def test_getuserlist_case_sensitive_resolver_names(fthsm, app, admin_res):
g.request_context["Config"] = getLinotpConfig() # This sucks.
g.request_context["CacheManager"] = app.cache # This sucks even worse.
g.request_context["UserLookup"] = {} # Don't get me started.
admin_realm_name = app.config["ADMIN_REALM_NAME"]
admin_resolvers_key = f"useridresolver.group.{admin_realm_name}"
admin_resolvers = getFromConfig(admin_resolvers_key, "")
_, _, aci = admin_resolvers.rpartition(".")
# As before, if we make the RCI uppercase and the `getUserList()` function
# still returns a user list, then the comparison must have been
# case-insensitive. With a case-sensitive comparison, the result should
# be empty.
search_user = User(
login="******",
realm=admin_realm_name,
resolver_config_identifier=aci.upper(),
)
user_list = getUserList({}, search_user)
assert (
not user_list
), "getUserList resolver name comparison is not case-sensitive"
def resolverinfo(self, realm):
"""
get the resolvers for one realm and the number of users per resolver
:param realm: the realm to query
:return: dict with resolvernames as keys and number of users as value
"""
realminfo = context.get('Config').getRealms().get(realm)
resolver_specs = realminfo.get('useridresolver', '')
realmdict = {}
for resolver_spec in resolver_specs:
__, config_identifier = parse_resolver_spec(resolver_spec)
realmdict[config_identifier] = 0
user = getUserFromParam({'realm': realm})
users = getUserList({'realm': realm, 'username': '******'}, user)
for next_one in users:
resolver = next_one['useridresolver'].split('.')[-1]
if resolver in realmdict:
realmdict[resolver] += 1
return realmdict
def resolverinfo(self, realm):
"""
get the resolvers for one realm and the number of users per resolver
:param realm: the realm to query
:return: dict with resolvernames as keys and number of users as value
"""
realminfo = context.get('Config').getRealms().get(realm)
resolver_specs = realminfo.get('useridresolver', '')
realmdict = {}
for resolver_spec in resolver_specs:
__, config_identifier = parse_resolver_spec(resolver_spec)
realmdict[config_identifier] = 0
user = getUserFromParam({'realm': realm})
users = getUserList({'realm': realm, 'username': '******'}, user)
for next_one in users:
resolver = next_one['useridresolver'].split('.')[-1]
if resolver in realmdict:
realmdict[resolver] += 1
return realmdict
def resolverinfo(self, realm):
"""
get the resolvers for one realm and the number of users per resolver
:param realm: the realm to query
:return: dict with resolvernames as keys and number of users as value
"""
realminfo = context.get("Config").getRealms().get(realm)
resolver_specs = realminfo.get("useridresolver", "")
realmdict = {}
for resolver_spec in resolver_specs:
__, config_identifier = parse_resolver_spec(resolver_spec)
realmdict[config_identifier] = 0
user = getUserFromParam({"realm": realm})
users = getUserList({"realm": realm, "username": "******"}, user)
for next_one in users:
resolver = next_one["useridresolver"].split(".")[-1]
if resolver in realmdict:
realmdict[resolver] += 1
return realmdict
def userview_flexi(self):
'''
This function is used to fill the flexigrid.
Unlike the complex /admin/userlist function, it only returns a
simple array of the tokens.
'''
param = self.request_params
try:
c.page = param.get("page")
c.filter = param.get("query")
qtype = param.get("qtype")
c.sort = param.get("sortname")
c.dir = param.get("sortorder")
c.psize = param.get("rp")
c.realm = param.get("realm")
user = getUserFromParam(param)
