def delete(projId):
# Delete specified project.
# If project has own database, with no other projects in it, then delete
# database, and records in fpsys.
proj = Project.getById(projId)
if not isinstance(proj, Project):
return "Cannot find project"
dbname = proj.dbName()
# delete within database first:
dbc = proj.db()
models.Project.delete(dbc, projId)
count = models.Project.countProjects(dbc)
dbc.close()
# delete from fpsys:
try:
con = getFpsysDbConnection()
cur = con.cursor()
cur.execute("delete from project where id = %s", (projId,))
con.commit()
cur.close()
con.close()
# If no projects left in database, delete the database:
if count == 0:
con = getFpsysDbConnection()
cur = con.cursor()
cur.execute("drop database {}".format(dbname))
con.commit()
cur.close()
con.close()
except mdb.Error, e:
errmsg = 'Error in Project.getById: {0}'.format(str(e))
util.flog(errmsg)
return errmsg
def delete(ident):
# Returns None on success else error message.
rows = 0;
try:
con = getFpsysDbConnection()
qry = "delete from user where login = %s"
cur = con.cursor()
cur.execute(qry, (ident,))
rows = cur.rowcount
con.commit()
con.close()
except mdb.Error, e:
util.flog('Error in User.delete: {0}'.format(str(e)))
return 'Error in User.delete: {0}'.format(str(e))
def getAll():
# Return list of all Users, or None on error.
try:
con = getFpsysDbConnection()
qry = "select id, login, name, login_type, permissions, email from user"
cur = con.cursor()
cur.execute(qry)
users = []
for resRow in cur:
users.append(User(resRow[0], resRow[1], resRow[2], resRow[3], resRow[4], resRow[5]))
return users
except mdb.Error:
util.flog('Error in User.getAll')
return None
def getByLogin(ident):
# Return list of all Users, or None on error.
try:
con = getFpsysDbConnection()
qry = "select id, login, name, login_type, permissions, email from user where login = %s"
cur = con.cursor()
cur.execute(qry, (ident,))
resRow = cur.fetchone()
if resRow is None:
return None
return User(resRow[0], resRow[1], resRow[2], resRow[3], resRow[4], resRow[5])
except mdb.Error, e:
util.flog('Error in User.getByLogin: {0}'.format(str(e)))
return None # what about error message?
def getById(pid):
# Return project instance or None or errormsg
# Could be change to get by id or name easily enough..
try:
con = getFpsysDbConnection()
qry = "select id, name, dbname from project where id = %s"
cur = con.cursor()
cur.execute(qry, (pid,))
resRow = cur.fetchone()
if resRow is None:
return None
return Project(resRow[0], resRow[1], resRow[2])
except mdb.Error, e:
errmsg = 'Error in Project.getById: {0}'.format(str(e))
util.flog(errmsg)
return errmsg
def cldapPasswordCheck(username, password):
#-----------------------------------------------------------------------
# Validate cldap user/password, returning boolean indicating success
#
cldapServer = cldap.LdapServer(cldap.SERVER_URL)
if not cldapServer:
util.flog('Cannot connect to cldap server')
return False
cldapUser = cldapServer.getUserByIdent(username)
if cldapUser is None:
util.flog('The supplied username is unknown.')
return False
if not cldapUser.authenticate(password):
#util.flog('wrong cldap password')
return False
return True;
def saveName(self):
# Save the current name to database.
# Returns None on success, else an error message.
try:
con = getFpsysDbConnection()
qry = "update project set name = %s where id = %s"
cur = con.cursor()
cur.execute(qry, (self._name, self._id))
# if cur.rowcount != 1:
# return 'Error updating project {} {} {}'.format(cur.rowcount,self._name, self._id)
con.commit()
con.close()
return None
except mdb.Error, e:
errmsg = 'Error updating project: {0}'.format(str(e))
util.flog(errmsg)
return errmsg
def save(self):
# Update database with current values for name, email. FOR LOCAL users only.
# Returns None on success else error message
# NB, password is done separately.
#
if self.getLoginType() != LOGIN_TYPE_LOCAL:
return "Operation not allowed for non-local user"
try:
con = getFpsysDbConnection()
qry = "update user set name=%s, email=%s where id = %s"
cur = con.cursor()
cur.execute(qry, (self.getName(), self.getEmail(), self.getId()))
con.commit()
con.close()
except mdb.Error, e:
util.flog('Error in User.save: {0}'.format(str(e)))
return 'Error in User.save: {0}'.format(str(e))
def setPassword(self, newPassword):
# Returns error message, or None for success.
# NB, this only allowed for mysql and local types, and note that mysql get converted
# to local types in the process (mysql only supported for historical users).
if not isinstance(newPassword, basestring): return 'Unexpected password type'
if len(newPassword) < 4: return 'password too short'
if not self.allowPasswordChange(): return 'Cannot change this password type'
try:
con = getFpsysDbConnection()
qry = "update user set passhash = %s, login_type = %s where id = %s"
cur = con.cursor()
cur.execute(qry, (pwd_context.encrypt(newPassword), LOGIN_TYPE_LOCAL, self.getId()))
con.commit()
con.close()
except mdb.Error, e:
util.flog('Error in User.setPassword: {0}'.format(str(e)))
return 'Error in User.setPassword: {0}'.format(str(e))
def userPasswordCheck(username, password):
# Return true if password OK, false if not, or None if something bad happened.
# Check if the username exists and get login type:
try:
con = getFpsysDbConnection()
qry = "select login_type, passhash from user where login = %s"
cur = con.cursor()
cur.execute(qry, (username,))
resRow = cur.fetchone()
cur.close()
con.close()
if resRow is None:
util.flog('Login attempt by unknown user: {0}'.format(username))
return None
loginType = resRow[0]
phash = resRow[1]
except mdb.Error, e:
util.flog('Error in userPasswordCheck: {0}'.format(str(e)))
return None # what about error message?
return None
loginType = resRow[0]
phash = resRow[1]
except mdb.Error, e:
util.flog('Error in userPasswordCheck: {0}'.format(str(e)))
return None # what about error message?
if loginType == LOGIN_TYPE_LOCAL:
return pwd_context.verify(password, phash)
elif loginType == LOGIN_TYPE_SYSTEM:
return systemPasswordCheck(username, password)
elif loginType == LOGIN_TYPE_LDAP:
return cldapPasswordCheck(username, password)
elif loginType == LOGIN_TYPE_MYSQL:
return mysql_context.verify(password, phash)
else:
util.flog('Unexpected login type: {0}'.format(loginType))
return None
### Users: ############################################################################
class User:
# In memory instance of fpsys.user.
# NB, we don't include passhash for security reasons, but could retrieve
# it on demand (not required attow).
#
PERMISSION_CREATE_USER = 0x1
PERMISSION_CREATE_PROJECT = 0x2
PERMISSION_OMNIPOTENCE = 0x4
def __init__(self, id, ident, name, login_type, permissions, email):
self._id = id
self._ident = ident