From e8fc6c64b9fa774db70e69b9d77ad16f616745a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Thu, 19 Dec 2019 08:12:29 +0100 Subject: [PATCH 1/6] mysql adapter and ldap adapter start adapetr for mysql not sqllite authenfication with ldap problem.. ldap and db is initialize in __init__.py when you initialize db, you initialize User and that requires ldap from __init__.py. But ldap is not initialize. if you initialize ldap, you initialize User and that requires db from __init__.py. But db is not initialize. --- geruecht/__init__.py | 34 ++++++++--- geruecht/controller/accesTokenController.py | 22 +++---- geruecht/controller/databaseController.py | 68 +++++++++++++++++++++ geruecht/controller/ldapController.py | 56 +++++++++++++++++ geruecht/model/creditList.py | 5 +- geruecht/model/user.py | 47 ++++++++------ geruecht/routes.py | 23 ++++++- 7 files changed, 208 insertions(+), 47 deletions(-) create mode 100644 geruecht/controller/databaseController.py create mode 100644 geruecht/controller/ldapController.py diff --git a/geruecht/__init__.py b/geruecht/__init__.py index 2e93a13..09d744b 100644 --- a/geruecht/__init__.py +++ b/geruecht/__init__.py @@ -8,6 +8,11 @@ import logging from logging.handlers import WatchedFileHandler import sys +MONEY = "moneymaster" +GASTRO = "gastro" +USER = "user" +BAR = "bar" + FORMATTER = logging.Formatter("%(asctime)s — %(name)s — %(levelname)s — %(message)s") logFileHandler = WatchedFileHandler("testlog.log") @@ -29,6 +34,18 @@ def getLogger(logger_name): LOGGER = getLogger(__name__) LOGGER.info("Initialize App") +class Singleton(type): + _instances = {} + def __call__(cls, *args, **kwargs): + if cls not in cls._instances: + cls._instances[cls] = super(Singleton, cls).__call__(*args, **kwargs) + return cls._instances[cls] +from .controller.databaseController import DatabaseController +db = DatabaseController() +from .controller.ldapController import LDAPController +ldapController = LDAPController() + + from flask import Flask from flask_sqlalchemy import SQLAlchemy from flask_bcrypt import Bcrypt @@ -41,7 +58,7 @@ app = Flask(__name__) CORS(app) # app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29' app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///site.db' -db = SQLAlchemy(app) +#db = SQLAlchemy(app) bcrypt = Bcrypt(app) accesTokenController = AccesTokenController("GERUECHT") accesTokenController.start() @@ -49,16 +66,13 @@ accesTokenController.start() # login_manager.login_view = 'login' # login_manager.login_message_category = 'info' -MONEY = "moneymaster" -GASTRO = "gastro" -USER = "user" -BAR = "bar" + from geruecht import routes -from geruecht.baruser.routes import baruser -from geruecht.finanzer.routes import finanzer +#from geruecht.baruser.routes import baruser +#from geruecht.finanzer.routes import finanzer -LOGGER.info("Registrate bluebrints") -app.register_blueprint(baruser) -app.register_blueprint(finanzer) +#LOGGER.info("Registrate bluebrints") +#app.register_blueprint(baruser) +#app.register_blueprint(finanzer) diff --git a/geruecht/controller/accesTokenController.py b/geruecht/controller/accesTokenController.py index 93e7e32..c8594e1 100644 --- a/geruecht/controller/accesTokenController.py +++ b/geruecht/controller/accesTokenController.py @@ -6,8 +6,9 @@ from threading import Thread import hashlib import logging from logging.handlers import WatchedFileHandler +from geruecht import Singleton -class AccesTokenController(Thread): +class AccesTokenController(Thread, metaclass=Singleton): """ Control all createt AccesToken This Class create, delete, find and manage AccesToken. @@ -16,12 +17,6 @@ class AccesTokenController(Thread): tokenList: List of currents AccessToken lifetime: Variable for the Lifetime of one AccessToken in seconds. """ - class __OnlyOne: - def __init__(self, arg): - self.val = arg - - def __str__(self): - return repr(self) + self.val instance = None tokenList = None lifetime = 60 @@ -32,10 +27,6 @@ class AccesTokenController(Thread): Initialize Thread and set tokenList empty. """ LOGGER.info("Initialize AccessTokenController") - if not AccesTokenController.instance: - AccesTokenController.instance = AccesTokenController.__OnlyOne(arg) - else: - AccesTokenController.instance.val = arg LOGGER.debug("Build Logger for VerificationThread") @@ -87,7 +78,7 @@ class AccesTokenController(Thread): """ LOGGER.info("Create AccessToken") now = datetime.ctime(datetime.now()) - token = hashlib.md5((now + user.password).encode('utf-8')).hexdigest() + token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest() accToken = AccessToken(user, token) LOGGER.debug("Add AccessToken {} to current Tokens".format(accToken)) self.tokenList.append(accToken) @@ -115,17 +106,20 @@ class AccesTokenController(Thread): Verify that the AccesToken are not out of date. If one AccessToken out of date it will be deletet from tokenList. """ + valid_time=120 LOGGER.info("Start Thread for verification that the AccessToken are not out of date.") while True: + self.LOGGER.debug("Name: {}".format(self.getName())) self.LOGGER.debug("Start to iterate through List of current Tokens") for accToken in self.tokenList: + self.LOGGER.debug("Check if AccessToken {} is out of date".format(accToken)) - if (datetime.now() - accToken.timestamp).seconds > 7200: + if (datetime.now() - accToken.timestamp).seconds > valid_time: print("delete", accToken) self.LOGGER.info("Delete AccessToken {} from List of current Tokens".format(accToken)) self.tokenList.remove(accToken) else: - self.LOGGER.debug("AccessToken {} is up to date. {} seconds left".format(accToken, 7200 - (datetime.now() - accToken.timestamp).seconds)) + self.LOGGER.debug("AccessToken {} is up to date. {} seconds left".format(accToken, valid_time - (datetime.now() - accToken.timestamp).seconds)) self.LOGGER.debug("List of current Tokens: {}".format(self.tokenList)) self.LOGGER.info("Wait 10 Seconds") time.sleep(10) diff --git a/geruecht/controller/databaseController.py b/geruecht/controller/databaseController.py new file mode 100644 index 0000000..c73ecb0 --- /dev/null +++ b/geruecht/controller/databaseController.py @@ -0,0 +1,68 @@ +import pymysql +from geruecht import Singleton +from geruecht.model.user import User + +class DatabaseController(metaclass=Singleton): + ''' + DatabaesController + + Connect to the Database and execute sql-executions + ''' + + def __init__(self, url='192.168.5.108', user='wu5', password='E1n$tein', database='geruecht'): + self.url = url + self.user = user + self.password = password + self.database = database + self.connect() + + + def connect(self): + try: + self.db = pymysql.connect(self.url, self.user, self.password, self.database, cursorclass=pymysql.cursors.DictCursor) + except Exception as err: + raise err + + def getAllUser(self): + cursor = self.db.cursor() + + def getUser(self, username): + self.connect() + retVal = None + cursor = self.db.cursor() + cursor.execute("select * from user where cn='{}'".format(username)) + data = cursor.fetchone() + if data: + retVal = User(data) + self.db.close() + return retVal + + + def insertUser(self, data): + self.connect() + cursor = self.db.cursor() + try: + cursor.execute("insert into user (cn, dn, firstname, lastname, `group`) VALUES ('{}','{}','{}','{}','{}')".format( + data['cn'], data['dn'], data['givenName'], data['sn'], data['group'])) + self.db.commit() + except Exception as err: + self.db.rollback() + self.db.close() + raise err + self.db.close() + + def updateUser(self, data): + self.connect() + cursor = self.db.cursor() + try: + cursor.execute("update user dn='{}', firstname='{}', lastname='{}', group='{}' where cn='{}'".format( + data['dn'], data['givenName'], data['sn'], data['group'], data['cn'])) + self.db.commit() + except Exception as err: + self.db.rollback() + self.db.close() + raise err + self.db.close() + +if __name__ == '__main__': + db = DatabaseController(user='tim') diff --git a/geruecht/controller/ldapController.py b/geruecht/controller/ldapController.py new file mode 100644 index 0000000..dbd5a40 --- /dev/null +++ b/geruecht/controller/ldapController.py @@ -0,0 +1,56 @@ +import ldap +from geruecht import MONEY, USER, GASTRO, BAR, Singleton + +class LDAPController(metaclass=Singleton): + ''' + Authentification over LDAP. Create Account on-the-fly + ''' + + def __init__(self, url="ldap://192.168.5.108", dn='dc=ldap,dc=example,dc=local'): + self.url = url + self.dn = dn + self.connect() + + def connect(self): + try: + self.client = ldap.initialize(self.url, bytes_mode=False) + except Exception as err: + raise err + + def login(self, username, password): + self.connect() + try: + self.client.bind_s("cn={},ou=user,{}".format(username, self.dn), password) + self.client.unbind_s() + except: + self.client.unbind_s() + raise Exception("Invalid Password or Username") + + def getUserData(self, username): + self.connect() + search_data = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'cn={}'.format(username), ['cn', 'givenName', 'sn']) + retVal = search_data[0][1] + for k,v in retVal.items(): + retVal[k] = v[0].decode('utf-8') + retVal['dn'] = self.dn + return retVal + + + def getGroup(self, username): + self.connect() + groups_data = self.client.search_s('ou=group,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'memberUID={}'.format(username), ['cn']) + if len(groups_data) == 0: + return USER + else: + data = groups_data[0][1]['cn'][0].decode('utf-8') + if data == 'finanzer': + return MONEY + elif data == 'gastro': + return GASTRO + elif data == 'bar': + return BAR + + +if __name__ == '__main__': + a = LDAPController() + a.getUserData('jhille') diff --git a/geruecht/model/creditList.py b/geruecht/model/creditList.py index ddcc877..2370001 100644 --- a/geruecht/model/creditList.py +++ b/geruecht/model/creditList.py @@ -1,10 +1,9 @@ -from geruecht import db from datetime import datetime from geruecht import getLogger LOGGER = getLogger(__name__) -class CreditList(db.Model): +class CreditList(): """ DataBase Object Credit List: Attributes: @@ -17,7 +16,7 @@ class CreditList(db.Model): user_id: id from the User. """ LOGGER.debug("Initialize Geruecht") - id = db.Column(db.Integer, primary_key=True) + id = db.Colum(db.Integer, primary_key=True) jan_guthaben = db.Column(db.Integer, nullable=False, default=0) jan_schulden = db.Column(db.Integer, nullable=False, default=0) diff --git a/geruecht/model/user.py b/geruecht/model/user.py index 4ba9d7c..89d63f5 100644 --- a/geruecht/model/user.py +++ b/geruecht/model/user.py @@ -1,10 +1,11 @@ -from geruecht import db, bcrypt, getLogger -from geruecht.model.creditList import CreditList +from geruecht import getLogger +from geruecht import db +#from geruecht.model.creditList import CreditList from datetime import datetime LOGGER = getLogger(__name__) -class User(db.Model): +class User(): """ Database Object for User Table for all safed User @@ -18,16 +19,16 @@ class User(db.Model): group: Which group is the User? moneymaster, gastro, user or bar? password: salted hashed password for the User. """ - id = db.Column(db.Integer, primary_key=True) - userID = db.Column(db.String, nullable=False, unique=True) - username = db.Column(db.String, nullable=False, unique=True) - firstname = db.Column(db.String, nullable=False) - lastname = db.Column(db.String, nullable=False) - group = db.Column(db.String, nullable=False) - password = db.Column(db.String, nullable=False) - - geruechte = db.relationship('CreditList', backref='user', lazy=True) + def __init__(self, data): + self.id = int(data['id']) + self.cn = data['cn'] + self.dn = data['dn'] + self.firstname = data['firstname'] + self.lastname = data['lastname'] + self.group = data['group'] + #geruechte = db.relationship('CreditList', backref='user', lazy=True) + ''' def createGeruecht(self, amount=0, year=datetime.now().year): """ Create Geruecht @@ -153,7 +154,7 @@ class User(db.Model): int year of the geruecht """ return geruecht.year - + ''' def toJSON(self): """ Create Dic to dump in JSON @@ -161,14 +162,19 @@ class User(db.Model): A Dic with static Attributes. """ dic = { - "userId": self.userID, - "username": self.username, + "cn": self.cn, + "dn": self.dn, "firstname": self.firstname, "lastname": self.lastname, "group": self.group, } return dic + def update(self): + data = ldap.getUserData(self.cn) + data['group'] = ldap.getGroup(self.cn) + db.updateUser(data) + def login(self, password): """ Login for the User @@ -178,7 +184,14 @@ class User(db.Model): A Bool. True if the password is correct and False if it isn't. """ LOGGER.debug("Login User {}".format(self)) - return True if bcrypt.check_password_hash(self.password, password) else False + try: + from geruecht import ldapController as ldap + ldap.login(self.cn, password) + + self.update() + return True + except: + return False def __repr__(self): - return "User({}, {}, {})".format(self.userID, self.username, self.group) + return "User({}, {}, {})".format(self.cn, self.dn, self.group) diff --git a/geruecht/routes.py b/geruecht/routes.py index cd192cb..2685794 100644 --- a/geruecht/routes.py +++ b/geruecht/routes.py @@ -1,7 +1,8 @@ from geruecht import app, db, accesTokenController, MONEY, BAR, USER, GASTRO, LOGGER +from geruecht import ldapController as ldap from geruecht.model.user import User -from geruecht.model.creditList import CreditList -from geruecht.model.priceList import PriceList +#from geruecht.model.creditList import CreditList +#from geruecht.model.priceList import PriceList from datetime import datetime from flask import request, jsonify @@ -61,8 +62,24 @@ def _login(): LOGGER.debug("JSON from request: {}".format(data)) username = data['username'] password = data['password'] + LOGGER.info("search {} in database".format(username)) + user = db.getUser(username) + if user is None: + LOGGER.info("User {} not found. Authenticate over LDAP and create User.") + try: + ldap.login(username, password) + LOGGER.info("Authentification successfull. Search Group") + group = ldap.getGroup(username) + LOGGER.info("Get userdata from LDAP") + user_data = ldap.getUserData(username) + user_data['group'] = group + LOGGER.info('Insert user {} into database') + db.insertUser(user_data) + + except Exception as err: + raise err LOGGER.info("{} try to log in".format(username)) - user = User.query.filter_by(username=username).first() + user = db.getUser(username) LOGGER.debug("User is {}".format(user)) if user: LOGGER.debug("Check login for User {}".format(user)) From 33333561f3c049030cce7c4bef9e0079dd884cc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Thu, 19 Dec 2019 18:26:41 +0100 Subject: [PATCH 2/6] add creditList support but can't update database --- .gitignore | 5 +- geruecht/__init__.py | 22 +++-- geruecht/controller/accesTokenController.py | 2 +- geruecht/controller/databaseController.py | 90 +++++++++++++++++-- geruecht/finanzer/routes.py | 16 ++-- geruecht/model/creditList.py | 99 ++++++++++++++------- geruecht/model/user.py | 55 +++++++----- geruecht/routes.py | 8 +- 8 files changed, 217 insertions(+), 80 deletions(-) diff --git a/.gitignore b/.gitignore index 716695e..037f03d 100644 --- a/.gitignore +++ b/.gitignore @@ -116,4 +116,7 @@ dmypy.json .pyre/ #ide -.idea \ No newline at end of file +.idea + +.vscode/ +*.log \ No newline at end of file diff --git a/geruecht/__init__.py b/geruecht/__init__.py index 09d744b..39b790e 100644 --- a/geruecht/__init__.py +++ b/geruecht/__init__.py @@ -40,15 +40,28 @@ class Singleton(type): if cls not in cls._instances: cls._instances[cls] = super(Singleton, cls).__call__(*args, **kwargs) return cls._instances[cls] + from .controller.databaseController import DatabaseController db = DatabaseController() from .controller.ldapController import LDAPController ldapController = LDAPController() +def getDatabesController(): + if db is not None: + return db + else: + return DatabaseController() +def getLDAPController(): + if ldapController is not None: + return ldapController + else: + return LDAPController() + + + from flask import Flask from flask_sqlalchemy import SQLAlchemy -from flask_bcrypt import Bcrypt from flask_cors import CORS from .controller.accesTokenController import AccesTokenController @@ -59,7 +72,6 @@ CORS(app) # app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29' app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///site.db' #db = SQLAlchemy(app) -bcrypt = Bcrypt(app) accesTokenController = AccesTokenController("GERUECHT") accesTokenController.start() # login_manager = LoginManager(app) @@ -71,8 +83,8 @@ accesTokenController.start() from geruecht import routes #from geruecht.baruser.routes import baruser -#from geruecht.finanzer.routes import finanzer +from geruecht.finanzer.routes import finanzer -#LOGGER.info("Registrate bluebrints") +LOGGER.info("Registrate bluebrints") #app.register_blueprint(baruser) -#app.register_blueprint(finanzer) +app.register_blueprint(finanzer) diff --git a/geruecht/controller/accesTokenController.py b/geruecht/controller/accesTokenController.py index c8594e1..6943371 100644 --- a/geruecht/controller/accesTokenController.py +++ b/geruecht/controller/accesTokenController.py @@ -106,7 +106,7 @@ class AccesTokenController(Thread, metaclass=Singleton): Verify that the AccesToken are not out of date. If one AccessToken out of date it will be deletet from tokenList. """ - valid_time=120 + valid_time=7200 LOGGER.info("Start Thread for verification that the AccessToken are not out of date.") while True: self.LOGGER.debug("Name: {}".format(self.getName())) diff --git a/geruecht/controller/databaseController.py b/geruecht/controller/databaseController.py index c73ecb0..3d5f98f 100644 --- a/geruecht/controller/databaseController.py +++ b/geruecht/controller/databaseController.py @@ -1,6 +1,8 @@ import pymysql from geruecht import Singleton from geruecht.model.user import User +from geruecht.model.creditList import CreditList +from datetime import datetime class DatabaseController(metaclass=Singleton): ''' @@ -24,17 +26,31 @@ class DatabaseController(metaclass=Singleton): raise err def getAllUser(self): + self.connect() cursor = self.db.cursor() + try: + cursor.execute("select * from user") + data = cursor.fetchall() + self.db.close() + except Exception as err: + raise err + + if data: + return [User(value) for value in data] def getUser(self, username): self.connect() retVal = None cursor = self.db.cursor() - cursor.execute("select * from user where cn='{}'".format(username)) - data = cursor.fetchone() + try: + cursor.execute("select * from user where cn='{}'".format(username)) + data = cursor.fetchone() + self.db.close() + except Exception as err: + raise err if data: retVal = User(data) - self.db.close() + return retVal @@ -42,7 +58,7 @@ class DatabaseController(metaclass=Singleton): self.connect() cursor = self.db.cursor() try: - cursor.execute("insert into user (cn, dn, firstname, lastname, `group`) VALUES ('{}','{}','{}','{}','{}')".format( + cursor.execute("insert into user (cn, dn, firstname, lastname, gruppe) VALUES ('{}','{}','{}','{}','{}')".format( data['cn'], data['dn'], data['givenName'], data['sn'], data['group'])) self.db.commit() except Exception as err: @@ -55,7 +71,7 @@ class DatabaseController(metaclass=Singleton): self.connect() cursor = self.db.cursor() try: - cursor.execute("update user dn='{}', firstname='{}', lastname='{}', group='{}' where cn='{}'".format( + cursor.execute("update user set dn='{}', firstname='{}', lastname='{}', gruppe='{}' where cn='{}'".format( data['dn'], data['givenName'], data['sn'], data['group'], data['cn'])) self.db.commit() except Exception as err: @@ -64,5 +80,67 @@ class DatabaseController(metaclass=Singleton): raise err self.db.close() + def getCreditListFromUser(self, user, **kwargs): + self.connect() + cursor = self.db.cursor() + try: + if 'year' in kwargs: + sql = "select * from creditList where user_id={} and year_date={}".format(user.id, kwargs['year']) + else: + sql = "select * from creditList where user_id={}".format(user.id) + cursor.execute(sql) + data = cursor.fetchall() + self.db.close() + except Exception as err: + self.db.close() + raise err + if len(data) == 1: + return CreditList(data[0]) + else: + return [CreditList(value) for value in data] + + def createCreditList(self, user_id, year=datetime.now().year): + self.connect() + cursor = self.db.cursor() + try: + cursor.execute("insert into creditList (year_date, user_id) values ({},{})".format(year, user_id)) + self.db.close() + except Exception as err: + self.db.close() + raise err + + def updateCreditList(self, creditlist): + self.connect() + cursor = self.db.cursor() + try: + cursor.execute("select * from creditList where user_id={} and year_date={}".format(creditlist.user_id, creditlist.year)) + data = cursor.fetchall() + self.db.close() + if len(data) == 0: + self.createCreditList(creditlist.user_id, creditlist.year) + self.connect() + cursor = self.db.cursor() + cursor.execute("update creditList set jan_guthaben={}, jan_schulden={},feb_guthaben={}, feb_schulden={}, maer_guthaben={}, maer_schulden={}, apr_guthaben={}, apr_schulden={}, mai_guthaben={}, mai_schulden={}, jun_guthaben={}, jun_schulden={}, jul_guthaben={}, jul_schulden={}, aug_guthaben={}, aug_schulden={},sep_guthaben={}, sep_schulden={},okt_guthaben={}, okt_schulden={}, nov_guthaben={}, nov_schulden={}, dez_guthaben={}, dez_schulden={}, last_schulden={} where year_date={} and