def _internal_db_authenticate(self, user: typing.Optional[User],
email: str, password: str) -> User:
"""
Authenticate with internal db, return authenticated user
or raise Exception like WrongAuthTypeForUser, UserDoesNotExist,
WrongUserPassword or UserAuthenticatedIsNotActive
:param user: user to check, can be none if user not found, will raise
UserDoesNotExist exception if none
:param password: cleartext password of the user
:param ldap_connector: ldap connector, enable ldap auth if provided
"""
auth_type = AuthType.INTERNAL
if not user:
raise UserDoesNotExist(
'User {} not found in database'.format(email)) # nopep8
if user.auth_type not in [auth_type, AuthType.UNKNOWN]:
raise WrongAuthTypeForUser(
'User "{}" auth_type is {} not {}'.format(
email, user.auth_type.value, auth_type.value))
if not user.validate_password(password):
raise WrongUserPassword(
'User "{}" password is incorrect'.format(email)) # nopep8
if user.is_deleted:
raise UserDoesNotExist('This user has been deleted') # nopep8
if not user.is_active:
raise UserAuthenticatedIsNotActive(
'This user is not activated') # nopep8
if user.auth_type == AuthType.UNKNOWN:
user.auth_type = auth_type
return user
def get_one_by_email(self, email: typing.Optional[str]) -> User:
"""
Get one user by email
:param email: Email of the user
:return: one user
"""
if not email:
raise UserDoesNotExist("User not found : no email provided")
try:
user = self._base_query().filter(User.email == email.lower()).one()
except NoResultFound as exc:
raise UserDoesNotExist(
'User "{}" not found in database'.format(email)) from exc
return user
def find(self,
user_id: int = None,
email: str = None,
public_name: str = None) -> typing.Tuple[TypeUser, User]:
"""
Find existing user from all theses params.
Check is made in this order: user_id, email, public_name
If no user found raise UserDoesNotExist exception
"""
user = None
if user_id:
try:
user = self.get_one(user_id)
return TypeUser.USER_ID, user
except UserDoesNotExist:
pass
if email:
try:
user = self.get_one_by_email(email)
return TypeUser.EMAIL, user
except UserDoesNotExist:
pass
if public_name:
try:
user = self.get_one_by_public_name(public_name)
return TypeUser.PUBLIC_NAME, user
except UserDoesNotExist:
pass
raise UserDoesNotExist('User not found with any of given params.')
def get_current_user(self) -> User:
"""
Get current_user
"""
if not self._user:
raise UserDoesNotExist('There is no current user')
return self._user
def get_one_by_token(self, token: str) -> User:
try:
user = self._base_query().filter(User.auth_token == token).one()
except NoResultFound as exc:
raise UserDoesNotExist(
"User with given token not found in database") from exc
return user
def _get_candidate_user(
self,
request: 'TracimRequest',
) -> User:
"""
Get candidate user
:param request: pyramid request
:return: user found from header/body
"""
app_config = request.registry.settings['CFG']
uapi = UserApi(None, show_deleted=True, session=request.dbsession, config=app_config)
login = ''
try:
login = None
if 'user_id' in request.matchdict:
user_id_str = request.matchdict['user_id']
if not isinstance(user_id_str, str) or not user_id_str.isdecimal():
raise InvalidUserId('user_id is not a correct integer') # nopep8
login = int(request.matchdict['user_id'])
if not login:
raise UserNotFoundInTracimRequest('You request a candidate user but the context not permit to found one') # nopep8
user = uapi.get_one(login)
except UserNotFoundInTracimRequest as exc:
raise UserDoesNotExist('User {} not found'.format(login)) from exc
return user
def get_one(self, user_id: int) -> User:
"""
Get one user by user id
"""
try:
user = self._base_query().filter(User.user_id == user_id).one()
except NoResultFound as exc:
raise UserDoesNotExist('User "{}" not found in database'.format(
user_id)) from exc # nopep8
return user
def get_one_by_public_name(self, public_name: str) -> User:
"""
Get one user by public_name
"""
try:
user = self._base_query().filter(
User.display_name == public_name).one()
except NoResultFound as exc:
