def change_password(self, old_pwd='', new_pwd=''): user_id = self._get_actor_id() user_obj = self._validate_resource_id("user_id", user_id, RT.ActorIdentity) self.idm_client.check_actor_credentials( user_obj.credentials[0].username, old_pwd) IdentityUtils.check_password_policy(new_pwd) self.idm_client.set_actor_credentials(user_id, user_obj.credentials[0].username, new_pwd)
def define_user(self, user_id='', first_name='', last_name='', username='', password='', email='', attributes=None): if user_id: raise NotImplementedError("Update not supported: user_id=%s" % user_id) if not email: raise BadRequest('Email is required') username = username or email user = self._get_user_by_email(email) if user: raise BadRequest("Email already taken") if not username or not is_valid_identifier(username, valid_chars=EMAIL_VALID): raise BadRequest("Argument username invalid: %s" % username) if attributes and type(attributes) is not dict: raise BadRequest("Argument attributes invalid type") if not first_name: first_name = username attributes = attributes or {} full_name = ("%s %s" % (first_name, last_name)) if last_name else first_name IdentityUtils.check_password_policy(password) contact = ContactInformation(individual_names_given=first_name, individual_name_family=last_name, email=email) user_profile = UserIdentityDetails(contact=contact, profile=attributes) actor_obj = ActorIdentity(name=full_name, details=user_profile) # Support fast setting of credentials without expensive compute of bcrypt hash, for quick preload pwd_salt, pwd_hash = None, None if attributes and "scion_init_pwdsalt" in attributes and "scion_init_pwdhash" in attributes: pwd_salt, pwd_hash = attributes.pop( "scion_init_pwdsalt"), attributes.pop("scion_init_pwdhash") user_exists = self.idm_client.is_user_existing(username) if user_exists: raise BadRequest("Username already taken") actor_id = self.idm_client.create_actor_identity(actor_obj) if pwd_salt and pwd_hash: # Add to credentials actor_obj1 = self.rr.read(actor_id) cred_obj = None for cred in actor_obj1.credentials: if cred.username == username: cred_obj = cred break if not cred_obj: cred_obj = Credentials() cred_obj.username = username actor_obj1.credentials.append(cred_obj) actor_obj1.alt_ids.append("UNAME:" + username) cred_obj.identity_provider = "SciON" cred_obj.authentication_service = "SciON IdM" cred_obj.password_salt = pwd_salt cred_obj.password_hash = pwd_hash self.rr.update(actor_obj1) else: self.idm_client.set_actor_credentials(actor_id, username, password) return actor_id
def define_user(self, user_id='', first_name='', last_name='', username='', password='', email='', attributes=None): if user_id: raise NotImplementedError("Update not supported: user_id=%s" % user_id) if not email: raise BadRequest('Email is required') username = username or email user = self._get_user_by_email(email) if user: raise BadRequest("Email already taken") if not username or not is_valid_identifier(username, valid_chars=EMAIL_VALID): raise BadRequest("Argument username invalid: %s" % username) if attributes and type(attributes) is not dict: raise BadRequest("Argument attributes invalid type") if not first_name: first_name = username attributes = attributes or {} full_name = ("%s %s" % (first_name, last_name)) if last_name else first_name IdentityUtils.check_password_policy(password) contact = ContactInformation(individual_names_given=first_name, individual_name_family=last_name, email=email) user_profile = UserIdentityDetails(contact=contact, profile=attributes) actor_obj = ActorIdentity(name=full_name, details=user_profile) # Support fast setting of credentials without expensive compute of bcrypt hash, for quick preload pwd_salt, pwd_hash = None, None if attributes and "scion_init_pwdsalt" in attributes and "scion_init_pwdhash" in attributes: pwd_salt, pwd_hash = attributes.pop("scion_init_pwdsalt"), attributes.pop("scion_init_pwdhash") user_exists = self.idm_client.is_user_existing(username) if user_exists: raise BadRequest("Username already taken") actor_id = self.idm_client.create_actor_identity(actor_obj) if pwd_salt and pwd_hash: # Add to credentials actor_obj1 = self.rr.read(actor_id) cred_obj = None for cred in actor_obj1.credentials: if cred.username == username: cred_obj = cred break if not cred_obj: cred_obj = Credentials() cred_obj.username = username actor_obj1.credentials.append(cred_obj) actor_obj1.alt_ids.append("UNAME:" + username) cred_obj.identity_provider = "SciON" cred_obj.authentication_service = "SciON IdM" cred_obj.password_salt = pwd_salt cred_obj.password_hash = pwd_hash self.rr.update(actor_obj1) else: self.idm_client.set_actor_credentials(actor_id, username, password) return actor_id
def change_password(self, old_pwd='', new_pwd=''): user_id = self._get_actor_id() user_obj = self._validate_resource_id("user_id", user_id, RT.ActorIdentity) self.idm_client.check_actor_credentials(user_obj.credentials[0].username, old_pwd) IdentityUtils.check_password_policy(new_pwd) self.idm_client.set_actor_credentials(user_id, user_obj.credentials[0].username , new_pwd)