def testRaisesIfUsernameSetInRequest(self): user = user_plugin.ApiGrrUser(username=u"foo") with self.assertRaises(ValueError): self.handler.Handle(user, token=access_control.ACLToken(username=u"foo")) user = user_plugin.ApiGrrUser(username=u"bar") with self.assertRaises(ValueError): self.handler.Handle(user, token=access_control.ACLToken(username=u"foo"))
def testRaisesIfUsernameSetInRequest(self): user = user_plugin.ApiGrrUser(username=u"foo") with self.assertRaises(ValueError): self.handler.Handle( user, context=api_call_context.ApiCallContext(username="******")) user = user_plugin.ApiGrrUser(username=u"bar") with self.assertRaises(ValueError): self.handler.Handle( user, context=api_call_context.ApiCallContext(username=u"foo"))
def Handle(self, args, token=None): if not args.username: raise ValueError("username can't be empty.") if args.HasField( "user_type") and args.user_type != args.UserType.USER_TYPE_ADMIN: args.user_type = args.UserType.USER_TYPE_STANDARD # query user, to throw if a nonexistent user should be modified data_store.REL_DB.ReadGRRUser(args.username) if args.HasField("password"): password = args.password else: password = None if args.HasField("user_type"): user_type = args.user_type else: user_type = None data_store.REL_DB.WriteGRRUser( username=args.username, password=password, user_type=user_type) user = data_store.REL_DB.ReadGRRUser(args.username) return api_user.ApiGrrUser().InitFromDatabaseObject(user)
def Handle(self, args, token=None): if not args.username: raise ValueError("username can't be empty.") if args.user_type != args.UserType.USER_TYPE_ADMIN: args.user_type = args.UserType.USER_TYPE_STANDARD if args.email: if config.CONFIG["Email.enable_custom_email_address"]: email = args.email else: raise ValueError( "email can't be set if the config option " "Email.enable_custom_email_address is not enabled.") else: email = None data_store.REL_DB.WriteGRRUser( username=args.username, password=args.password if args.HasField("password") else None, user_type=args.user_type, email=email, ) user = data_store.REL_DB.ReadGRRUser(args.username) return api_user.ApiGrrUser().InitFromDatabaseObject(user)
def Handle(self, args, token=None): if not args.username: raise ValueError("username can't be empty.") user_urn = aff4.ROOT_URN.Add("users").Add(args.username) events.Events.PublishEvent("Audit", rdf_events.AuditEvent(user=token.username, action="USER_ADD", urn=user_urn), token=token) if aff4.FACTORY.ExistsWithType(user_urn, aff4_type=users.GRRUser, token=token): raise access_control.UnauthorizedAccess( "Cannot add user %s: User already exists." % args.username) with aff4.FACTORY.Create(user_urn, aff4_type=users.GRRUser, mode="rw", token=token) as fd: if args.HasField("password"): fd.SetPassword(args.password) if args.user_type == args.UserType.USER_TYPE_ADMIN: fd.AddLabels(["admin"], owner="GRR") return api_user.ApiGrrUser().InitFromAff4Object(fd)
def Handle(self, args, token=None): if not args.username: raise ValueError("username can't be empty.") user_urn = aff4.ROOT_URN.Add("users").Add(args.username) events.Events.PublishEvent("Audit", rdf_events.AuditEvent(user=token.username, action="USER_UPDATE", urn=user_urn), token=token) with aff4.FACTORY.Open(user_urn, aff4_type=users.GRRUser, mode="rw", token=token) as fd: if args.HasField("password"): fd.SetPassword(args.password) if args.user_type == args.UserType.USER_TYPE_ADMIN: fd.AddLabels(["admin"], owner="GRR") elif args.user_type == args.UserType.USER_TYPE_STANDARD: fd.RemoveLabels(["admin"], owner="GRR") return api_user.ApiGrrUser().InitFromAff4Object(fd)
def Handle(self, args, token=None): total_count = data_store.REL_DB.CountGRRUsers() db_users = data_store.REL_DB.ReadGRRUsers(offset=args.offset, count=args.count) items = [ api_user.ApiGrrUser().InitFromDatabaseObject(u) for u in db_users ] return ApiListGrrUsersResult(total_count=total_count, items=items)
def _HandleRelational(self, args): data_store.REL_DB.WriteGRRUser( username=args.username, password=args.password if args.HasField("password") else None, user_type=args.user_type, ) user = data_store.REL_DB.ReadGRRUser(args.username) return api_user.ApiGrrUser().InitFromDatabaseObject(user)
def testSetsSettingsForUserCorrespondingToToken(self): settings = user_plugin.GUISettings(mode="ADVANCED", canary_mode=True) user = user_plugin.ApiGrrUser(settings=settings) self.handler.Handle(user, token=access_control.ACLToken(username=u"foo")) u = data_store.REL_DB.ReadGRRUser(u"foo") self.assertEqual(settings.mode, u.ui_mode) self.assertEqual(settings.canary_mode, u.canary_mode)
def Handle(self, args, token=None): if not args.username: raise ValueError("username can't be empty.") try: user = data_store.REL_DB.ReadGRRUser(args.username) return api_user.ApiGrrUser().InitFromDatabaseObject(user) except db.UnknownGRRUserError as e: raise api_call_handler_base.ResourceNotFoundError(e)