user_id={}".format(creditlist.jan_guthaben, creditlist.jan_schulden, + creditlist.feb_guthaben, creditlist.feb_schulden, + creditlist.maer_guthaben, creditlist.maer_schulden, + creditlist.apr_guthaben, creditlist.apr_schulden, + creditlist.mai_guthaben, creditlist.mai_schulden, + creditlist.jun_guthaben, creditlist.jun_schulden, + creditlist.jul_guthaben, creditlist.jul_schulden, + creditlist.aug_guthaben, creditlist.aug_schulden, + creditlist.sep_guthaben, creditlist.sep_schulden, + creditlist.okt_guthaben, creditlist.okt_schulden, + creditlist.nov_guthaben, creditlist.nov_schulden, + creditlist.dez_guthaben, creditlist.dez_schulden, + creditlist.last_schulden, creditlist.year, creditlist.user_id)) + self.db.close() + except Exception as err: + self.db.rollback() + self.db.close() + raise err + + if __name__ == '__main__': - db = DatabaseController(user='tim') + db = DatabaseController() + user = db.getUser('jhille') + db.getCreditListFromUser(user, year=2018) diff --git a/geruecht/finanzer/routes.py b/geruecht/finanzer/routes.py index b134e1e..bf2c5c2 100644 --- a/geruecht/finanzer/routes.py +++ b/geruecht/finanzer/routes.py @@ -1,7 +1,7 @@ from flask import Blueprint, request, jsonify from geruecht.finanzer import LOGGER from datetime import datetime -from geruecht import MONEY +from geruecht import MONEY, db from geruecht.routes import verifyAccessToken from geruecht.model.user import User @@ -24,11 +24,11 @@ def _getFinanzer(): accToken = verifyAccessToken(token, MONEY) if accToken is not None: LOGGER.debug("Get all Useres") - users = User.query.all() + users = db.getAllUser() dic = {} for user in users: LOGGER.debug("Add User {} to ReturnValue".format(user)) - dic[user.userID] = user.toJSON() + dic[user.cn] = user.toJSON() LOGGER.debug("ReturnValue is {}".format(dic)) LOGGER.info("Send main for Finanzer") return jsonify(dic) @@ -56,13 +56,13 @@ def _getFinanzerYear(): LOGGER.debug("Get data {}".format(data)) userID = data['userId'] LOGGER.debug("UserID is {}".format(userID)) - user = User.query.filter_by(userID=userID).first() + user = db.getUser(userID) LOGGER.debug("User is {}".format(user)) - dic[user.userID] = {} + dic[user.cn] = {} LOGGER.debug("Build ReturnValue") for geruecht in user.geruechte: LOGGER.debug("Add Geruecht {} to ReturnValue".format(geruecht)) - dic[user.userID][geruecht.year] = geruecht.toJSON() + dic[user.cn][geruecht.year] = geruecht.toJSON() LOGGER.debug("ReturnValue is {}".format(dic)) LOGGER.info("Send Geruechte from User {}".format(user)) return jsonify(dic) @@ -103,7 +103,7 @@ def _addAmount(): LOGGER.error("KeyError in month. Month is set to default.") month = datetime.now().month LOGGER.debug("Year is {} and Month is {}".format(year, month)) - user = User.query.filter_by(userID=userID).first() + user = db.getUser(userID) LOGGER.debug("User is {}".format(user)) LOGGER.debug("Add amount to User {} in year {} and month {}".format(user, year, month)) user.addAmount(amount, year=year, month=month) @@ -149,7 +149,7 @@ def _addCredit(): month = datetime.now().month LOGGER.debug("Year is {} and Month is {}".format(year, month)) - user = User.query.filter_by(userID=userID).first() + user = db.getUser(userID) LOGGER.debug("User is {}".format(user)) LOGGER.debug("Add credit to User {} in year {} and month {}".format(user, year, month)) user.addCredit(credit, year=year, month=month) diff --git a/geruecht/model/creditList.py b/geruecht/model/creditList.py index 2370001..70fcaa8 100644 --- a/geruecht/model/creditList.py +++ b/geruecht/model/creditList.py @@ -1,7 +1,38 @@ from datetime import datetime from geruecht import getLogger +import geruecht LOGGER = getLogger(__name__) +def create_empty_data(): + empty_data = {'id': 0, + 'jan_guthaben': 0, + 'jan_schulden': 0, + 'feb_guthaben': 0, + 'feb_schulden': 0, + 'maer_guthaben': 0, + 'maer_schulden': 0, + 'apr_guthaben': 0, + 'apr_schulden': 0, + 'mai_guthaben': 0, + 'mai_schulden': 0, + 'jun_guthaben': 0, + 'jun_schulden': 0, + 'jul_guthaben': 0, + 'jul_schulden': 0, + 'aug_guthaben': 0, + 'aug_schulden': 0, + 'sep_guthaben': 0, + 'sep_schulden': 0, + 'okt_guthaben': 0, + 'okt_schulden': 0, + 'nov_guthaben': 0, + 'nov_schulden': 0, + 'dez_guthaben': 0, + 'dez_schulden': 0, + 'last_schulden': 0, + 'year_date': datetime.now().year, + 'user_id': 0} + return empty_data class CreditList(): """ DataBase Object Credit List: @@ -15,50 +46,53 @@ class CreditList(): year: Year of all Credits and Debts. user_id: id from the User. """ - LOGGER.debug("Initialize Geruecht") - id = db.Colum(db.Integer, primary_key=True) + def __init__(self, data): + LOGGER.debug("Initialize Geruecht") + self.id = int(data['id']) - jan_guthaben = db.Column(db.Integer, nullable=False, default=0) - jan_schulden = db.Column(db.Integer, nullable=False, default=0) + self.jan_guthaben = int(data['jan_guthaben']) + self.jan_schulden = int(data['jan_schulden']) - feb_guthaben = db.Column(db.Integer, nullable=False, default=0) - feb_schulden = db.Column(db.Integer, nullable=False, default=0) + self.feb_guthaben = int(data['feb_guthaben']) + self.feb_schulden = int(data['feb_schulden']) - maer_guthaben = db.Column(db.Integer, nullable=False, default=0) - maer_schulden = db.Column(db.Integer, nullable=False, default=0) + self.maer_guthaben = int(data['maer_guthaben']) + self.maer_schulden = int(data['maer_schulden']) - apr_guthaben = db.Column(db.Integer, nullable=False, default=0) - apr_schulden = db.Column(db.Integer, nullable=False, default=0) + self.apr_guthaben = int(data['apr_guthaben']) + self.apr_schulden = int(data['apr_schulden']) - mai_guthaben = db.Column(db.Integer, nullable=False, default=0) - mai_schulden = db.Column(db.Integer, nullable=False, default=0) + self.mai_guthaben = int(data['mai_guthaben']) + self.mai_schulden = int(data['mai_schulden']) - jun_guthaben = db.Column(db.Integer, nullable=False, default=0) - jun_schulden = db.Column(db.Integer, nullable=False, default=0) + self.jun_guthaben = int(data['jun_guthaben']) + self.jun_schulden = int(data['jun_schulden']) - jul_guthaben = db.Column(db.Integer, nullable=False, default=0) - jul_schulden = db.Column(db.Integer, nullable=False, default=0) + self.jul_guthaben = int(data['jul_guthaben']) + self.jul_schulden = int(data['jul_schulden']) - aug_guthaben = db.Column(db.Integer, nullable=False, default=0) - aug_schulden = db.Column(db.Integer, nullable=False, default=0) + self.aug_guthaben = int(data['aug_guthaben']) + self.aug_schulden = int(data['aug_schulden']) - sep_guthaben = db.Column(db.Integer, nullable=False, default=0) - sep_schulden = db.Column(db.Integer, nullable=False, default=0) + self.sep_guthaben = int(data['sep_guthaben']) + self.sep_schulden = int(data['sep_schulden']) - okt_guthaben = db.Column(db.Integer, nullable=False, default=0) - okt_schulden = db.Column(db.Integer, nullable=False, default=0) + self.okt_guthaben = int(data['okt_guthaben']) + self.okt_schulden = int(data['okt_schulden']) - nov_guthaben = db.Column(db.Integer, nullable=False, default=0) - nov_schulden = db.Column(db.Integer, nullable=False, default=0) + self.nov_guthaben = int(data['nov_guthaben']) + self.nov_schulden = int(data['nov_schulden']) - dez_guthaben = db.Column(db.Integer, nullable=False, default=0) - dez_schulden = db.Column(db.Integer, nullable=False, default=0) + self.dez_guthaben = int(data['dez_guthaben']) + self.dez_schulden = int(data['dez_schulden']) - last_schulden = db.Column(db.Integer, nullable=False, default=0) + self.last_schulden = int(data['last_schulden']) - year = db.Column(db.Integer, nullable=False, default=datetime.now().year) + self.year = int(data['year_date']) - user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False) + self.user_id = int(data['user_id']) + + self.db = geruecht.getDatabesController() def getSchulden(self): """ Get Schulden @@ -184,7 +218,8 @@ class CreditList(): self.dez_schulden += amount retValue = (self.dez_guthaben, self.dez_schulden) - db.session.commit() + #db.session.commit() + self.db.updateCreditList(self) LOGGER.debug("Credit and Amount is {}".format(retValue)) return retValue @@ -238,8 +273,8 @@ class CreditList(): elif month == 12: self.dez_guthaben += credit retValue = (self.dez_guthaben, self.dez_schulden) - - db.session.commit() + self.db.updateCreditList(self) + #db.session.commit() LOGGER.debug("Credit and Amount is {}".format(retValue)) return retValue diff --git a/geruecht/model/user.py b/geruecht/model/user.py index 89d63f5..d549732 100644 --- a/geruecht/model/user.py +++ b/geruecht/model/user.py @@ -1,10 +1,11 @@ from geruecht import getLogger -from geruecht import db -#from geruecht.model.creditList import CreditList +import geruecht +from geruecht.model.creditList import CreditList, create_empty_data from datetime import datetime LOGGER = getLogger(__name__) + class User(): """ Database Object for User @@ -25,10 +26,17 @@ class User(): self.dn = data['dn'] self.firstname = data['firstname'] self.lastname = data['lastname'] - self.group = data['group'] - + self.group = data['gruppe'] + self.db = geruecht.getDatabesController() + self.ldap = geruecht.getLDAPController() + self.geruechte = [] + geruechte = self.db.getCreditListFromUser(self) + if type(geruechte) == list: + self.geruechte = geruechte + elif type(geruechte) == CreditList: + self.geruechte.append(geruechte) #geruechte = db.relationship('CreditList', backref='user', lazy=True) - ''' + def createGeruecht(self, amount=0, year=datetime.now().year): """ Create Geruecht @@ -43,10 +51,14 @@ class User(): the created geruecht """ LOGGER.debug("Create Geruecht for user {} in year {}".format(self, year)) - credit = CreditList(user_id=self.id, last_schulden=amount, year=year) - db.session.add(credit) - db.session.commit() - credit = CreditList.query.filter_by(year=year, user_id=self.id).first() + data = create_empty_data() + data['user_id'] = self.id, + data['last_schulden'] = amount, + data['year_date'] = year + credit = CreditList(data) + self.geruechte.append(credit) + self.db.updateCreditList(credit) + credit = self.db.getCreditListFromUser(self, year=year) LOGGER.debug("Created Geruecht {}".format(credit)) return credit @@ -93,8 +105,7 @@ class User(): geruecht = self.getGeruecht(year=year) retVal = geruecht.addAmount(amount, month=month) - db.session.add(geruecht) - db.session.commit() + self.db.updateCreditList(geruecht) self.updateGeruecht() @@ -118,8 +129,7 @@ class User(): geruecht = self.getGeruecht(year=year) retVal = geruecht.addCredit(credit, month=month) - db.session.add(geruecht) - db.session.commit() + self.db.updateCreditList(geruecht) self.updateGeruecht() @@ -138,8 +148,7 @@ class User(): geruecht.last_schulden = 0 if index != 0: geruecht.last_schulden = (self.geruechte[index - 1].getSchulden() * -1) - - db.session.commit() + self.db.updateCreditList(geruecht) def sortYear(self, geruecht): """ Sort Year @@ -154,7 +163,7 @@ class User(): int year of the geruecht """ return geruecht.year - ''' + def toJSON(self): """ Create Dic to dump in JSON @@ -170,10 +179,10 @@ class User(): } return dic - def update(self): - data = ldap.getUserData(self.cn) - data['group'] = ldap.getGroup(self.cn) - db.updateUser(data) + def updateUser(self): + data = self.ldap.getUserData(self.cn) + data['group'] = self.ldap.getGroup(self.cn) + self.db.updateUser(data) def login(self, password): """ Login for the User @@ -185,13 +194,13 @@ class User(): """ LOGGER.debug("Login User {}".format(self)) try: - from geruecht import ldapController as ldap - ldap.login(self.cn, password) + self.ldap.login(self.cn, password) - self.update() + self.updateUser() return True except: return False def __repr__(self): return "User({}, {}, {})".format(self.cn, self.dn, self.group) + diff --git a/geruecht/routes.py b/geruecht/routes.py index 2685794..6aa742f 100644 --- a/geruecht/routes.py +++ b/geruecht/routes.py @@ -1,11 +1,11 @@ from geruecht import app, db, accesTokenController, MONEY, BAR, USER, GASTRO, LOGGER from geruecht import ldapController as ldap from geruecht.model.user import User -#from geruecht.model.creditList import CreditList -#from geruecht.model.priceList import PriceList -from datetime import datetime from flask import request, jsonify +def login(user, password): + return user.login(password) + def verifyAccessToken(token, group): """ Verify Accestoken @@ -83,7 +83,7 @@ def _login(): LOGGER.debug("User is {}".format(user)) if user: LOGGER.debug("Check login for User {}".format(user)) - if user.login(password): + if login(user, password): token = accesTokenController.createAccesToken(user) dic = user.toJSON() dic["token"] = token From c6508fd516916d84ff3a696e550b7f25415e2cbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Thu, 19 Dec 2019 19:46:04 +0100 Subject: [PATCH 3/6] test with databaseController --- geruecht/controller/databaseController.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/geruecht/controller/databaseController.py b/geruecht/controller/databaseController.py index 3d5f98f..10fbb6d 100644 --- a/geruecht/controller/databaseController.py +++ b/geruecht/controller/databaseController.py @@ -115,12 +115,9 @@ class DatabaseController(metaclass=Singleton): try: cursor.execute("select * from creditList where user_id={} and year_date={}".format(creditlist.user_id, creditlist.year)) data = cursor.fetchall() - self.db.close() if len(data) == 0: self.createCreditList(creditlist.user_id, creditlist.year) - self.connect() - cursor = self.db.cursor() - cursor.execute("update creditList set jan_guthaben={}, jan_schulden={},feb_guthaben={}, feb_schulden={}, maer_guthaben={}, maer_schulden={}, apr_guthaben={}, apr_schulden={}, mai_guthaben={}, mai_schulden={}, jun_guthaben={}, jun_schulden={}, jul_guthaben={}, jul_schulden={}, aug_guthaben={}, aug_schulden={},sep_guthaben={}, sep_schulden={},okt_guthaben={}, okt_schulden={}, nov_guthaben={}, nov_schulden={}, dez_guthaben={}, dez_schulden={}, last_schulden={} where year_date={} and user_id={}".format(creditlist.jan_guthaben, creditlist.jan_schulden, + sql = "update creditList set jan_guthaben={}, jan_schulden={},feb_guthaben={}, feb_schulden={}, maer_guthaben={}, maer_schulden={}, apr_guthaben={}, apr_schulden={}, mai_guthaben={}, mai_schulden={}, jun_guthaben={}, jun_schulden={}, jul_guthaben={}, jul_schulden={}, aug_guthaben={}, aug_schulden={},sep_guthaben={}, sep_schulden={},okt_guthaben={}, okt_schulden={}, nov_guthaben={}, nov_schulden={}, dez_guthaben={}, dez_schulden={}, last_schulden={} where