def set_auth_cfg(plan: LandUsePlanEnum, auth_cfg_id: str, username: str,
password: str) -> None:
"""
Set auth config id to be used as Qaava connection
:param plan:
:param auth_cfg_id:
:param username:
:param password:
"""
# noinspection PyArgumentList
auth_mgr: QgsAuthManager = QgsApplication.authManager()
if auth_cfg_id in auth_mgr.availableAuthMethodConfigs().keys():
config = QgsAuthMethodConfig()
auth_mgr.loadAuthenticationConfig(auth_cfg_id, config, True)
config.setConfig('username', username)
config.setConfig('password', password)
if not config.isValid():
raise QaavaAuthConfigException('Invalid username or password')
auth_mgr.updateAuthenticationConfig(config)
else:
config = QgsAuthMethodConfig()
config.setId(auth_cfg_id)
config.setName(auth_cfg_id)
config.setMethod('Basic')
config.setConfig('username', username)
config.setConfig('password', password)
if not config.isValid():
raise QaavaAuthConfigException('Invalid username or password')
auth_mgr.storeAuthenticationConfig(config)
set_setting(plan.value.auth_cfg_key, auth_cfg_id, internal=False)
def ScopedCertAuthority(username, password, sslrootcert_path=None):
"""
Sets up the certificate authority in the authentication manager
for the lifetime of this class and removes it when the class is deleted.
"""
authm = QgsApplication.authManager()
auth_config = QgsAuthMethodConfig("Basic")
auth_config.setConfig('username', username)
auth_config.setConfig('password', password)
auth_config.setName('test_password_auth_config')
if sslrootcert_path:
sslrootcert = QSslCertificate.fromPath(sslrootcert_path)
assert sslrootcert is not None
authm.storeCertAuthorities(sslrootcert)
authm.rebuildCaCertsCache()
authm.rebuildTrustedCaCertsCache()
authm.rebuildCertTrustCache()
assert (authm.storeAuthenticationConfig(auth_config)[0])
assert auth_config.isValid()
yield auth_config
if sslrootcert_path:
for cert in sslrootcert:
authm.removeCertAuthority(cert)
authm.rebuildCaCertsCache()
authm.rebuildTrustedCaCertsCache()
authm.rebuildCertTrustCache()
def setUpClass(cls):
super().setUpClass()
# Prepare DB
for path in (AUTH_DB_PATH, MASTER_PASSWORD_PATH):
assert os.path.isfile(path)
cls.am = QgsApplication.instance().authManager()
assert cls.am.configIds() == []
assert cls.am.setMasterPassword(True)
assert cls.am.masterPasswordIsSet()
config = QgsAuthMethodConfig()
config.setName("alice")
config.setMethod('Basic')
config.setConfig("username", "my user")
config.setConfig("password", "my password")
assert config.isValid()
res, cfg = cls.am.storeAuthenticationConfig(config)
assert res
assert config.id() != ''
assert cfg.id() != ''
assert cfg.id() == config.id()
# Store fakelayer datasource
cls.fakelayer = Layer.objects.get(name='fakelayer')
cls.fakelayer_datasource = cls.fakelayer.datasource
def setUpAuth(cls, username, password):
"""Run before all tests and set up authentication"""
assert (cls.authm.setMasterPassword('masterpassword', True))
# Client side
auth_config = QgsAuthMethodConfig("Basic")
auth_config.setConfig('username', username)
auth_config.setConfig('password', password)
auth_config.setName('test_basic_auth_config')
assert (cls.authm.storeAuthenticationConfig(auth_config)[0])
assert auth_config.isValid()
return auth_config
def populatePKITestCerts():
"""
Populate AuthManager with test certificates.
heavily based on testqgsauthmanager.cpp.
"""
global AUTHM
global AUTHCFGID
global AUTHTYPE
assert (AUTHM is not None)
if AUTHCFGID:
removePKITestCerts()
assert (AUTHCFGID is None)
# set alice PKI data
p_config = QgsAuthMethodConfig()
p_config.setName("alice")
p_config.setMethod("PKI-Paths")
p_config.setUri("http://example.com")
p_config.setConfig("certpath", os.path.join(PKIDATA, 'alice-cert.pem'))
p_config.setConfig("keypath", os.path.join(PKIDATA, 'alice-key.pem'))
assert p_config.isValid()
# add authorities
cacerts = QSslCertificate.fromPath(
os.path.join(PKIDATA,
'subissuer-issuer-root-ca_issuer-2-root-2-ca_chains.pem'))
assert cacerts is not None
AUTHM.storeCertAuthorities(cacerts)
AUTHM.rebuildCaCertsCache()
AUTHM.rebuildTrustedCaCertsCache()
# add alice cert
# boundle = QgsPkiBundle.fromPemPaths(os.path.join(PKIDATA, 'alice-cert.pem'),
# os.path.join(PKIDATA, 'alice-key_w-pass.pem'),
# 'password',
# cacerts)
# assert boundle is not None
# assert boundle.isValid()
# register alice data in auth
AUTHM.storeAuthenticationConfig(p_config)
AUTHCFGID = p_config.id()
assert (AUTHCFGID is not None)
assert (AUTHCFGID != '')
AUTHTYPE = p_config.method()
def get_db_connection_params(plan: LandUsePlanEnum) -> Dict[str, str]:
"""
:return: Psycopg2 connection params for Qaava database
"""
s = QSettings()
s.beginGroup(f"{PG_CONNECTIONS}/{get_qaava_connection_name(plan)}")
auth_cfg_id = parse_value(s.value("authcfg"))
username_saved = parse_value(s.value("saveUsername"))
pwd_saved = parse_value(s.value("savePassword"))
params = {}
for qgs_key, psyc_key in QGS_SETTINGS_PSYCOPG2_PARAM_MAP.items():
params[psyc_key] = parse_value(s.value(qgs_key))
s.endGroup()
# username or password might have to be asked separately
if not username_saved:
params["user"] = None
if not pwd_saved:
params["password"] = None
if auth_cfg_id is not None and auth_cfg_id != "":
LOGGER.debug(f"Auth cfg: {auth_cfg_id}")
# Auth config is being used to store the username and password
auth_config = QgsAuthMethodConfig()
# noinspection PyArgumentList
QgsApplication.authManager().loadAuthenticationConfig(
auth_cfg_id, auth_config, True)
if auth_config.isValid():
params["user"] = auth_config.configMap().get("username")
params["password"] = auth_config.configMap().get("password")
else:
raise QaavaAuthConfigException(
tr("Auth config error occurred while fetching database connection parameters"
),
bar_msg=bar_msg(
tr(f"Check auth config with id: {auth_cfg_id}")))
return params
def populatePKITestCerts():
"""
Populate AuthManager with test certificates.
