Fixed main- and accessToken Controller to work with pluginify
This commit is contained in:
parent
bbee163954
commit
7d8fa4f630
|
@ -84,31 +84,28 @@ class AccesTokenController(metaclass=Singleton):
|
||||||
logger.debug("accesstoken is {{ {} }}".format(accToken))
|
logger.debug("accesstoken is {{ {} }}".format(accToken))
|
||||||
return token
|
return token
|
||||||
|
|
||||||
def isSameGroup(self, accToken, groups):
|
|
||||||
""" Verify group in AccessToken
|
|
||||||
|
|
||||||
Verify if the User in the AccesToken has the right group.
|
|
||||||
|
|
||||||
Args:
|
|
||||||
accToken: AccessToken to verify.
|
|
||||||
groups: Group to verify.
|
|
||||||
|
|
||||||
Returns:
|
|
||||||
A Bool. If the same then True else False
|
|
||||||
"""
|
|
||||||
debug.info("check accesstoken {{ {} }} has group {{ {} }}".format(accToken, groups))
|
|
||||||
for group in groups:
|
|
||||||
if group in accToken.user.group: return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
def getAccessTokensFromUser(self, user):
|
def getAccessTokensFromUser(self, user):
|
||||||
return db.getAccessTokensFromUser(user)
|
return AccessToken.query.filter(AccessToken.user == user)
|
||||||
|
|
||||||
def deleteAccessToken(self, accToken):
|
def deleteAccessToken(self, accessToken):
|
||||||
db.session.delete(accToken)
|
if accessToken is isinstance(accessToken, AccessToken):
|
||||||
|
db.session.delete(accessToken)
|
||||||
|
else:
|
||||||
|
AccessToken.query.filter_by(token=accessToken).delete()
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
#AccessToken.query.filter_by(token=accToken).delete()
|
|
||||||
|
|
||||||
def updateAccessToken(self, accToken):
|
def updateAccessToken(self, accessToken):
|
||||||
accToken.updateTimestamp()
|
accessToken.updateTimestamp()
|
||||||
return db.updateAccessToken(accToken)
|
db.session.commit()
|
||||||
|
return accessToken
|
||||||
|
|
||||||
|
def clearExpired(self):
|
||||||
|
logger.debug("Clear expired AccessToken")
|
||||||
|
mightExpired = datetime.utcnow() - timedelta(seconds=self.lifetime)
|
||||||
|
tokens = AccessToken.query.filter(AccessToken.timestamp < mightExpired)
|
||||||
|
logger.debug(tokens)
|
||||||
|
for token in tokens:
|
||||||
|
if token.timestamp < datetime.utcnow() - timedelta(seconds=token.lifetime):
|
||||||
|
logger.debug("Delete token %s", token.token)
|
||||||
|
db.session.delete(token)
|
||||||
|
db.session.commit()
|
||||||
|
|
|
@ -1,167 +1,11 @@
|
||||||
from flaschengeist.system.exceptions import UsernameExistLDAP, LDAPExcetpion, PermissionDenied
|
from flask import current_app
|
||||||
|
|
||||||
|
from flaschengeist.system.exceptions import PermissionDenied
|
||||||
from flaschengeist.system.models.user import User
|
from flaschengeist.system.models.user import User
|
||||||
from flaschengeist.system.database import db
|
from flaschengeist.system.database import db
|
||||||
|
from flaschengeist import logger
|
||||||
from flask import Blueprint, current_app
|
|
||||||
from werkzeug.local import LocalProxy
|
|
||||||
logger = LocalProxy(lambda: current_app.logger)
|
|
||||||