# check admin authorization
# check if we got a realm or resolver, that is ok!
checkPolicyPre('admin', 'userlist', {
'user': user.login,
'realm': c.realm
})
if c.filter == "":
c.filter = "*"
log.debug(
"[userview_flexi] page: %s, filter: %s, sort: %s, dir: %s" %
(c.page, c.filter, c.sort, c.dir))
if c.page is None:
c.page = 1
if c.psize is None:
c.psize = 20
c.userArray = getUserList({
qtype: c.filter,
'realm': c.realm
}, user)
c.userNum = len(c.userArray)
lines = []
for u in c.userArray:
# shorten the useridresolver, to get a better display value
resolver_display = ""
if "useridresolver" in u:
if len(u['useridresolver'].split(".")) > 3:
resolver_display = u['useridresolver'].split(".")[
3] + " (" + u['useridresolver'].split(".")[1] + ")"
else:
resolver_display = u['useridresolver']
lines.append({
'id':
u['username'],
'cell': [
(u['username']) if 'username' in u else (""),
(resolver_display),
(u['surname']) if 'surname' in u else (""),
(u['givenname']) if 'givenname' in u else (""),
(u['email']) if 'email' in u else (""),
(u['mobile']) if 'mobile' in u else (""),
(u['phone']) if 'phone' in u else (""),
(u['userid']) if 'userid' in u else (""),
]
})
# sorting
reverse = False
sortnames = {
'username': 0,
'useridresolver': 1,
'surname': 2,
'givenname': 3,
'email': 4,
'mobile': 5,
'phone': 6,
'userid': 7
}
if c.dir == "desc":
reverse = True
lines = sorted(lines,
key=lambda user: user['cell'][sortnames[c.sort]],
reverse=reverse)
# end: sorting
# reducing the page
if c.page and c.psize:
page = int(c.page)
psize = int(c.psize)
start = psize * (page - 1)
end = start + psize
lines = lines[start:end]
# We need to return 'page', 'total', 'rows'
res = {"page": int(c.page), "total": c.userNum, "rows": lines}
c.audit['success'] = True
Session.commit()
return sendResult(response, res)
except PolicyException as pe:
log.exception(
"[userview_flexi] Error during checking policies: %r" % pe)
Session.rollback()
return sendError(response, str(pe), 1)
except Exception as e:
log.exception("[userview_flexi] failed: %r" % e)
Session.rollback()
return sendError(response, e)
finally:
Session.close()
def userview_flexi(self):
"""
This function is used to fill the flexigrid.
Unlike the complex /admin/userlist function, it only returns a
simple array of the tokens.
"""
param = request.params
try:
# serial = getParam(param,"serial",optional)
c.page = getParam(param, "page", optional)
c.filter = getParam(param, "query", optional)
qtype = getParam(param, "qtype", optional)
c.sort = getParam(param, "sortname", optional)
c.dir = getParam(param, "sortorder", optional)
c.psize = getParam(param, "rp", optional)
c.realm = getParam(param, "realm", optional)
user = getUserFromParam(param, optional)
# check admin authorization
# check if we got a realm or resolver, that is ok!
checkPolicyPre("admin", "userlist", {"user": user.login, "realm": c.realm})
if c.filter == "":
c.filter = "*"
log.debug("[userview_flexi] page: %s, filter: %s, sort: %s, dir: %s" % (c.page, c.filter, c.sort, c.dir))
if c.page is None:
c.page = 1
if c.psize is None:
c.psize = 20
c.userArray = getUserList({qtype: c.filter, "realm": c.realm}, user)
c.userNum = len(c.userArray)
lines = []
for u in c.userArray:
# shorten the useridresolver, to get a better display value
resolver_display = ""
if "useridresolver" in u:
if len(u["useridresolver"].split(".")) > 3:
resolver_display = (
u["useridresolver"].split(".")[3] + " (" + u["useridresolver"].split(".")[1] + ")"
)
else:
resolver_display = u["useridresolver"]
lines.append(
{
"id": u["username"],
"cell": [
(u["username"]) if u.has_key("username") else (""),
(resolver_display),
(u["surname"]) if u.has_key("surname") else (""),
(u["givenname"]) if u.has_key("givenname") else (""),
(u["email"]) if u.has_key("email") else (""),
(u["mobile"]) if u.has_key("mobile") else (""),
(u["phone"]) if u.has_key("phone") else (""),
(u["userid"]) if u.has_key("userid") else (""),
],
}
)
# sorting
reverse = False
sortnames = {
"username": 0,
"useridresolver": 1,
"surname": 2,
"givenname": 3,
"email": 4,
"mobile": 5,
"phone": 6,
"userid": 7,
}
if c.dir == "desc":
reverse = True
lines = sorted(
lines, key=lambda user: user["cell"][sortnames[c.sort]], reverse=reverse, cmp=unicode_compare
)
# end: sorting
# reducing the page
if c.page and c.psize:
page = int(c.page)
psize = int(c.psize)
start = psize * (page - 1)
end = start + psize
lines = lines[start:end]
# We need to return 'page', 'total', 'rows'
response.content_type = "application/json"
res = {"page": int(c.page), "total": c.userNum, "rows": lines}
c.audit["success"] = True
Session.commit()
return json.dumps(res, indent=3)
except PolicyException as pe:
log.error("[userview_flexi] Error during checking policies: %r" % pe)
log.error("[userview_flexi] %s" % traceback.format_exc())
Session.rollback()
return sendError(response, unicode(pe), 1)
except Exception as e:
log.error("[userview_flexi] failed: %r" % e)
log.error("[userview_flexi] %s" % traceback.format_exc())
Session.rollback()
return sendError(response, e)
finally:
Session.close()
log.debug("[userview_flexi] done")
def userview_flexi(self):
'''
This function is used to fill the flexigrid.
