Пример #1
0
def deleteUser(dbSession, user, requester):
    try:
        user = User.getByNameOrID(user)
        if user.id == requester['userid']:
            raise HTTPRequestError(400, "a user can't remove himself")
        dbSession.execute(
            UserPermission.__table__.delete(UserPermission.user_id == user.id)
        )
        dbSession.execute(
            UserGroup.__table__.delete(UserGroup.user_id == user.id)
        )
        cache.deleteKey(userid=user.id)

        # The user is not hardDeleted.
        # it should be copied to inactiveUser table
        inactiveTables.PasswdInactive.createInactiveFromUser(dbSession,
                                                             user,)
        inactiveTables.UserInactive.createInactiveFromUser(dbSession,
                                                           user,
                                                           requester['userid'])
        passwd.expirePasswordResetRequests(dbSession, user.id)
        dbSession.delete(user)
        log().info('user ' + user.username + ' deleted by '
                   + requester['username'],
                   user.safeDict())
    except sqlalchemy.orm.exc.NoResultFound:
        raise HTTPRequestError(404, "No user found with this ID")
Пример #2
0
def passwd_reset_request(username):
    if conf.emailHost == 'NOEMAIL':
        return format_response(501, "Feature not configured")
    try:
        pwdc.create_password_reset_request(db.session, username)
        db.session.commit()
    except HTTPRequestError as err:
        return format_response(err.errorCode, err.message)
    else:
        return format_response(200)
Пример #3
0
def update_password():
    try:
        user_id = auth.user_id_from_jwt(request.headers.get('Authorization'))
        update_data = load_json_from_request(request)
        pwdc.update_endpoint(db.session, user_id, update_data)
        db.session.commit()
    except HTTPRequestError as err:
        return format_response(err.errorCode, err.message)
    else:
        return format_response(200)
Пример #4
0
def updatePasswd():
    try:
        userId = auth.userIdFromJWT(request.headers.get('Authorization'))
        updateData = loadJsonFromRequest(request)
        pwdc.updateEndpoint(db.session, userId, updateData)
        db.session.commit()
    except HTTPRequestError as err:
        return formatResponse(err.errorCode, err.message)
    else:
        return formatResponse(200)
Пример #5
0
def delete_user(db_session, username: str, requester):
    """
    Deletes an user from the system
    :param db_session: The postgres session to be used
    :param username: String The user to be removed
    :param requester: Who is creating this user. This is a dictionary with two keys:
                      "userid" and "username"
    :return: The removed user
    :raises HTTPRequestError: If the user tries to remove itself.
    :raises HTTPRequestError: Can't delete the admin user.
    :raises HTTPRequestError: If the user is not in the database.
    """
    try:
        user = User.get_by_name_or_id(username)
        if user.id == requester['userid']:
            raise HTTPRequestError(400, "a user can't remove himself")
        elif user.username == 'admin':
            raise HTTPRequestError(405, "Can't delete the admin user")

        db_session.execute(
            UserPermission.__table__.delete(UserPermission.user_id == user.id))
        db_session.execute(
            UserGroup.__table__.delete(UserGroup.user_id == user.id))
        cache.delete_key(userid=user.id)

        # The user is not hardDeleted.
        # it should be copied to inactiveUser table
        inactiveTables.PasswdInactive.createInactiveFromUser(
            db_session,
            user,
        )
        inactiveTables.UserInactive.createInactiveFromUser(
            db_session, user, requester['userid'])
        password.expire_password_reset_requests(db_session, user.id)
        db_session.delete(user)
        LOGGER.info(f"user {user.username} deleted by {requester['username']}")
        LOGGER.info(user.safe_dict())

        kongUtils.remove_from_kong(user.username)
        MVUserPermission.refresh()
        MVGroupPermission.refresh()
        db_session.commit()

        if count_tenant_users(db_session, user.service) == 0:
            LOGGER.info(
                f"will emit tenant lifecycle event {user.service} - DELETE")
            Publisher.send_notification({
                "type": 'DELETE',
                'tenant': user.service
            })

        return user
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No user found with this ID")
Пример #6
0
def createUser(dbSession, user, requester):
    # drop invalid fields
    user = {k: user[k] for k in user if k in User.fillable}
    checkUser(user)

    anotherUser = dbSession.query(User.id) \
                           .filter_by(username=user['username']).one_or_none()
    if anotherUser:
        raise HTTPRequestError(400, "username '"
                               + user['username']
                               + "' is in use.")

    anotherUser = dbSession.query(User.id) \
                           .filter_by(email=user['email']).one_or_none()
    if anotherUser:
        raise HTTPRequestError(400, "Email '" + user['email'] + "' is in use.")

    if conf.emailHost == 'NOEMAIL':
        user['salt'], user['hash'] = passwd.createPwd(conf.temporaryPassword)

    user['created_by'] = requester['userid']
    newUser = User(**user)
    log().info('user ' + user['username'] + ' created by '
               + requester['username'],
               newUser.safeDict())
    return newUser
Пример #7
0
def create_user():
    try:
        requester = auth.get_jwt_payload(request.headers.get('Authorization'))
        auth_data = load_json_from_request(request)

