Exemplo n.º 1
0
def create_users():
    predef_users = [
        {
            "name": "testadm",
            "username": "******",
            "service": "admin",
            "email": "*****@*****.**",
            "profile": "testadm",
            "passwd": "admin"
        }
    ]

    for user in predef_users:
        # check if the user already exists
        # if the user exist, chances are this scrip has been run before
        print("Querying database for user {}".format(user))
        another_user = db.session.query(User.id) \
            .filter_by(username=user['username']) \
            .one_or_none()
        if another_user:
            print("This is not the first container run. Skipping")
            exit(0)
        print("Database access returned.")

        # mark the user as automatically created
        user['created_by'] = 0

        # hash the password
        user['salt'] = str(binascii.hexlify(os.urandom(8)), 'ascii')
        user['hash'] = crypt(user['passwd'],
                             user['salt'],
                             1000).split('$').pop()
        del user['passwd']
        print("Creating a new instance of this user.")
        new_user = User(**user)
        print("New instance created.")

        # configure kong shared secret
        kong_data = kong.configure_kong(new_user.username)
        if kong_data is None:
            print('failed to configure verification subsystem')
            exit(-1)
        new_user.secret = kong_data['secret']
        new_user.key = kong_data['key']
        new_user.kongId = kong_data['kongid']
        db.session.add(new_user)
    db.session.commit()
Exemplo n.º 2
0
def createUsers():
    predefusers = [
        {
            "name": "Admin (superuser)",
            "username": "******",
            "service": "admin",
            "email": "*****@*****.**",
            "profile": "admin",
            "passwd": "admin"
        }
    ]

    for user in predefusers:
        # check if the user already exist
        # if the user exist, chances are this scrip has been run before
        anotherUser = db.session.query(User.id) \
                                .filter_by(username=user['username']) \
                                .one_or_none()
        if anotherUser:
            print("That not the first container run. Skipping")
            exit(0)
        # mark the user as automatically created
        user['created_by'] = 0

        # hash the password
        user['salt'] = str(binascii.hexlify(os.urandom(8)), 'ascii')
        user['hash'] = crypt(user['passwd'],
                             user['salt'],
                             1000).split('$').pop()
        del user['passwd']
        newUser = User(**user)

        # configure kong shared secret
        kongData = kong.configureKong(newUser.username)
        if kongData is None:
            print('failed to configure verification subsystem')
            exit(-1)
        newUser.secret = kongData['secret']
        newUser.key = kongData['key']
        newUser.kongId = kongData['kongid']
        db.session.add(newUser)
    db.session.commit()
Exemplo n.º 3
0
def create_user(db_session, user: User, requester):
    """
    Create a new user.
    :param db_session: The postgres db session to be used
    :param user: User The user to be created. This is a simple dictionary with all 'fillable' field
                 listed in Models.User class.
    :param requester: Who is creating this user. This is a dictionary with two keys:
                      "userid" and "username"
    :return: The result of creating this user.
    :raises HTTPRequestError: If username is already in use
    :raises HTTPRequestError: If e-mail is already in use
    :raises HTTPRequestError: If any problem occurs while configuring Kong
    """
    # Drop invalid fields
    user = {k: user[k] for k in user if k in User.fillable}
    LOGGER.debug("Checking user data...")
    check_user(user)
    LOGGER.debug("... user data is OK.")

    if not user.get('profile', ""):
        raise HTTPRequestError(400, "Missing profile")
    if len(user['profile']) > UserLimits.profile:
        raise HTTPRequestError(400, "Profile name too long")

    # Sanity checks
    # Check whether username and e-mail are unique.
    LOGGER.debug("Checking whether user already exist...")
    if db_session.query(
            User.id).filter_by(username=user['username']).one_or_none():
        LOGGER.warning("User already exists.")
        raise HTTPRequestError(400, f"Username {user['username']} is in use.")
    LOGGER.debug("... user doesn't exist.")

    LOGGER.debug("Checking whether user e-mail is already being used...")
    if db_session.query(User.id).filter_by(email=user['email']).one_or_none():
        LOGGER.warning("User e-mail is already being used.")
        raise HTTPRequestError(400, f"E-mail {user['email']} is in use.")

