Exemplo n.º 1
0
def hide_user(request, status):
    try:
        args = request.args
        user_uuid = getUserList(request)[args.get('Userid')]
        log.info('user_uuid:' + user_uuid)
        url = "http://{host_ip}/permit/enterprise/{enterprise}/user/{user_uuid}/put_status".format(
            host_ip=const.MANAGE_USER_API_IP,
            enterprise=const.ENTERPRISE,
            user_uuid=user_uuid)
        log.info('disable user url: ' + url)
        headers = {
            "Content-Type": "application/json",
            "Authorization": "Bearer " + getBearerToken(request)
        }

        data = {"id": user_uuid, "status": status}
        callApi = service_sso.CallApi()
        response = callApi.post_request(url, headers, data)
        log.info(response.text)
        dic_resp = json.loads(response.text)
        if dic_resp.get('status') == 0:
            return encode({'ReturnStatus': '0|success'}, 200)
        elif dic_resp.get('status') == -1:
            return encode({'ReturnStatus': '403|delete user fail'}, 403)
        else:
            return encode(
                {
                    'ReturnStatus':
                    str(dic_resp.get('status')) + '|' + dic_resp.get('result')
                }, dic_resp.get('status'))
    except Exception as e:
        log.error("delete_user error: " + utils.except_raise(e))
        return encode({'ReturnStatus': '500|' + utils.except_raise(e)}, 500)
Exemplo n.º 2
0
def getUserList(request):
    try:
        url = "http://{host_ip}/permit/enterprise/{enterprise}/users".format(
            host_ip=const.MANAGE_USER_API_IP, enterprise=const.ENTERPRISE)
        log.info('getUserList: ' + url)
        headers = {
            "Content-Type": "application/json",
            "Authorization": "Bearer " + getBearerToken(request)
        }
        # data = {"enterpriseId": const.ENTERPRISE}
        callApi = service_sso.CallApi()
        response = callApi.get_request(url, headers)
        dic_resp = json.loads(response.text)
        log.debug(str(json.dumps(dic_resp.get('result'))))

        args = request.args

        log.info('getUserList with objectType:' + str(args.get('objectType')) +
                 ', Userid:' + str(args.get('Userid')))

        if args.get('objectType') == None or args.get('objectType') == u'User':
            user_map = {}
            for user in dic_resp.get('result'):
                user_map[user.get('user_name')] = user.get('id')
            return user_map
        if args.get('objectType') == u'UserAuth':
            result = ''
            for user in dic_resp.get('result'):
                if user.get('user_name') == args.get('Userid'):
                    result = user
            log.debug(str(json.dumps(result)))
            if result == '':
                return encode({'ReturnStatus': '403|Userid not exist'}, 403)

            if result.get('type') == 1:
                return encode({
                    'ReturnStatus': '0|success',
                    'Role': 'ADMIN'
                }, 200)
            elif result.get('type') == 2:
                role = 'MEMBER'
                for roleObj in result.get('organization')[0].get(
                        'products')[1].get('roles').get('items'):
                    if roleObj.get('rolename') == 'CC_BOT_MANAGER':
                        role = 'MANAGER'
                return encode({'ReturnStatus': '0|success', 'Role': role}, 200)
            else:
                return encode({'ReturnStatus': '403|invalid user'}, 403)
        elif args.get('objectType') == u'RoleAuth':
            # return encode({'ReturnStatus':0}) + '&' + encode({'Role':'ADMIN'}) + '&' + encode({'Role':'MANAGER'}) + '&' + encode({'Role':'MEMBER'}, 200)
            resp = Response(
                response=
                "ReturnStatus=0|success&Role=MANAGER|MANAGER&Role=MEMBER|MEMBER",
                status=200,
                mimetype="text/plain")
            return resp

