def remove_user(self, tenant_id, user_dn, user_id): conn = self.get_connection() try: conn.modify_s(self._id_to_dn(tenant_id), [(ldap.MOD_DELETE, self.member_attribute, user_dn)]) except ldap.NO_SUCH_ATTRIBUTE: raise exception.NotFound(user_id) finally: conn.unbind_s()
def get_reset_profile(self, user_id, reset_token): session = sql.get_session() with session.begin(): profile_ref = session.query(ResetProfile).filter_by( reset_token=reset_token, user_id=user_id).first() if profile_ref is None: raise exception.NotFound( _('No Profile found for user: %s' % user_id)) return profile_ref.to_dict()
def check_user_in_group(self, user_id, group_id): session = db_session.get_session() self.get_group(group_id) self.get_user(user_id) query = session.query(UserGroupMembership) query = query.filter_by(user_id=user_id) query = query.filter_by(group_id=group_id) if not query.first(): raise exception.NotFound(_('User not found in group'))
def remove_user_from_tenant(self, tenant_id, user_id): self.get_tenant(tenant_id) user_ref = self._get_user(user_id) tenants = set(user_ref.get('tenants', [])) try: tenants.remove(tenant_id) except KeyError: raise exception.NotFound('User not found in tenant') self.update_user(user_id, {'tenants': list(tenants)})
def remove_user_from_group(self, user_id, group_id): self.get_group(group_id) user_ref = self._get_user(user_id) groups = set(user_ref.get('groups', [])) try: groups.remove(group_id) except KeyError: raise exception.NotFound(_('User not found in group')) self.update_user(user_id, {'groups': list(groups)})
def _get_project_endpoint_ref(self, session, endpoint_id, project_id): endpoint_filter_ref = session.query(ProjectEndpoint).get( (endpoint_id, project_id)) if endpoint_filter_ref is None: msg = _('Endpoint %(endpoint_id)s not found in project ' '%(project_id)s') % {'endpoint_id': endpoint_id, 'project_id': project_id} raise exception.NotFound(msg) return endpoint_filter_ref
def get_access_token_by_refresh_token(self, refresh_token): session = sql.get_session() with session.begin(): access_token_ref = session.query(AccessToken).filter_by( refresh_token=refresh_token).first() if access_token_ref is None: msg = _('Access Token for refresh token %s not found' ) % refresh_token raise exception.NotFound(message=msg) return access_token_ref.to_dict()
def get(self, key, default=None): try: if isinstance(self[key], dict): return self[key].copy() else: return self[key][:] except KeyError: if default is not None: return default raise exception.NotFound(target=key)
def _get_endpoint_group_in_project(self, session, endpoint_group_id, project_id): endpoint_group_project_ref = session.query( ProjectEndpointGroupMembership).get((endpoint_group_id, project_id)) if endpoint_group_project_ref is None: msg = _('Endpoint Group Project Association not found') raise exception.NotFound(msg) else: return endpoint_group_project_ref
def get(self, user_id, access_token_id): """Get specific access token. GET/HEAD /v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id} """ ENFORCER.enforce_call(action='identity:get_access_token') access_token = PROVIDERS.oauth_api.get_access_token(access_token_id) if access_token['authorizing_user_id'] != user_id: raise ks_exception.NotFound() access_token = _format_token_entity(access_token) return self.wrap_member(access_token)
def patch(self, argument_id): rbac_enforcer.enforcer.RBACEnforcer.enforce_call( action='example:allowed') try: self._storage_dict[argument_id] except KeyError: raise exception.NotFound(target=argument_id) ref = flask.request.get_json(force=True) self._require_matching_id(ref) self._storage_dict[argument_id].update(ref) return self.wrap_member(self._storage_dict[argument_id])
def check_user_in_group(self, user_id, group_id): self.get_user(user_id) self.get_group(group_id) user_refs = self.list_users_in_group(group_id, driver_hints.Hints()) found = False for x in user_refs: if x['id'] == user_id: found = True break if not found: raise exception.NotFound(_('User not found in group'))
