Flaschengeist/flaschengeist
Flaschengeist
/
flaschengeist
7
0
Fork 0
Code Issues 20 Pull Requests Packages Projects Releases 2 Wiki Activity

Fixed main- and accessToken Controller to work with pluginify

This commit is contained in:
Ferdinand Thiessen 2020-08-25 04:34:57 +02:00
parent bbee163954
commit 7d8fa4f630
3 changed files with 205 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
flaschengeist/system/controller/accesTokenController.py
View File

@ -84,31 +84,28 @@ class AccesTokenController(metaclass=Singleton):
logger.debug("accesstoken is {{ {} }}".format(accToken))
return token
def isSameGroup(self, accToken, groups):
""" Verify group in AccessToken
Verify if the User in the AccesToken has the right group.
Args:
accToken: AccessToken to verify.
groups: Group to verify.
Returns:
A Bool. If the same then True else False
"""
debug.info("check accesstoken {{ {} }} has group {{ {} }}".format(accToken, groups))
for group in groups:
if group in accToken.user.group: return True
return False
def getAccessTokensFromUser(self, user):
return db.getAccessTokensFromUser(user)
return AccessToken.query.filter(AccessToken.user == user)
def deleteAccessToken(self, accToken):
db.session.delete(accToken)
def deleteAccessToken(self, accessToken):
if accessToken is isinstance(accessToken, AccessToken):
db.session.delete(accessToken)
else:
AccessToken.query.filter_by(token=accessToken).delete()
db.session.commit()
#AccessToken.query.filter_by(token=accToken).delete()
def updateAccessToken(self, accToken):
accToken.updateTimestamp()
return db.updateAccessToken(accToken)
def updateAccessToken(self, accessToken):
accessToken.updateTimestamp()
db.session.commit()
return accessToken
def clearExpired(self):
logger.debug("Clear expired AccessToken")
mightExpired = datetime.utcnow() - timedelta(seconds=self.lifetime)
tokens = AccessToken.query.filter(AccessToken.timestamp < mightExpired)
logger.debug(tokens)
for token in tokens:
if token.timestamp < datetime.utcnow() - timedelta(seconds=token.lifetime):
logger.debug("Delete token %s", token.token)
db.session.delete(token)
db.session.commit()

320
flaschengeist/system/controller/mainController/mainUserController.py
View File

