def makeDBPublicReadOnly(server, dbname):
import couch_utils, os
from services.service_template import getCouchAppPath
dba_url = nodeSetup['couchDBUrlDBA']
db = server[dbname]
# Add doc change handler
couch_utils.pushCouchApp(os.path.join(getCouchAppPath(),"resource_data","apps","restrict-writers"), "%s/%s" % (dba_url, dbname))
# Add security object
_, _, exist_sec_obj = db.resource.get_json('_security')
sec_obj = {
"admins": {
"names": [],
"roles": []
},
"readers": {
"names": [],
"roles": []
}
}
sec_obj.update(exist_sec_obj)
parts = urlparse.urlsplit(dba_url)
if (hasattr(parts,'username') and parts.username is not None
and parts.username not in sec_obj["admins"]["roles"]):
sec_obj["admins"]["names"].append(parts.username)
db = server[dbname]
_, _, result = db.resource.put_json('_security', sec_obj)
print json.dumps(result)
def makeDBPublicReadOnly(server, dbname):
import couch_utils, os
from services.service_template import getCouchAppPath
dba_url = nodeSetup['couchDBUrlDBA']
db = server[dbname]
# Add doc change handler
couch_utils.pushCouchApp(
os.path.join(getCouchAppPath(), "resource_data", "apps",
"restrict-writers"), "%s/%s" % (dba_url, dbname))
# Add security object
_, _, exist_sec_obj = db.resource.get_json('_security')
sec_obj = {
"admins": {
"names": [],
"roles": []
},
"readers": {
"names": [],
"roles": []
}
}
sec_obj.update(exist_sec_obj)
parts = urlparse.urlsplit(dba_url)
if (hasattr(parts, 'username') and parts.username is not None
and parts.username not in sec_obj["admins"]["roles"]):
sec_obj["admins"]["names"].append(parts.username)
db = server[dbname]
_, _, result = db.resource.put_json('_security', sec_obj)
print json.dumps(result)
def setNodeSigning(server, config, setupInfo):
if "oauth" in setupInfo and setupInfo["oauth"]:
from services.service_template import getCouchAppPath
import oauth2 as oauth, time
gpgbin = getInput("Path to GnuPG executable", "gpg")
setupInfo["lr.publish.signing.gpgbin"] = gpgbin
config.set("app:main","lr.publish.signing.gpgbin",gpgbin)
gnupghome = getInput("Path to GnuPG Home", getDefaultGnuPGHome())
setupInfo["lr.publish.signing.gnupghome"] = gnupghome
config.set("app:main","lr.publish.signing.gnupghome",gnupghome)
gpg = getGPG(gpgbin, gnupghome)
privateKeyId = getInput("Private Key Id for Signing", "", checkKey(gpg)).strip()
setupInfo["lr.publish.signing.privatekeyid"] = privateKeyId
config.set("app:main","lr.publish.signing.privatekeyid",privateKeyId)
publickeylocations = [ "%s/pubkey" % setupInfo['nodeUrl']]
setupInfo["lr.publish.signing.publickeylocations"] = json.dumps(publickeylocations)
config.set("app:main","lr.publish.signing.publickeylocations",json.dumps(publickeylocations))
signer = getInput("Signer for Resource Data Identity", getDefaultSigner(gpg, privateKeyId))
setupInfo["lr.publish.signing.signer"] = signer
config.set("app:main","lr.publish.signing.signer",signer)
passphrase = getInput("Passphrase for Signing with Private Key [typing is concealed]", "", checkPassphrase(gpg, privateKeyId), hide_input=True)
setupInfo["lr.publish.signing.passphrase"] = passphrase
config.set("app:main","lr.publish.signing.passphrase",passphrase)
server.resource("_config","couch_httpd_oauth").put('use_users_db', '"true"')
server.resource("_config","httpd").put('WWW-Authenticate', '"OAuth"')
server.resource("_config","browserid").put('enabled', '"true"')
apps = config.get("app:main", "couchdb.db.apps", "apps")
try:
server.create(apps)
except:
pass
oauthCouchApp = os.path.join(getCouchAppPath(),apps,"kanso","oauth-key-management.json")
with open(oauthCouchApp) as f:
ddoc = json.load(f)
try:
del server[apps]["_design/%s"%ddoc['kanso']['config']['name']]
except:
pass
ddoc["_id"] = "_design/%s"%ddoc['kanso']['config']['name']
server[apps].save(ddoc)
setupInfo["oauth.app.name"] = ddoc['kanso']['config']['name']
setupInfo["lr.oauth.signup"] = "{0}/apps/{1}".format(setupInfo["nodeUrl"],ddoc['kanso']['config']['name'])
config.set("app:main","lr.oauth.signup",setupInfo["lr.oauth.signup"])