def get_activation_profile(self, user_id, activation_key=None): session = sql.get_session() with session.begin(): query = session.query(ActivationProfile).filter_by(user_id=user_id) if activation_key: query = query.filter_by(activation_key=activation_key) profile_ref = query.first() if profile_ref is None: raise exception.NotFound( _('No Profile found for user: %s' % user_id)) return profile_ref.to_dict()
def check_user_in_group(self, user_id, group_id): session = sql.get_session() self.get_group(group_id) self.get_user(user_id) query = session.query(UserGroupMembership) query = query.filter_by(user_id=user_id) query = query.filter_by(group_id=group_id) if not query.first(): raise exception.NotFound(_("User '%(user_id)s' not found in" " group '%(group_id)s'") % {'user_id': user_id, 'group_id': group_id})
def remove_user_from_group(self, user_id, group_id): session = sql.get_session() # We don't check if user or group are still valid and let the remove # be tried anyway - in case this is some kind of clean-up operation query = session.query(UserGroupMembership) query = query.filter_by(user_id=user_id) query = query.filter_by(group_id=group_id) membership_ref = query.first() if membership_ref is None: raise exception.NotFound(_('User not found in group')) with session.begin(): session.delete(membership_ref)
def remove_user_from_project(self, tenant_id, user_id): """Remove user from a tenant :raises: keystone.exception.ProjectNotFound, keystone.exception.UserNotFound """ roles = self.get_roles_for_user_and_project(user_id, tenant_id) if not roles: raise exception.NotFound(tenant_id) for role_id in roles: self.remove_role_from_user_and_project(user_id, tenant_id, role_id)
def put(self, argument_id): rbac_enforcer.enforcer.RBACEnforcer.enforce_call( action='example:allowed') try: self._storage_dict[argument_id] except KeyError: raise exception.NotFound(target=argument_id) ref = flask.request.get_json(force=True) self._require_matching_id(ref) # Maintain the ref id ref['id'] = argument_id self._storage_dict[argument_id] = ref return '', 204
def get(self, argument_id=None): # List with no argument, get resource with id, used for HEAD as well. rbac_enforcer.enforcer.RBACEnforcer.enforce_call( action='example:allowed') if argument_id is None: # List return self._list_arguments() else: # get resource with id try: return self.wrap_member(self._storage_dict[argument_id]) except KeyError: raise exception.NotFound(target=argument_id)
def check_user_in_group(self, user_id, group_id): user_refs = self.list_users_in_group(group_id, driver_hints.Hints()) for x in user_refs: if x['id'] == user_id: break else: # Try to fetch the user to see if it even exists. This # will raise a more accurate exception. self.get_user(user_id) raise exception.NotFound(_("User '%(user_id)s' not found in" " group '%(group_id)s'") % {'user_id': user_id, 'group_id': group_id})
def check_security_question(self, user_id, two_factor_auth): session = sql.get_session() twofactor = session.query(TwoFactor).get(user_id) if twofactor is None: raise exception.NotFound( _('Two Factor Authentication is not enabled for user %s.' % user_id)) else: if (two_factor_auth['security_answer'] != twofactor.security_answer): return False else: return True
def remove_user_from_tenant(self, tenant_id, user_id): session = self.get_session() self.get_tenant(tenant_id) self.get_user(user_id) query = session.query(UserTenantMembership) query = query.filter_by(user_id=user_id) query = query.filter_by(tenant_id=tenant_id) membership_ref = query.first() if membership_ref is None: raise exception.NotFound('User not found in tenant') with session.begin(): session.delete(membership_ref) session.flush()
def _dispatch(req): """Dispatch the request to the appropriate controller. Called by self._router after matching the incoming request to a route and putting the information into req.environ. Either returns 404 or the routed WSGI app's response. """ match = req.environ['wsgiorg.routing_args'][1] if not match: return render_exception( exception.NotFound(message='The resource could not be found.')) app = match['controller'] return app