        # Create user
        new_user = crud.create_user(db.session, auth_data, requester)

        # If no problems occur to create user (no exceptions), configure kong
        kong_data = kong.configure_kong(new_user.username)
        if kong_data is None:
            return format_response(
                500, 'failed to configure verification subsystem')
        new_user.secret = kong_data['secret']
        new_user.key = kong_data['key']
        new_user.kongId = kong_data['kongid']

        db.session.add(new_user)
        db.session.commit()
        group_success = []
        group_failed = []
        if 'profile' in auth_data.keys():
            group_success, group_failed = rship. \
                add_user_many_groups(db.session, new_user.id,
                                     auth_data['profile'], requester)
        db.session.commit()
        if conf.emailHost != 'NOEMAIL':
            pwdc.create_password_set_request(db.session, new_user)
            db.session.commit()

        if crud.count_tenant_users(db.session, new_user.service) == 1:
            log().info("will emit tenant lifecycle event {} - CREATE".format(
                new_user.service))
            send_notification({"type": 'CREATE', 'tenant': new_user.service})

        return make_response(
            json.dumps(
                {
                    "user": new_user.safeDict(),
                    "groups": group_success,
                    "could not add": group_failed,
                    "message": "user created"
                },
                default=json_serial), 200)
    except HTTPRequestError as err:
        return format_response(err.errorCode, err.message)
Пример #8
0
def createUser():
    try:
        requester = auth.getJwtPayload(request.headers.get('Authorization'))
        authData = loadJsonFromRequest(request)

        # Create user
        newUser = crud.createUser(db.session, authData, requester)

        # If no problems occur to create user (no exceptions), configure kong
        kongData = kong.configureKong(newUser.username)
        if kongData is None:
            return formatResponse(500,
                                  'failed to configure verification subsystem')
        newUser.secret = kongData['secret']
        newUser.key = kongData['key']
        newUser.kongId = kongData['kongid']

        db.session.add(newUser)
        db.session.commit()
        groupSuccess = []
        groupFailed = []
        if 'profile' in authData.keys():
            groupSuccess, groupFailed = rship. \
                addUserManyGroups(db.session, newUser.id,
                                  authData['profile'], requester)
        db.session.commit()
        if conf.emailHost != 'NOEMAIL':
            pwdc.createPasswordSetRequest(db.session, newUser)
            db.session.commit()
        return make_response(json.dumps({
                                        "user": newUser.safeDict(),
                                        "groups": groupSuccess,
                                        "could not add": groupFailed,
                                        "message": "user created"
                                        }), 200)
    except HTTPRequestError as err:
        return formatResponse(err.errorCode, err.message)
Пример #9
0
def password_reset():
    try:
        link = request.args.get('link')
        reset_data = load_json_from_request(request)
        updating_user = pwdc.reset_password(db.session, link, reset_data)

        # password updated. Should reconfigure kong and Invalidate
        # all previous logins
        kong_data = kong.configure_kong(updating_user.username)
        if kong_data is None:
            return format_response(500,
                                   'failed to configure verification subsystem')

        kong.revoke_kong_secret(updating_user.username, updating_user.kongId)
        updating_user.secret = kong_data['secret']
        updating_user.key = kong_data['key']
        updating_user.kongid = kong_data['kongid']
        db.session.add(updating_user)
        db.session.commit()
    except HTTPRequestError as err:
        return format_response(err.errorCode, err.message)
    else:
        return format_response(200)
Пример #10
0
def create_user(db_session, user: User, requester):
    """
    Create a new user.
    :param db_session: The postgres db session to be used
    :param user: User The user to be created. This is a simple dictionary with all 'fillable' field
                 listed in Models.User class.
    :param requester: Who is creating this user. This is a dictionary with two keys:
                      "userid" and "username"
    :return: The result of creating this user.
    :raises HTTPRequestError: If username is already in use
    :raises HTTPRequestError: If e-mail is already in use
    :raises HTTPRequestError: If any problem occurs while configuring Kong
    """
    # Drop invalid fields
    user = {k: user[k] for k in user if k in User.fillable}
    LOGGER.debug("Checking user data...")
    check_user(user)
    LOGGER.debug("... user data is OK.")

    if not user.get('profile', ""):
        raise HTTPRequestError(400, "Missing profile")
    if len(user['profile']) > UserLimits.profile:
        raise HTTPRequestError(400, "Profile name too long")

    # Sanity checks
    # Check whether username and e-mail are unique.
    LOGGER.debug("Checking whether user already exist...")
    if db_session.query(
            User.id).filter_by(username=user['username']).one_or_none():
        LOGGER.warning("User already exists.")
        raise HTTPRequestError(400, f"Username {user['username']} is in use.")
    LOGGER.debug("... user doesn't exist.")

    LOGGER.debug("Checking whether user e-mail is already being used...")
    if db_session.query(User.id).filter_by(email=user['email']).one_or_none():
        LOGGER.warning("User e-mail is already being used.")
        raise HTTPRequestError(400, f"E-mail {user['email']} is in use.")

