def verify_password(username_or_token, password):
if _config and _config.auth.secret_key and username_or_token == DEFAULT_USERNAME:
return False
user = User.verify_auth_token(username_or_token)
if not user:
# try to authenticate with username/password
user = User.find_user_by_name(username_or_token)
if not user or not user.verify_password(password):
return False
g.user = user
return True
def _init_default_user():
if not User.find_user_by_name(DEFAULT_USERNAME):
message = register_user(DEFAULT_USERNAME, DEFAULT_PASSWORD)
if message:
raise Exception(message)
logging.info('Created default user `{}`'.format(DEFAULT_USERNAME))
else:
logging.info(
'Default user `{}` already exists'.format(DEFAULT_USERNAME))
def run_set_activation(username, value):
user = User.find_user_by_name(username)
if not user:
raise ValueError("Username `{}` not found".format(username))
user.active = value
user.save()
print('User`s `{}` active state changed to {}'.format(username, value))
def run_create_user(email, username, password):
if not username:
raise ValueError('Username must be specified')
password = password or ''
user = User()
user.username = username
user.email = email
user.hash_password(password)
user.save()
print('User `{}` created'.format(username))
return user
def create_demo_user():
if not DemoUserManager.demo_config.enabled:
return None
user = User()
user.username = '******'.format(DemoUserManager._id_generator())
user.hash_password(DemoUserManager._id_generator(size=8))
user.save()
return user
def post_user():
data = json.loads(request.data)
app.logger.warn(data)
action = data.get('action', '')
old_password = data.get('old_password', '')
new_password = data.get('new_password', '')
if action == UserPostAction.MODIFY:
posted_user = User.from_dict(data['user'])
existing_user = UserCollectionManager.find_user_by_name(
posted_user.username)
if not existing_user:
return make_fail_response('User not found'), 404
if g.user.username != posted_user.username and IAMPolicies.IS_ADMIN not in g.user.policies:
return make_fail_response(
'You don`t have permission to modify this user'), 401
if set(posted_user.policies) != set(existing_user.policies):
if IAMPolicies.IS_ADMIN not in g.user.policies:
return make_fail_response(
'You don`t have permission to modify policies'), 401
existing_user.policies = posted_user.policies
if new_password:
if not existing_user.verify_password(old_password):
return make_fail_response('Incorrect password'), 401
existing_user.hash_password(new_password)
existing_user.settings = posted_user.settings
existing_user.save()
if g.user.username == posted_user.username:
g.user = posted_user
is_admin = IAMPolicies.IS_ADMIN in g.user.policies
user_obj = existing_user.to_dict()
user_obj['_is_admin'] = is_admin
user_obj[
'_readonly'] = existing_user._id != g.user._id and not is_admin
del user_obj['password_hash']
return make_success_response({
'user': user_obj,
})
else:
raise Exception('Unknown action: `{}`'.format(action))
raise NotImplementedError("Nothing is to return")
def register_user(username, password, email):
"""Register a new user.
Args:
username (str): Username
password (str): Pasword
email (str): Email
Return:
(User): New user DB Object
"""
if not username:
raise RegisterUserException(
'Missing username',
error_code=RegisterUserExceptionCode.EMPTY_USERNAME)
if username != DEFAULT_USERNAME and not password:
raise RegisterUserException(
'Missing password',
error_code=RegisterUserExceptionCode.EMPTY_PASSWORD)
if UserCollectionManager.find_user_by_name(username):
raise RegisterUserException(
'Username is taken',
error_code=RegisterUserExceptionCode.USERNAME_ALREADY_EXISTS)
if username != DEFAULT_USERNAME and not re.match(
r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", email):
raise RegisterUserException(
'Invalid email: `{}`'.format(email),
error_code=RegisterUserExceptionCode.INVALID_EMAIL)
if username != DEFAULT_USERNAME and UserCollectionManager.find_user_by_email(
email):
raise RegisterUserException(
'Email already exists',
error_code=RegisterUserExceptionCode.EMAIL_ALREADY_EXISTS)
if len(username) < 6 or len(username) > 22:
raise RegisterUserException(
'Lenght of the username must be between 6 and 22',
error_code=RegisterUserExceptionCode.INVALID_LENGTH_OF_USERNAME)
user = User()
user.username = username
user.email = email
user.hash_password(password)
user.save()
return user
def register_user(username, password):
"""Register a new user.
Args:
username (str): Username
password (str): Pasword
Return:
(str): None if success, or error message if failed
"""
if username is None or password is None:
return 'Missing username or password'
if User.find_user_by_name(username):
return 'User with name `{}` already exists'.format(username)
user = User()
user.username = username
user.hash_password(password)
user.save()
return None
def run_list_users():
for user_dict in User.find_users():
user = User.from_dict(user_dict)
print(','.join(map(str, [user._id, user.username])))