def authenticate(self, credentials):
user = get_resource_service('auth_users').find_one(
req=None, username=credentials.get('username'))
if not user:
raise CredentialsAuthError(credentials)
if 'is_enabled' in user and not user.get('is_enabled', False):
raise UserDisabledError()
if not user.get('is_active', False):
raise UserInactiveError()
password = credentials.get('password').encode('UTF-8')
hashed = user.get('password').encode('UTF-8')
if not (password and hashed):
raise CredentialsAuthError(credentials)
try:
rehashed = bcrypt.hashpw(password, hashed)
if hashed != rehashed:
raise CredentialsAuthError(credentials)
except ValueError:
raise CredentialsAuthError(credentials)
return user
def update_password(self, user_id, password):
"""Update the user password.
Returns true if successful.
"""
user = self.find_one(req=None, _id=user_id)
if not user:
raise SuperdeskApiError.unauthorizedError('User not found')
if not self.is_user_active(user):
raise UserInactiveError()
updates = {
'password':
get_hash(password, app.config.get('BCRYPT_GENSALT_WORK_FACTOR',
12)),
app.config['LAST_UPDATED']:
utcnow()
}
if self.user_is_waiting_activation(user):
updates['needs_activation'] = False
self.patch(user_id, updates=updates)
def update_password(self, user_id, password):
"""Update the user password.
Returns true if successful.
"""
user = self.find_one(req=None, _id=user_id)
if not user:
raise SuperdeskApiError.unauthorizedError("User not found")
if not self.is_user_active(user):
raise UserInactiveError()
updates = {
"password":
get_hash(password, app.config.get("BCRYPT_GENSALT_WORK_FACTOR",
12)),
"password_changed_on":
utcnow(),
app.config["LAST_UPDATED"]:
utcnow(),
}
if self.user_is_waiting_activation(user):
updates["needs_activation"] = False
self.patch(user_id, updates=updates)
def on_create(self, docs):
for doc in docs:
user = self.authenticate(doc)
if 'is_enabled' in user and not user.get('is_enabled', False):
raise UserDisabledError()
if not user.get('is_active', False):
raise UserInactiveError()
self.set_auth_default(doc, user['_id'])
def on_create(self, docs):
for doc in docs:
user = self.authenticate(doc)
if not user:
raise ValueError()
if "is_enabled" in user and not user.get("is_enabled", False):
raise UserDisabledError()
if not user.get("is_active", False):
raise UserInactiveError()
self.set_auth_default(doc, user["_id"])
def on_create(self, docs):
# Clear the session data when creating a new session
flask.session.pop("session_token", None)
for doc in docs:
user = self.authenticate(doc)
if not user:
raise ValueError()
if "is_enabled" in user and not user.get("is_enabled", False):
raise UserDisabledError()
if not user.get("is_active", False):
raise UserInactiveError()
self.set_auth_default(doc, user["_id"])
def authenticate(self, credentials):
"""
Authenticates the user against Active Directory
:param credentials: an object having "username" and "password" attributes
:return: if success returns User object, otherwise throws Error
"""
settings = app.settings
ad_auth = ADAuth(settings['LDAP_SERVER'], settings['LDAP_SERVER_PORT'],
settings['LDAP_BASE_FILTER'],
settings['LDAP_USER_FILTER'],
settings['LDAP_USER_ATTRIBUTES'],
settings['LDAP_FQDN'])
username = credentials.get('username')
password = credentials.get('password')
profile_to_import = credentials.get('profile_to_import', username)
user_data = ad_auth.authenticate_and_fetch_profile(
username, password, username_for_profile=profile_to_import)
if len(user_data) == 0:
raise SuperdeskApiError.notFoundError(
message='No user has been found in AD',
payload={'profile_to_import': 1})
query = get_user_query(profile_to_import)
user = superdesk.get_resource_service('users').find_one(req=None,
**query)
if not user:
add_default_values(user_data,
profile_to_import,
user_type=None if 'user_type' not in user_data
else user_data['user_type'])
user = user_data
else:
if 'is_enabled' in user and not user.get('is_enabled', False):
raise UserDisabledError()
if not user.get('is_active', False):
raise UserInactiveError()
superdesk.get_resource_service('users').patch(
user.get('_id'), user_data)
user = superdesk.get_resource_service('users').find_one(req=None,
**query)
return user