def testSetsSettingsForUserCorrespondingToToken(self): settings = user_plugin.GUISettings(mode="ADVANCED", canary_mode=True) user = user_plugin.ApiGrrUser(settings=settings) self.handler.Handle( user, context=api_call_context.ApiCallContext(username="******")) u = data_store.REL_DB.ReadGRRUser("foo") self.assertEqual(settings.mode, u.ui_mode) self.assertEqual(settings.canary_mode, u.canary_mode)
def _HandleAff4(self, args, token=None): user_urn = aff4.ROOT_URN.Add("users").Add(args.username) try: fd = aff4.FACTORY.Open(user_urn, aff4_type=users.GRRUser, mode="r", token=token) return api_user.ApiGrrUser().InitFromAff4Object(fd) except aff4.InstantiationError: raise api_call_handler_base.ResourceNotFoundError( "GRR user with username '%s' could not be found." % args.username)
def Handle(self, args, token=None): if not args.username: raise ValueError("username can't be empty.") if args.user_type != args.UserType.USER_TYPE_ADMIN: args.user_type = args.UserType.USER_TYPE_STANDARD data_store.REL_DB.WriteGRRUser( username=args.username, password=args.password if args.HasField("password") else None, user_type=args.user_type, ) user = data_store.REL_DB.ReadGRRUser(args.username) return api_user.ApiGrrUser().InitFromDatabaseObject(user)
def testSetsSettingsForUserCorrespondingToToken(self): settings = aff4_users.GUISettings(mode="ADVANCED", canary_mode=True) user = user_plugin.ApiGrrUser(settings=settings) self.handler.Handle(user, token=access_control.ACLToken(username=u"foo")) # Check that settings for user "foo" were applied. fd = aff4.FACTORY.Open("aff4:/users/foo", token=self.token) self.assertEqual(fd.Get(fd.Schema.GUI_SETTINGS), settings) # Check that settings were applied in relational db. u = data_store.REL_DB.ReadGRRUser(u"foo") self.assertEqual(settings.mode, u.ui_mode) self.assertEqual(settings.canary_mode, u.canary_mode)
def Handle(self, args, token=None): users_root = aff4.FACTORY.Open(aff4.ROOT_URN.Add("users"), token=token) usernames = sorted(users_root.ListChildren()) total_count = len(usernames) if args.count: usernames = usernames[args.offset:args.offset + args.count] else: usernames = usernames[args.offset:] items = [] for aff4_obj in aff4.FACTORY.MultiOpen(usernames, aff4_type=users.GRRUser, token=token): items.append(api_user.ApiGrrUser().InitFromAff4Object(aff4_obj)) return ApiListGrrUsersResult(total_count=total_count, items=items)
def _HandleRelational(self, args): # query user, to throw if a nonexistent user should be modified data_store.REL_DB.ReadGRRUser(args.username) if args.HasField("password"): password = args.password else: password = None if args.HasField("user_type"): user_type = args.user_type else: user_type = None data_store.REL_DB.WriteGRRUser(username=args.username, password=password, user_type=user_type) user = data_store.REL_DB.ReadGRRUser(args.username) return api_user.ApiGrrUser().InitFromDatabaseObject(user)
def Handle(self, args, token=None): if not args.username: raise ValueError("username can't be empty.") if args.HasField("user_type" ) and args.user_type != args.UserType.USER_TYPE_ADMIN: args.user_type = args.UserType.USER_TYPE_STANDARD # query user, to throw if a nonexistent user should be modified data_store.REL_DB.ReadGRRUser(args.username) if args.HasField("password"): password = args.password else: password = None if args.HasField("user_type"): user_type = args.user_type else: user_type = None if args.HasField("email"): if config.CONFIG["Email.enable_custom_email_address"]: email = args.email else: raise ValueError( "email can't be set if the config option " "Email.enable_custom_email_address is not enabled.") else: email = None data_store.REL_DB.WriteGRRUser(username=args.username, password=password, user_type=user_type, email=email) user = data_store.REL_DB.ReadGRRUser(args.username) return api_user.ApiGrrUser().InitFromDatabaseObject(user)
def testRaisesIfTraitsSetInRequest(self): user = user_plugin.ApiGrrUser( interface_traits=user_plugin.ApiGrrUserInterfaceTraits()) with self.assertRaises(ValueError): self.handler.Handle(user, token=access_control.ACLToken(username=u"foo"))
def testRaisesIfTraitsSetInRequest(self): user = user_plugin.ApiGrrUser( interface_traits=user_plugin.ApiGrrUserInterfaceTraits()) with self.assertRaises(ValueError): self.handler.Handle( user, context=api_call_context.ApiCallContext(username=u"foo"))
def _HandleRelational(self, args): try: user = data_store.REL_DB.ReadGRRUser(args.username) return api_user.ApiGrrUser().InitFromDatabaseObject(user) except db.UnknownGRRUserError as e: raise api_call_handler_base.ResourceNotFoundError(e)