Unlike the complex /admin/userlist function, it only returns a
simple array of the tokens.
'''
param = request.params
try:
#serial = getParam(param,"serial",optional)
c.page = getParam(param, "page", optional)
c.filter = getParam(param, "query", optional)
qtype = getParam(param, "qtype", optional)
c.sort = getParam(param, "sortname", optional)
c.dir = getParam(param, "sortorder", optional)
c.psize = getParam(param, "rp", optional)
c.realm = getParam(param, "realm", optional)
user = getUserFromParam(param, optional)
# check admin authorization
# check if we got a realm or resolver, that is ok!
checkPolicyPre('admin', 'userlist', {
'user': user.login,
'realm': c.realm
})
if c.filter == "":
c.filter = "*"
log.debug(
"[userview_flexi] page: %s, filter: %s, sort: %s, dir: %s" %
(c.page, c.filter, c.sort, c.dir))
if c.page is None:
c.page = 1
if c.psize is None:
c.psize = 20
c.userArray = getUserList({
qtype: c.filter,
'realm': c.realm
}, user)
c.userNum = len(c.userArray)
lines = []
for u in c.userArray:
# shorten the useridresolver, to get a better display value
resolver_display = ""
if "useridresolver" in u:
if len(u['useridresolver'].split(".")) > 3:
resolver_display = u['useridresolver'].split(".")[
3] + " (" + u['useridresolver'].split(".")[1] + ")"
else:
resolver_display = u['useridresolver']
# Arrange the table more helpfully.
lines.append({
'id':
u['username'],
'cell': [
(u['username']) if u.has_key('username') else (""),
(u['givenname']) if u.has_key('givenname') else (""),
(u['surname']) if u.has_key('surname') else (""),
(u['email']) if u.has_key('email') else (""),
(u['userid']) if u.has_key('userid') else (""),
]
})
log.debug("[userview_flexi] Elements in c.userArray: %s" %
len(c.userArray))
# sorting
reverse = False
sortnames = {
'username': 0,
'givenname': 1,
'surname': 2,
'email': 3,
'userid': 4
}
if c.dir == "desc":
reverse = True
lines = sorted(lines,
key=lambda user: user['cell'][sortnames[c.sort]],
reverse=reverse,
cmp=unicode_compare)
# end: sorting
# reducing the page
if c.page and c.psize:
page = int(c.page)
psize = int(c.psize)
start = psize * (page - 1)
end = start + psize
lines = lines[start:end]
# We need to return 'page', 'total', 'rows'
response.content_type = 'application/json'
res = {"page": int(c.page), "total": c.userNum, "rows": lines}
c.audit['success'] = True
Session.commit()
return json.dumps(res, indent=3)
except PolicyException as pe:
log.error("[userview_flexi] Error during checking policies: %r" %
pe)
log.error("[userview_flexi] %s" % traceback.format_exc())
Session.rollback()
return sendError(response, unicode(pe), 1)
except Exception as e:
log.error("[userview_flexi] failed: %r" % e)
log.error("[userview_flexi] %s" % traceback.format_exc())
Session.rollback()
return sendError(response, e)
finally:
Session.close()
log.debug('[userview_flexi] done')
def userview_flexi(self):
'''
This function is used to fill the flexigrid.
Unlike the complex /admin/userlist function, it only returns a
simple array of the tokens.
