def hide_user(request, status):
try:
args = request.args
user_uuid = getUserList(request)[args.get('Userid')]
log.info('user_uuid:' + user_uuid)
url = "http://{host_ip}/permit/enterprise/{enterprise}/user/{user_uuid}/put_status".format(
host_ip=const.MANAGE_USER_API_IP,
enterprise=const.ENTERPRISE,
user_uuid=user_uuid)
log.info('disable user url: ' + url)
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer " + getBearerToken(request)
}
data = {"id": user_uuid, "status": status}
callApi = service_sso.CallApi()
response = callApi.post_request(url, headers, data)
log.info(response.text)
dic_resp = json.loads(response.text)
if dic_resp.get('status') == 0:
return encode({'ReturnStatus': '0|success'}, 200)
elif dic_resp.get('status') == -1:
return encode({'ReturnStatus': '403|delete user fail'}, 403)
else:
return encode(
{
'ReturnStatus':
str(dic_resp.get('status')) + '|' + dic_resp.get('result')
}, dic_resp.get('status'))
except Exception as e:
log.error("delete_user error: " + utils.except_raise(e))
return encode({'ReturnStatus': '500|' + utils.except_raise(e)}, 500)
def getUserList(request):
try:
url = "http://{host_ip}/permit/enterprise/{enterprise}/users".format(
host_ip=const.MANAGE_USER_API_IP, enterprise=const.ENTERPRISE)
log.info('getUserList: ' + url)
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer " + getBearerToken(request)
}
# data = {"enterpriseId": const.ENTERPRISE}
callApi = service_sso.CallApi()
response = callApi.get_request(url, headers)
dic_resp = json.loads(response.text)
log.debug(str(json.dumps(dic_resp.get('result'))))
args = request.args
log.info('getUserList with objectType:' + str(args.get('objectType')) +
', Userid:' + str(args.get('Userid')))
if args.get('objectType') == None or args.get('objectType') == u'User':
user_map = {}
for user in dic_resp.get('result'):
user_map[user.get('user_name')] = user.get('id')
return user_map
if args.get('objectType') == u'UserAuth':
result = ''
for user in dic_resp.get('result'):
if user.get('user_name') == args.get('Userid'):
result = user
log.debug(str(json.dumps(result)))
if result == '':
return encode({'ReturnStatus': '403|Userid not exist'}, 403)
if result.get('type') == 1:
return encode({
'ReturnStatus': '0|success',
'Role': 'ADMIN'
}, 200)
elif result.get('type') == 2:
role = 'MEMBER'
for roleObj in result.get('organization')[0].get(
'products')[1].get('roles').get('items'):
if roleObj.get('rolename') == 'CC_BOT_MANAGER':
role = 'MANAGER'
return encode({'ReturnStatus': '0|success', 'Role': role}, 200)
else:
return encode({'ReturnStatus': '403|invalid user'}, 403)
elif args.get('objectType') == u'RoleAuth':
# return encode({'ReturnStatus':0}) + '&' + encode({'Role':'ADMIN'}) + '&' + encode({'Role':'MANAGER'}) + '&' + encode({'Role':'MEMBER'}, 200)
resp = Response(
response=
"ReturnStatus=0|success&Role=MANAGER|MANAGER&Role=MEMBER|MEMBER",
status=200,
mimetype="text/plain")
return resp
except Exception as e:
log.error("getUserList error: " + utils.except_raise(e))
return utils.except_raise(e)
def deleteUser(request):
try:
args = request.args
Userid = getUserList(request)[args.get('Userid')]
if request.args.get('Userid') == None:
return encode({"status": "400|missing necessary key Userid"}, 400)
url = "http://{host_ip}/permit/enterprise/{enterprise}/user/{Userid}/delete_user".format(
host_ip=const.MANAGE_USER_API_IP,
enterprise=const.ENTERPRISE,
Userid=request.args.get('Userid'))
log.info('deleteUser url: ' + url)
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer " + getBearerToken(request)
}
data = {"id": request.args.get('Userid'), "status": 0}
callApi = service_sso.CallApi()
response = callApi.post_request(url, headers, data)
log.info(response.text)
dic_resp = json.loads(response.text)
log.info(dic_resp.get('result'))
return dic_resp.get('result')
except Exception as e:
log.error("getRoleList error: " + utils.except_raise(e))
return utils.except_raise(e)
def valid_update_role(request):
try:
url = "http://{host_ip}/permit/enterprise/{enterprise}/users".format(
host_ip=const.MANAGE_USER_API_IP, enterprise=const.ENTERPRISE)
log.info('getUserList: ' + url)