    except Exception as e:
        log.error("getUserList error: " + utils.except_raise(e))
        return utils.except_raise(e)
Exemplo n.º 3
0
def deleteUser(request):
    try:
        args = request.args
        Userid = getUserList(request)[args.get('Userid')]
        if request.args.get('Userid') == None:
            return encode({"status": "400|missing necessary key Userid"}, 400)
        url = "http://{host_ip}/permit/enterprise/{enterprise}/user/{Userid}/delete_user".format(
            host_ip=const.MANAGE_USER_API_IP,
            enterprise=const.ENTERPRISE,
            Userid=request.args.get('Userid'))
        log.info('deleteUser url: ' + url)
        headers = {
            "Content-Type": "application/json",
            "Authorization": "Bearer " + getBearerToken(request)
        }
        data = {"id": request.args.get('Userid'), "status": 0}
        callApi = service_sso.CallApi()
        response = callApi.post_request(url, headers, data)
        log.info(response.text)
        dic_resp = json.loads(response.text)
        log.info(dic_resp.get('result'))
        return dic_resp.get('result')
    except Exception as e:
        log.error("getRoleList error: " + utils.except_raise(e))
        return utils.except_raise(e)
Exemplo n.º 4
0
def valid_update_role(request):
    try:
        url = "http://{host_ip}/permit/enterprise/{enterprise}/users".format(
            host_ip=const.MANAGE_USER_API_IP, enterprise=const.ENTERPRISE)
        log.info('getUserList: ' + url)
        headers = {
            "Content-Type": "application/json",
            "Authorization": "Bearer " + getBearerToken(request)
        }
        # data = {"enterpriseId": const.ENTERPRISE}
        callApi = service_sso.CallApi()
        response = callApi.get_request(url, headers)
        dic_resp = json.loads(response.text)
        log.debug(str(json.dumps(dic_resp.get('result'))))

        args = request.args
        input_role = args.get('Role')

        result = ''
        role = ''
        for user in dic_resp.get('result'):
            if user.get('user_name') == args.get('Userid'):
                result = user
        log.debug(str(json.dumps(result)))
        if result == '':
            return False
        if result.get('type') == 1:
            role = "ADMIN"
        elif result.get('type') == 2:
            role = 'MEMBER'
            for roleObj in result.get('organization')[0].get(
                    'products')[1].get('roles').get('items'):
                if roleObj.get('rolename') == 'CC_BOT_MANAGER':
                    role = 'MANAGER'
        else:
            return False

        log.info('input_role: ' + str(input_role) + ', original_role: ' +
                 str(role))

        if input_role == 'ADMIN' and role == 'MANAGER':
            return False
        elif input_role == 'ADMIN' and role == 'MEMBER':
            return False
        elif input_role == 'MANAGER' and role == 'ADMIN':
            return False
        elif input_role == 'MEMBER' and role == 'ADMIN':
            return False
        else:
            return True
    except Exception as e:
        log.error("getUserList error: " + utils.except_raise(e))
        return utils.except_raise(e)
Exemplo n.º 5
0
def getRoleList(request):
    try:
        url = "http://{host_ip}/permit/roles/{enterprise}".format(
            host_ip=const.MANAGE_USER_API_IP, enterprise=const.ENTERPRISE)
        log.info('getWholeRobotId: ' + url)
        headers = {
            "Content-Type": "application/json",
            "Authorization": "Bearer " + getBearerToken(request)
        }
        # data = {"enterpriseId": const.ENTERPRISE}
        callApi = service_sso.CallApi()
        response = callApi.get_request(url, headers)
        dic_resp = json.loads(response.text)
        log.debug(dic_resp.get('result'))
        return dic_resp.get('result')
    except Exception as e:
        log.error("getRoleList error: " + utils.except_raise(e))
        return utils.except_raise(e)
Exemplo n.º 6
0
def refreshBearToken(request):
    try:
        log.info('Refresh BearToken')
        url = "http://{host_ip}/auth/v3/login".format(
            host_ip=const.MANAGE_USER_API_IP)
        headers = {"Content-Type": "application/x-www-form-urlencoded"}
        data = {
            "account": "deployer",
            "passwd": "7e2ba10110f719dd65a0403305770b08"
        }
        callApi = service_sso.CallApi()
        response = callApi.post_request(url, headers, data)
        dic_resp = json.loads(response.text)
        token = dic_resp.get('result').get('token')
        log.debug(token)
        const.BEARER_TOKEN = token
    except Exception as e:
        log.error("refreshBearToken error: " + utils.except_raise(e))
        return utils.except_raise(e)
Exemplo n.º 7
0
def add_update_user(request):
    try:
        log.info('process add_update_user')
        args = request.args
        md5_password = utils.md5(const.SSO_DEFAULT_PWD)
        log.debug(md5_password)

