diff --git a/flaschengeist/system/controller/accesTokenController.py b/flaschengeist/system/controller/accesTokenController.py index c6274be..c89b478 100644 --- a/flaschengeist/system/controller/accesTokenController.py +++ b/flaschengeist/system/controller/accesTokenController.py @@ -84,31 +84,28 @@ class AccesTokenController(metaclass=Singleton): logger.debug("accesstoken is {{ {} }}".format(accToken)) return token - def isSameGroup(self, accToken, groups): - """ Verify group in AccessToken - - Verify if the User in the AccesToken has the right group. - - Args: - accToken: AccessToken to verify. - groups: Group to verify. - - Returns: - A Bool. If the same then True else False - """ - debug.info("check accesstoken {{ {} }} has group {{ {} }}".format(accToken, groups)) - for group in groups: - if group in accToken.user.group: return True - return False - def getAccessTokensFromUser(self, user): - return db.getAccessTokensFromUser(user) + return AccessToken.query.filter(AccessToken.user == user) - def deleteAccessToken(self, accToken): - db.session.delete(accToken) + def deleteAccessToken(self, accessToken): + if accessToken is isinstance(accessToken, AccessToken): + db.session.delete(accessToken) + else: + AccessToken.query.filter_by(token=accessToken).delete() db.session.commit() - #AccessToken.query.filter_by(token=accToken).delete() - def updateAccessToken(self, accToken): - accToken.updateTimestamp() - return db.updateAccessToken(accToken) + def updateAccessToken(self, accessToken): + accessToken.updateTimestamp() + db.session.commit() + return accessToken + + def clearExpired(self): + logger.debug("Clear expired AccessToken") + mightExpired = datetime.utcnow() - timedelta(seconds=self.lifetime) + tokens = AccessToken.query.filter(AccessToken.timestamp < mightExpired) + logger.debug(tokens) + for token in tokens: + if token.timestamp < datetime.utcnow() - timedelta(seconds=token.lifetime): + logger.debug("Delete token %s", token.token) + db.session.delete(token) + db.session.commit() diff --git a/flaschengeist/system/controller/mainController/mainUserController.py b/flaschengeist/system/controller/mainController/mainUserController.py index d37cb6f..761c9ba 100644 --- a/flaschengeist/system/controller/mainController/mainUserController.py +++ b/flaschengeist/system/controller/mainController/mainUserController.py @@ -1,167 +1,11 @@ -from flaschengeist.system.exceptions import UsernameExistLDAP, LDAPExcetpion, PermissionDenied +from flask import current_app + +from flaschengeist.system.exceptions import PermissionDenied from flaschengeist.system.models.user import User from flaschengeist.system.database import db - -from flask import Blueprint, current_app -from werkzeug.local import LocalProxy -logger = LocalProxy(lambda: current_app.logger) +from flaschengeist import logger class Base: - def getAllStatus(self): - debug.info("get all status for user") - retVal = db.getAllStatus() - debug.debug("status are {{ {} }}".format(retVal)) - return retVal - - def getStatus(self, name): - debug.info("get status of user {{ {} }}".format(name)) - retVal = db.getStatus(name) - debug.debug("status of user {{ {} }} is {{ {} }}".format(name, retVal)) - return retVal - - def setStatus(self, name): - debug.info("set status of user {{ {} }}".format(name)) - retVal = db.setStatus(name) - debug.debug( - "settet status of user {{ {} }} is {{ {} }}".format(name, retVal)) - return retVal - - def deleteStatus(self, status): - debug.info("delete status {{ {} }}".format(status)) - db.deleteStatus(status) - - def updateStatus(self, status): - debug.info("update status {{ {} }}".format(status)) - retVal = db.updateStatus(status) - debug.debug("updated status is {{ {} }}".format(retVal)) - return retVal - - def updateStatusOfUser(self, username, status): - debug.info("update status {{ {} }} of user {{ {} }}".format( - status, username)) - retVal = db.updateStatusOfUser(username, status) - debug.debug( - "updatet status of user {{ {} }} is {{ {} }}".format(username, retVal)) - return retVal - - def updateVotingOfUser(self, username, voting): - debug.info("update voting {{ {} }} of user {{ {} }}".format( - voting, username)) - retVal = db.updateVotingOfUser(username, voting) - debug.debug( - "updatet voting of user {{ {} }} is {{ {} }}".format(username, retVal)) - return retVal - - def lockUser(self, username, locked): - debug.info("lock user {{ {} }} for credit with status {{ {} }}".format( - username, locked)) - user = self.getUser(username) - debug.debug("user is {{ {} }}".format(user)) - user.updateData({'locked': locked}) - db.updateUser(user) - retVal = self.getUser(username) - debug.debug("locked user is {{ {} }}".format(retVal)) - return retVal - - def updateConfig(self, username, data): - debug.info( - "update config of user {{ {} }} with config {{ {} }}".format(username, data)) - user = self.getUser(username) - debug.debug("user is {{ {} }}".format(user)) - user.updateData(data) - db.updateUser(user) - retVal = self.getUser(username) - debug.debug("updated config of user is {{ {} }}".format(retVal)) - return retVal - - def syncLdap(self): - debug.info('sync Users from Ldap') - ldap_users = ldap.getAllUser() - for user in ldap_users: - self.getUser(user['username']) - - def getAllUsersfromDB(self, extern=True): - debug.info("get all users from database") - if (len(ldap.getAllUser()) != len(db.getAllUser())): - self.syncLdap() - users = db.getAllUser() - debug.debug("users are {{ {} }}".format(users)) - for user in users: - try: - debug.debug("update data from ldap") - self.__updateDataFromLDAP(user) - except: - pass - debug.debug("update creditlists") - self.__updateGeruechte(user) - retVal = db.getAllUser(extern=extern) - debug.debug("all users are {{ {} }}".format(retVal)) - return retVal - - def getUser(self, username): - debug.info("get user {{ {} }}".format(username)) - user = db.getUser(username) - debug.debug("user is {{ {} }}".format(user)) - groups = ldap.getGroup(username) - debug.debug("groups are {{ {} }}".format(groups)) - user_data = ldap.getUserData(username) - debug.debug("user data from ldap is {{ {} }}".format(user_data)) - user_data['gruppe'] = groups - user_data['group'] = groups - if user is None: - debug.debug("user not exists in database -> insert into database") - user = User(user_data) - db.insertUser(user) - else: - debug.debug("update database with user") - user.updateData(user_data) - db.updateUser(user) - user = db.getUser(username) - self.__updateGeruechte(user) - debug.debug("user is {{ {} }}".format(user)) - return user - - def modifyUser(self, user, attributes, password): - debug.info("modify user {{ {} }} with attributes (can't show because here can be a password)".format( - user)) - - try: - ldap_conn = ldap.bind(user, password) - if attributes: - if 'username' in attributes: - debug.debug("change username, so change first in database") - db.changeUsername(user, attributes['username']) - ldap.modifyUser(user, ldap_conn, attributes) - if 'username' in attributes: - retVal = self.getUser(attributes['username']) - debug.debug("user is {{ {} }}".format(retVal)) - return retVal - else: - retVal = self.getUser(user.uid) - debug.debug("user is {{ {} }}".format(retVal)) - return retVal - return self.getUser(user.uid) - - except UsernameExistLDAP as err: - debug.debug( - "username exists on ldap, rechange username on database", exc_info=True) - db.changeUsername(user, user.uid) - raise Exception(err) - except LDAPExcetpion as err: - if 'username' in attributes: - db.changeUsername(user, user.uid) - raise Exception(err) - except LDAPPasswordIsMandatoryError as err: - raise Exception('Password wurde nicht gesetzt!!') - except LDAPBindError as err: - raise Exception('Password ist falsch') - except Exception as err: - raise Exception(err) - - def validateUser(self, username, password): - debug.info("validate user {{ {} }}".format(username)) - ldap.login(username, password) - def loginUser(self, username, password): logger.info("login user {{ {} }}".format(username)) user = User.query.filter_by(uid=username).first() @@ -169,6 +13,162 @@ class Base: user = User(uid=username) if current_app.config['FG_AUTH_BACKEND'].login(user, password): db.session.add(user) + current_app.config['FG_AUTH_BACKEND'].updateUser(user) db.session.commit() return user raise PermissionDenied() + + #def getAllStatus(self): + #debug.info("get all status for user") + #retVal = db.getAllStatus() + #debug.debug("status are {{ {} }}".format(retVal)) + #return retVal + + #def getStatus(self, name): + #debug.info("get status of user {{ {} }}".format(name)) + #retVal = db.getStatus(name) + #debug.debug("status of user {{ {} }} is {{ {} }}".format(name, retVal)) + #return retVal + + #def setStatus(self, name): + #debug.info("set status of user {{ {} }}".format(name)) + #retVal = db.setStatus(name) + #debug.debug( + #"settet status of user {{ {} }} is {{ {} }}".format(name, retVal)) + #return retVal + + #def deleteStatus(self, status): + #debug.info("delete status {{ {} }}".format(status)) + #db.deleteStatus(status) + + #def updateStatus(self, status): + #debug.info("update status {{ {} }}".format(status)) + #retVal = db.updateStatus(status) + #debug.debug("updated status is {{ {} }}".format(retVal)) + #return retVal + + #def updateStatusOfUser(self, username, status): + #debug.info("update status {{ {} }} of user {{ {} }}".format( + #status, username)) + #retVal = db.updateStatusOfUser(username, status) + #debug.debug( + #"updatet status of user {{ {} }} is {{ {} }}".format(username, retVal)) + #return retVal + + #def updateVotingOfUser(self, username, voting): + #debug.info("update voting {{ {} }} of user {{ {} }}".format( + #voting, username)) + #retVal = db.updateVotingOfUser(username, voting) + #debug.debug( + #"updatet voting of user {{ {} }} is {{ {} }}".format(username, retVal)) + #return retVal + + #def lockUser(self, username, locked): + #debug.info("lock user {{ {} }} for credit with status {{ {} }}".format( + #username, locked)) + #user = self.getUser(username) + #debug.debug("user is {{ {} }}".format(user)) + #user.updateData({'locked': locked}) + #db.updateUser(user) + #retVal = self.getUser(username) + #debug.debug("locked user is {{ {} }}".format(retVal)) + #return retVal + + #def updateConfig(self, username, data): + #debug.info( + #"update config of user {{ {} }} with config {{ {} }}".format(username, data)) + #user = self.getUser(username) + #debug.debug("user is {{ {} }}".format(user)) + #user.updateData(data) + #db.updateUser(user) + #retVal = self.getUser(username) + #debug.debug("updated config of user is {{ {} }}".format(retVal)) + #return retVal + + #def syncLdap(self): + #debug.info('sync Users from Ldap') + #ldap_users = ldap.getAllUser() + #for user in ldap_users: + #self.getUser(user['username']) + + #def getAllUsersfromDB(self, extern=True): + #debug.info("get all users from database") + #if (len(ldap.getAllUser()) != len(db.getAllUser())): + #self.syncLdap() + #users = db.getAllUser() + #debug.debug("users are {{ {} }}".format(users)) + #for user in users: + #try: + #debug.debug("update data from ldap") + #self.__updateDataFromLDAP(user) + #except: + #pass + #debug.debug("update creditlists") + #self.__updateGeruechte(user) + #retVal = db.getAllUser(extern=extern) + #debug.debug("all users are {{ {} }}".format(retVal)) + #return retVal + + #def getUser(self, username): + #debug.info("get user {{ {} }}".format(username)) + #user = db.getUser(username) + #debug.debug("user is {{ {} }}".format(user)) + #groups = ldap.getGroup(username) + #debug.debug("groups are {{ {} }}".format(groups)) + #user_data = ldap.getUserData(username) + #debug.debug("user data from ldap is {{ {} }}".format(user_data)) + #user_data['gruppe'] = groups + #user_data['group'] = groups + #if user is None: + #debug.debug("user not exists in database -> insert into database") + #user = User(user_data) + #db.insertUser(user) + #else: + #debug.debug("update database with user") + #user.updateData(user_data) + #db.updateUser(user) + #user = db.getUser(username) + #self.__updateGeruechte(user) + #debug.debug("user is {{ {} }}".format(user)) + #return user + + #def modifyUser(self, user, attributes, password): + #debug.info("modify user {{ {} }} with attributes (can't show because here can be a password)".format( + #user)) + + #try: + #ldap_conn = ldap.bind(user, password) + #if attributes: + #if 'username' in attributes: + #debug.debug("change username, so change first in database") + #db.changeUsername(user, attributes['username']) + #ldap.modifyUser(user, ldap_conn, attributes) + #if 'username' in attributes: + #retVal = self.getUser(attributes['username']) + #debug.debug("user is {{ {} }}".format(retVal)) + #return retVal + #else: + #retVal = self.getUser(user.uid) + #debug.debug("user is {{ {} }}".format(retVal)) + #return retVal + #return self.getUser(user.uid) + + #except UsernameExistLDAP as err: + #debug.debug( + #"username exists on ldap, rechange username on database", exc_info=True) + #db.changeUsername(user, user.uid) + #raise Exception(err) + #except LDAPExcetpion as err: + #if 'username' in attributes: + #db.changeUsername(user, user.uid) + #raise Exception(err) + #except LDAPPasswordIsMandatoryError as err: + #raise Exception('Password wurde nicht gesetzt!!') + #except LDAPBindError as err: + #raise Exception('Password ist falsch') + #except Exception as err: + #raise Exception(err) + + #def validateUser(self, username, password): + #debug.info("validate user {{ {} }}".format(username)) + #ldap.login(username, password) diff --git a/flaschengeist/system/models/user.py b/flaschengeist/system/models/user.py index 17d2ad3..f517ae4 100644 --- a/flaschengeist/system/models/user.py +++ b/flaschengeist/system/models/user.py @@ -27,14 +27,26 @@ class User(db.Model): __tablename__ = 'user' id = db.Column(db.Integer, primary_key=True) uid = db.Column(db.String(30)) - displayname = db.Column(db.String(20)) - firstname = db.Column(db.String(20)) - lastname = db.Column(db.String(20)) - mail = db.Column(db.String(20)) + displayname = db.Column(db.String(30)) + firstname = db.Column(db.String(30)) + lastname = db.Column(db.String(30)) + mail = db.Column(db.String(30)) groups = db.relationship("UserGroup", secondary=association_table) sessions = db.relationship("AccessToken", back_populates="user") attributes = db.relationship("UserAttribute", collection_class=attribute_mapped_collection('name'), cascade="all, delete") + def setAttribute(self, name, value): + if name in self.attributes: + self.attributes[name].value = value + else: + self.attributes[name] = UserAttribute(name=name, value=value) + + def addGroup(self, name): + r = UserGroup.query.filter_by(name=name).first() + if not r: + r = UserGroup(name=name) + self.groups.append(r) + def updateData(self, data): logger.debug("update data of user") if 'uid' in data: @@ -50,12 +62,13 @@ class User(db.Model): def toJSON(self): return { - "uid": self.uid, + # TODO: username should be UID? + "username": self.uid, "displayname": self.displayname, "firstname": self.firstname, "lastname": self.lastname, "mail": self.mail, - "groups": self.groups + "groups": ["user"] + [g.name for g in self.groups] } @@ -71,3 +84,8 @@ class UserGroup(db.Model): id = db.Column(db.Integer, primary_key=True) name = db.Column(db.String(30)) + def toJSON(self): + return { + 'name': self.name + } +