year_date={} and user_id={}".format(creditlist.jan_guthaben, creditlist.jan_schulden, creditlist.feb_guthaben, creditlist.feb_schulden, creditlist.maer_guthaben, creditlist.maer_schulden, creditlist.apr_guthaben, creditlist.apr_schulden, @@ -132,7 +129,9 @@ class DatabaseController(metaclass=Singleton): creditlist.okt_guthaben, creditlist.okt_schulden, creditlist.nov_guthaben, creditlist.nov_schulden, creditlist.dez_guthaben, creditlist.dez_schulden, - creditlist.last_schulden, creditlist.year, creditlist.user_id)) + creditlist.last_schulden, creditlist.year, creditlist.user_id) + print(sql) + cursor.execute(sql) self.db.close() except Exception as err: self.db.rollback() From 23db38690e3bbdd795cef47a5a66dc6583a977ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Sun, 22 Dec 2019 22:27:39 +0100 Subject: [PATCH 4/6] fixed #79 and other bugs --- geruecht/__init__.py | 4 +-- geruecht/baruser/routes.py | 23 +++++++++------- geruecht/controller/accesTokenController.py | 2 +- geruecht/controller/databaseController.py | 20 ++++++++++++-- geruecht/controller/ldapController.py | 30 ++++++++++++++------- geruecht/finanzer/routes.py | 1 - geruecht/model/user.py | 13 ++++++--- geruecht/routes.py | 8 +++--- 8 files changed, 70 insertions(+), 31 deletions(-) diff --git a/geruecht/__init__.py b/geruecht/__init__.py index 39b790e..4c08b28 100644 --- a/geruecht/__init__.py +++ b/geruecht/__init__.py @@ -82,9 +82,9 @@ accesTokenController.start() from geruecht import routes -#from geruecht.baruser.routes import baruser +from geruecht.baruser.routes import baruser from geruecht.finanzer.routes import finanzer LOGGER.info("Registrate bluebrints") -#app.register_blueprint(baruser) +app.register_blueprint(baruser) app.register_blueprint(finanzer) diff --git a/geruecht/baruser/routes.py b/geruecht/baruser/routes.py index 1852a36..3f25633 100644 --- a/geruecht/baruser/routes.py +++ b/geruecht/baruser/routes.py @@ -23,18 +23,23 @@ def _bar(): dic = {} if accToken is not None: - users = User.query.all() + users = db.getAllUser() for user in users: geruecht = None geruecht = user.getGeruecht() if geruecht is not None: month = geruecht.getMonth(datetime.now().month) - amount = abs(month[0] - month[1]) + amount = month[0] - month[1] if amount != 0: - dic[user.userID] = {"username": user.username, + if amount >= 0: + type = 'credit' + else: + type = 'amount' + dic[user.cn] = {"username": user.cn, "firstname": user.firstname, "lastname": user.lastname, - "amount": abs(month[0] - month[1]) + "amount": abs(month[0] - month[1]), + "type": type } return jsonify(dic) return jsonify({"error": "permission denied"}), 401 @@ -58,12 +63,12 @@ def _baradd(): userID = data['userId'] amount = int(data['amount']) - user = User.query.filter_by(userID=userID).first() + user = db.getUser(userID) month = user.addAmount(amount) amount = abs(month[0] - month[1]) - return jsonify({"userId": user.userID, "amount": amount}) + return jsonify({"userId": user.cn, "amount": amount}) return jsonify({"error", "permission denied"}), 401 @baruser.route("/barGetUsers") @@ -82,11 +87,11 @@ def _getUsers(): retVal = {} if accToken is not None: - users = User.query.all() + users = db.getAllUser() for user in users: month = user.getGeruecht().getMonth() if month == 0: - retVal[user.userID] = {user.toJSON()} + retVal[user.cn] = {user.toJSON()} return jsonify(retVal) return jsonify({"error": "permission denied"}), 401 @@ -108,7 +113,7 @@ def _getUser(): data = request.get_json() userID = data['userId'] - user = User.query.filter_by(userID=userID) + user = db.getUser(userID) month = user.getGeruecht().getMonth() return jsonify({"userId": user.userID, "amount": month[1], "credit": month[0]}) diff --git a/geruecht/controller/accesTokenController.py b/geruecht/controller/accesTokenController.py index 6943371..ca92c9b 100644 --- a/geruecht/controller/accesTokenController.py +++ b/geruecht/controller/accesTokenController.py @@ -99,7 +99,7 @@ class AccesTokenController(Thread, metaclass=Singleton): """ print("controll if", accToken, "hase group", group) LOGGER.debug("Check if AccessToken {} has group {}".format(accToken, group)) - return True if accToken.user.group == group else False + return True if group in accToken.user.group else False def run(self): """ Starting Controll-Thread diff --git a/geruecht/controller/databaseController.py b/geruecht/controller/databaseController.py index 10fbb6d..20f5a89 100644 --- a/geruecht/controller/databaseController.py +++ b/geruecht/controller/databaseController.py @@ -53,13 +53,21 @@ class DatabaseController(metaclass=Singleton): return retVal + def _convertGroupToString(self, groups): + retVal = '' + for group in groups: + if len(retVal) != 0: + retVal += ',' + retVal += group + return retVal def insertUser(self, data): self.connect() cursor = self.db.cursor() + groups = self._convertGroupToString(data['group']) try: cursor.execute("insert into user (cn, dn, firstname, lastname, gruppe) VALUES ('{}','{}','{}','{}','{}')".format( - data['cn'], data['dn'], data['givenName'], data['sn'], data['group'])) + data['cn'], data['dn'], data['givenName'], data['sn'], groups)) self.db.commit() except Exception as err: self.db.rollback() @@ -70,14 +78,17 @@ class DatabaseController(metaclass=Singleton): def updateUser(self, data): self.connect() cursor = self.db.cursor() + groups = self._convertGroupToString(data['group']) try: cursor.execute("update user set dn='{}', firstname='{}', lastname='{}', gruppe='{}' where cn='{}'".format( - data['dn'], data['givenName'], data['sn'], data['group'], data['cn'])) + data['dn'], data['givenName'], data['sn'], groups, data['cn'])) self.db.commit() except Exception as err: self.db.rollback() self.db.close() + print(err.__traceback__) raise err + self.db.close() def getCreditListFromUser(self, user, **kwargs): @@ -104,6 +115,7 @@ class DatabaseController(metaclass=Singleton): cursor = self.db.cursor() try: cursor.execute("insert into creditList (year_date, user_id) values ({},{})".format(year, user_id)) + self.db.commit() self.db.close() except Exception as err: self.db.close() @@ -115,6 +127,7 @@ class DatabaseController(metaclass=Singleton): try: cursor.execute("select * from creditList where user_id={} and year_date={}".format(creditlist.user_id, creditlist.year)) data = cursor.fetchall() + self.db.close() if len(data) == 0: self.createCreditList(creditlist.user_id, creditlist.year) sql = "update creditList set jan_guthaben={}, jan_schulden={},feb_guthaben={}, feb_schulden={}, maer_guthaben={}, maer_schulden={}, apr_guthaben={}, apr_schulden={}, mai_guthaben={}, mai_schulden={}, jun_guthaben={}, jun_schulden={}, jul_guthaben={}, jul_schulden={}, aug_guthaben={}, aug_schulden={},sep_guthaben={}, sep_schulden={},okt_guthaben={}, okt_schulden={}, nov_guthaben={}, nov_schulden={}, dez_guthaben={}, dez_schulden={}, last_schulden={} where year_date={} and user_id={}".format(creditlist.jan_guthaben, creditlist.jan_schulden, @@ -131,7 +144,10 @@ class