def check_user_in_group(self, user_id, group_id): # Before doing anything, check that the user exists. This will raise # a not found error if the user doesn't exist so we avoid doing extra # work. self.get_user(user_id) member_list = self.group.list_group_users(group_id) for group_member_id in self._transform_group_member_ids(member_list): if group_member_id == user_id: break else: raise exception.NotFound(_("User '%(user_id)s' not found in" " group '%(group_id)s'") % {'user_id': user_id, 'group_id': group_id})
def get(self, user_id, access_token_id): """List roles for a user access token. GET/HEAD /v3/users/{user_id}/OS-OAUTH1/access_tokens/ {access_token_id}/roles """ ENFORCER.enforce_call(action='identity:list_access_token_roles') access_token = PROVIDERS.oauth_api.get_access_token(access_token_id) if access_token['authorizing_user_id'] != user_id: raise ks_exception.NotFound() authed_role_ids = access_token['role_ids'] authed_role_ids = jsonutils.loads(authed_role_ids) refs = ([_format_role_entity(x) for x in authed_role_ids]) return self.wrap_collection(refs)
def get_multi(self, keys): """Get multiple values in a single call from the KVS backend.""" self._assert_configured() values = self._region.get_multi(keys) not_found = [] for index, key in enumerate(keys): if values[index] is NO_VALUE: not_found.append(key) if not_found: # NOTE(morganfainberg): If any of the multi-get values are non- # existent, we should raise a NotFound error to mimic the .get() # method's behavior. In all cases the internal dogpile NO_VALUE # should be masked from the consumer of the KeyValueStore. raise exception.NotFound(target=not_found) return values
def get_consumer_credentials(self, client_id, user_id): session = sql.get_session() with session.begin(): # NOTE(garcianavalon) I have decided to keep the credentials stored # after the client grants the authorization, so the client can POST # again to get a new authorization code with out needing the redirect # with the query string before. Therefore, this query retrieves the #last row for that user-client tuple query = (session.query(ConsumerCredentials).filter_by( user_id=user_id, client_id=client_id).order_by( sql.sql.desc(ConsumerCredentials.created_at))) credentials_ref = query.first() if credentials_ref is None: raise exception.NotFound(_('Credentials not found')) return credentials_ref.to_dict()
def _dispatch(req): """Dispatch the request to the appropriate controller. Called by self._router after matching the incoming request to a route and putting the information into req.environ. Either returns 404 or the routed WSGI app's response. """ match = req.environ['wsgiorg.routing_args'][1] if not match: msg = (_('(%(url)s): The resource could not be found.') % {'url': req.url}) return render_exception(exception.NotFound(msg), request=req, user_locale=best_match_language(req)) app = match['controller'] return app
def remove_user_from_group(self, user_id, group_id): # We don't check if user or group are still valid and let the remove # be tried anyway - in case this is some kind of clean-up operation with sql.session_for_write() as session: query = session.query(model.UserGroupMembership) query = query.filter_by(user_id=user_id) query = query.filter_by(group_id=group_id) membership_ref = query.first() if membership_ref is None: # Check if the group and user exist to return descriptive # exceptions. self.get_group(group_id) self.get_user(user_id) raise exception.NotFound(_("User '%(user_id)s' not found in" " group '%(group_id)s'") % {'user_id': user_id, 'group_id': group_id}) session.delete(membership_ref)
def remove_user_from_project(self, tenant_id, user_id): """Remove user from a tenant :raises: keystone.exception.ProjectNotFound, keystone.exception.UserNotFound """ roles = self.get_roles_for_user_and_project(user_id, tenant_id) if not roles: raise exception.NotFound(tenant_id) for role_id in roles: try: self.driver.remove_role_from_user_and_project( user_id, tenant_id, role_id) except exception.RoleNotFound: LOG.debug( _("Removing role %s failed because it does not " "exist."), role_id)
def get_catalog(self, user_id, tenant_id): try: return self.driver.get_catalog(user_id, tenant_id) except exception.NotFound: raise exception.NotFound('Catalog not found for user and tenant')