@ -1,167 +1,11 @@
from flaschengeist.system.exceptions import UsernameExistLDAP, LDAPExcetpion, PermissionDenied
from flask import current_app
from flaschengeist.system.exceptions import PermissionDenied
from flaschengeist.system.models.user import User
from flaschengeist.system.database import db
from flask import Blueprint, current_app
from werkzeug.local import LocalProxy
logger = LocalProxy(lambda: current_app.logger)
from flaschengeist import logger
class Base:
def getAllStatus(self):
debug.info("get all status for user")
retVal = db.getAllStatus()
debug.debug("status are {{ {} }}".format(retVal))
return retVal
def getStatus(self, name):
debug.info("get status of user {{ {} }}".format(name))
retVal = db.getStatus(name)
debug.debug("status of user {{ {} }} is {{ {} }}".format(name, retVal))
return retVal
def setStatus(self, name):
debug.info("set status of user {{ {} }}".format(name))
retVal = db.setStatus(name)
debug.debug(
"settet status of user {{ {} }} is {{ {} }}".format(name, retVal))
return retVal
def deleteStatus(self, status):
debug.info("delete status {{ {} }}".format(status))
db.deleteStatus(status)
def updateStatus(self, status):
debug.info("update status {{ {} }}".format(status))
retVal = db.updateStatus(status)
debug.debug("updated status is {{ {} }}".format(retVal))
return retVal
def updateStatusOfUser(self, username, status):
debug.info("update status {{ {} }} of user {{ {} }}".format(
status, username))
retVal = db.updateStatusOfUser(username, status)
debug.debug(
"updatet status of user {{ {} }} is {{ {} }}".format(username, retVal))
return retVal
def updateVotingOfUser(self, username, voting):
debug.info("update voting {{ {} }} of user {{ {} }}".format(
voting, username))
retVal = db.updateVotingOfUser(username, voting)
debug.debug(
"updatet voting of user {{ {} }} is {{ {} }}".format(username, retVal))
return retVal
def lockUser(self, username, locked):
debug.info("lock user {{ {} }} for credit with status {{ {} }}".format(
username, locked))
user = self.getUser(username)
debug.debug("user is {{ {} }}".format(user))
user.updateData({'locked': locked})
db.updateUser(user)
retVal = self.getUser(username)
debug.debug("locked user is {{ {} }}".format(retVal))
return retVal
def updateConfig(self, username, data):
debug.info(
"update config of user {{ {} }} with config {{ {} }}".format(username, data))
user = self.getUser(username)
debug.debug("user is {{ {} }}".format(user))
user.updateData(data)
db.updateUser(user)
retVal = self.getUser(username)
debug.debug("updated config of user is {{ {} }}".format(retVal))
return retVal
def syncLdap(self):
debug.info('sync Users from Ldap')
ldap_users = ldap.getAllUser()
for user in ldap_users:
self.getUser(user['username'])
def getAllUsersfromDB(self, extern=True):
debug.info("get all users from database")
if (len(ldap.getAllUser()) != len(db.getAllUser())):
self.syncLdap()
users = db.getAllUser()
debug.debug("users are {{ {} }}".format(users))
for user in users:
try:
debug.debug("update data from ldap")
self.__updateDataFromLDAP(user)
except:
pass
debug.debug("update creditlists")
self.__updateGeruechte(user)
retVal = db.getAllUser(extern=extern)
debug.debug("all users are {{ {} }}".format(retVal))
return retVal
def getUser(self, username):
debug.info("get user {{ {} }}".format(username))
user = db.getUser(username)
debug.debug("user is {{ {} }}".format(user))
groups = ldap.getGroup(username)
debug.debug("groups are {{ {} }}".format(groups))
user_data = ldap.getUserData(username)
debug.debug("user data from ldap is {{ {} }}".format(user_data))
user_data['gruppe'] = groups
user_data['group'] = groups
if user is None:
debug.debug("user not exists in database -> insert into database")
user = User(user_data)
db.insertUser(user)
else:
debug.debug("update database with user")
user.updateData(user_data)
db.updateUser(user)
user = db.getUser(username)
self.__updateGeruechte(user)
debug.debug("user is {{ {} }}".format(user))
return user
def modifyUser(self, user, attributes, password):
debug.info("modify user {{ {} }} with attributes (can't show because here can be a password)".format(
user))
try:
ldap_conn = ldap.bind(user, password)
if attributes:
if 'username' in attributes:
debug.debug("change username, so change first in database")
db.changeUsername(user, attributes['username'])
ldap.modifyUser(user, ldap_conn, attributes)
if 'username' in attributes:
retVal = self.getUser(attributes['username'])
debug.debug("user is {{ {} }}".format(retVal))
return retVal
else:
retVal = self.getUser(user.uid)
debug.debug("user is {{ {} }}".format(retVal))
return retVal
return self.getUser(user.uid)
except UsernameExistLDAP as err:
debug.debug(
"username exists on ldap, rechange username on database", exc_info=True)
db.changeUsername(user, user.uid)
raise Exception(err)
except LDAPExcetpion as err:
if 'username' in attributes:
db.changeUsername(user, user.uid)
raise Exception(err)
except LDAPPasswordIsMandatoryError as err:
raise Exception('Password wurde nicht gesetzt!!')
except LDAPBindError as err:
raise Exception('Password ist falsch')
except Exception as err:
raise Exception(err)
def validateUser(self, username, password):
debug.info("validate user {{ {} }}".format(username))
ldap.login(username, password)
def loginUser(self, username, password):
logger.info("login user {{ {} }}".format(username))
user = User.query.filter_by(uid=username).first()
@ -169,6 +13,162 @@ class Base:
user = User(uid=username)
if current_app.config['FG_AUTH_BACKEND'].login(user, password):
db.session.add(user)
current_app.config['FG_AUTH_BACKEND'].updateUser(user)
db.session.commit()
return user
raise PermissionDenied()
#def getAllStatus(self):
#debug.info("get all status for user")
#retVal = db.getAllStatus()
#debug.debug("status are {{ {} }}".format(retVal))
#return retVal
#def getStatus(self, name):
#debug.info("get status of user {{ {} }}".format(name))
#retVal = db.getStatus(name)
#debug.debug("status of user {{ {} }} is {{ {} }}".format(name, retVal))
#return retVal
#def setStatus(self, name):
#debug.info("set status of user {{ {} }}".format(name))
#retVal = db.setStatus(name)
#debug.debug(
#"settet status of user {{ {} }} is {{ {} }}".format(name, retVal))
#return retVal
#def deleteStatus(self, status):
#debug.info("delete status {{ {} }}".format(status))
#db.deleteStatus(status)
#def updateStatus(self, status):
#debug.info("update status {{ {} }}".format(status))
#retVal = db.updateStatus(status)
#debug.debug("updated status is {{ {} }}".format(retVal))
#return retVal
#def updateStatusOfUser(self, username, status):
#debug.info("update status {{ {} }} of user {{ {} }}".format(
#status, username))
#retVal = db.updateStatusOfUser(username, status)
#debug.debug(
#"updatet status of user {{ {} }} is {{ {} }}".format(username, retVal))
#return retVal
#def updateVotingOfUser(self, username, voting):
#debug.info("update voting {{ {} }} of user {{ {} }}".format(
#voting, username))
#retVal = db.updateVotingOfUser(username, voting)
#debug.debug(
#"updatet voting of user {{ {} }} is {{ {} }}".format(username, retVal))
#return retVal
#def lockUser(self, username, locked):
#debug.info("lock user {{ {} }} for credit with status {{ {} }}".format(
#username, locked))
#user = self.getUser(username)
#debug.debug("user is {{ {} }}".format(user))
#user.updateData({'locked': locked})
#db.updateUser(user)
#retVal = self.getUser(username)
#debug.debug("locked user is {{ {} }}".format(retVal))
#return retVal
#def updateConfig(self, username, data):
#debug.info(
#"update config of user {{ {} }} with config {{ {} }}".format(username, data))
#user = self.getUser(username)
#debug.debug("user is {{ {} }}".format(user))
#user.updateData(data)
#db.updateUser(user)
#retVal = self.getUser(username)
#debug.debug("updated config of user is {{ {} }}".format(retVal))
#return retVal
#def syncLdap(self):
#debug.info('sync Users from Ldap')
#ldap_users = ldap.getAllUser()
#for user in ldap_users:
#self.getUser(user['username'])
#def getAllUsersfromDB(self, extern=True):
#debug.info("get all users from database")
#if (len(ldap.getAllUser()) != len(db.getAllUser())):
#self.syncLdap()
#users = db.getAllUser()
#debug.debug("users are {{ {} }}".format(users))
#for user in users:
#try:
#debug.debug("update data from ldap")
#self.__updateDataFromLDAP(user)
#except:
#pass
#debug.debug("update creditlists")
#self.__updateGeruechte(user)
#retVal = db.getAllUser(extern=extern)
#debug.debug("all users are {{ {} }}".format(retVal))
#return retVal
#def getUser(self, username):
#debug.info("get user {{ {} }}".format(username))
#user = db.getUser(username)
#debug.debug("user is {{ {} }}".format(user))
#groups = ldap.getGroup(username)
#debug.debug("groups are {{ {} }}".format(groups))
#user_data = ldap.getUserData(username)
#debug.debug("user data from ldap is {{ {} }}".format(user_data))
#user_data['gruppe'] = groups
#user_data['group'] = groups
#if user is None:
#debug.debug("user not exists in database -> insert into database")
#user = User(user_data)
#db.insertUser(user)
#else:
#debug.debug("update database with user")
#user.updateData(user_data)
#db.updateUser(user)
#user = db.getUser(username)
#self.__updateGeruechte(user)
#debug.debug("user is {{ {} }}".format(user))
#return user
#def modifyUser(self, user, attributes, password):
#debug.info("modify user {{ {} }} with attributes (can't show because here can be a password)".format(
#user))
#try:
#ldap_conn = ldap.bind(user, password)
#if attributes:
#if 'username' in attributes:
#debug.debug("change username, so change first in database")
#db.changeUsername(user, attributes['username'])
#ldap.modifyUser(user, ldap_conn, attributes)
#if 'username' in attributes:
#retVal = self.getUser(attributes['username'])
#debug.debug("user is {{ {} }}".format(retVal))
#return retVal
#else:
#retVal = self.getUser(user.uid)
#debug.debug("user is {{ {} }}".format(retVal))
#return retVal
#return self.getUser(user.uid)
#except UsernameExistLDAP as err:
#debug.debug(
#"username exists on ldap, rechange username on database", exc_info=True)
#db.changeUsername(user, user.uid)
#raise Exception(err)
#except LDAPExcetpion as err:
#if 'username' in attributes:
#db.changeUsername(user, user.uid)
#raise Exception(err)
#except LDAPPasswordIsMandatoryError as err:
#raise Exception('Password wurde nicht gesetzt!!')
#except LDAPBindError as err:
#raise Exception('Password ist falsch')
#except Exception as err:
#raise Exception(err)
#def validateUser(self, username, password):
#debug.info("validate user {{ {} }}".format(username))
#ldap.login(username, password)

