, 'subissuer-issuer-root-ca_issuer-2-root-2-ca_chains.pem'))
    assert cacerts is not None
    AUTHM.storeCertAuthorities(cacerts)
    AUTHM.rebuildCaCertsCache()
    AUTHM.rebuildTrustedCaCertsCache()
    # add alice cert
    # boundle = QgsPkiBundle.fromPemPaths(os.path.join(PKIDATA, 'alice-cert.pem'),
    #                                    os.path.join(PKIDATA, 'alice-key_w-pass.pem'),
    #                                    'password',
    #                                    cacerts)
    # assert boundle is not None
    # assert boundle.isValid()

    # register alice data in auth
    AUTHM.storeAuthenticationConfig(p_config)
    AUTHCFGID = p_config.id()
    assert (AUTHCFGID is not None)
    assert (AUTHCFGID != '')
    AUTHTYPE = p_config.method()
예제 #8
0
    def readDatabaseParamsFromSettings(self, usedDatabaseConnectionName):
        settings = QSettings()
        settings.beginGroup(YleiskaavaSettings.PG_CONNECTIONS + "/" +
                            usedDatabaseConnectionName)

        params = {}

        auth_cfg_id = parse_value(settings.value("authcfg"))
        username_saved = parse_value(settings.value("saveUsername"))
        pwd_saved = parse_value(settings.value("savePassword"))

        for qgs_key, psyc_key in YleiskaavaDatabase.QGS_SETTINGS_PSYCOPG2_PARAM_MAP.items(
        ):
            params[psyc_key] = parse_value(settings.value(qgs_key))

        settings.endGroup()
        # username or password might have to be asked separately
        if not username_saved:
            params["user"] = None

        if not pwd_saved:
            params["password"] = None

        if auth_cfg_id is not None and auth_cfg_id != "":
            # LOGGER.info(f"Auth cfg: {auth_cfg_id}")
            # Auth config is being used to store the username and password
            auth_config = QgsAuthMethodConfig()
            authMgr = QgsApplication.authManager()
            authMgr.loadAuthenticationConfig(auth_cfg_id, auth_config, True)

            if auth_config.isValid():
                params["user"] = auth_config.configMap().get("username")
                params["password"] = auth_config.configMap().get("password")
            else:
                raise QaavaAuthConfigException()

        # LOGGER.info(f"PR{params} {username_saved} {pwd_saved}")

        return params
예제 #9
0
    def test_db_methods(self):
        """Test auth DB operations"""

        # Create an auth configuration
        config = QgsAuthMethodConfig()
        config.setName("alice")
        config.setMethod('Basic')
        config.setConfig("username", "my user")
        config.setConfig("password", "my password")
        self.assertTrue(config.isValid())

        res, cfg = self.am.storeAuthenticationConfig(config)
        self.assertTrue(res)
        self.assertTrue(config.id() != '')
        self.assertTrue(cfg.id() != '')
        self.assertEqual(cfg.id(), config.id())

        uri = QgsDataSourceUri('db=/my/fake/uri authcfg=%s' % cfg.id())
        # Note: string cut is necessary on 3.10 only
        # FIXME: remove when we switch to 3.16
        self.assertEqual(
            uri.uri(True)[:55],
            "user='******' password='******' db='/my/fake/uri'")