## TODO: Need to make an initial OAuth call to get the oauth view installed.
users = config.get("app:main", "couchdb.db.users", "_users")
couch_url = config.get("app:main", "couchdb.url", "http://localhost:5984")
dummy_user = {
"_id": "org.couchdb.user:tempuser",
"name": "tempuser",
"type": "user",
"roles": [],
"oauth": {
"consumer_keys":
{
"localhost": "walt_2.0"
},
"tokens":
{
"temptoken": "learningregistry"
}
}
}
server[users].save(dummy_user)
# Create your consumer with the proper key/secret.
consumer = oauth.Consumer(key="localhost",
secret=dummy_user["oauth"]["consumer_keys"]["localhost"])
token = oauth.Token(key="temptoken",
secret=dummy_user["oauth"]["tokens"]["temptoken"])
# Create our client.
client = oauth.Client(consumer, token=token)
client.disable_ssl_certificate_validation=True
params = {
'oauth_version': "1.0",
'oauth_nonce': oauth.generate_nonce(),
'oauth_timestamp': int(time.time())
}
resp, content = client.request("{0}/_session".format(couch_url), "GET", headers={"Content-Type": "application/json"})
del server[users][dummy_user["_id"]]
return True
return False
def setNodeSigning(server, config, setupInfo):
if "oauth" in setupInfo and setupInfo["oauth"]:
from services.service_template import getCouchAppPath
import oauth2 as oauth, time
gpgbin = getInput("Path to GnuPG executable", "gpg")
setupInfo["lr.publish.signing.gpgbin"] = gpgbin
config.set("app:main", "lr.publish.signing.gpgbin", gpgbin)
gnupghome = getInput("Path to GnuPG Home", getDefaultGnuPGHome())
setupInfo["lr.publish.signing.gnupghome"] = gnupghome
config.set("app:main", "lr.publish.signing.gnupghome", gnupghome)
gpg = getGPG(gpgbin, gnupghome)
privateKeyId = getInput("Private Key Id for Signing", "",
checkKey(gpg)).strip()
setupInfo["lr.publish.signing.privatekeyid"] = privateKeyId
config.set("app:main", "lr.publish.signing.privatekeyid", privateKeyId)
publickeylocations = ["%s/pubkey" % setupInfo['nodeUrl']]
setupInfo["lr.publish.signing.publickeylocations"] = json.dumps(
publickeylocations)
config.set("app:main", "lr.publish.signing.publickeylocations",
json.dumps(publickeylocations))
signer = getInput("Signer for Resource Data Identity",
getDefaultSigner(gpg, privateKeyId))
setupInfo["lr.publish.signing.signer"] = signer
config.set("app:main", "lr.publish.signing.signer", signer)
show_pass = not setupInfo["show_pass"]
passphrase = getInput(
"Passphrase for Signing with Private Key [typing is concealed]",
"",
checkPassphrase(gpg, privateKeyId),
hide_input=show_pass)
setupInfo["lr.publish.signing.passphrase"] = passphrase
config.set("app:main", "lr.publish.signing.passphrase", passphrase)
server.resource("_config",
"couch_httpd_oauth").put('use_users_db', '"true"')
server.resource("_config", "httpd").put('WWW-Authenticate', '"OAuth"')
server.resource("_config", "browserid").put('enabled', '"true"')
apps = config.get("app:main", "couchdb.db.apps", "apps")
try:
server.create(apps)
except:
pass
oauthCouchApp = os.path.join(getCouchAppPath(), apps, "kanso",
"oauth-key-management.json")
with open(oauthCouchApp) as f:
ddoc = json.load(f)
try:
del server[apps]["_design/%s" %
ddoc['kanso']['config']['name']]
except:
pass
ddoc["_id"] = "_design/%s" % ddoc['kanso']['config']['name']
server[apps].save(ddoc)
setupInfo["oauth.app.name"] = ddoc['kanso']['config']['name']
setupInfo["lr.oauth.signup"] = "{0}/apps/{1}".format(
setupInfo["nodeUrl"], ddoc['kanso']['config']['name'])
config.set("app:main", "lr.oauth.signup",
setupInfo["lr.oauth.signup"])
## TODO: Need to make an initial OAuth call to get the oauth view installed.
users = config.get("app:main", "couchdb.db.users", "_users")
couch_url = config.get("app:main", "couchdb.url",
"http://localhost:5984")
dummy_user = {
"_id": "org.couchdb.user:tempuser",
"name": "tempuser",
"type": "user",
"roles": [],
"oauth": {
"consumer_keys": {
"localhost": "walt_2.0"
},
"tokens": {
"temptoken": "learningregistry"
}
}
}
server[users].save(dummy_user)
# Create your consumer with the proper key/secret.
consumer = oauth.Consumer(
key="localhost",
secret=dummy_user["oauth"]["consumer_keys"]["localhost"])
token = oauth.Token(key="temptoken",
secret=dummy_user["oauth"]["tokens"]["temptoken"])
# Create our client.
client = oauth.Client(consumer, token=token)
client.disable_ssl_certificate_validation = True
params = {
'oauth_version': "1.0",
'oauth_nonce': oauth.generate_nonce(),
'oauth_timestamp': int(time.time())
}
resp, content = client.request(
"{0}/_session".format(couch_url),
"GET",
headers={"Content-Type": "application/json"})
del server[users][dummy_user["_id"]]
return True
return False
