def set_auth_cfg(plan: LandUsePlanEnum, auth_cfg_id: str, username: str, password: str) -> None: """ Set auth config id to be used as Qaava connection :param plan: :param auth_cfg_id: :param username: :param password: """ # noinspection PyArgumentList auth_mgr: QgsAuthManager = QgsApplication.authManager() if auth_cfg_id in auth_mgr.availableAuthMethodConfigs().keys(): config = QgsAuthMethodConfig() auth_mgr.loadAuthenticationConfig(auth_cfg_id, config, True) config.setConfig('username', username) config.setConfig('password', password) if not config.isValid(): raise QaavaAuthConfigException('Invalid username or password') auth_mgr.updateAuthenticationConfig(config) else: config = QgsAuthMethodConfig() config.setId(auth_cfg_id) config.setName(auth_cfg_id) config.setMethod('Basic') config.setConfig('username', username) config.setConfig('password', password) if not config.isValid(): raise QaavaAuthConfigException('Invalid username or password') auth_mgr.storeAuthenticationConfig(config) set_setting(plan.value.auth_cfg_key, auth_cfg_id, internal=False)
def ScopedCertAuthority(username, password, sslrootcert_path=None): """ Sets up the certificate authority in the authentication manager for the lifetime of this class and removes it when the class is deleted. """ authm = QgsApplication.authManager() auth_config = QgsAuthMethodConfig("Basic") auth_config.setConfig('username', username) auth_config.setConfig('password', password) auth_config.setName('test_password_auth_config') if sslrootcert_path: sslrootcert = QSslCertificate.fromPath(sslrootcert_path) assert sslrootcert is not None authm.storeCertAuthorities(sslrootcert) authm.rebuildCaCertsCache() authm.rebuildTrustedCaCertsCache() authm.rebuildCertTrustCache() assert (authm.storeAuthenticationConfig(auth_config)[0]) assert auth_config.isValid() yield auth_config if sslrootcert_path: for cert in sslrootcert: authm.removeCertAuthority(cert) authm.rebuildCaCertsCache() authm.rebuildTrustedCaCertsCache() authm.rebuildCertTrustCache()
def setUpClass(cls): super().setUpClass() # Prepare DB for path in (AUTH_DB_PATH, MASTER_PASSWORD_PATH): assert os.path.isfile(path) cls.am = QgsApplication.instance().authManager() assert cls.am.configIds() == [] assert cls.am.setMasterPassword(True) assert cls.am.masterPasswordIsSet() config = QgsAuthMethodConfig() config.setName("alice") config.setMethod('Basic') config.setConfig("username", "my user") config.setConfig("password", "my password") assert config.isValid() res, cfg = cls.am.storeAuthenticationConfig(config) assert res assert config.id() != '' assert cfg.id() != '' assert cfg.id() == config.id() # Store fakelayer datasource cls.fakelayer = Layer.objects.get(name='fakelayer') cls.fakelayer_datasource = cls.fakelayer.datasource
def setUpAuth(cls, username, password): """Run before all tests and set up authentication""" assert (cls.authm.setMasterPassword('masterpassword', True)) # Client side auth_config = QgsAuthMethodConfig("Basic") auth_config.setConfig('username', username) auth_config.setConfig('password', password) auth_config.setName('test_basic_auth_config') assert (cls.authm.storeAuthenticationConfig(auth_config)[0]) assert auth_config.isValid() return auth_config
def populatePKITestCerts(): """ Populate AuthManager with test certificates. heavily based on testqgsauthmanager.cpp. """ global AUTHM global AUTHCFGID global AUTHTYPE assert (AUTHM is not None) if AUTHCFGID: removePKITestCerts() assert (AUTHCFGID is None) # set alice PKI data p_config = QgsAuthMethodConfig() p_config.setName("alice") p_config.setMethod("PKI-Paths") p_config.setUri("http://example.com") p_config.setConfig("certpath", os.path.join(PKIDATA, 'alice-cert.pem')) p_config.setConfig("keypath", os.path.join(PKIDATA, 'alice-key.pem')) assert p_config.isValid() # add authorities cacerts = QSslCertificate.fromPath( os.path.join(PKIDATA, 'subissuer-issuer-root-ca_issuer-2-root-2-ca_chains.pem')) assert cacerts is not None AUTHM.storeCertAuthorities(cacerts) AUTHM.rebuildCaCertsCache() AUTHM.rebuildTrustedCaCertsCache() # add alice cert # boundle = QgsPkiBundle.fromPemPaths(os.path.join(PKIDATA, 'alice-cert.pem'), # os.path.join(PKIDATA, 'alice-key_w-pass.pem'), # 'password', # cacerts) # assert boundle is not None # assert boundle.isValid() # register alice data in auth AUTHM.storeAuthenticationConfig(p_config) AUTHCFGID = p_config.id() assert (AUTHCFGID is not None) assert (AUTHCFGID != '') AUTHTYPE = p_config.method()