'''
param = request.params
try:
#serial = getParam(param,"serial",optional)
c.page = getParam(param, "page", optional)
c.filter = getParam(param, "query", optional)
qtype = getParam(param, "qtype", optional)
c.sort = getParam(param, "sortname", optional)
c.dir = getParam(param, "sortorder", optional)
c.psize = getParam(param, "rp", optional)
c.realm = getParam(param, "realm", optional)
user = getUserFromParam(param, optional)
# check admin authorization
# check if we got a realm or resolver, that is ok!
checkPolicyPre('admin', 'userlist', { 'user': user.login,
'realm' : c.realm },
context=self.request_context)
if c.filter == "":
c.filter = "*"
log.debug("[userview_flexi] page: %s, filter: %s, sort: %s, dir: %s"
% (c.page, c.filter, c.sort, c.dir))
if c.page is None:
c.page = 1
if c.psize is None:
c.psize = 20
c.userArray = getUserList({ qtype:c.filter,
'realm':c.realm }, user)
c.userNum = len(c.userArray)
lines = []
for u in c.userArray:
# shorten the useridresolver, to get a better display value
resolver_display = ""
if "useridresolver" in u:
if len(u['useridresolver'].split(".")) > 3:
resolver_display = u['useridresolver'].split(".")[3] + " (" + u['useridresolver'].split(".")[1] + ")"
else:
resolver_display = u['useridresolver']
lines.append(
{ 'id' : u['username'],
'cell': [
(u['username']) if u.has_key('username') else (""),
(resolver_display),
(u['surname']) if u.has_key('surname') else (""),
(u['givenname']) if u.has_key('givenname') else (""),
(u['email']) if u.has_key('email') else (""),
(u['mobile']) if u.has_key('mobile') else (""),
(u['phone']) if u.has_key('phone') else (""),
(u['userid']) if u.has_key('userid') else (""),
]
}
)
# sorting
reverse = False
sortnames = { 'username' : 0, 'useridresolver' : 1,
'surname' : 2, 'givenname' : 3, 'email' : 4,
'mobile' :5, 'phone' : 6, 'userid' : 7 }
if c.dir == "desc":
reverse = True
lines = sorted(lines,
key=lambda user: user['cell'][sortnames[c.sort]],
reverse=reverse,
cmp=unicode_compare)
# end: sorting
# reducing the page
if c.page and c.psize:
page = int(c.page)
psize = int(c.psize)
start = psize * (page - 1)
end = start + psize
lines = lines[start:end]
# We need to return 'page', 'total', 'rows'
response.content_type = 'application/json'
res = { "page": int(c.page),
"total": c.userNum,
"rows": lines }
c.audit['success'] = True
Session.commit()
return sendResult(response, res)
except PolicyException as pe:
log.exception("[userview_flexi] Error during checking policies: %r" % pe)
Session.rollback()
return sendError(response, unicode(pe), 1)
except Exception as e:
log.exception("[userview_flexi] failed: %r" % e)
Session.rollback()
return sendError(response, e)
finally:
Session.close()
log.debug('[userview_flexi] done')
def userview_flexi(self):
"""
This function is used to fill the flexigrid.
Unlike the complex /admin/userlist function, it only returns a
simple array of the tokens.
"""
param = self.request_params
try:
c.page = param.get("page")
c.filter = param.get("query")
qtype = param.get("qtype")
c.sort = param.get("sortname")
c.dir = param.get("sortorder")
c.psize = param.get("rp")
c.realm = param.get("realm")
user = getUserFromParam(param)
# check admin authorization
# check if we got a realm or resolver, that is ok!
checkPolicyPre(
"admin", "userlist", {"user": user.login, "realm": c.realm}
)
if c.filter == "":
c.filter = "*"
log.debug(
"[userview_flexi] page: %s, filter: %s, sort: %s, dir: %s",
c.page,
c.filter,
c.sort,
c.dir,
)
if c.page is None:
c.page = 1
if c.psize is None:
c.psize = 20
c.userArray = getUserList(
{qtype: c.filter, "realm": c.realm}, user
)
c.userNum = len(c.userArray)
lines = []
for u in c.userArray:
# shorten the useridresolver, to get a better display value
resolver_display = ""
if "useridresolver" in u:
if len(u["useridresolver"].split(".")) > 3:
resolver_display = (
u["useridresolver"].split(".")[3]
+ " ("
+ u["useridresolver"].split(".")[1]
+ ")"
)
else:
resolver_display = u["useridresolver"]
lines.append(
{
"id": u["username"],
"cell": [
(u["username"]) if "username" in u else (""),
(resolver_display),
(u["surname"]) if "surname" in u else (""),
(u["givenname"]) if "givenname" in u else (""),
(u["email"]) if "email" in u else (""),
(u["mobile"]) if "mobile" in u else (""),
(u["phone"]) if "phone" in u else (""),
(u["userid"]) if "userid" in u else (""),
],
}
)
# sorting
reverse = False
sortnames = {
"username": 0,
"useridresolver": 1,
"surname": 2,
"givenname": 3,
"email": 4,
"mobile": 5,
"phone": 6,
"userid": 7,
}
if c.dir == "desc":
reverse = True
lines = sorted(
lines,
key=lambda user: user["cell"][sortnames[c.sort]],
reverse=reverse,
)
# end: sorting
# reducing the page
if c.page and c.psize:
page = int(c.page)
psize = int(c.psize)
start = psize * (page - 1)
end = start + psize
lines = lines[start:end]
# We need to return 'page', 'total', 'rows'
res = {"page": int(c.page), "total": c.userNum, "rows": lines}
g.audit["success"] = True
db.session.commit()
return sendResult(response, res)
except PolicyException as pe:
log.error(
"[userview_flexi] Error during checking policies: %r", pe
)
db.session.rollback()
return sendError(response, pe, 1)
except Exception as exx:
log.error("[userview_flexi] failed: %r", exx)
db.session.rollback()
return sendError(response, exx)
def users(self):
'''
This function is used to fill the flexigrid.