30
flaschengeist/system/models/user.py
View File

@ -27,14 +27,26 @@ class User(db.Model):
__tablename__ = 'user'
id = db.Column(db.Integer, primary_key=True)
uid = db.Column(db.String(30))
displayname = db.Column(db.String(20))
firstname = db.Column(db.String(20))
lastname = db.Column(db.String(20))
mail = db.Column(db.String(20))
displayname = db.Column(db.String(30))
firstname = db.Column(db.String(30))
lastname = db.Column(db.String(30))
mail = db.Column(db.String(30))
groups = db.relationship("UserGroup", secondary=association_table)
sessions = db.relationship("AccessToken", back_populates="user")
attributes = db.relationship("UserAttribute", collection_class=attribute_mapped_collection('name'), cascade="all, delete")
def setAttribute(self, name, value):
if name in self.attributes:
self.attributes[name].value = value
else:
self.attributes[name] = UserAttribute(name=name, value=value)
def addGroup(self, name):
r = UserGroup.query.filter_by(name=name).first()
if not r:
r = UserGroup(name=name)
self.groups.append(r)
def updateData(self, data):
logger.debug("update data of user")
if 'uid' in data:
@ -50,12 +62,13 @@ class User(db.Model):
def toJSON(self):
return {
"uid": self.uid,
# TODO: username should be UID?
"username": self.uid,
"displayname": self.displayname,
"firstname": self.firstname,
"lastname": self.lastname,
"mail": self.mail,
"groups": self.groups
"groups": ["user"] + [g.name for g in self.groups]
}
@ -71,3 +84,8 @@ class UserGroup(db.Model):
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(30))
def toJSON(self):
return {
'name': self.name
}