    LOGGER.debug("... user e-mail is not being used.")

    if conf.emailHost == 'NOEMAIL':
        user['salt'], user['hash'] = password.create_pwd(
            conf.temporaryPassword)

    # Last field to be filled automatically, before parsing
    user['created_by'] = requester['userid']

    # User structure is finished.
    LOGGER.debug("Creating user instance...")
    new_user = User(**user)
    LOGGER.debug("... user instance was created.")
    LOGGER.debug(
        f"User data is: {user['username']} created by {requester['username']}")

    # If no problems occur to create user (no exceptions), configure kong
    LOGGER.debug("Configuring Kong...")
    kong_data = kongUtils.configure_kong(new_user.username)
    if kong_data is None:
        LOGGER.warning("Could not configure Kong.")
        raise HTTPRequestError(500,
                               'failed to configure verification subsystem')
    LOGGER.debug("... Kong was successfully configured.")
    new_user.secret = kong_data['secret']
    new_user.key = kong_data['key']
    new_user.kongId = kong_data['kongid']

    # Add the new user to the database
    LOGGER.debug("Adding new user to database session...")
    db_session.add(new_user)
    LOGGER.debug("... new user was added to database session.")
    LOGGER.debug("Committing database changes...")
    db_session.commit()
    LOGGER.debug("... database changes were committed.")

    # Configuring groups and user profiles
    group_success = []
    group_failed = []
    LOGGER.debug("Configuring user profile...")
    if 'profile' in user.keys():
        group_success, group_failed = rship. \
            add_user_many_groups(db_session, new_user.id,
                                 user['profile'], requester)
        db_session.commit()
    LOGGER.debug("... user profile was configured.")

    LOGGER.debug("Configuring user password...")
    if conf.emailHost != 'NOEMAIL':
        try:
            pwdc.create_password_set_request(db_session, new_user)
            db_session.commit()
        except Exception as e:
            LOGGER.warning(e)
    LOGGER.debug("... user password was configured.")

    LOGGER.debug("Sending tenant creation message to other components...")
    if count_tenant_users(db_session, new_user.service) == 1:
        LOGGER.info(
            f"Will emit tenant lifecycle event {new_user.service} - CREATE")
        Publisher.send_notification({
            "type": 'CREATE',
            'tenant': new_user.service
        })

    LOGGER.debug("... tenant creation message was sent.")
    ret = {
        "user": new_user.safe_dict(),
        "groups": group_success,
        "could not add": group_failed,
        "message": "user created"
    }
    return ret
Exemplo n.º 4
0
def create_user(db_session, user: User, requester):
    """
    Create a new user.
    :param db_session: The postgres db session to be used
    :param user: User The user to be created. This is a simple dictionary with all 'fillable' field
                 listed in Models.User class.
    :param requester: Who is creating this user. This is a dictionary with two keys:
                      "userid" and "username"
    :return: The result of creating this user.
    :raises HTTPRequestError: If username is already in use
    :raises HTTPRequestError: If e-mail is already in use
    :raises HTTPRequestError: If any problem occurs while configuring Kong
    """
    # Drop invalid fields
    user = {k: user[k] for k in user if k in User.fillable}
    check_user(user)

    # Sanity checks
    # Check whether username and e-mail are unique.
    if db_session.query(
            User.id).filter_by(username=user['username']).one_or_none():
        raise HTTPRequestError(400, f"Username {user['username']} is in use.")

    if db_session.query(User.id).filter_by(email=user['email']).one_or_none():
        raise HTTPRequestError(400, f"E-mail {user['email']} is in use.")

    if conf.emailHost == 'NOEMAIL':
        user['salt'], user['hash'] = password.create_pwd(
            conf.temporaryPassword)

    # Last field to be filled automatically, before parsing
    user['created_by'] = requester['userid']

    # User structure is finished.
    new_user = User(**user)
    log().info(f"User {user['username']} created by {requester['username']}")
    log().info(new_user)

    # If no problems occur to create user (no exceptions), configure kong
    kong_data = kongUtils.configure_kong(new_user.username)
    if kong_data is None:
        raise HTTPRequestError(500,
                               'failed to configure verification subsystem')
    new_user.secret = kong_data['secret']
    new_user.key = kong_data['key']
    new_user.kongId = kong_data['kongid']

    # Add the new user to the database
    db_session.add(new_user)
    db_session.commit()

    # Configuring groups and user profiles
    group_success = []
    group_failed = []
    if 'profile' in user.keys():
        group_success, group_failed = rship. \
            add_user_many_groups(db_session, new_user.id,
                                 user['profile'], requester)
        db_session.commit()
    if conf.emailHost != 'NOEMAIL':
        pwdc.create_password_set_request(db_session, new_user)
        db_session.commit()

    if count_tenant_users(db_session, new_user.service) == 1:
        log().info(
            f"Will emit tenant lifecycle event {new_user.service} - CREATE")
        send_notification({"type": 'CREATE', 'tenant': new_user.service})

    ret = {
        "user": new_user.safe_dict(),
        "groups": group_success,
        "could not add": group_failed,
        "message": "user created"
    }
    return ret