def create_user():
try:
username = raw_input("Username: "******"Email: ").strip()
while True:
password = getpass("Password: "******" (confirm): ")
if password_confirm == password:
break
else:
print("Passwords do not match... Try again...")
u = User(username=username)
u.email = email
# check for org
org = Organization.get_by_name("default")
if not org:
org = Organization()
org.name = "default"
org.owner = u.uuid
org.save()
u.organization = Organization.get_by_name("default").uuid
u.set_password(password)
u.add_role("admin")
u.save()
print("User created/updated successfully...")
except KeyboardInterrupt:
pass
def get_provider_info(provider=None, organization=None, account=None):
data = {}
if not organization:
organization = request.args.get('organization', None)
if not account:
account = request.args.get('account', None)
organization = Organization.get_by_name(organization)
account = Account.query.filter({'organization': organization.uuid, 'name': account}).first()
provider_id = None
provider_key = None
provider_data = None
if account:
provider_id = account.provider_id
provider_key = account.provider_key
provider_data = {
'keypair': account.keypair,
'default_images': account.default_images,
}
data.update(
provider = provider,
provider_id = provider_id,
provider_key = provider_key,
provider_data = provider_data
)
return data
def decorated(*args, **kwargs):
api_key = None
if 'apikey' in request.form:
api_key = request.form.get('apikey')
elif 'X-Api-Key' in request.headers.keys():
api_key = request.headers.get('X-Api-Key')
# validate
if not api_key:
data = {'error': messages.NO_API_KEY}
return generate_api_response(data, 401)
user = User.get_by_api_key(api_key=api_key)
organization = Organization.get_by_api_key(api_key=api_key)
if not user and not organization:
data = {'error': messages.INVALID_API_KEY}
return generate_api_response(data, 401)
requested_org = kwargs.get('organization','')
# check that user is active
if user:
session['user'] = user
# allow admins to see all orgs
if user.is_admin():
session['organization'] = Organization.get_by_name(requested_org)
else:
session['organization'] = Organization.get_by_uuid(user.organization)
if not user.active:
data = {'error': messages.ACCOUNT_INACTIVE}
return generate_api_response(data, 403)
if organization:
session['organization'] = organization
# check that user is authorized for the desired organization
if requested_org and requested_org != session.get('organization').name.lower():
data = {'error': messages.ACCESS_DENIED}
return generate_api_response(data, 403)
return f(*args, **kwargs)
def decorated(*args, **kwargs):
# load provider info
org = Organization.get_by_name(kwargs.get("organization"))
org_name = None
if org:
org_name = org.name
info = get_provider_info(kwargs.get("provider"), org_name, kwargs.get("account"))
session["provider_info"] = info
# check for info ; if missing return error
if not info.get("provider_id") or not info.get("provider_key"):
data = {"error": "Invalid or missing provider account information"}
return generate_api_response(data, 400)
return f(*args, **kwargs)
def login():
"""
User login
"""
form = request.form
if request.method == 'POST':
organization = Organization.get_by_name(form.get('organization').lower())
# validate
user = User.get_by_username(form.get('username'), organization.uuid)
if user:
if utils.hash_password(form.get('password')) == user.password:
login_user(user)
session['user'] = user
session['organization'] = organization
current_app.logger.info('User {0} ({1}) login from {2}'.format(user.username, organization.name, \
request.remote_addr))
return redirect(request.args.get("next") or url_for("index"))
current_app.logger.warn('Invalid login for {0} ({1}) from {2}'.format(form.get('username'), organization.name, \
request.remote_addr))
flash(messages.INVALID_USERNAME_OR_PASSWORD, 'error')
ctx = {
}
return render_template('accounts/login.html', **ctx)