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer " + getBearerToken(request)
}
# data = {"enterpriseId": const.ENTERPRISE}
callApi = service_sso.CallApi()
response = callApi.get_request(url, headers)
dic_resp = json.loads(response.text)
log.debug(str(json.dumps(dic_resp.get('result'))))
args = request.args
input_role = args.get('Role')
result = ''
role = ''
for user in dic_resp.get('result'):
if user.get('user_name') == args.get('Userid'):
result = user
log.debug(str(json.dumps(result)))
if result == '':
return False
if result.get('type') == 1:
role = "ADMIN"
elif result.get('type') == 2:
role = 'MEMBER'
for roleObj in result.get('organization')[0].get(
'products')[1].get('roles').get('items'):
if roleObj.get('rolename') == 'CC_BOT_MANAGER':
role = 'MANAGER'
else:
return False
log.info('input_role: ' + str(input_role) + ', original_role: ' +
str(role))
if input_role == 'ADMIN' and role == 'MANAGER':
return False
elif input_role == 'ADMIN' and role == 'MEMBER':
return False
elif input_role == 'MANAGER' and role == 'ADMIN':
return False
elif input_role == 'MEMBER' and role == 'ADMIN':
return False
else:
return True
except Exception as e:
log.error("getUserList error: " + utils.except_raise(e))
return utils.except_raise(e)
def getRoleList(request):
try:
url = "http://{host_ip}/permit/roles/{enterprise}".format(
host_ip=const.MANAGE_USER_API_IP, enterprise=const.ENTERPRISE)
log.info('getWholeRobotId: ' + url)
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer " + getBearerToken(request)
}
# data = {"enterpriseId": const.ENTERPRISE}
callApi = service_sso.CallApi()
response = callApi.get_request(url, headers)
dic_resp = json.loads(response.text)
log.debug(dic_resp.get('result'))
return dic_resp.get('result')
except Exception as e:
log.error("getRoleList error: " + utils.except_raise(e))
return utils.except_raise(e)
def refreshBearToken(request):
try:
log.info('Refresh BearToken')
url = "http://{host_ip}/auth/v3/login".format(
host_ip=const.MANAGE_USER_API_IP)
headers = {"Content-Type": "application/x-www-form-urlencoded"}
data = {
"account": "deployer",
"passwd": "7e2ba10110f719dd65a0403305770b08"
}
callApi = service_sso.CallApi()
response = callApi.post_request(url, headers, data)
dic_resp = json.loads(response.text)
token = dic_resp.get('result').get('token')
log.debug(token)
const.BEARER_TOKEN = token
except Exception as e:
log.error("refreshBearToken error: " + utils.except_raise(e))
return utils.except_raise(e)
def add_update_user(request):
try:
log.info('process add_update_user')
args = request.args
md5_password = utils.md5(const.SSO_DEFAULT_PWD)
log.debug(md5_password)
callApi = service_sso.CallApi()
url = ''
log.info('ActionType: ' + args.get('ActionType'))
if args.get('ActionType') == u'ADD':
url = "http://{host_ip}/permit/enterprise/{enterprise}/user".format(
host_ip=const.MANAGE_USER_API_IP, enterprise=const.ENTERPRISE)
elif args.get('ActionType') == u'EDIT':
valid = valid_update_role(request)
log.info('valid_update_role: ' + str(valid))
if valid == False:
return encode(
{'ReturnStatus': '403|illegal operation change role fail'},
403)
user_uuid = getUserList(request).get(args.get('Userid'))
if user_uuid == None:
return encode({'ReturnStatus': '403|UserId does not exist'},
403)
log.info('user_uuid:' + str(user_uuid))
url = "http://{host_ip}/permit/enterprise/{enterprise}/user/{user_uuid}/put_user".format(
host_ip=const.MANAGE_USER_API_IP,
enterprise=const.ENTERPRISE,
user_uuid=user_uuid)
log.info('register user api: ' + url)
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer " + getBearerToken(request)
}
organization = getOrganization(request, args.get('Role'))
log.info(organization)
# args.get('UserCName') 凱基中文名稱懶得轉碼直接 Userid 當中文名稱
data = {
"type": 2,
"username": args.get('Userid'),
"name": args.get('Userid'),
"email": checkEmail(args.get('UserEmail')),
"phone": args.get('UserTel'),
"password": md5_password,
"status": 1,
"organization": getOrganization(request, args.get('Role'))
}
if args.get('ActionType') == u'EDIT':
user_uuid = getUserList(request).get(args.get('Userid'))
log.info('user_uuid:' + str(user_uuid))
data['id'] = user_uuid
