def testRaisesIfUsernameSetInRequest(self):
user = user_plugin.ApiGrrUser(username=u"foo")
with self.assertRaises(ValueError):
self.handler.Handle(user, token=access_control.ACLToken(username=u"foo"))
user = user_plugin.ApiGrrUser(username=u"bar")
with self.assertRaises(ValueError):
self.handler.Handle(user, token=access_control.ACLToken(username=u"foo"))
def testRaisesIfUsernameSetInRequest(self):
user = user_plugin.ApiGrrUser(username=u"foo")
with self.assertRaises(ValueError):
self.handler.Handle(
user, context=api_call_context.ApiCallContext(username="******"))
user = user_plugin.ApiGrrUser(username=u"bar")
with self.assertRaises(ValueError):
self.handler.Handle(
user, context=api_call_context.ApiCallContext(username=u"foo"))
def Handle(self, args, token=None):
if not args.username:
raise ValueError("username can't be empty.")
if args.HasField(
"user_type") and args.user_type != args.UserType.USER_TYPE_ADMIN:
args.user_type = args.UserType.USER_TYPE_STANDARD
# query user, to throw if a nonexistent user should be modified
data_store.REL_DB.ReadGRRUser(args.username)
if args.HasField("password"):
password = args.password
else:
password = None
if args.HasField("user_type"):
user_type = args.user_type
else:
user_type = None
data_store.REL_DB.WriteGRRUser(
username=args.username, password=password, user_type=user_type)
user = data_store.REL_DB.ReadGRRUser(args.username)
return api_user.ApiGrrUser().InitFromDatabaseObject(user)
def Handle(self, args, token=None):
if not args.username:
raise ValueError("username can't be empty.")
if args.user_type != args.UserType.USER_TYPE_ADMIN:
args.user_type = args.UserType.USER_TYPE_STANDARD
if args.email:
if config.CONFIG["Email.enable_custom_email_address"]:
email = args.email
else:
raise ValueError(
"email can't be set if the config option "
"Email.enable_custom_email_address is not enabled.")
else:
email = None
data_store.REL_DB.WriteGRRUser(
username=args.username,
password=args.password if args.HasField("password") else None,
user_type=args.user_type,
email=email,
)
user = data_store.REL_DB.ReadGRRUser(args.username)
return api_user.ApiGrrUser().InitFromDatabaseObject(user)
def Handle(self, args, token=None):
if not args.username:
raise ValueError("username can't be empty.")
user_urn = aff4.ROOT_URN.Add("users").Add(args.username)
events.Events.PublishEvent("Audit",
rdf_events.AuditEvent(user=token.username,
action="USER_ADD",
urn=user_urn),
token=token)
if aff4.FACTORY.ExistsWithType(user_urn,
aff4_type=users.GRRUser,
token=token):
raise access_control.UnauthorizedAccess(
"Cannot add user %s: User already exists." % args.username)
with aff4.FACTORY.Create(user_urn,
aff4_type=users.GRRUser,
mode="rw",
token=token) as fd:
if args.HasField("password"):
fd.SetPassword(args.password)
if args.user_type == args.UserType.USER_TYPE_ADMIN:
fd.AddLabels(["admin"], owner="GRR")
return api_user.ApiGrrUser().InitFromAff4Object(fd)
def Handle(self, args, token=None):
if not args.username:
raise ValueError("username can't be empty.")
user_urn = aff4.ROOT_URN.Add("users").Add(args.username)
events.Events.PublishEvent("Audit",
rdf_events.AuditEvent(user=token.username,
action="USER_UPDATE",
urn=user_urn),
token=token)
with aff4.FACTORY.Open(user_urn,
aff4_type=users.GRRUser,
mode="rw",
token=token) as fd:
if args.HasField("password"):
fd.SetPassword(args.password)
if args.user_type == args.UserType.USER_TYPE_ADMIN:
fd.AddLabels(["admin"], owner="GRR")
elif args.user_type == args.UserType.USER_TYPE_STANDARD:
fd.RemoveLabels(["admin"], owner="GRR")
return api_user.ApiGrrUser().InitFromAff4Object(fd)
def Handle(self, args, token=None):
total_count = data_store.REL_DB.CountGRRUsers()
db_users = data_store.REL_DB.ReadGRRUsers(offset=args.offset,
count=args.count)
items = [
api_user.ApiGrrUser().InitFromDatabaseObject(u) for u in db_users
]
return ApiListGrrUsersResult(total_count=total_count, items=items)
def _HandleRelational(self, args):
data_store.REL_DB.WriteGRRUser(
username=args.username,
password=args.password if args.HasField("password") else None,
user_type=args.user_type,
)
user = data_store.REL_DB.ReadGRRUser(args.username)
return api_user.ApiGrrUser().InitFromDatabaseObject(user)
def testSetsSettingsForUserCorrespondingToToken(self):
settings = user_plugin.GUISettings(mode="ADVANCED", canary_mode=True)
user = user_plugin.ApiGrrUser(settings=settings)
self.handler.Handle(user, token=access_control.ACLToken(username=u"foo"))
u = data_store.REL_DB.ReadGRRUser(u"foo")
self.assertEqual(settings.mode, u.ui_mode)
self.assertEqual(settings.canary_mode, u.canary_mode)
def Handle(self, args, token=None):
if not args.username:
raise ValueError("username can't be empty.")