        callApi = service_sso.CallApi()
        url = ''
        log.info('ActionType: ' + args.get('ActionType'))

        if args.get('ActionType') == u'ADD':
            url = "http://{host_ip}/permit/enterprise/{enterprise}/user".format(
                host_ip=const.MANAGE_USER_API_IP, enterprise=const.ENTERPRISE)
        elif args.get('ActionType') == u'EDIT':
            valid = valid_update_role(request)
            log.info('valid_update_role: ' + str(valid))
            if valid == False:
                return encode(
                    {'ReturnStatus': '403|illegal operation change role fail'},
                    403)

            user_uuid = getUserList(request).get(args.get('Userid'))
            if user_uuid == None:
                return encode({'ReturnStatus': '403|UserId does not exist'},
                              403)
            log.info('user_uuid:' + str(user_uuid))
            url = "http://{host_ip}/permit/enterprise/{enterprise}/user/{user_uuid}/put_user".format(
                host_ip=const.MANAGE_USER_API_IP,
                enterprise=const.ENTERPRISE,
                user_uuid=user_uuid)

        log.info('register user api: ' + url)

        headers = {
            "Content-Type": "application/json",
            "Authorization": "Bearer " + getBearerToken(request)
        }

        organization = getOrganization(request, args.get('Role'))

        log.info(organization)
        # args.get('UserCName') 凱基中文名稱懶得轉碼直接 Userid 當中文名稱
        data = {
            "type": 2,
            "username": args.get('Userid'),
            "name": args.get('Userid'),
            "email": checkEmail(args.get('UserEmail')),
            "phone": args.get('UserTel'),
            "password": md5_password,
            "status": 1,
            "organization": getOrganization(request, args.get('Role'))
        }
        if args.get('ActionType') == u'EDIT':
            user_uuid = getUserList(request).get(args.get('Userid'))
            log.info('user_uuid:' + str(user_uuid))
            data['id'] = user_uuid
            del data['password']

        if args.get('Role') == u'ADMIN':
            data['type'] = 1

        response = callApi.post_request(url, headers, data)
        log.info("bfop permit response:")
        log.info(response.text)
        dic_resp = json.loads(response.text)
        log.info(dic_resp.get('message'))
        log.info(dic_resp.get('status'))
        log.info(dic_resp.get('result'))
        if dic_resp.get('status') == 0:
            return encode({'ReturnStatus': '0|success'}, 200)
        elif dic_resp.get('status') == -1:
            if dic_resp.get('message').find("同名用户已存在") != -1:
                return encode({'ReturnStatus': '403|user exist'}, 403)
            elif dic_resp.get('message').find("更新用户失败") != -1:
                return encode({'ReturnStatus': '403|updated user fail'}, 403)
            else:
                return encode(
                    {'ReturnStatus': '403|registered or updated user fail'},
                    403)
        else:
            return encode(
                {
                    'ReturnStatus':
                    str(dic_resp.get('status')) + '|' + dic_resp.get('result')
                }, dic_resp.get('status'))
    except Exception as e:
        log.error("add_update_user error: " + utils.except_raise(e))
        return encode({'ReturnStatus': '500|' + utils.except_raise(e)}, 500)
Exemplo n.º 8
0
    def get(self):
        try:
            TOKEN = request.cookies.get('TOKEN')
            WSSOID = request.cookies.get('WSSOID')
            ACCTID = request.cookies.get('ACCTID')
            UserIP = request.remote_addr
            if request.args.get('userip') != None:
                UserIP = request.args.get('userip')
            URL = request.cookies.get('URL')
            log.info(request.cookies)
            # if TOKEN == None or WSSOID == None or ACCTID == None:
            # return encode({"ReturnStatus":"400|missing necessary parameter TOKEN, WSSOID, ACCTID"}, 400)
            log.info('TOKEN: ' + str(TOKEN) + ', WSSOID: ' + str(WSSOID) +
                     ', UserIP:' + str(UserIP) + ', URL:' + str(URL))