del data['password']
if args.get('Role') == u'ADMIN':
data['type'] = 1
response = callApi.post_request(url, headers, data)
log.info("bfop permit response:")
log.info(response.text)
dic_resp = json.loads(response.text)
log.info(dic_resp.get('message'))
log.info(dic_resp.get('status'))
log.info(dic_resp.get('result'))
if dic_resp.get('status') == 0:
return encode({'ReturnStatus': '0|success'}, 200)
elif dic_resp.get('status') == -1:
if dic_resp.get('message').find("同名用户已存在") != -1:
return encode({'ReturnStatus': '403|user exist'}, 403)
elif dic_resp.get('message').find("更新用户失败") != -1:
return encode({'ReturnStatus': '403|updated user fail'}, 403)
else:
return encode(
{'ReturnStatus': '403|registered or updated user fail'},
403)
else:
return encode(
{
'ReturnStatus':
str(dic_resp.get('status')) + '|' + dic_resp.get('result')
}, dic_resp.get('status'))
except Exception as e:
log.error("add_update_user error: " + utils.except_raise(e))
return encode({'ReturnStatus': '500|' + utils.except_raise(e)}, 500)
def get(self):
try:
TOKEN = request.cookies.get('TOKEN')
WSSOID = request.cookies.get('WSSOID')
ACCTID = request.cookies.get('ACCTID')
UserIP = request.remote_addr
if request.args.get('userip') != None:
UserIP = request.args.get('userip')
URL = request.cookies.get('URL')
log.info(request.cookies)
# if TOKEN == None or WSSOID == None or ACCTID == None:
# return encode({"ReturnStatus":"400|missing necessary parameter TOKEN, WSSOID, ACCTID"}, 400)
log.info('TOKEN: ' + str(TOKEN) + ', WSSOID: ' + str(WSSOID) +
', UserIP:' + str(UserIP) + ', URL:' + str(URL))
# Verify SSO_Token
url = const.SSO_VERIFY_API
headers = {"Content-Type": "text/plain", "Accept": "text/plain"}
if request.headers.getlist("X-Forwarded-For"):
UserIP = request.headers.getlist("X-Forwarded-For")[0]
else:
UserIP = request.remote_addr
# UserIP='10.86.53.26'
url = url + '?pszWSSOToken=' + str(TOKEN) + '&pszWSSOID=' + str(
WSSOID) + '&pszUserIP=' + str(UserIP) + '&pszURL=' + str(
'botu.kgibank.com')
log.info('call sso verify api url:::' + url)
try:
callApi = service_sso.CallApi()
response = callApi.get_request(url, headers)
log.info(str(response))
if str(response) != '<Response [200]>':
return errorPage('call verify token api fail')
# return encode({"ReturnStatus":"400|call verify token api fail"},400)
log.info(response.text)
verify_token_return_code = ''
regex = re.search('^(Code=){1}(\d{3})(&){1}', response.text)
if regex:
verify_token_return_code = regex.group(2)
log.info('verify_token_return_code:' +
str(verify_token_return_code))
log.info(
const.VERIFY_TOKEN_STATUS.get(verify_token_return_code))
if str(verify_token_return_code) != '100':
return errorPage('ReturnStatus: ' +
str(verify_token_return_code) +
', message: ' +
const.VERIFY_TOKEN_STATUS.get(
verify_token_return_code))
# return encode({"ReturnStatus": str(verify_token_return_code) + "|" + const.VERIFY_TOKEN_STATUS.get(verify_token_return_code)},400)
except Exception as e:
log.error("call verify token api occurring error: " +
utils.except_raise(e))
return errorPage("call verify token api occurring error: " +
utils.except_raise(e))
# return encode({'ReturnStatus': '403|'+str(e.args[0]) }, 403)
# if dic_resp['status'] != 200:
# return {'status': 204,'result': 'SSO verify fail'}, 204
url = "http://{host_ip}/auth/v3/login".format(
host_ip=const.MANAGE_USER_API_IP)
headers = {"Content-Type": "application/x-www-form-urlencoded"}
data = {
"account": ACCTID,
"passwd": utils.md5(const.SSO_DEFAULT_PWD)
}
callApi = service_sso.CallApi()
response = callApi.post_request(url, headers, data)
dic_resp = json.loads(response.text)
# log.info(dic_resp)
token = dic_resp.get('result').get('token')
redirect_url = const.BFOP_SSO_LOGIN_URL + token
log.info(redirect_url)
return redirect(redirect_url, 302)
# response = make_response(redirect(const.BFOP_SSO_LOGIN_URL + token))
# response.headers.add('Access-Control-Allow-Credentials', 'true')
# response.headers["Authorization"] = "Bearer " + token
# log.info(response.headers)
# return response
except Exception as e:
log.error("SSOLogin process error: " + utils.except_raise(e))
return errorPage('SSOLogin process error')
