def revoke_current_user_tokens(): """Revoke all current user's tokens""" with TokenManager() as tm: with AuthenticationManager() as am: tm.add_user_roles_rules(users={am.get_user(common.current_user.get())['id']}) return WazuhResult({'message': f'User {common.current_user.get()} was successfully logged out'})
def revoke_tokens(): """Revoke all tokens in current node.""" change_secret() with TokenManager() as tm: tm.delete_all_rules() return {'result': 'True'}
def revoke_tokens(): """ Revoke all tokens """ change_secret() with TokenManager() as tm: tm.delete_all_rules() return WazuhResult({'msg': 'Tokens revoked successfully'})
def invalid_roles_tokens(roles: list = None): """Add the necessary rules to invalidate all affected role's tokens Parameters ---------- roles : list List of modified roles """ with TokenManager() as tm: tm.add_user_roles_rules(roles=set(roles))
def invalid_users_tokens(roles: list = None, users: list = None): """Add the necessary rules to invalidate all affected user's tokens Parameters ---------- roles : list List of modified roles users : str Modified user """ related_users = check_relationships(roles=roles) if users: for user in users: related_users.add(user) with TokenManager() as tm: tm.add_user_rules(users=related_users)
def check_token(username, roles, token_nbf_time, run_as): """Check the validity of a token with the current time and the generation time of the token. Parameters ---------- username : str Unique username roles : list List of roles related with the current token token_nbf_time : int Issued at time of the current token run_as : bool Indicate if the token has been granted through run_as endpoint Returns ------- Dict with the result """ # Check that the user exists with AuthenticationManager() as am: user = am.get_user(username=username) if not user: return {'valid': False} user_id = user['id'] with UserRolesManager() as urm: user_roles = [ role['id'] for role in map(Roles.to_dict, urm.get_all_roles_from_user(user_id=user_id)) ] if not am.user_allow_run_as( user['username']) and set(user_roles) != set(roles): return {'valid': False} with TokenManager() as tm: for role in user_roles: if not tm.is_token_valid( role_id=role, user_id=user_id, token_nbf_time=int(token_nbf_time), run_as=run_as): return {'valid': False} policies = optimize_resources(roles) return {'valid': True, 'policies': policies}
def check_token(username, token_iat_time): """Check the validity of a token with the current time and the generation time of the token. Parameters ---------- username : str Unique username token_iat_time : int Issued at time of the current token Returns ------- Dict with the result """ with TokenManager() as tm: result = tm.is_token_valid(username=username, token_iat_time=int(token_iat_time)) return {'valid': result}
def remove_users(user_ids): """Remove a specified list of users Parameters ---------- user_ids : list List of IDs Returns ------- Status message """ result = AffectedItemsWazuhResult( none_msg='No user was deleted', some_msg='Some users were not deleted', all_msg='Users were successfully deleted') with AuthenticationManager() as auth: for user_id in user_ids: user_id = int(user_id) current_user = auth.get_user(common.current_user.get()) if not isinstance(current_user, bool) and user_id == int( current_user['id']) and user_id > max_id_reserved: result.add_failed_item(id_=user_id, error=WazuhError(5008)) continue user = auth.get_user_id(user_id) query = auth.delete_user(user_id) if not query: result.add_failed_item(id_=user_id, error=WazuhError(5001)) elif query == SecurityError.ADMIN_RESOURCES: result.add_failed_item(id_=user_id, error=WazuhError(5004)) elif query == SecurityError.RELATIONSHIP_ERROR: result.add_failed_item(id_=user_id, error=WazuhError(4025)) elif user: with TokenManager() as tm: tm.add_user_roles_rules(users={user_id}) result.affected_items.append(user) result.total_affected_items += 1 result.affected_items.sort(key=str) return result
def invalid_run_as_tokens(): """Add the necessary rules to invalidate all affected run_as's tokens """ with TokenManager() as tm: tm.add_user_roles_rules(run_as=True)