def set_user_password(self, admin_token, user_id, user, tenant_id): self.__validate_token(admin_token) dtenant = db_api.tenant_get(tenant_id) if dtenant == None: raise fault.UnauthorizedFault("Unauthorized") if not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") duser = db_api.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") if not duser.enabled: raise fault.UserDisabledFault("User has been disabled") if not isinstance(user, users.User): raise fault.BadRequestFault("Expecting a User") duser = db_api.user_get(user_id) if duser == None: raise fault.ItemNotFoundFault("The user could not be found") values = {'password': user.password} db_api.user_update(user_id, values) return users.User_Update(user.password, None, None, None, None, None)
def set_user_tenant(self, admin_token, user_id, user): self.__validate_token(admin_token) duser = db_api.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") if not isinstance(user, users.User): raise fault.BadRequestFault("Expecting a User") duser = db_api.user_get(user_id) if duser == None: raise fault.ItemNotFoundFault("The user could not be found") dtenant = db_api.tenant_get(user.tenant_id) #Check if tenant exists.If user has passed a tenant that does not exist throw error. #If user is trying to update to a tenant that is disabled throw an error. if dtenant == None and len(user.tenant_id) > 0: raise fault.ItemNotFoundFault("The tenant not found") elif not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") values = {'tenant_id': user.tenant_id} db_api.user_update(user_id, values) return users.User_Update(None, None, user.tenant_id, None, None, None)
def get_user(self, admin_token, tenant_id, user_id): self.__validate_token(admin_token) dtenant = db_api.tenant_get(tenant_id) if dtenant == None: raise fault.UnauthorizedFault("Unauthorized") if not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") duser = db_api.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") if not duser.enabled: raise fault.UserDisabledFault("User has been disabled") if len(duser.tenants) > 0: tenant_user = duser.tenants[0].tenant_id else: tenant_user = tenant_id ts = [] dusergroups = db_api.user_groups_get_all(user_id) for dusergroup, dusergroupAsso in dusergroups: ts.append(tenants.Group(dusergroup.id, dusergroup.tenant_id, None)) return users.User_Update(None, duser.id, tenant_user, duser.email, duser.enabled, ts)
def update_user(self, admin_token, user_id, user, tenant_id): self.__validate_token(admin_token) dtenant = db_api.tenant_get(tenant_id) if dtenant == None: raise fault.UnauthorizedFault("Unauthorized") if not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") duser = db_api.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") if not duser.enabled: raise fault.UserDisabledFault("User has been disabled") if not isinstance(user, users.User): raise fault.BadRequestFault("Expecting a User") if db_api.user_get_email(user.email) is not None: raise fault.EmailConflictFault( "Email already exists") values = {'email': user.email} db_api.user_update(user_id, values) duser = db_api.user_get_update(user_id) return users.User(duser.password, duser.id, tenant_id, duser.email, duser.enabled)
def add_user_global_group(self, admin_token, group, user): self.__validate_token(admin_token) gtenant = self.__check_create_global_tenant() if db_api.tenant_get(gtenant.id) == None: raise fault.ItemNotFoundFault("The Global Tenant not found") if db_api.group_get(group) == None: raise fault.ItemNotFoundFault("The Group not found") duser = db_api.user_get(user) if duser == None: raise fault.ItemNotFoundFault("The User not found") if db_api.tenant_group_get(group, gtenant.id) == None: raise fault.ItemNotFoundFault("A global tenant group with" " that id not found") if db_api.get_user_by_group(user, group) != None: raise fault.UserGroupConflictFault( "A user with that id already exists in group") dusergroup = db_models.UserGroupAssociation() dusergroup.user_id = user dusergroup.group_id = group db_api.user_tenant_group(dusergroup) return tenants.User(duser.id, duser.email, duser.enabled, group_id=group)
def main(): usage = "usage: %prog username enabled" parser = optparse.OptionParser(usage) options, args = parser.parse_args() if len(args) != 2: parser.error("Incorrect number of arguments") else: username = args[0] enabled = args[1].capitalize().strip() if enabled == 'True' or enabled == '1': enabled = 1 elif enabled == 'False' or enabled == '0': enabled = 0 else: parser.error("Incorrect arguments value") try: u = db_api.user_get(username) if u == None: raise IndexError("User not found") else: values = {'enabled': enabled} db_api.user_update(username, values) print 'User', u.id, 'updated. Enabled =', enabled except Exception, e: print 'Error updating user', username, ':', str(e)
def create_role_ref(self, admin_token, user_id, roleRef): self.__validate_token(admin_token) duser = db_api.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") if not isinstance(roleRef, roles.RoleRef): raise fault.BadRequestFault("Expecting a Role Ref") if roleRef.role_id == None: raise fault.BadRequestFault("Expecting a Role Id") drole = db_api.role_get(roleRef.role_id) if drole == None: raise fault.ItemNotFoundFault("The role not found") if roleRef.tenant_id == None: raise fault.BadRequestFault("Expecting a Tenant Id") dtenant = db_api.tenant_get(roleRef.tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant not found") drole_ref = db_models.UserRoleAssociation() drole_ref.user_id = duser.id drole_ref.role_id = drole.id drole_ref.tenant_id = dtenant.id user_role_ref = db_api.user_role_add(drole_ref) roleRef.role_ref_id = user_role_ref.id return roleRef