    LOGGER.debug("... user e-mail is not being used.")

    if conf.emailHost == 'NOEMAIL':
        user['salt'], user['hash'] = password.create_pwd(
            conf.temporaryPassword)

    # Last field to be filled automatically, before parsing
    user['created_by'] = requester['userid']

    # User structure is finished.
    LOGGER.debug("Creating user instance...")
    new_user = User(**user)
    LOGGER.debug("... user instance was created.")
    LOGGER.debug(
        f"User data is: {user['username']} created by {requester['username']}")

    # If no problems occur to create user (no exceptions), configure kong
    LOGGER.debug("Configuring Kong...")
    kong_data = kongUtils.configure_kong(new_user.username)
    if kong_data is None:
        LOGGER.warning("Could not configure Kong.")
        raise HTTPRequestError(500,
                               'failed to configure verification subsystem')
    LOGGER.debug("... Kong was successfully configured.")
    new_user.secret = kong_data['secret']
    new_user.key = kong_data['key']
    new_user.kongId = kong_data['kongid']

    # Add the new user to the database
    LOGGER.debug("Adding new user to database session...")
    db_session.add(new_user)
    LOGGER.debug("... new user was added to database session.")
    LOGGER.debug("Committing database changes...")
    db_session.commit()
    LOGGER.debug("... database changes were committed.")

    # Configuring groups and user profiles
    group_success = []
    group_failed = []
    LOGGER.debug("Configuring user profile...")
    if 'profile' in user.keys():
        group_success, group_failed = rship. \
            add_user_many_groups(db_session, new_user.id,
                                 user['profile'], requester)
        db_session.commit()
    LOGGER.debug("... user profile was configured.")

    LOGGER.debug("Configuring user password...")
    if conf.emailHost != 'NOEMAIL':
        try:
            pwdc.create_password_set_request(db_session, new_user)
            db_session.commit()
        except Exception as e:
            LOGGER.warning(e)
    LOGGER.debug("... user password was configured.")

    LOGGER.debug("Sending tenant creation message to other components...")
    if count_tenant_users(db_session, new_user.service) == 1:
        LOGGER.info(
            f"Will emit tenant lifecycle event {new_user.service} - CREATE")
        Publisher.send_notification({
            "type": 'CREATE',
            'tenant': new_user.service
        })

    LOGGER.debug("... tenant creation message was sent.")
    ret = {
        "user": new_user.safe_dict(),
        "groups": group_success,
        "could not add": group_failed,
        "message": "user created"
    }
    return ret
Пример #11
0
def create_user(db_session, user: User, requester):
    """
    Create a new user.
    :param db_session: The postgres db session to be used
    :param user: User The user to be created. This is a simple dictionary with all 'fillable' field
                 listed in Models.User class.
    :param requester: Who is creating this user. This is a dictionary with two keys:
                      "userid" and "username"
    :return: The result of creating this user.
    :raises HTTPRequestError: If username is already in use
    :raises HTTPRequestError: If e-mail is already in use
    :raises HTTPRequestError: If any problem occurs while configuring Kong
    """
    # Drop invalid fields
    user = {k: user[k] for k in user if k in User.fillable}
    check_user(user)

    # Sanity checks
    # Check whether username and e-mail are unique.
    if db_session.query(
            User.id).filter_by(username=user['username']).one_or_none():
        raise HTTPRequestError(400, f"Username {user['username']} is in use.")

    if db_session.query(User.id).filter_by(email=user['email']).one_or_none():
        raise HTTPRequestError(400, f"E-mail {user['email']} is in use.")

    if conf.emailHost == 'NOEMAIL':
        user['salt'], user['hash'] = password.create_pwd(
            conf.temporaryPassword)

    # Last field to be filled automatically, before parsing
    user['created_by'] = requester['userid']

    # User structure is finished.
    new_user = User(**user)
    log().info(f"User {user['username']} created by {requester['username']}")
    log().info(new_user)

    # If no problems occur to create user (no exceptions), configure kong
    kong_data = kongUtils.configure_kong(new_user.username)
    if kong_data is None:
        raise HTTPRequestError(500,
                               'failed to configure verification subsystem')
    new_user.secret = kong_data['secret']
    new_user.key = kong_data['key']
    new_user.kongId = kong_data['kongid']

    # Add the new user to the database
    db_session.add(new_user)
    db_session.commit()

    # Configuring groups and user profiles
    group_success = []
    group_failed = []
    if 'profile' in user.keys():
        group_success, group_failed = rship. \
            add_user_many_groups(db_session, new_user.id,
                                 user['profile'], requester)
        db_session.commit()
    if conf.emailHost != 'NOEMAIL':
        pwdc.create_password_set_request(db_session, new_user)
        db_session.commit()

    if count_tenant_users(db_session, new_user.service) == 1:
        log().info(
            f"Will emit tenant lifecycle event {new_user.service} - CREATE")
        send_notification({"type": 'CREATE', 'tenant': new_user.service})

    ret = {
        "user": new_user.safe_dict(),
        "groups": group_success,
        "could not add": group_failed,
        "message": "user created"
    }
    return ret