try:
user = data_store.REL_DB.ReadGRRUser(args.username)
return api_user.ApiGrrUser().InitFromDatabaseObject(user)
except db.UnknownGRRUserError as e:
raise api_call_handler_base.ResourceNotFoundError(e)
def testSetsSettingsForUserCorrespondingToToken(self):
settings = user_plugin.GUISettings(mode="ADVANCED", canary_mode=True)
user = user_plugin.ApiGrrUser(settings=settings)
self.handler.Handle(
user, context=api_call_context.ApiCallContext(username="******"))
u = data_store.REL_DB.ReadGRRUser("foo")
self.assertEqual(settings.mode, u.ui_mode)
self.assertEqual(settings.canary_mode, u.canary_mode)
def _HandleAff4(self, args, token=None):
user_urn = aff4.ROOT_URN.Add("users").Add(args.username)
try:
fd = aff4.FACTORY.Open(user_urn,
aff4_type=users.GRRUser,
mode="r",
token=token)
return api_user.ApiGrrUser().InitFromAff4Object(fd)
except aff4.InstantiationError:
raise api_call_handler_base.ResourceNotFoundError(
"GRR user with username '%s' could not be found." %
args.username)
def Handle(self, args, token=None):
if not args.username:
raise ValueError("username can't be empty.")
if args.user_type != args.UserType.USER_TYPE_ADMIN:
args.user_type = args.UserType.USER_TYPE_STANDARD
data_store.REL_DB.WriteGRRUser(
username=args.username,
password=args.password if args.HasField("password") else None,
user_type=args.user_type,
)
user = data_store.REL_DB.ReadGRRUser(args.username)
return api_user.ApiGrrUser().InitFromDatabaseObject(user)
def testSetsSettingsForUserCorrespondingToToken(self):
settings = aff4_users.GUISettings(mode="ADVANCED", canary_mode=True)
user = user_plugin.ApiGrrUser(settings=settings)
self.handler.Handle(user, token=access_control.ACLToken(username=u"foo"))
# Check that settings for user "foo" were applied.
fd = aff4.FACTORY.Open("aff4:/users/foo", token=self.token)
self.assertEqual(fd.Get(fd.Schema.GUI_SETTINGS), settings)
# Check that settings were applied in relational db.
u = data_store.REL_DB.ReadGRRUser(u"foo")
self.assertEqual(settings.mode, u.ui_mode)
self.assertEqual(settings.canary_mode, u.canary_mode)
def Handle(self, args, token=None):
users_root = aff4.FACTORY.Open(aff4.ROOT_URN.Add("users"), token=token)
usernames = sorted(users_root.ListChildren())
total_count = len(usernames)
if args.count:
usernames = usernames[args.offset:args.offset + args.count]
else:
usernames = usernames[args.offset:]
items = []
for aff4_obj in aff4.FACTORY.MultiOpen(usernames,
aff4_type=users.GRRUser,
token=token):
items.append(api_user.ApiGrrUser().InitFromAff4Object(aff4_obj))
return ApiListGrrUsersResult(total_count=total_count, items=items)
def _HandleRelational(self, args):
# query user, to throw if a nonexistent user should be modified
data_store.REL_DB.ReadGRRUser(args.username)
if args.HasField("password"):
password = args.password
else:
password = None
if args.HasField("user_type"):
user_type = args.user_type
else:
user_type = None
data_store.REL_DB.WriteGRRUser(username=args.username,
password=password,
user_type=user_type)
user = data_store.REL_DB.ReadGRRUser(args.username)
return api_user.ApiGrrUser().InitFromDatabaseObject(user)
def Handle(self, args, token=None):
if not args.username:
raise ValueError("username can't be empty.")
if args.HasField("user_type"
) and args.user_type != args.UserType.USER_TYPE_ADMIN:
args.user_type = args.UserType.USER_TYPE_STANDARD
# query user, to throw if a nonexistent user should be modified
data_store.REL_DB.ReadGRRUser(args.username)
if args.HasField("password"):
password = args.password
else:
password = None
if args.HasField("user_type"):
user_type = args.user_type
else:
user_type = None
if args.HasField("email"):
if config.CONFIG["Email.enable_custom_email_address"]:
email = args.email
else:
raise ValueError(
"email can't be set if the config option "
"Email.enable_custom_email_address is not enabled.")
else:
email = None
data_store.REL_DB.WriteGRRUser(username=args.username,
password=password,
user_type=user_type,
email=email)
user = data_store.REL_DB.ReadGRRUser(args.username)
return api_user.ApiGrrUser().InitFromDatabaseObject(user)
def testRaisesIfTraitsSetInRequest(self):
user = user_plugin.ApiGrrUser(
interface_traits=user_plugin.ApiGrrUserInterfaceTraits())
with self.assertRaises(ValueError):
self.handler.Handle(user,
token=access_control.ACLToken(username=u"foo"))
def testRaisesIfTraitsSetInRequest(self):
user = user_plugin.ApiGrrUser(
interface_traits=user_plugin.ApiGrrUserInterfaceTraits())
with self.assertRaises(ValueError):
self.handler.Handle(
user, context=api_call_context.ApiCallContext(username=u"foo"))
def _HandleRelational(self, args):
try:
user = data_store.REL_DB.ReadGRRUser(args.username)
return api_user.ApiGrrUser().InitFromDatabaseObject(user)
except db.UnknownGRRUserError as e:
raise api_call_handler_base.ResourceNotFoundError(e)
