def run():
# Check the consumer username and password if this is not an
# anonymous request.
if credentials.consumerKey != u'anon':
try:
user = authenticate(credentials.consumerKey,
credentials.consumerPassword)
except AuthenticationError as error:
session.log.exception(error)
raise TPasswordIncorrect()
except UnknownUserError as error:
session.log.exception(error)
raise TNoSuchUser(credentials.consumerKey.encode('utf-8'))
# The Consumer has been authenticated (or was anonymous). Use
# the OAuthConsumerAPI to get the username the request is being
# made for from the OAuth access token.
try:
user = OAuthConsumerAPI().authenticate(credentials)
except AuthenticationError as error:
session.log.exception(error)
raise TPasswordIncorrect()
except UnknownUserError as error:
raise TNoSuchUser(error.usernames[0].encode('utf-8'))
session.auth.login(user.username, user.objectID)
return session
def run():
permissions = SecurePermissionAPI(session.auth.user)
try:
permissions.set([(path, operation, policy, exceptions)])
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
if operation in Operation.TAG_OPERATIONS:
raise TNonexistentTag(unknownPath.encode('utf-8'))
if operation in Operation.NAMESPACE_OPERATIONS:
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
raise
except UnknownUserError as error:
# FIXME There could be more than one unknown username, but
# TNoSuchUser can only be passed a single username, so we'll
# only pass the first one. Ideally, we'd be able to pass all
# of them.
raise TNoSuchUser(error.usernames[0].encode('utf-8'))
except UserNotAllowedInExceptionError as error:
raise TInvalidUsername(str(error))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, deniedOperation = error.pathsAndOperations[0]
deniedCategory, deniedAction = getCategoryAndAction(
deniedOperation)
raise TPathPermissionDenied(deniedPath, deniedCategory,
deniedAction)
def run():
if not request.isSecure() and not getDevelopmentMode():
raise TBadRequest(
'/users/<username>/verify requests must use HTTPS')
dictionary = registry.checkRequest(usage, request)
user = cachingGetUser(self.username.decode('utf-8'))
if not user:
raise TNoSuchUser(self.username)
password = dictionary['password']
if checkPassword(password, user.passwordHash):
# FIXME Hard-coding the 'anon' consumer here isn't great,
# but for now it means we don't have to change the public
# API. -jkakar
api = OAuthConsumerAPI()
consumer = cachingGetUser(u'anon')
accessToken = api.getAccessToken(consumer, user)
renewalToken = api.getRenewalToken(consumer, user)
return {'accessToken': accessToken.encrypt(),
'fullname': user.fullname,
'renewalToken': renewalToken.encrypt(),
'role': str(user.role),
'valid': True}
else:
return {'valid': False}
def run():
recentActivity = SecureRecentActivityAPI(session.auth.user)
try:
result = recentActivity.getForUsers([username])
except UnknownUserError as error:
session.log.exception(error)
raise TNoSuchUser(username.encode('utf-8'))
return self._formatResult(result)
def run():
users = SecureUserAPI(session.auth.user)
result = users.get([username])
if not result:
raise TNoSuchUser(username.encode('utf-8'))
else:
return TUser(username=username,
name=result[username]['name'],
role=str(result[username]['role']),
objectId=str(result[username]['id']))
def run():
try:
user = OAuthConsumerAPI().authenticate(credentials)
except AuthenticationError as error:
session.log.exception(error)
raise TPasswordIncorrect()
except UnknownUserError as error:
raise TNoSuchUser(error.usernames[0].encode('utf-8'))
else:
session.auth.login(user.username, user.objectID)
return session
def run():
try:
user = authenticate(username, password)
except AuthenticationError as error:
session.log.exception(error)
session.stop()
raise TPasswordIncorrect()
except UnknownUserError as error:
session.log.exception(error)
session.stop()
raise TNoSuchUser(username.encode('utf-8'))
else:
session.auth.login(user.username, user.objectID)
return session
def run():
try:
SecureUserAPI(session.auth.user).delete([username])
except UnknownUserError as error:
session.log.exception(error)
raise TNoSuchUser(username)
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
except NotEmptyError as error:
session.log.exception(error)
raise TBadRequest("Can't delete user %r because they have "
'data.' % username)
def run():
try:
[(objectID, _)] = SecureUserAPI(session.auth.user).set([
(info.username, info.password, info.name, info.email,
info.role)
])
except UnknownUserError as error:
session.log.exception(error)
raise TNoSuchUser(info.username.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
return str(objectID)