            # Verify SSO_Token
            url = const.SSO_VERIFY_API
            headers = {"Content-Type": "text/plain", "Accept": "text/plain"}
            if request.headers.getlist("X-Forwarded-For"):
                UserIP = request.headers.getlist("X-Forwarded-For")[0]
            else:
                UserIP = request.remote_addr
            # UserIP='10.86.53.26'
            url = url + '?pszWSSOToken=' + str(TOKEN) + '&pszWSSOID=' + str(
                WSSOID) + '&pszUserIP=' + str(UserIP) + '&pszURL=' + str(
                    'botu.kgibank.com')
            log.info('call sso verify api url:::' + url)

            try:
                callApi = service_sso.CallApi()
                response = callApi.get_request(url, headers)
                log.info(str(response))
                if str(response) != '<Response [200]>':
                    return errorPage('call verify token api fail')
                    # return encode({"ReturnStatus":"400|call verify token api fail"},400)
                log.info(response.text)
                verify_token_return_code = ''
                regex = re.search('^(Code=){1}(\d{3})(&){1}', response.text)
                if regex:
                    verify_token_return_code = regex.group(2)
                log.info('verify_token_return_code:' +
                         str(verify_token_return_code))
                log.info(
                    const.VERIFY_TOKEN_STATUS.get(verify_token_return_code))
                if str(verify_token_return_code) != '100':
                    return errorPage('ReturnStatus: ' +
                                     str(verify_token_return_code) +
                                     ', message: ' +
                                     const.VERIFY_TOKEN_STATUS.get(
                                         verify_token_return_code))
                    # return encode({"ReturnStatus": str(verify_token_return_code) + "|" + const.VERIFY_TOKEN_STATUS.get(verify_token_return_code)},400)

            except Exception as e:
                log.error("call verify token api occurring error: " +
                          utils.except_raise(e))
                return errorPage("call verify token api occurring error: " +
                                 utils.except_raise(e))
                # return encode({'ReturnStatus': '403|'+str(e.args[0]) }, 403)

            # if dic_resp['status'] != 200:
            #     return {'status': 204,'result': 'SSO verify fail'}, 204

            url = "http://{host_ip}/auth/v3/login".format(
                host_ip=const.MANAGE_USER_API_IP)
            headers = {"Content-Type": "application/x-www-form-urlencoded"}
            data = {
                "account": ACCTID,
                "passwd": utils.md5(const.SSO_DEFAULT_PWD)
            }
            callApi = service_sso.CallApi()
            response = callApi.post_request(url, headers, data)
            dic_resp = json.loads(response.text)
            # log.info(dic_resp)
            token = dic_resp.get('result').get('token')
            redirect_url = const.BFOP_SSO_LOGIN_URL + token
            log.info(redirect_url)
            return redirect(redirect_url, 302)
            # response = make_response(redirect(const.BFOP_SSO_LOGIN_URL + token))
            # response.headers.add('Access-Control-Allow-Credentials', 'true')
            # response.headers["Authorization"] = "Bearer " + token

            # log.info(response.headers)
            # return response

        except Exception as e:
            log.error("SSOLogin process error: " + utils.except_raise(e))
            return errorPage('SSOLogin process error')