|
|
||||||
class Base:
|
class Base:
|
||||||
def getAllStatus(self):
|
|
||||||
debug.info("get all status for user")
|
|
||||||
retVal = db.getAllStatus()
|
|
||||||
debug.debug("status are {{ {} }}".format(retVal))
|
|
||||||
return retVal
|
|
||||||
|
|
||||||
def getStatus(self, name):
|
|
||||||
debug.info("get status of user {{ {} }}".format(name))
|
|
||||||
retVal = db.getStatus(name)
|
|
||||||
debug.debug("status of user {{ {} }} is {{ {} }}".format(name, retVal))
|
|
||||||
return retVal
|
|
||||||
|
|
||||||
def setStatus(self, name):
|
|
||||||
debug.info("set status of user {{ {} }}".format(name))
|
|
||||||
retVal = db.setStatus(name)
|
|
||||||
debug.debug(
|
|
||||||
"settet status of user {{ {} }} is {{ {} }}".format(name, retVal))
|
|
||||||
return retVal
|
|
||||||
|
|
||||||
def deleteStatus(self, status):
|
|
||||||
debug.info("delete status {{ {} }}".format(status))
|
|
||||||
db.deleteStatus(status)
|
|
||||||
|
|
||||||
def updateStatus(self, status):
|
|
||||||
debug.info("update status {{ {} }}".format(status))
|
|
||||||
retVal = db.updateStatus(status)
|
|
||||||
debug.debug("updated status is {{ {} }}".format(retVal))
|
|
||||||
return retVal
|
|
||||||
|
|
||||||
def updateStatusOfUser(self, username, status):
|
|
||||||
debug.info("update status {{ {} }} of user {{ {} }}".format(
|
|
||||||
status, username))
|
|
||||||
retVal = db.updateStatusOfUser(username, status)
|
|
||||||
debug.debug(
|
|
||||||
"updatet status of user {{ {} }} is {{ {} }}".format(username, retVal))
|
|
||||||
return retVal
|
|
||||||
|
|
||||||
def updateVotingOfUser(self, username, voting):
|
|
||||||
debug.info("update voting {{ {} }} of user {{ {} }}".format(
|
|
||||||
voting, username))
|
|
||||||
retVal = db.updateVotingOfUser(username, voting)
|
|
||||||
debug.debug(
|
|
||||||
"updatet voting of user {{ {} }} is {{ {} }}".format(username, retVal))
|
|
||||||
return retVal
|
|
||||||
|
|
||||||
def lockUser(self, username, locked):
|
|
||||||
debug.info("lock user {{ {} }} for credit with status {{ {} }}".format(
|
|
||||||
username, locked))
|
|
||||||
user = self.getUser(username)
|
|
||||||
debug.debug("user is {{ {} }}".format(user))
|
|
||||||
user.updateData({'locked': locked})
|
|
||||||
db.updateUser(user)
|
|
||||||
retVal = self.getUser(username)
|
|
||||||
debug.debug("locked user is {{ {} }}".format(retVal))
|
|
||||||
return retVal
|
|
||||||
|
|
||||||
def updateConfig(self, username, data):
|
|
||||||
debug.info(
|
|
||||||
"update config of user {{ {} }} with config {{ {} }}".format(username, data))
|
|
||||||
user = self.getUser(username)
|
|
||||||
debug.debug("user is {{ {} }}".format(user))
|
|
||||||
user.updateData(data)
|
|
||||||
db.updateUser(user)
|
|
||||||
retVal = self.getUser(username)
|
|
||||||
debug.debug("updated config of user is {{ {} }}".format(retVal))
|
|
||||||
return retVal
|
|
||||||
|
|
||||||
def syncLdap(self):
|
|
||||||
debug.info('sync Users from Ldap')
|
|
||||||
ldap_users = ldap.getAllUser()
|
|
||||||
for user in ldap_users:
|
|
||||||
self.getUser(user['username'])
|
|