def get_db_connection_params(plan: LandUsePlanEnum) -> Dict[str, str]: """ :return: Psycopg2 connection params for Qaava database """ s = QSettings() s.beginGroup(f"{PG_CONNECTIONS}/{get_qaava_connection_name(plan)}") auth_cfg_id = parse_value(s.value("authcfg")) username_saved = parse_value(s.value("saveUsername")) pwd_saved = parse_value(s.value("savePassword")) params = {} for qgs_key, psyc_key in QGS_SETTINGS_PSYCOPG2_PARAM_MAP.items(): params[psyc_key] = parse_value(s.value(qgs_key)) s.endGroup() # username or password might have to be asked separately if not username_saved: params["user"] = None if not pwd_saved: params["password"] = None if auth_cfg_id is not None and auth_cfg_id != "": LOGGER.debug(f"Auth cfg: {auth_cfg_id}") # Auth config is being used to store the username and password auth_config = QgsAuthMethodConfig() # noinspection PyArgumentList QgsApplication.authManager().loadAuthenticationConfig( auth_cfg_id, auth_config, True) if auth_config.isValid(): params["user"] = auth_config.configMap().get("username") params["password"] = auth_config.configMap().get("password") else: raise QaavaAuthConfigException( tr("Auth config error occurred while fetching database connection parameters" ), bar_msg=bar_msg( tr(f"Check auth config with id: {auth_cfg_id}"))) return params
def populatePKITestCerts(): """ Populate AuthManager with test certificates. heavily based on testqgsauthmanager.cpp. """ global AUTHM global AUTHCFGID global AUTHTYPE assert (AUTHM is not None) if AUTHCFGID: removePKITestCerts() assert (AUTHCFGID is None) # set alice PKI data p_config = QgsAuthMethodConfig() p_config.setName("alice") p_config.setMethod("PKI-Paths") p_config.setUri("http://example.com") p_config.setConfig("certpath", os.path.join(PKIDATA, 'alice-cert.pem')) p_config.setConfig("keypath", os.path.join(PKIDATA, 'alice-key.pem')) assert p_config.isValid() # add authorities cacerts = QSslCertificate.fromPath(os.path.join(PKIDATA, 'subissuer-issuer-root-ca_issuer-2-root-2-ca_chains.pem')) assert cacerts is not None AUTHM.storeCertAuthorities(cacerts) AUTHM.rebuildCaCertsCache() AUTHM.rebuildTrustedCaCertsCache() # add alice cert # boundle = QgsPkiBundle.fromPemPaths(os.path.join(PKIDATA, 'alice-cert.pem'), # os.path.join(PKIDATA, 'alice-key_w-pass.pem'), # 'password', # cacerts) # assert boundle is not None # assert boundle.isValid() # register alice data in auth AUTHM.storeAuthenticationConfig(p_config) AUTHCFGID = p_config.id() assert (AUTHCFGID is not None) assert (AUTHCFGID != '') AUTHTYPE = p_config.method()
def readDatabaseParamsFromSettings(self, usedDatabaseConnectionName): settings = QSettings() settings.beginGroup(YleiskaavaSettings.PG_CONNECTIONS + "/" + usedDatabaseConnectionName) params = {} auth_cfg_id = parse_value(settings.value("authcfg")) username_saved = parse_value(settings.value("saveUsername")) pwd_saved = parse_value(settings.value("savePassword")) for qgs_key, psyc_key in YleiskaavaDatabase.QGS_SETTINGS_PSYCOPG2_PARAM_MAP.items( ): params[psyc_key] = parse_value(settings.value(qgs_key)) settings.endGroup() # username or password might have to be asked separately if not username_saved: params["user"] = None if not pwd_saved: params["password"] = None if auth_cfg_id is not None and auth_cfg_id != "": # LOGGER.info(f"Auth cfg: {auth_cfg_id}") # Auth config is being used to store the username and password auth_config = QgsAuthMethodConfig() authMgr = QgsApplication.authManager() authMgr.loadAuthenticationConfig(auth_cfg_id, auth_config, True) if auth_config.isValid(): params["user"] = auth_config.configMap().get("username") params["password"] = auth_config.configMap().get("password") else: raise QaavaAuthConfigException() # LOGGER.info(f"PR{params} {username_saved} {pwd_saved}") return params
def test_db_methods(self): """Test auth DB operations""" # Create an auth configuration config = QgsAuthMethodConfig() config.setName("alice") config.setMethod('Basic') config.setConfig("username", "my user") config.setConfig("password", "my password") self.assertTrue(config.isValid()) res, cfg = self.am.storeAuthenticationConfig(config) self.assertTrue(res) self.assertTrue(config.id() != '') self.assertTrue(cfg.id() != '') self.assertEqual(cfg.id(), config.id()) uri = QgsDataSourceUri('db=/my/fake/uri authcfg=%s' % cfg.id()) # Note: string cut is necessary on 3.10 only # FIXME: remove when we switch to 3.16 self.assertEqual( uri.uri(True)[:55], "user='******' password='******' db='/my/fake/uri'")