def create_user(
username, fullname, password, group_ids,
customer_name, email, enabled=CommonKeys.YES, user_name=None,
uri=None, method=None
):
"""Add a new user into vFense
Args:
username (str): The name of the user you are creating.
fullname (str): The full name of the user you are creating.
password (str): The unencrypted password of the user.
group_ids (list): List of vFense group ids to add the user too.
customer_name (str): The customer, this user will be part of.
email (str): Email address of the user.
enabled (str): yes or no
Default=no
Kwargs:
user_name (str): The name of the user who called this function.
uri (str): The uri that was used to call this function.
method (str): The HTTP methos that was used to call this function.
Basic Usage:
>>> from vFense.user.users import create_user
>>> username = '******'
>>> fullname = 'testing 4 life'
>>> password = '******'
>>> group_ids = ['8757b79c-7321-4446-8882-65457f28c78b']
>>> customer_name = 'default'
>>> email = '*****@*****.**'
>>> enabled = 'yes'
>>> create_user(
username, fullname, password,
group_ids, customer_name, email, enabled
)
Return:
Dictionary of the status of the operation.
{
'uri': None,
'rv_status_code': 1010,
'http_method': None,
'http_status': 200,
'message': 'None - create user testing123 was created',
'data': {
'current_customer': 'default',
'full_name': 'tester4life',
'default_customer': 'default',
'password': '******',
'user_name': 'testing123',
'enabled': 'yes',
'email': '*****@*****.**'
}
}
"""
user_exist = get_user(username)
pass_strength = check_password(password)
status = create_user.func_name + ' - '
generated_ids = []
generic_status_code = 0
vfense_status_code = 0
user_data = (
{
UserKeys.CurrentCustomer: customer_name,
UserKeys.DefaultCustomer: customer_name,
UserKeys.FullName: fullname,
UserKeys.UserName: username,
UserKeys.Enabled: enabled,
UserKeys.Email: email
}
)
if enabled != CommonKeys.YES or enabled != CommonKeys.NO:
enabled = CommonKeys.NO
valid_user_name = (
re.search('([A-Za-z0-9_-]{1,24})', username)
)
valid_user_length = (
len(username) <= DefaultStringLength.USER_NAME
)
try:
if (not user_exist and pass_strength[0] and
valid_user_length and valid_user_name):
encrypted_password = Crypto().hash_bcrypt(password)
user_data[UserKeys.Password] = encrypted_password
customer_is_valid = get_customer(customer_name)
validated_groups, _, invalid_groups = validate_group_ids(
group_ids, customer_name
)
if customer_is_valid and validated_groups:
object_status, _, _, generated_ids = (
insert_user(user_data)
)
generated_ids.append(username)
add_user_to_customers(
username, [customer_name],
user_name, uri, method
)
add_user_to_groups(
username, customer_name, group_ids,
user_name, uri, method
)
if object_status == DbCodes.Inserted:
msg = 'user name %s created' % (username)
generic_status_code = GenericCodes.ObjectCreated
vfense_status_code = UserCodes.UserCreated
user_data.pop(UserKeys.Password)
elif not customer_is_valid and validated_groups:
msg = 'customer name %s does not exist' % (customer_name)
object_status = DbCodes.Skipped
generic_status_code = GenericCodes.InvalidId
vfense_status_code = CustomerFailureCodes.CustomerDoesNotExist
elif not validated_groups and customer_is_valid:
msg = 'group ids %s does not exist' % (invalid_groups)
object_status = DbCodes.Skipped
generic_status_code = GenericCodes.InvalidId
vfense_status_code = GroupFailureCodes.InvalidGroupId
else:
group_error = (
'group ids %s does not exist' % (invalid_groups)
)
customer_error = (
'customer name %s does not exist' % (customer_name)
)
msg = group_error + ' and ' + customer_error
object_status = DbCodes.Errors
generic_status_code = GenericFailureCodes.FailedToCreateObject
vfense_status_code = UserFailureCodes.FailedToCreateUser
elif user_exist:
msg = 'username %s already exists' % (username)
object_status = GenericCodes.ObjectExists
generic_status_code = GenericCodes.ObjectExists
vfense_status_code = UserFailureCodes.UserNameExists
elif not pass_strength[0]:
msg = (
'password does not meet the min requirements: strength=%s'
% (pass_strength[1])
)
object_status = GenericFailureCodes.FailedToCreateObject
generic_status_code = GenericFailureCodes.FailedToCreateObject
vfense_status_code = UserFailureCodes.WeakPassword
elif not valid_user_name or not valid_user_length:
status_code = DbCodes.Errors
msg = (
'user name is not within the 24 character range '+
'or contains unsupported characters :%s' %
(username)
)
generic_status_code = GenericCodes.InvalidId
vfense_status_code = UserFailureCodes.InvalidUserName
results = {
ApiResultKeys.DB_STATUS_CODE: object_status,
ApiResultKeys.GENERIC_STATUS_CODE: generic_status_code,
ApiResultKeys.VFENSE_STATUS_CODE: vfense_status_code,
ApiResultKeys.MESSAGE: status + msg,
ApiResultKeys.GENERATED_IDS: generated_ids,
ApiResultKeys.DATA: [user_data],
ApiResultKeys.USERNAME: user_name,
ApiResultKeys.URI: uri,
ApiResultKeys.HTTP_METHOD: method
}
except Exception as e:
logger.exception(e)
msg = 'Failed to create user %s: %s' % (username, str(e))
status_code = DbCodes.Errors
generic_status_code = GenericFailureCodes.FailedToCreateObject
vfense_status_code = UserFailureCodes.FailedToCreateUser
results = {
ApiResultKeys.DB_STATUS_CODE: status_code,
ApiResultKeys.GENERIC_STATUS_CODE: generic_status_code,
ApiResultKeys.VFENSE_STATUS_CODE: vfense_status_code,
ApiResultKeys.MESSAGE: status + msg,
ApiResultKeys.GENERATED_IDS: [],
ApiResultKeys.DATA: [user_data],
ApiResultKeys.USERNAME: user_name,
ApiResultKeys.URI: uri,
ApiResultKeys.HTTP_METHOD: method
}
return(results)
def change_password(
username, password, new_password,
user_name=None, uri=None, method=None
):
"""Change password for a user.