def create_user(self, admin_token, tenant_id, user): self.__validate_token(admin_token) dtenant = db_api.tenant_get(tenant_id) if dtenant == None: raise fault.UnauthorizedFault("Unauthorized") if not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") if not isinstance(user, users.User): raise fault.BadRequestFault("Expecting a User") if user.user_id == None: raise fault.BadRequestFault("Expecting a unique User Id") if db_api.user_get(user.user_id) != None: raise fault.UserConflictFault( "An user with that id already exists") if db_api.user_get_email(user.email) != None: raise fault.EmailConflictFault( "Email already exists") duser = db_models.User() duser.id = user.user_id duser.password = user.password duser.email = user.email duser.enabled = user.enabled duser.tenant_id = tenant_id db_api.user_create(duser) return user
def set_user_tenant(self, admin_token, user_id, user): self.__validate_token(admin_token) duser = db_api.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") if not isinstance(user, users.User): raise fault.BadRequestFault("Expecting a User") duser = db_api.user_get(user_id) if duser == None: raise fault.ItemNotFoundFault("The user could not be found") values = {'tenant_id': user.tenant_id} db_api.user_update(user_id, values) return users.User_Update(None, None, user.tenant_id, None, None, None)
def delete_user(self, admin_token, user_id): self.__validate_token(admin_token) duser = db_api.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") dtenant = db_api.tenant_get(duser.tenant_id) db_api.user_delete_tenant(user_id, dtenant.id) return None
def __get_dauth_data(self, token_id): """return token and user object for a token_id""" token = None user = None if token_id: token = db_api.token_get(token_id) if token: user = db_api.user_get(token.user_id) return (token, user)
def delete_user(self, admin_token, user_id): self.__validate_token(admin_token) duser = db_api.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") dtenant = db_api.tenant_get(duser.tenant_id) if dtenant != None and not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") db_api.user_delete_tenant(user_id, dtenant.id) return None
def authenticate(self, credentials): if not isinstance(credentials, auth.PasswordCredentials): raise fault.BadRequestFault("Expecting Password Credentials!") duser = db_api.user_get(credentials.username) if duser == None: raise fault.UnauthorizedFault("Unauthorized") if not duser.enabled: raise fault.UserDisabledFault("Your account has been disabled") if duser.password != credentials.password: raise fault.UnauthorizedFault("Unauthorized") # # Look for an existing token, or create one, # TODO: Handle tenant/token search # # removing following code for multi-token """if not credentials.tenant_id: dtoken = db_api.token_for_user(duser.id) else: dtoken = db_api.token_for_user_tenant(duser.id, credentials.tenant_id) """ # added following code dtoken = db_api.token_for_user_tenant(duser.id, credentials.tenant_id) #--- if not dtoken or dtoken.expires < datetime.now(): dtoken = db_models.Token() dtoken.token_id = str(uuid.uuid4()) dtoken.user_id = duser.id if not duser.tenants: raise fault.IDMFault("Strange: user %s is not associated " "with a tenant!" % duser.id) user = db_api.user_get_by_tenant(duser.id, credentials.tenant_id) if not credentials.tenant_id or not user: raise fault.ForbiddenFault("Error: user %s is " "not associated " "with a tenant! %s" % (duser.id, credentials.tenant_id)) dtoken.tenant_id = credentials.tenant_id #removing following code for multi token """else: dtoken.tenant_id = duser.tenants[0].tenant_id""" dtoken.expires = datetime.now() + timedelta(days=1) db_api.token_create(dtoken) return self.__get_auth_data(dtoken, duser)
def main(): usage = "usage: %prog username" parser = optparse.OptionParser(usage) options, args = parser.parse_args() if len(args) != 1: parser.error("Incorrect number of arguments") else: username = args[0] try: u = db_api.user_get(username) if u == None: raise IndexError("User not found") print u.id, u.email, u.enabled except Exception, e: print 'Error finding user', username, ':', str(e)
def authenticate(self, credentials): # Check credentials if not isinstance(credentials, auth.PasswordCredentials): raise fault.BadRequestFault("Expecting Password Credentials!") if not credentials.tenant_id: duser = db_api.user_get(credentials.username) if duser == None: raise fault.UnauthorizedFault("Unauthorized") else: duser = db_api.user_get_by_tenant(credentials.username, credentials.tenant_id) if duser == None: raise fault.UnauthorizedFault("Unauthorized on this tenant") if not duser.enabled: raise fault.UserDisabledFault("Your account has been disabled") if duser.password != credentials.password: raise fault.UnauthorizedFault("Unauthorized") # # Look for an existing token, or create one, # TODO: Handle tenant/token search # if not credentials.tenant_id: dtoken = db_api.token_for_user(duser.id) else: dtoken = db_api.token_for_user_tenant(duser.id, credentials.tenant_id) tenant_id = None if credentials.tenant_id: tenant_id = credentials.tenant_id else: tenant_id = duser.tenant_id if not dtoken or dtoken.expires < datetime.now(): # Create new token dtoken = db_models.Token() dtoken.token_id = str(uuid.uuid4()) dtoken.user_id = duser.id if credentials.tenant_id: dtoken.tenant_id = credentials.tenant_id dtoken.expires = datetime.now() + timedelta(days=1) db_api.token_create(dtoken) #if tenant_id is passed in the call that tenant_id is passed else #user's default tenant_id is used. return self.__get_auth_data(dtoken, tenant_id)
