def __registerUser(authenticator, authInstance, username):
"""
Check if this user already exists on database with this authenticator, if don't, create it with defaults
This will work correctly with both internal or externals cause we first authenticate the user, if internal and user do not exists in database
authenticate will return false, if external and return true, will create a reference in database
"""
from uds.core.util.request import getRequest
username = authInstance.transformUsername(username)
logger.debug('Transformed username: {0}'.format(username))
request = getRequest()
usr = authenticator.getOrCreateUser(username, username)
usr.real_name = authInstance.getRealName(username)
usr.save()
if usr is not None and State.isActive(usr.state):
# Now we update database groups for this user
usr.getManager().recreateGroups(usr)
# And add an login event
events.addEvent(authenticator, events.ET_LOGIN, username=username, srcip=request.ip) # pylint: disable=maybe-no-member
events.addEvent(authenticator, events.ET_PLATFORM, platform=request.os.OS, browser=request.os.Browser, version=request.os.Version) # pylint: disable=maybe-no-member
return usr
return None
def __registerUser(authenticator, authInstance, username):
"""
Check if this user already exists on database with this authenticator, if don't, create it with defaults
This will work correctly with both internal or externals cause we first authenticate the user, if internal and user do not exists in database
authenticate will return false, if external and return true, will create a reference in database
"""
from uds.core.util.request import getRequest
username = authInstance.transformUsername(username)
logger.debug('Transformed username: {0}'.format(username))
request = getRequest()
usr = authenticator.getOrCreateUser(username, username)
usr.real_name = authInstance.getRealName(username)
usr.save()
if usr is not None and State.isActive(usr.state):
# Now we update database groups for this user
usr.getManager().recreateGroups(usr)
# And add an login event
events.addEvent(authenticator, events.ET_LOGIN, username=username, srcip=request.ip) # pylint: disable=maybe-no-member
events.addEvent(authenticator, events.ET_PLATFORM, platform=request.os.OS, browser=request.os.Browser, version=request.os.Version) # pylint: disable=maybe-no-member
return usr
return None
def isValidUser(self, username, falseIfNotExists=True):
'''
Checks the validity of an user
Args:
username: Name of the user to check
falseIfNotExists: Defaults to True. It is used so we can return a value defined by caller.
One example of falseIfNotExists using as True is for checking that the user is active or it doesn't exists.
Returns:
True if it exists and is active, falseIfNotExists (param) if it doesn't exists
This is done so we can check non existing or non blocked users (state != Active, or do not exists)
'''
try:
u = self.users.get(name=username)
return State.isActive(u.state)
except Exception:
return falseIfNotExists
def isValidUser(self, username, falseIfNotExists=True):
"""
Checks the validity of an user
Args:
username: Name of the user to check
falseIfNotExists: Defaults to True. It is used so we can return a value defined by caller.
One example of falseIfNotExists using as True is for checking that the user is active or it doesn't exists.
Returns:
True if it exists and is active, falseIfNotExists (param) if it doesn't exists
This is done so we can check non existing or non blocked users (state != Active, or do not exists)
"""
try:
u = self.users.get(name=username)
return State.isActive(u.state)
except Exception:
return falseIfNotExists
def ticketAuth(request, ticketId):
"""
Used to authenticate an user via a ticket
"""
try:
data = TicketStore.get(ticketId, invalidate=True)
try:
# Extract ticket.data from ticket.data storage, and remove it if success
username = data['username']
groups = data['groups']
auth = data['auth']
realname = data['realname']
servicePool = data['servicePool']
password = cryptoManager().decrypt(data['password'])
transport = data['transport']
except Exception:
logger.error('Ticket stored is not valid')
raise InvalidUserException()
auth = Authenticator.objects.get(uuid=auth)
# If user does not exists in DB, create it right now
# Add user to groups, if they exists...
grps = []
for g in groups:
try:
grps.append(auth.groups.get(uuid=g))
except Exception:
logger.debug('Group list has changed since ticket assignment')
if len(grps) == 0:
logger.error('Ticket has no valid groups')
raise Exception('Invalid ticket authentication')
usr = auth.getOrCreateUser(username, realname)
if usr is None or State.isActive(usr.state) is False: # If user is inactive, raise an exception
raise InvalidUserException()
# Add groups to user (replace existing groups)
usr.groups.set(grps)
# Force cookie generation
webLogin(request, None, usr, password)
request.user = usr # Temporarily store this user as "authenticated" user, next requests will be done using session
request.session['ticket'] = '1' # Store that user access is done using ticket
logger.debug("Service & transport: {}, {}".format(servicePool, transport))
for v in DeployedService.objects.all():
logger.debug("{} {}".format(v.uuid, v.name))
# Check if servicePool is part of the ticket
if servicePool is not None:
# If service pool is in there, also is transport
res = userServiceManager().getService(request.user, request.os, request.ip, 'F' + servicePool, transport, False)
_x, userService, _x, transport, _x = res
transportInstance = transport.getInstance()
if transportInstance.ownLink is True:
link = reverse('TransportOwnLink', args=('A' + userService.uuid, transport.uuid))
else:
link = html.udsAccessLink(request, 'A' + userService.uuid, transport.uuid)
request.session['data'] = link;
response = HttpResponseRedirect(reverse('page.index'))
else:
response = HttpResponsePermanentRedirect(reverse('page.index'))
# Now ensure uds cookie is at response
getUDSCookie(request, response, True)
return response
except ServiceNotReadyError as e:
return errors.errorView(request, errors.SERVICE_NOT_READY)
except TicketStore.InvalidTicket:
return errors.errorView(request, errors.RELOAD_NOT_SUPPORTED)
except Authenticator.DoesNotExist:
logger.error('Ticket has an non existing authenticator')
return errors.errorView(request, errors.ACCESS_DENIED)
except DeployedService.DoesNotExist:
logger.error('Ticket has an invalid Service Pool')
return errors.errorView(request, errors.SERVICE_NOT_FOUND)
except Exception as e:
logger.exception('Exception')
return errors.exceptionView(request, e)
def ticketAuth(request, ticketId):
'''
Used to authenticate an user via a ticket
'''
ticket = Ticket(ticketId)
logger.debug('Ticket: {}'.format(ticket))
try:
try:
# Extract ticket.data from ticket.data storage, and remove it if success
username = ticket.data['username']
groups = ticket.data['groups']
auth = ticket.data['auth']
realname = ticket.data['realname']
servicePool = ticket.data['servicePool']
password = ticket.data['password']
transport = ticket.data['transport']
except:
logger.error('Ticket stored is not valid')
raise InvalidUserException()
# Remove ticket
ticket.delete()
auth = Authenticator.objects.get(uuid=auth)
# If user does not exists in DB, create it right now
# Add user to groups, if they exists...
grps = []
for g in groups:
try:
grps.append(auth.groups.get(uuid=g))
except Exception:
logger.debug('Group list has changed since ticket assignement')
if len(grps) == 0:
logger.error('Ticket has no valid groups')
raise Exception('Invalid ticket authentication')
usr = auth.getOrCreateUser(username, realname)
if usr is None or State.isActive(
usr.state) is False: # If user is inactive, raise an exception
raise InvalidUserException()
# Add groups to user (replace existing groups)
usr.groups = grps
# Right now, we assume that user supports java, let's see how this works
# Force cookie generation
webLogin(request, None, usr, password)
request.user = usr # Temporarily store this user as "authenticated" user, next requests will be done using session
# Check if servicePool is part of the ticket
if servicePool is not None:
servicePool = DeployedService.objects.get(uuid=servicePool)
# Check if service pool can't be accessed by groups
servicePool.validateUser(usr)
if servicePool.isInMaintenance():
raise ServiceInMaintenanceMode()
transport = Transport.objects.get(uuid=transport)
response = service(
request, 'F' + servicePool.uuid,
transport.uuid) # 'A' Indicates 'assigned service'
else:
response = HttpResponsePermanentRedirect(
reverse('uds.web.views.index'))
# Now ensure uds cookie is at response
getUDSCookie(request, response, True)
return response
except Authenticator.DoesNotExist:
logger.error('Ticket has an non existing authenticator')
return errors.error(request, InvalidUserException())
except DeployedService.DoesNotExist:
logger.error('Ticket has an invalid Service Pool')
return errors.error(request, InvalidServiceException())
except Exception as e:
logger.exception('Exception')
return errors.exceptionView(request, e)
def ticketAuth(request, ticketId):
"""
Used to authenticate an user via a ticket
"""
try:
data = TicketStore.get(ticketId, invalidate=True)
try:
# Extract ticket.data from ticket.data storage, and remove it if success
username = data['username']
groups = data['groups']
auth = data['auth']
realname = data['realname']
servicePool = data['servicePool']
password = data['password']
transport = data['transport']
except Exception:
logger.error('Ticket stored is not valid')
raise InvalidUserException()
auth = Authenticator.objects.get(uuid=auth)
# If user does not exists in DB, create it right now
# Add user to groups, if they exists...
grps = []
for g in groups:
try:
grps.append(auth.groups.get(uuid=g))
except Exception:
logger.debug('Group list has changed since ticket assignment')
if len(grps) == 0:
logger.error('Ticket has no valid groups')
raise Exception('Invalid ticket authentication')
usr = auth.getOrCreateUser(username, realname)
if usr is None or State.isActive(usr.state) is False: # If user is inactive, raise an exception
raise InvalidUserException()
# Add groups to user (replace existing groups)
usr.groups.set(grps)
# Force cookie generation
webLogin(request, None, usr, password)
request.user = usr # Temporarily store this user as "authenticated" user, next requests will be done using session
request.session['ticket'] = '1' # Store that user access is done using ticket
logger.debug("Service & transport: {}, {}".format(servicePool, transport))
for v in DeployedService.objects.all():
logger.debug("{} {}".format(v.uuid, v.name))
# Check if servicePool is part of the ticket
if servicePool is not None:
# If service pool is in there, also is transport
res = userServiceManager().getService(request.user, request.ip, 'F' + servicePool, transport, False)
_x, userService, _x, transport, _x = res
transportInstance = transport.getInstance()
if transportInstance.ownLink is True:
link = reverse('TransportOwnLink', args=('A' + userService.uuid, transport.uuid))
else:
link = html.udsAccessLink(request, 'A' + userService.uuid, transport.uuid)
response = render(
request,
theme.template('simpleLauncher.html'),
{
'link': link
}
)
else:
response = HttpResponsePermanentRedirect(reverse('uds.web.views.index'))
# Now ensure uds cookie is at response
getUDSCookie(request, response, True)
return response
except ServiceNotReadyError as e:
return render(
request,
theme.template('service_not_ready.html'),
{
'fromLauncher': True,
'code': e.code
}
)
except TicketStore.InvalidTicket:
return render(
request,
theme.template('simpleLauncherAlreadyLaunched.html')
)
except Authenticator.DoesNotExist:
logger.error('Ticket has an non existing authenticator')
return errors.exceptionView(request, InvalidUserException())
except DeployedService.DoesNotExist:
logger.error('Ticket has an invalid Service Pool')
return errors.exceptionView(request, InvalidServiceException())
except Exception as e:
logger.exception('Exception')
return errors.exceptionView(request, e)