||||||
|
|
||||||
def getAllUsersfromDB(self, extern=True):
|
|
||||||
debug.info("get all users from database")
|
|
||||||
if (len(ldap.getAllUser()) != len(db.getAllUser())):
|
|
||||||
self.syncLdap()
|
|
||||||
users = db.getAllUser()
|
|
||||||
debug.debug("users are {{ {} }}".format(users))
|
|
||||||
for user in users:
|
|
||||||
try:
|
|
||||||
debug.debug("update data from ldap")
|
|
||||||
self.__updateDataFromLDAP(user)
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
debug.debug("update creditlists")
|
|
||||||
self.__updateGeruechte(user)
|
|
||||||
retVal = db.getAllUser(extern=extern)
|
|
||||||
debug.debug("all users are {{ {} }}".format(retVal))
|
|
||||||
return retVal
|
|
||||||
|
|
||||||
def getUser(self, username):
|
|
||||||
debug.info("get user {{ {} }}".format(username))
|
|
||||||
user = db.getUser(username)
|
|
||||||
debug.debug("user is {{ {} }}".format(user))
|
|
||||||
groups = ldap.getGroup(username)
|
|
||||||
debug.debug("groups are {{ {} }}".format(groups))
|
|
||||||
user_data = ldap.getUserData(username)
|
|
||||||
debug.debug("user data from ldap is {{ {} }}".format(user_data))
|
|
||||||
user_data['gruppe'] = groups
|
|
||||||
user_data['group'] = groups
|
|
||||||
if user is None:
|
|
||||||
debug.debug("user not exists in database -> insert into database")
|
|
||||||
user = User(user_data)
|
|
||||||
db.insertUser(user)
|
|
||||||
else:
|
|
||||||
debug.debug("update database with user")
|
|
||||||
user.updateData(user_data)
|
|
||||||
db.updateUser(user)
|
|
||||||
user = db.getUser(username)
|
|
||||||
self.__updateGeruechte(user)
|
|
||||||
debug.debug("user is {{ {} }}".format(user))
|
|
||||||
return user
|
|
||||||
|
|
||||||
def modifyUser(self, user, attributes, password):
|
|
||||||
debug.info("modify user {{ {} }} with attributes (can't show because here can be a password)".format(
|
|
||||||
user))
|
|
||||||
|
|
||||||
try:
|
|
||||||
ldap_conn = ldap.bind(user, password)
|
|
||||||
if attributes:
|
|
||||||
if 'username' in attributes:
|
|
||||||
debug.debug("change username, so change first in database")
|
|
||||||
db.changeUsername(user, attributes['username'])
|
|
||||||
ldap.modifyUser(user, ldap_conn, attributes)
|
|
||||||
if 'username' in attributes:
|
|
||||||
retVal = self.getUser(attributes['username'])
|
|
||||||
debug.debug("user is {{ {} }}".format(retVal))
|
|
||||||
return retVal
|
|
||||||
else:
|
|
||||||
retVal = self.getUser(user.uid)
|
|
||||||
debug.debug("user is {{ {} }}".format(retVal))
|
|
||||||
return retVal
|
|
||||||
return self.getUser(user.uid)
|
|
||||||
|
|
||||||
except UsernameExistLDAP as err:
|
|
||||||
debug.debug(
|
|
||||||
"username exists on ldap, rechange username on database", exc_info=True)
|
|
||||||
db.changeUsername(user, user.uid)
|
|
||||||
raise Exception(err)
|
|
||||||
except LDAPExcetpion as err:
|
|
||||||
if 'username' in attributes:
|
|
||||||
db.changeUsername(user, user.uid)
|
|
||||||
raise Exception(err)
|
|
||||||
except LDAPPasswordIsMandatoryError as err:
|
|
||||||
raise Exception('Password wurde nicht gesetzt!!')