DatabaseController(metaclass=Singleton): creditlist.dez_guthaben, creditlist.dez_schulden, creditlist.last_schulden, creditlist.year, creditlist.user_id) print(sql) + self.connect() + cursor = self.db.cursor() cursor.execute(sql) + self.db.commit() self.db.close() except Exception as err: self.db.rollback() diff --git a/geruecht/controller/ldapController.py b/geruecht/controller/ldapController.py index dbd5a40..a07b3aa 100644 --- a/geruecht/controller/ldapController.py +++ b/geruecht/controller/ldapController.py @@ -37,18 +37,28 @@ class LDAPController(metaclass=Singleton): def getGroup(self, username): + retVal = [] self.connect() + main_group_data = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'cn={}'.format(username), ['gidNumber']) + if main_group_data: + main_group_number = main_group_data[0][1]['gidNumber'][0].decode('utf-8') + group_data = self.client.search_s('ou=group,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'gidNumber={}'.format(main_group_number), ['cn']) + if group_data: + group_name = group_data[0][1]['cn'][0].decode('utf-8') + if group_name == 'ldap-user': + retVal.append(USER) + groups_data = self.client.search_s('ou=group,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'memberUID={}'.format(username), ['cn']) - if len(groups_data) == 0: - return USER - else: - data = groups_data[0][1]['cn'][0].decode('utf-8') - if data == 'finanzer': - return MONEY - elif data == 'gastro': - return GASTRO - elif data == 'bar': - return BAR + for data in groups_data: + print(data[1]['cn'][0].decode('utf-8')) + group_name = data[1]['cn'][0].decode('utf-8') + if group_name == 'finanzer': + retVal.append(MONEY) + elif group_name == 'gastro': + retVal.append(GASTRO) + elif group_name == 'bar': + retVal.append(BAR) + return retVal if __name__ == '__main__': diff --git a/geruecht/finanzer/routes.py b/geruecht/finanzer/routes.py index bf2c5c2..f1178cd 100644 --- a/geruecht/finanzer/routes.py +++ b/geruecht/finanzer/routes.py @@ -3,7 +3,6 @@ from geruecht.finanzer import LOGGER from datetime import datetime from geruecht import MONEY, db from geruecht.routes import verifyAccessToken -from geruecht.model.user import User finanzer = Blueprint("finanzer", __name__) diff --git a/geruecht/model/user.py b/geruecht/model/user.py index d549732..cec7dcc 100644 --- a/geruecht/model/user.py +++ b/geruecht/model/user.py @@ -27,6 +27,11 @@ class User(): self.firstname = data['firstname'] self.lastname = data['lastname'] self.group = data['gruppe'] + if type(data['gruppe']) == list: + self.group = data['gruppe'] + elif type(data['gruppe']) == str: + self.group = data['gruppe'].split(',') + self.db = geruecht.getDatabesController() self.ldap = geruecht.getLDAPController() self.geruechte = [] @@ -52,8 +57,8 @@ class User(): """ LOGGER.debug("Create Geruecht for user {} in year {}".format(self, year)) data = create_empty_data() - data['user_id'] = self.id, - data['last_schulden'] = amount, + data['user_id'] = self.id + data['last_schulden'] = amount data['year_date'] = year credit = CreditList(data) self.geruechte.append(credit) @@ -85,7 +90,7 @@ class User(): self.updateGeruecht() - return geruecht + return self.getGeruecht(year=year) def addAmount(self, amount, year=datetime.now().year, month=datetime.now().month): """ Add Amount @@ -171,11 +176,13 @@ class User(): A Dic with static Attributes. """ dic = { + "userId": self.cn, "cn": self.cn, "dn": self.dn, "firstname": self.firstname, "lastname": self.lastname, "group": self.group, + "username": self.cn } return dic diff --git a/geruecht/routes.py b/geruecht/routes.py index 6aa742f..349d575 100644 --- a/geruecht/routes.py +++ b/geruecht/routes.py @@ -59,6 +59,7 @@ def _login(): """ LOGGER.info("Start log in.") data = request.get_json() + print(data) LOGGER.debug("JSON from request: {}".format(data)) username = data['username'] password = data['password'] @@ -69,15 +70,15 @@ def _login(): try: ldap.login(username, password) LOGGER.info("Authentification successfull. Search Group") - group = ldap.getGroup(username) + groups = ldap.getGroup(username) LOGGER.info("Get userdata from LDAP") user_data = ldap.getUserData(username) - user_data['group'] = group + user_data['group'] = groups LOGGER.info('Insert user {} into database') db.insertUser(user_data) except Exception as err: - raise err + return jsonify({"error": str(err)}), 401 LOGGER.info("{} try to log in".format(username)) user = db.getUser(username) LOGGER.debug("User is {}".format(user)) @@ -87,6 +88,7 @@ def _login(): token = accesTokenController.createAccesToken(user) dic = user.toJSON() dic["token"] = token + dic["accessToken"] = token LOGGER.info("User {} success login.".format(username)) return jsonify(dic) else: From 589ae3e3a823ad18631f93f8ce2825a69b61d5ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Sun, 22 Dec 2019 23:09:18 +0100 Subject: [PATCH 5/6] ldap search --- geruecht/baruser/routes.py | 24 +++++++------------ geruecht/controller/ldapController.py | 33 +++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 16 deletions(-) diff --git a/geruecht/baruser/routes.py b/geruecht/baruser/routes.py index 1852a36..62f3170 100644 --- a/geruecht/baruser/routes.py +++ b/geruecht/baruser/routes.py @@ -1,5 +1,5 @@ from flask import Blueprint, request, jsonify -from geruecht import BAR, db +from geruecht import BAR, db, ldapController as ldap from geruecht.routes import verifyAccessToken from geruecht.model.user import User from datetime import datetime @@ -90,26 +90,18 @@ def _getUsers(): return jsonify(retVal) return jsonify({"error": "permission denied"}), 401 -@baruser.route("/barGetUser", methods=['POST']) -def _getUser(): - """ Get specified User - - This function returns the user with posted userID and them amount and credit. - - Returns: - JSON-File with userID, amount and credit - or ERROR 401 Permission Denied - """ +@baruser.route("/search", methods=['POST']) +def _search(): token = request.headers.get("Token") - print(token) accToken = verifyAccessToken(token, BAR) + if accToken is not None: data = request.get_json() - userID = data['userId'] - user = User.query.filter_by(userID=userID) - month = user.getGeruecht().getMonth() + searchString = data['searchString'] - return jsonify({"userId": user.userID, "amount": month[1], "credit": month[0]}) + retVal = ldap.searchUser(searchString) + + return jsonify(retVal) return jsonify({"error": "permission denied"}), 401 diff --git a/geruecht/controller/ldapController.py b/geruecht/controller/ldapController.py index dbd5a40..3646d8e 100644 --- a/geruecht/controller/ldapController.py +++ b/geruecht/controller/ldapController.py @@ -50,6 +50,39 @@ class LDAPController(metaclass=Singleton): elif data == 'bar': return BAR + def __isUserInList(self, list, username): + help_list = [] + for user in list: + help_list.append(user[1]['cn'][0].decode('utf-8')) + if username in help_list: + return True + return False + + def searchUser(self, searchString): + self.connect() + + name = searchString.split(" ") + name_result = [] + + if len(name) == 1: + name_result[0] = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'givenName={}'.format(name[0]), ['cn', 'givenName', 'sn']) + name_result[1] = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'sn={}'.format(name[0]),['cn', 'givenName', 'sn']) + else: + name_result[2] = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, + 'givenName={}'.format(name[0]), ['cn', 'givenName', 'sn']) + name_result[3] = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'sn={}'.format(name[0]), + ['cn', 'givenName', 'sn']) + retVal = [] + + for user in name_result: + username = user[1]['cn'][0].decode('utf-8') + if not self.__isUserInList(retVal, username): + firstname = user[1]['givenName'][0].decode('utf-8') + lastname = user[1]['givenName'][0].decode('utf-8') + retVal.append({username: username, firstname: firstname, lastname: lastname}) + + return retVal + if __name__ == '__main__': a = LDAPController() From d0f665cc8b9a18cc869961bd81877785350f77a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Thu, 26 Dec 2019 10:28:30 +0100 Subject: [PATCH 6/6] first usable site only 2 groups exists: bar and finanzer person can be in more than 1 group site for baruser first try with autocomplete from ldap site for finanzer ; overview; specialview for 1 Person --- geruecht/baruser/routes.py | 12 +++--- geruecht/controller/databaseController.py | 2 +- geruecht/controller/ldapController.py | 51 +++++++++++++++++------ geruecht/finanzer/routes.py | 4 ++ geruecht/model/creditList.py | 1 + geruecht/model/user.py | 1 + 6 files changed, 52 insertions(+), 19 deletions(-) diff --git a/geruecht/baruser/routes.py b/geruecht/baruser/routes.py index dc2579b..4feb597 100644 --- a/geruecht/baruser/routes.py +++ b/geruecht/baruser/routes.py @@ -64,6 +64,12 @@ def _baradd(): amount = int(data['amount']) user = db.getUser(userID) + if user is None: + groups = ldap.getGroup(userID) + user_data = ldap.getUserData(userID) + user_data['group'] = groups + db.insertUser(user_data) + user = db.getUser(userID) month = user.addAmount(amount) amount = abs(month[0] - month[1]) @@ -87,11 +93,7 @@ def _getUsers(): retVal = {} if accToken is not None: - users = db.getAllUser() - for user in users: - month = user.getGeruecht().getMonth() - if month == 0: - retVal[user.cn] = {user.toJSON()} + retVal = ldap.getAllUser() return jsonify(retVal) return jsonify({"error": "permission denied"}), 401 diff --git a/geruecht/controller/databaseController.py b/geruecht/controller/databaseController.py index 20f5a89..2e239f4 100644 --- a/geruecht/controller/databaseController.py +++ b/geruecht/controller/databaseController.py @@ -106,7 +106,7 @@ class DatabaseController(metaclass=Singleton): self.db.close() raise err if len(data) == 1: - return CreditList(data[0]) + return [CreditList(data[0])] else: return [CreditList(value) for value in data] diff --git a/geruecht/controller/ldapController.py b/geruecht/controller/ldapController.py index 593c4e6..ebb7de8 100644 --- a/geruecht/controller/ldapController.py +++ b/geruecht/controller/ldapController.py @@ -63,33 +63,58 @@ class LDAPController(metaclass=Singleton): def __isUserInList(self, list, username): help_list = [] for user in list: - help_list.append(user[1]['cn'][0].decode('utf-8')) + help_list.append(user['username']) if username in help_list: return True return False + def getAllUser(self): + self.connect() + retVal = [] + data = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, attrlist=['cn', 'givenName', 'sn']) + for user in data: + if 'cn' in user[1]: + username = user[1]['cn'][0].decode('utf-8') + firstname = user[1]['givenName'][0].decode('utf-8') + lastname = user[1]['sn'][0].decode('utf-8') + retVal.append({'username': username, 'firstname': firstname, 'lastname': lastname}) + return retVal + def searchUser(self, searchString): self.connect() name = searchString.split(" ") + + for i in range(len(name)): + name[i] = "*"+name[i]+"*" + + + print(name) + name_result = [] if len(name) == 1: - name_result[0] = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'givenName={}'.format(name[0]), ['cn', 'givenName', 'sn']) - name_result[1] = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'sn={}'.format(name[0]),['cn', 'givenName', 'sn']) + if name[0] == "**": + name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, + attrlist=['cn', 'givenName', 'sn'])) + else: + name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'givenName={}'.format(name[0]), ['cn', 'givenName', 'sn'])) + name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'sn={}'.format(name[0]),['cn', 'givenName', 'sn'])) else: - name_result[2] = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, - 'givenName={}'.format(name[0]), ['cn', 'givenName', 'sn']) - name_result[3] = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'sn={}'.format(name[0]), - ['cn', 'givenName', 'sn']) + name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, + 'givenName={}'.format(name[1]), ['cn', 'givenName', 'sn'])) + name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'sn={}'.format(name[1]), + ['cn', 'givenName', 'sn'])) retVal = [] - for user in name_result: - username = user[1]['cn'][0].decode('utf-8') - if not self.__isUserInList(retVal, username): - firstname = user[1]['givenName'][0].decode('utf-8') - lastname = user[1]['givenName'][0].decode('utf-8') - retVal.append({username: username, firstname: firstname, lastname: lastname}) + for names in name_result: + for user in names: + if 'cn' in user[1]: + username = user[1]['cn'][0].decode('utf-8') + if not self.__isUserInList(retVal, username): + firstname = user[1]['givenName'][0].decode('utf-8') + lastname = user[1]['sn'][0].decode('utf-8') + retVal.append({'username': username, 'firstname': firstname, 'lastname': lastname}) return retVal diff --git a/geruecht/finanzer/routes.py b/geruecht/finanzer/routes.py index f1178cd..57b13a5 100644 --- a/geruecht/finanzer/routes.py +++ b/geruecht/finanzer/routes.py @@ -28,6 +28,8 @@ def _getFinanzer(): for user in users: LOGGER.debug("Add User {} to ReturnValue".format(user)) dic[user.cn] = user.toJSON() + creditList = db.getCreditListFromUser(user) + dic[user.cn]['creditList'] = {credit.year: credit.toJSON() for credit in creditList} LOGGER.debug("ReturnValue is {}".format(dic)) LOGGER.info("Send main for Finanzer") return jsonify(dic) @@ -130,7 +132,9 @@ def _addCredit(): accToken = verifyAccessToken(token, MONEY) if accToken is not None: + data = request.get_json() + print(data) LOGGER.debug("Get data {}".format(data)) userID = data['userId'] credit = int(data['credit']) diff --git a/geruecht/model/creditList.py b/geruecht/model/creditList.py index 70fcaa8..5c30a9c 100644 --- a/geruecht/model/creditList.py +++ b/geruecht/model/creditList.py @@ -321,6 +321,7 @@ class CreditList(): "dez": { "credit": self.dez_guthaben, "depts": self.dez_schulden}, + "last": self.last_schulden } return dic diff --git a/geruecht/model/user.py b/geruecht/model/user.py index cec7dcc..a9e61b2 100644 --- a/geruecht/model/user.py +++ b/geruecht/model/user.py @@ -40,6 +40,7 @@ class User(): self.geruechte = geruechte elif type(geruechte) == CreditList: self.geruechte.append(geruechte) + self.updateGeruecht() #geruechte = db.relationship('CreditList', backref='user', lazy=True) def createGeruecht(self, amount=0, year=datetime.now().year):