Args:
username (str): The name of the user you are deleteing.
password (str): Original password.
new_password (str): New password.
Kwargs:
user_name (str): The name of the user who called this function.
uri (str): The uri that was used to call this function.
method (str): The HTTP methos that was used to call this function.
Return:
Dictionary of the status of the operation.
{
'uri': None,
'rv_status_code': 1008,
'http_method': None,
'http_status': 200,
'message': 'None - change_password - Password changed for user admin - admin was updated',
'data': []
}
"""
user_exist = get_user(username, without_fields=None)
status = change_password.func_name + ' - '
try:
generic_status_code = 0
vfense_status_code = 0
if user_exist:
pass_strength = check_password(new_password)
original_encrypted_password = user_exist[UserKeys.Password].encode('utf-8')
original_password_verified = (
Crypto().verify_bcrypt_hash(password, original_encrypted_password)
)
encrypted_new_password = Crypto().hash_bcrypt(new_password)
new_password_verified_against_orignal_password = (
Crypto().verify_bcrypt_hash(new_password, original_encrypted_password)
)
if (original_password_verified and pass_strength[0] and
not new_password_verified_against_orignal_password):
user_data = {UserKeys.Password: encrypted_new_password}
object_status, _, _, _ = (
update_user(username, user_data)
)
if object_status == DbCodes.Replaced:
msg = 'Password changed for user %s - ' % (username)
generic_status_code = GenericCodes.ObjectUpdated
vfense_status_code = UserCodes.PasswordChanged
elif new_password_verified_against_orignal_password:
msg = 'New password is the same as the original - user %s - ' % (username)
object_status = DbCodes.Unchanged
generic_status_code = GenericFailureCodes.FailedToUpdateObject
vfense_status_code = UserFailureCodes.NewPasswordSameAsOld
elif original_password_verified and not pass_strength[0]:
msg = 'New password is to weak for user %s - ' % (username)
object_status = DbCodes.Unchanged
generic_status_code = GenericFailureCodes.FailedToUpdateObject
vfense_status_code = UserFailureCodes.WeakPassword
elif not original_password_verified:
msg = 'Password not verified for user %s - ' % (username)
object_status = DbCodes.Unchanged
generic_status_code = GenericFailureCodes.FailedToUpdateObject
vfense_status_code = UserFailureCodes.InvalidPassword
results = {
ApiResultKeys.DB_STATUS_CODE: object_status,
ApiResultKeys.GENERIC_STATUS_CODE: generic_status_code,
ApiResultKeys.VFENSE_STATUS_CODE: vfense_status_code,
ApiResultKeys.UPDATED_IDS: [username],
ApiResultKeys.MESSAGE: status + msg,
ApiResultKeys.DATA: [],
ApiResultKeys.USERNAME: user_name,
ApiResultKeys.URI: uri,
ApiResultKeys.HTTP_METHOD: method
}
else:
msg = 'User %s does not exist - ' % (username)
object_status = DbCodes.Skipped
generic_status_code = GenericCodes.InvalidId
vfense_status_code = UserFailureCodes.UserNameDoesNotExist
results = {
ApiResultKeys.DB_STATUS_CODE: object_status,
ApiResultKeys.GENERIC_STATUS_CODE: generic_status_code,
ApiResultKeys.VFENSE_STATUS_CODE: vfense_status_code,
ApiResultKeys.MESSAGE: status + msg,
ApiResultKeys.DATA: [],
ApiResultKeys.USERNAME: user_name,
ApiResultKeys.URI: uri,
ApiResultKeys.HTTP_METHOD: method
}
except Exception as e:
logger.exception(e)
status_code = DbCodes.Errors
generic_status_code = GenericFailureCodes.FailedToUpdateObject
vfense_status_code = UserFailureCodes.FailedToUpdateUser
msg = 'Failed to update password for user %s: %s' % (username, str(e))
results = {
ApiResultKeys.DB_STATUS_CODE: status_code,
ApiResultKeys.GENERIC_STATUS_CODE: generic_status_code,
ApiResultKeys.VFENSE_STATUS_CODE: vfense_status_code,
ApiResultKeys.MESSAGE: status + msg,
ApiResultKeys.DATA: [],
ApiResultKeys.USERNAME: user_name,
ApiResultKeys.URI: uri,
ApiResultKeys.HTTP_METHOD: method
}
return(results)