|
|
||||||
except LDAPBindError as err:
|
|
||||||
raise Exception('Password ist falsch')
|
|
||||||
except Exception as err:
|
|
||||||
raise Exception(err)
|
|
||||||
|
|
||||||
def validateUser(self, username, password):
|
|
||||||
debug.info("validate user {{ {} }}".format(username))
|
|
||||||
ldap.login(username, password)
|
|
||||||
|
|
||||||
def loginUser(self, username, password):
|
def loginUser(self, username, password):
|
||||||
logger.info("login user {{ {} }}".format(username))
|
logger.info("login user {{ {} }}".format(username))
|
||||||
user = User.query.filter_by(uid=username).first()
|
user = User.query.filter_by(uid=username).first()
|
||||||
|
@ -169,6 +13,162 @@ class Base:
|
||||||
user = User(uid=username)
|
user = User(uid=username)
|
||||||
if current_app.config['FG_AUTH_BACKEND'].login(user, password):
|
if current_app.config['FG_AUTH_BACKEND'].login(user, password):
|
||||||
db.session.add(user)
|
db.session.add(user)
|
||||||
|
current_app.config['FG_AUTH_BACKEND'].updateUser(user)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
return user
|
return user
|
||||||
raise PermissionDenied()
|
raise PermissionDenied()
|
||||||
|
|
||||||
|
#def getAllStatus(self):
|
||||||
|
#debug.info("get all status for user")
|
||||||
|
#retVal = db.getAllStatus()
|
||||||
|
#debug.debug("status are {{ {} }}".format(retVal))
|
||||||
|
#return retVal
|
||||||
|
|
||||||
|
#def getStatus(self, name):
|
||||||
|
#debug.info("get status of user {{ {} }}".format(name))
|
||||||
|
#retVal = db.getStatus(name)
|
||||||
|
#debug.debug("status of user {{ {} }} is {{ {} }}".format(name, retVal))
|
||||||
|
#return retVal
|
||||||
|
|
||||||
|
#def setStatus(self, name):
|
||||||
|
#debug.info("set status of user {{ {} }}".format(name))
|
||||||
|
#retVal = db.setStatus(name)
|
||||||
|
#debug.debug(
|
||||||
|
#"settet status of user {{ {} }} is {{ {} }}".format(name, retVal))
|
||||||
|
#return retVal
|
||||||
|
|
||||||
|
#def deleteStatus(self, status):
|
||||||
|
#debug.info("delete status {{ {} }}".format(status))
|
||||||
|
#db.deleteStatus(status)
|
||||||
|
|
||||||
|
#def updateStatus(self, status):
|
||||||
|
#debug.info("update status {{ {} }}".format(status))
|
||||||
|
#retVal = db.updateStatus(status)
|
||||||
|
#debug.debug("updated status is {{ {} }}".format(retVal))
|
||||||
|
#return retVal
|
||||||
|
|
||||||
|
#def updateStatusOfUser(self, username, status):
|
||||||
|
#debug.info("update status {{ {} }} of user {{ {} }}".format(
|
||||||
|
#status, username))
|
||||||
|
#retVal = db.updateStatusOfUser(username, status)
|
||||||
|
#debug.debug(
|
||||||
|
#"updatet status of user {{ {} }} is {{ {} }}".format(username, retVal))
|
||||||
|
#return retVal
|
||||||
|
|
||||||
|
#def updateVotingOfUser(self, username, voting):
|
||||||
|
#debug.info("update voting {{ {} }} of user {{ {} }}".format(
|
||||||
|
#voting, username))
|
||||||
|
#retVal = db.updateVotingOfUser(username, voting)
|
||||||
|
#debug.debug(
|
||||||
|
#"updatet voting of user {{ {} }} is {{ {} }}".format(username, retVal))
|
||||||
|
#return retVal
|
||||||
|
|
||||||
|
#def lockUser(self, username, locked):
|
||||||
|
#debug.info("lock user {{ {} }} for credit with status {{ {} }}".format(
|
||||||
|
#username, locked))
|
||||||
|
#user = self.getUser(username)
|
||||||
|
#debug.debug("user is {{ {} }}".format(user))
|
||||||
|
#user.updateData({'locked': locked})
|
||||||
|
#db.updateUser(user)
|
||||||
|
#retVal = self.getUser(username)
|
||||||
|
#debug.debug("locked user is {{ {} }}".format(retVal))
|
||||||
|
#return retVal
|
||||||
|
|
||||||
|
#def updateConfig(self, username, data):
|
||||||
|
#debug.info(
|
||||||
|