def main(): usage = "usage: %prog username" parser = optparse.OptionParser(usage) options, args = parser.parse_args() if len(args) != 1: parser.error("Incorrect number of arguments") else: username = args[0] try: u = db_api.user_get(username) if u == None: raise IndexError("User not found") else: db_api.user_delete(username) print "User", username, "deleted." except Exception, e: print "Error deleting user", username, ":", str(e)
def delete_user(self, admin_token, user_id, tenant_id): self.__validate_token(admin_token) dtenant = db_api.tenant_get(tenant_id) if dtenant == None: raise fault.UnauthorizedFault("Unauthorized") if not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") duser = db_api.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") duser = db_api.user_get_by_tenant(user_id, tenant_id) if not duser: raise fault.ItemNotFoundFault("The user could not be " "found under given tenant") db_api.user_delete_tenant(user_id, tenant_id) return None
def get_user(self, admin_token, user_id): self.__validate_token(admin_token) duser = db_api.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") if not duser.enabled: raise fault.UserDisabledFault("User has been disabled") dtenant = db_api.tenant_get(duser.tenant_id) ts = [] dusergroups = db_api.user_groups_get_all(user_id) for dusergroup, dusergroupAsso in dusergroups: ts.append(tenants.Group(dusergroup.id, dusergroup.tenant_id, None)) return users.User_Update(None, duser.id, duser.tenant_id, duser.email, duser.enabled, ts)
def main(): usage = "usage: %prog username password" parser = optparse.OptionParser(usage) options, args = parser.parse_args() if len(args) != 2: parser.error("Incorrect number of arguments") else: username = args[0] password = args[1] try: u = db_api.user_get(username) if u == None: raise IndexError("User not found") else: values = {'password': password} db_api.user_update(username, values) print 'User', u.id, 'updated.' except Exception, e: print 'Error updating user', username, ':', str(e)
def get_user_roles(self, admin_token, marker, limit, url, user_id): self.__validate_token(admin_token) duser = db_api.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") ts = [] droleRefs = db_api.role_ref_get_page(marker, limit, user_id) for droleRef in droleRefs: ts.append(roles.RoleRef(droleRef.id,droleRef.role_id, droleRef.tenant_id)) prev, next = db_api.role_ref_get_page_markers(user_id, marker, limit) links = [] if prev: links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" \ % (url, prev, limit))) if next: links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" \ % (url, next, limit))) return roles.RoleRefs(ts, links)
def delete_user_tenant_group(self, admin_token, tenant, group, user): self.__validate_token(admin_token) if db_api.tenant_get(tenant) == None: raise fault.ItemNotFoundFault("The Tenant not found") if db_api.group_get(group) == None: raise fault.ItemNotFoundFault("The Group not found") duser = db_api.user_get(user) if duser == None: raise fault.ItemNotFoundFault("The User not found") if db_api.tenant_group_get(group, tenant) == None: raise fault.ItemNotFoundFault("A tenant group with" " that id not found") if db_api.get_user_by_group(user, group) == None: raise fault.ItemNotFoundFault("A user with that id " "in a group not found") db_api.user_tenant_group_delete(user, group) return None
def delete_user_global_group(self, admin_token, group, user): self.__validate_token(admin_token) gtenant = self.__check_create_global_tenant() if db_api.tenant_get(gtenant.id) == None: raise fault.ItemNotFoundFault("The Global Tenant not found") if db_api.group_get(group) == None: raise fault.ItemNotFoundFault("The Group not found") duser = db_api.user_get(user) if duser == None: raise fault.ItemNotFoundFault("The User not found") if db_api.tenant_group_get(group, gtenant.id) == None: raise fault.ItemNotFoundFault("A global tenant group with " "that id not found") if db_api.get_user_by_group(user, group) == None: raise fault.ItemNotFoundFault("A user with that id in a " "group not found") db_api.user_tenant_group_delete(user, group) return None
def add_user_tenant(self, admin_token, user_id, tenant_id): self.__validate_token(admin_token) dtenant = db_api.tenant_get(tenant_id) if dtenant == None: raise fault.UnauthorizedFault("Unauthorized") if not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") if user_id == None: raise fault.BadRequestFault("Expecting a unique User Id") if db_api.user_get(user_id) is None: raise fault.ItemNotFoundFault( "user does not exists") if db_api.user_get_by_tenant(user_id,tenant_id) != None: raise fault.UserConflictFault( "An user with that id already exists in the given tenant") duser_tenant = db_models.UserTenantAssociation() duser_tenant.user_id = user_id duser_tenant.tenant_id = tenant_id db_api.user_tenant_create(duser_tenant) return None