Unlike the complex /admin/userlist function, it only returns a
simple array of the tokens.
'''
param = self.request_params
try:
page = param.get("page", 1)
qfilter = param.get("query", '*') or '*'
qtype = param.get("qtype", 'username')
sort = param.get("sortname", 'username')
direction = param.get("sortorder", 'asc')
psize = param.get("rp", 20)
user = getUserFromParam(param)
realms = get_realms_from_params(
param, getAdminPolicies('userlist', scope='admin'))
uniqueUsers = {}
for realm in realms:
# ---------------------------------------------------------- --
# check admin authorization: checkPolicyPre('admin',...
# admin policies are special as they are acl which define
# - for user (policy entry)
# - the actions (policy entry)
# - in the realm (policy entry)
# is allowed. while the user.login is not evaluated, the
# user.realm is.
#
# the admin policies are acls and are defined in contradiction
# to the other policy scopes where actions are either defiend
# for user or realm!!
# so we have to check for every user.realm
if isinstance(user, User):
user.realm = realm
checkPolicyPre('admin', 'userlist', param=param, user=user)
users_list = getUserList(
{qtype: qfilter, 'realm': realm}, user)
# now create a unique list of users with the unique key of
# userid + useridresolver
for u in users_list:
pkey = u['userid'] + ':' + u['useridresolver']
user_realms = uniqueUsers.get(pkey, {}).get('realms', [])
user_realms.append(realm)
u['realms'] = user_realms
uniqueUsers[pkey] = u
userNum = len(uniqueUsers)
lines = []
for u in uniqueUsers.values():
# shorten the useridresolver, to get a better display value
resolver_display = ""
if "useridresolver" in u:
if len(u['useridresolver'].split(".")) > 3:
resolver_display = u['useridresolver'].split(
".")[3] + " (" + u['useridresolver'].split(".")[1] + ")"
else:
resolver_display = u['useridresolver']
lines.append(
{'id': u['username'],
'cell': [
(u['username']) if u.has_key('username') else (""),
(resolver_display),
(u['surname']) if u.has_key('surname') else (""),
(u['givenname']) if u.has_key(
'givenname') else (""),
(u['email']) if u.has_key('email') else (""),
(u['mobile']) if u.has_key('mobile') else (""),
(u['phone']) if u.has_key('phone') else (""),
(u['userid']) if u.has_key('userid') else (""),
(u['realms']),
]
}
)
# sorting
reverse = False
sortnames = {
'username': 0,
'useridresolver': 1,
'surname': 2,
'givenname': 3,
'email': 4,
'mobile': 5,
'phone': 6,
'userid': 7
}
if direction == "desc":
reverse = True
lines = sorted(lines,
key=lambda user: user['cell'][sortnames[sort]],
reverse=reverse,
cmp=unicode_compare)
# end: sorting
# reducing the page
if page and psize:
page = int(page)
psize = int(psize)
start = psize * (page - 1)
end = start + psize
lines = lines[start:end]
# We need to return 'page', 'total', 'rows'
res = {
"page": int(page),
"total": userNum,
"rows": lines
}
c.audit['success'] = True
Session.commit()
return sendResult(response, res)
except PolicyException as pe:
log.exception(
"[userview_flexi] Error during checking policies: %r" % pe)
Session.rollback()
return sendError(response, unicode(pe), 1)
except Exception as e:
log.exception("[userview_flexi] failed: %r" % e)
Session.rollback()
return sendError(response, e)
finally:
Session.close()