raise UserDoesNotExist('User "{}" not found in database'.format(
public_name)) from exc # nopep8
return user
def get_one_by_email(self, email: str) -> User:
"""
Get one user by email
:param email: Email of the user
:return: one user
"""
try:
user = self._base_query().filter(User.email == email).one()
except NoResultFound as exc:
raise UserDoesNotExist('User "{}" not found in database'.format(
email)) from exc # nopep8
return user
def get_one_by_username(self, username: str) -> User:
"""
Get one user by username
:param username: username of the user
:return: one user
"""
try:
user = self._base_query().filter(User.username == username).one()
except NoResultFound as exc:
raise UserDoesNotExist(
'User for username "{}" not found in database'.format(
username)) from exc
return user
def _remote_user_authenticate(self, user: typing.Optional[User],
login: str) -> User:
"""
Authenticate with remote_auth, return authenticated user
or raise Exception like WrongAuthTypeForUser,
UserDoesNotExist or UserAuthenticatedIsNotActive
:param user: user to check, can be none if user not found, will try
to create new user if none
:param login: email of the user
"""
auth_type = AuthType.REMOTE
# INFO - G.M - 2018-12-12 - Do not authenticate user with auth_type
# different from REMOTE
if user and user.auth_type not in [auth_type, AuthType.UNKNOWN]:
raise WrongAuthTypeForUser(
'User "{}" auth_type is {} not {}'.format(
login, user.auth_type.value, auth_type.value))
# INFO - G.M - 2018-12-12 - Create new user
if not user:
profile = None
use_email = False
if "@" in login:
use_email = True
user = self.create_user(
email=login if use_email else None,
username=login if not use_email else None,
profile=profile,
auth_type=AuthType.REMOTE,
do_save=True,
do_notify=False,
)
self.execute_created_user_actions(user)
transaction.commit()
# INFO - G.M - 2018-12-02 - get new created user
user = self.get_one_by_login(login)
if user.is_deleted:
raise UserDoesNotExist("This user has been deleted")
if not user.is_active:
raise UserAuthenticatedIsNotActive("This user is not activated")
if user.auth_type == AuthType.UNKNOWN:
user.auth_type = auth_type
return user
def _remote_user_authenticate(
self,
user: User,
email: str,
) -> User:
"""
Authenticate with remote_auth, return authenticated user
or raise Exception like WrongAuthTypeForUser,
UserDoesNotExist or UserAuthenticatedIsNotActive
:param user: user to check, can be none if user not found, will try
to create new user if none
:param email: email of the user
"""
auth_type = AuthType.REMOTE
# INFO - G.M - 2018-12-12 - Do not authenticate user with auth_type
# different from REMOTE
if user and user.auth_type not in [auth_type, AuthType.UNKNOWN]:
raise WrongAuthTypeForUser(
'User "{}" auth_type is {} not {}'.format(
email, user.auth_type.value, auth_type.value))
# INFO - G.M - 2018-12-12 - Create new user
if not user:
groups = None
self.create_user(email=email,
groups=groups,
auth_type=AuthType.REMOTE,
do_save=True,
do_notify=False)
transaction.commit()
# INFO - G.M - 2018-12-02 - get new created user
user = self.get_one_by_email(email)
if user.is_deleted:
raise UserDoesNotExist('This user has been deleted') # nopep8
if not user.is_active:
raise UserAuthenticatedIsNotActive(
'This user is not activated') # nopep8
if user.auth_type == AuthType.UNKNOWN:
user.auth_type = auth_type
return user
def _ldap_authenticate(self, user: typing.Optional[User], email: str,
password: str, ldap_connector: 'Connector') -> User:
"""
Authenticate with ldap, return authenticated user or raise Exception
like WrongAuthTypeForUser, WrongLDAPCredentials, UserDoesNotExist
or UserAuthenticatedIsNotActive
:param user: user to check,, can be none if user not found, will try
to create new user if none but ldap auth succeed
:param email: email of the user
:param password: cleartext password of the user
:param ldap_connector: ldap connector, enable ldap auth if provided
"""
auth_type = AuthType.LDAP
# INFO - G.M - 2018-11-22 - Do not authenticate user with auth_type
# different from LDAP
if user and user.auth_type not in [auth_type, AuthType.UNKNOWN]:
raise WrongAuthTypeForUser(
'User "{}" auth_type is {} not {}'.format(
email, user.auth_type.value, auth_type.value))
# INFO - G.M - 2018-11-22 - LDAP Auth
data = ldap_connector.authenticate(email, password)
if not data:
raise WrongLDAPCredentials('LDAP credentials are not correct')
ldap_data = data[1]
# INFO - G.M - 2018-11-22 - Create new user
if not user:
groups = None
# TODO - G.M - 2018-12-05 - [ldap_profile]
# support for profile attribute disabled
# Should be reenabled later probably with a better code
# if self._config.LDAP_PROFILE_ATTR:
# ldap_profile = ldap_data[self._config.LDAP_PROFILE_ATTR][0]
# try:
# gapi = GroupApi(
# current_user=self._user, # User
# session=self._session,
# config=self._config,
# )
# groups = [gapi.get_one_with_name(ldap_profile)] # nopep8
# except GroupDoesNotExist:
# logger.warning(self,
# 'Profile {} does not exist, create ldap user'
# 'with default profile.'.format(
# ldap_profile
# )
# )
name = None
if self._config.LDAP_NAME_ATTR:
name = ldap_data[self._config.LDAP_NAME_ATTR][0]
# INFO - G.M - 2018-11-08 - Create new user from ldap credentials
self.create_user(email=email,
name=name,
groups=groups,
auth_type=AuthType.LDAP,
do_save=True,
do_notify=False)
transaction.commit()
# INFO - G.M - 2018-11-08 - get new created user
user = self.get_one_by_email(email)
if user.is_deleted:
raise UserDoesNotExist('This user has been deleted') # nopep8
if not user.is_active:
raise UserAuthenticatedIsNotActive(
'This user is not activated') # nopep8
if user.auth_type == AuthType.UNKNOWN:
user.auth_type = auth_type
return user
def _ldap_authenticate(
self,
user: typing.Optional[User],
login: str,
password: str,
ldap_connector: "Connector",
) -> User:
"""
Authenticate with ldap, return authenticated user or raise Exception
like WrongAuthTypeForUser, WrongLDAPCredentials, UserDoesNotExist
or UserAuthenticatedIsNotActive
:param user: user to check,, can be none if user not found, will try
to create new user if none but ldap auth succeed
:param login: login of the user
:param password: cleartext password of the user
:param ldap_connector: ldap connector, enable ldap auth if provided
"""
auth_type = AuthType.LDAP
# INFO - G.M - 2018-11-22 - Do no_t authenticate user with auth_type
# different from LDAP
if user and user.auth_type not in [auth_type, AuthType.UNKNOWN]:
raise WrongAuthTypeForUser(
'User "{}" auth_type is {} not {}'.format(
login, user.auth_type.value, auth_type.value))
# INFO - G.M - 2018-11-22 - LDAP Auth
data = ldap_connector.authenticate(login, password)
if not data:
raise WrongLDAPCredentials("LDAP credentials are not correct")
ldap_data = data[1]
# INFO - G.M - 2018-11-22 - Create new user
if not user:
profile = None
# TODO - G.M - 2018-12-05 - [ldap_profile]
# support for profile attribute disabled
# Should be reenabled later probably with a better code
# if self._config.LDAP_PROFILE_ATTR:
# ldap_profile = ldap_data[self._config.LDAP_PROFILE_ATTR][0]
# try:
# profile = Profile.get_one_by_slug(ldap_profile)
# except ProfileDoesNotExist:
# logger.warning(self,
# 'Profile {} does not exist, create ldap user'
# 'with default profile.'.format(
# ldap_profile
# )
# )
name = None
if self._config.LDAP_NAME_ATTRIBUTE:
name = ldap_data[self._config.LDAP_NAME_ATTRIBUTE][0]
# INFO - G.M - 2018-11-08 - Create new user from ldap credentials
use_email = False
if "@" in login:
use_email = True
user = self.create_user(
email=login if use_email else None,
username=login if not use_email else None,
name=name,
profile=profile,
auth_type=AuthType.LDAP,
do_save=True,
do_notify=False,
)
self.execute_created_user_actions(user)
transaction.commit()
# INFO - G.M - 2018-11-08 - get new created user
user = self.get_one_by_login(login)
if user.is_deleted:
raise UserDoesNotExist("This user has been deleted")
if not user.is_active:
raise UserAuthenticatedIsNotActive("This user is not activated")
if user.auth_type == AuthType.UNKNOWN:
user.auth_type = auth_type
return user