heavily based on testqgsauthmanager.cpp.
"""
global AUTHM
global AUTHCFGID
global AUTHTYPE
assert (AUTHM is not None)
if AUTHCFGID:
removePKITestCerts()
assert (AUTHCFGID is None)
# set alice PKI data
p_config = QgsAuthMethodConfig()
p_config.setName("alice")
p_config.setMethod("PKI-Paths")
p_config.setUri("http://example.com")
p_config.setConfig("certpath", os.path.join(PKIDATA, 'alice-cert.pem'))
p_config.setConfig("keypath", os.path.join(PKIDATA, 'alice-key.pem'))
assert p_config.isValid()
# add authorities
cacerts = QSslCertificate.fromPath(os.path.join(PKIDATA, 'subissuer-issuer-root-ca_issuer-2-root-2-ca_chains.pem'))
assert cacerts is not None
AUTHM.storeCertAuthorities(cacerts)
AUTHM.rebuildCaCertsCache()
AUTHM.rebuildTrustedCaCertsCache()
# add alice cert
# boundle = QgsPkiBundle.fromPemPaths(os.path.join(PKIDATA, 'alice-cert.pem'),
# os.path.join(PKIDATA, 'alice-key_w-pass.pem'),
# 'password',
# cacerts)
# assert boundle is not None
# assert boundle.isValid()
# register alice data in auth
AUTHM.storeAuthenticationConfig(p_config)
AUTHCFGID = p_config.id()
assert (AUTHCFGID is not None)
assert (AUTHCFGID != '')
AUTHTYPE = p_config.method()
def readDatabaseParamsFromSettings(self, usedDatabaseConnectionName):
settings = QSettings()
settings.beginGroup(YleiskaavaSettings.PG_CONNECTIONS + "/" +
usedDatabaseConnectionName)
params = {}
auth_cfg_id = parse_value(settings.value("authcfg"))
username_saved = parse_value(settings.value("saveUsername"))
pwd_saved = parse_value(settings.value("savePassword"))
for qgs_key, psyc_key in YleiskaavaDatabase.QGS_SETTINGS_PSYCOPG2_PARAM_MAP.items(
):
params[psyc_key] = parse_value(settings.value(qgs_key))
settings.endGroup()
# username or password might have to be asked separately
if not username_saved:
params["user"] = None
if not pwd_saved:
params["password"] = None
if auth_cfg_id is not None and auth_cfg_id != "":
# LOGGER.info(f"Auth cfg: {auth_cfg_id}")
# Auth config is being used to store the username and password
auth_config = QgsAuthMethodConfig()
authMgr = QgsApplication.authManager()
authMgr.loadAuthenticationConfig(auth_cfg_id, auth_config, True)
if auth_config.isValid():
params["user"] = auth_config.configMap().get("username")
params["password"] = auth_config.configMap().get("password")
else:
raise QaavaAuthConfigException()
# LOGGER.info(f"PR{params} {username_saved} {pwd_saved}")
return params
def test_db_methods(self):
"""Test auth DB operations"""
# Create an auth configuration
config = QgsAuthMethodConfig()
config.setName("alice")
config.setMethod('Basic')
config.setConfig("username", "my user")
config.setConfig("password", "my password")
self.assertTrue(config.isValid())
res, cfg = self.am.storeAuthenticationConfig(config)
self.assertTrue(res)
self.assertTrue(config.id() != '')
self.assertTrue(cfg.id() != '')
self.assertEqual(cfg.id(), config.id())
uri = QgsDataSourceUri('db=/my/fake/uri authcfg=%s' % cfg.id())
# Note: string cut is necessary on 3.10 only
# FIXME: remove when we switch to 3.16
self.assertEqual(
uri.uri(True)[:55],
"user='******' password='******' db='/my/fake/uri'")