#"update config of user {{ {} }} with config {{ {} }}".format(username, data))
|
||||||
|
#user = self.getUser(username)
|
||||||
|
#debug.debug("user is {{ {} }}".format(user))
|
||||||
|
#user.updateData(data)
|
||||||
|
#db.updateUser(user)
|
||||||
|
#retVal = self.getUser(username)
|
||||||
|
#debug.debug("updated config of user is {{ {} }}".format(retVal))
|
||||||
|
#return retVal
|
||||||
|
|
||||||
|
#def syncLdap(self):
|
||||||
|
#debug.info('sync Users from Ldap')
|
||||||
|
#ldap_users = ldap.getAllUser()
|
||||||
|
#for user in ldap_users:
|
||||||
|
#self.getUser(user['username'])
|
||||||
|
|
||||||
|
#def getAllUsersfromDB(self, extern=True):
|
||||||
|
#debug.info("get all users from database")
|
||||||
|
#if (len(ldap.getAllUser()) != len(db.getAllUser())):
|
||||||
|
#self.syncLdap()
|
||||||
|
#users = db.getAllUser()
|
||||||
|
#debug.debug("users are {{ {} }}".format(users))
|
||||||
|
#for user in users:
|
||||||
|
#try:
|
||||||
|
#debug.debug("update data from ldap")
|
||||||
|
#self.__updateDataFromLDAP(user)
|
||||||
|
#except:
|
||||||
|
#pass
|
||||||
|
#debug.debug("update creditlists")
|
||||||
|
#self.__updateGeruechte(user)
|
||||||
|
#retVal = db.getAllUser(extern=extern)
|
||||||
|
#debug.debug("all users are {{ {} }}".format(retVal))
|
||||||
|
#return retVal
|
||||||
|
|
||||||
|
#def getUser(self, username):
|
||||||
|
#debug.info("get user {{ {} }}".format(username))
|
||||||
|
#user = db.getUser(username)
|
||||||
|
#debug.debug("user is {{ {} }}".format(user))
|
||||||
|
#groups = ldap.getGroup(username)
|
||||||
|
#debug.debug("groups are {{ {} }}".format(groups))
|
||||||
|
#user_data = ldap.getUserData(username)
|
||||||
|
#debug.debug("user data from ldap is {{ {} }}".format(user_data))
|
||||||
|
#user_data['gruppe'] = groups
|
||||||
|
#user_data['group'] = groups
|
||||||
|
#if user is None:
|
||||||
|
#debug.debug("user not exists in database -> insert into database")
|
||||||
|
#user = User(user_data)
|
||||||
|
#db.insertUser(user)
|
||||||
|
#else:
|
||||||
|
#debug.debug("update database with user")
|
||||||
|
#user.updateData(user_data)
|
||||||
|
#db.updateUser(user)
|
||||||
|
#user = db.getUser(username)
|
||||||
|
#self.__updateGeruechte(user)
|
||||||
|
#debug.debug("user is {{ {} }}".format(user))
|
||||||
|
#return user
|
||||||
|
|
||||||
|
#def modifyUser(self, user, attributes, password):
|
||||||
|
#debug.info("modify user {{ {} }} with attributes (can't show because here can be a password)".format(
|
||||||
|
#user))
|
||||||
|
|
||||||
|
#try:
|
||||||
|
#ldap_conn = ldap.bind(user, password)
|
||||||
|
#if attributes:
|
||||||
|
#if 'username' in attributes:
|
||||||
|
#debug.debug("change username, so change first in database")
|
||||||
|
#db.changeUsername(user, attributes['username'])
|
||||||
|
#ldap.modifyUser(user, ldap_conn, attributes)
|
||||||
|
#if 'username' in attributes:
|
||||||
|
#retVal = self.getUser(attributes['username'])
|
||||||
|
#debug.debug("user is {{ {} }}".format(retVal))
|
||||||
|
#return retVal
|
||||||
|
#else:
|
||||||
|
#retVal = self.getUser(user.uid)
|
||||||
|
#debug.debug("user is {{ {} }}".format(retVal))
|
||||||
|
#return retVal
|
||||||
|
#return self.getUser(user.uid)
|
||||||
|
|
||||||
|
#except UsernameExistLDAP as err:
|
||||||
|
#debug.debug(
|
||||||
|
#"username exists on ldap, rechange username on database", exc_info=True)
|
||||||
|
#db.changeUsername(user, user.uid)
|
||||||
|
#raise Exception(err)
|
||||||
|
#except LDAPExcetpion as err:
|
||||||
|
#if 'username' in attributes:
|
||||||
|
#db.changeUsername(user, user.uid)
|
||||||
|
#raise Exception(err)
|
||||||
|
#except LDAPPasswordIsMandatoryError as err:
|
||||||
|
#raise Exception('Password wurde nicht gesetzt!!')
|
||||||
|
#except LDAPBindError as err:
|
||||||
|
#raise Exception('Password ist falsch')
|
||||||
|
#except Exception as err:
|
||||||
|
#raise Exception(err)
|
||||||
|
|
||||||
|
#def validateUser(self, username, password):
|
||||||
|
#debug.info("validate user {{ {} }}".format(username))
|
||||||
|
#ldap.login(username, password)
|
||||||
|
|
|
@ -27,14 +27,26 @@ class User(db.Model):
|
||||||
__tablename__ = 'user'
|
__tablename__ = 'user'
|
||||||
id = db.Column(db.Integer, primary_key=True)
|
id = db.Column(db.Integer, primary_key=True)
|
||||||
uid = db.Column(db.String(30))
|
uid = db.Column(db.String(30))
|
||||||
displayname = db.Column(db.String(20))
|
displayname = db.Column(db.String(30))
|
||||||
firstname = db.Column(db.String(20))
|
firstname = db.Column(db.String(30))
|
||||||
lastname = db.Column(db.String(20))
|
lastname = db.Column(db.String(30))
|
||||||
mail = db.Column(db.String(20))
|
mail = db.Column(db.String(30))
|
||||||
groups = db.relationship("UserGroup", secondary=association_table)
|
groups = db.relationship("UserGroup", secondary=association_table)
|
||||||
sessions = db.relationship("AccessToken", back_populates="user")
|
sessions = db.relationship("AccessToken", back_populates="user")
|
||||||
attributes = db.relationship("UserAttribute", collection_class=attribute_mapped_collection('name'), cascade="all, delete")
|
attributes = db.relationship("UserAttribute", collection_class=attribute_mapped_collection('name'), cascade="all, delete")
|
||||||
|
|
||||||
|
def setAttribute(self, name, value):
|
||||||
|
if name in self.attributes:
|
||||||
|
self.attributes[name].value = value
|
||||||
|
else:
|
||||||
|
self.attributes[name] = UserAttribute(name=name, value=value)
|
||||||
|
|
||||||
|
def addGroup(self, name):
|
||||||
|
r = UserGroup.query.filter_by(name=name).first()
|
||||||
|
if not r:
|
||||||
|
r = UserGroup(name=name)
|
||||||
|
self.groups.append(r)
|
||||||
|
|
||||||
def updateData(self, data):
|
def updateData(self, data):
|
||||||
logger.debug("update data of user")
|
logger.debug("update data of user")
|
||||||
if 'uid' in data:
|
if 'uid' in data:
|
||||||
|
@ -50,12 +62,13 @@ class User(db.Model):
|
||||||
|
|
||||||
def toJSON(self):
|
def toJSON(self):
|
||||||
return {
|
return {
|
||||||
"uid": self.uid,
|
# TODO: username should be UID?
|
||||||
|
"username": self.uid,
|
||||||
"displayname": self.displayname,
|
"displayname": self.displayname,
|
||||||
"firstname": self.firstname,
|
"firstname": self.firstname,
|
||||||
"lastname": self.lastname,
|
"lastname": self.lastname,
|
||||||
"mail": self.mail,
|
"mail": self.mail,
|
||||||
"groups": self.groups
|
"groups": ["user"] + [g.name for g in self.groups]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -71,3 +84,8 @@ class UserGroup(db.Model):
|
||||||
id = db.Column(db.Integer, primary_key=True)
|
id = db.Column(db.Integer, primary_key=True)
|
||||||
name = db.Column(db.String(30))
|
name = db.Column(db.String(30))
|
||||||
|
|
||||||
|
def toJSON(self):
|
||||||
|
return {
|
||||||
|
'name': self.name
|
||||||
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue