Merge branch 'feature/ldap' into develop

This commit is contained in:
Tim Gröger 2019-12-27 19:54:13 +01:00
commit a052add057
10 changed files with 517 additions and 123 deletions

3
.gitignore vendored
View File

@ -117,3 +117,6 @@ dmypy.json
#ide
.idea
.vscode/
*.log

View File

@ -8,6 +8,11 @@ import logging
from logging.handlers import WatchedFileHandler
import sys
MONEY = "moneymaster"
GASTRO = "gastro"
USER = "user"
BAR = "bar"
FORMATTER = logging.Formatter("%(asctime)s%(name)s%(levelname)s%(message)s")
logFileHandler = WatchedFileHandler("testlog.log")
@ -29,9 +34,34 @@ def getLogger(logger_name):
LOGGER = getLogger(__name__)
LOGGER.info("Initialize App")
class Singleton(type):
_instances = {}
def __call__(cls, *args, **kwargs):
if cls not in cls._instances:
cls._instances[cls] = super(Singleton, cls).__call__(*args, **kwargs)
return cls._instances[cls]
from .controller.databaseController import DatabaseController
db = DatabaseController()
from .controller.ldapController import LDAPController
ldapController = LDAPController()
def getDatabesController():
if db is not None:
return db
else:
return DatabaseController()
def getLDAPController():
if ldapController is not None:
return ldapController
else:
return LDAPController()
from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from flask_bcrypt import Bcrypt
from flask_cors import CORS
from .controller.accesTokenController import AccesTokenController
@ -41,18 +71,14 @@ app = Flask(__name__)
CORS(app)
# app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29'
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///site.db'
db = SQLAlchemy(app)
bcrypt = Bcrypt(app)
#db = SQLAlchemy(app)
accesTokenController = AccesTokenController("GERUECHT")
accesTokenController.start()
# login_manager = LoginManager(app)
# login_manager.login_view = 'login'
# login_manager.login_message_category = 'info'
MONEY = "moneymaster"
GASTRO = "gastro"
USER = "user"
BAR = "bar"
from geruecht import routes

View File

@ -1,5 +1,5 @@
from flask import Blueprint, request, jsonify
from geruecht import BAR, db
from geruecht import BAR, db, ldapController as ldap
from geruecht.routes import verifyAccessToken
from geruecht.model.user import User
from datetime import datetime
@ -23,18 +23,23 @@ def _bar():
dic = {}
if accToken is not None:
users = User.query.all()
users = db.getAllUser()
for user in users:
geruecht = None
geruecht = user.getGeruecht()
if geruecht is not None:
month = geruecht.getMonth(datetime.now().month)
amount = abs(month[0] - month[1])
amount = month[0] - month[1]
if amount != 0:
dic[user.userID] = {"username": user.username,
if amount >= 0:
type = 'credit'
else:
type = 'amount'
dic[user.cn] = {"username": user.cn,
"firstname": user.firstname,
"lastname": user.lastname,
"amount": abs(month[0] - month[1])
"amount": abs(month[0] - month[1]),
"type": type
}
return jsonify(dic)
return jsonify({"error": "permission denied"}), 401
@ -58,12 +63,18 @@ def _baradd():
userID = data['userId']
amount = int(data['amount'])
user = User.query.filter_by(userID=userID).first()
user = db.getUser(userID)
if user is None:
groups = ldap.getGroup(userID)
user_data = ldap.getUserData(userID)
user_data['group'] = groups
db.insertUser(user_data)
user = db.getUser(userID)
month = user.addAmount(amount)
amount = abs(month[0] - month[1])
return jsonify({"userId": user.userID, "amount": amount})
return jsonify({"userId": user.cn, "amount": amount})
return jsonify({"error", "permission denied"}), 401
@baruser.route("/barGetUsers")
@ -82,34 +93,22 @@ def _getUsers():
retVal = {}
if accToken is not None:
users = User.query.all()
for user in users:
month = user.getGeruecht().getMonth()
if month == 0:
retVal[user.userID] = {user.toJSON()}
retVal = ldap.getAllUser()
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@baruser.route("/barGetUser", methods=['POST'])
def _getUser():
""" Get specified User
This function returns the user with posted userID and them amount and credit.
Returns:
JSON-File with userID, amount and credit
or ERROR 401 Permission Denied
"""
@baruser.route("/search", methods=['POST'])
def _search():
token = request.headers.get("Token")
print(token)
accToken = verifyAccessToken(token, BAR)
if accToken is not None:
data = request.get_json()
userID = data['userId']
user = User.query.filter_by(userID=userID)
month = user.getGeruecht().getMonth()
searchString = data['searchString']
return jsonify({"userId": user.userID, "amount": month[1], "credit": month[0]})
retVal = ldap.searchUser(searchString)
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401

View File

@ -6,8 +6,9 @@ from threading import Thread
import hashlib
import logging
from logging.handlers import WatchedFileHandler
from geruecht import Singleton
class AccesTokenController(Thread):
class AccesTokenController(Thread, metaclass=Singleton):
""" Control all createt AccesToken
This Class create, delete, find and manage AccesToken.
@ -16,12 +17,6 @@ class AccesTokenController(Thread):
tokenList: List of currents AccessToken
lifetime: Variable for the Lifetime of one AccessToken in seconds.
"""
class __OnlyOne:
def __init__(self, arg):
self.val = arg
def __str__(self):
return repr(self) + self.val
instance = None
tokenList = None
lifetime = 60
@ -32,10 +27,6 @@ class AccesTokenController(Thread):
Initialize Thread and set tokenList empty.
"""
LOGGER.info("Initialize AccessTokenController")
if not AccesTokenController.instance:
AccesTokenController.instance = AccesTokenController.__OnlyOne(arg)
else:
AccesTokenController.instance.val = arg
LOGGER.debug("Build Logger for VerificationThread")
@ -87,7 +78,7 @@ class AccesTokenController(Thread):
"""
LOGGER.info("Create AccessToken")
now = datetime.ctime(datetime.now())
token = hashlib.md5((now + user.password).encode('utf-8')).hexdigest()
token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest()
accToken = AccessToken(user, token)
LOGGER.debug("Add AccessToken {} to current Tokens".format(accToken))
self.tokenList.append(accToken)
@ -108,24 +99,27 @@ class AccesTokenController(Thread):
"""
print("controll if", accToken, "hase group", group)
LOGGER.debug("Check if AccessToken {} has group {}".format(accToken, group))
return True if accToken.user.group == group else False
return True if group in accToken.user.group else False
def run(self):
""" Starting Controll-Thread
Verify that the AccesToken are not out of date. If one AccessToken out of date it will be deletet from tokenList.
"""
valid_time=7200
LOGGER.info("Start Thread for verification that the AccessToken are not out of date.")
while True:
self.LOGGER.debug("Name: {}".format(self.getName()))
self.LOGGER.debug("Start to iterate through List of current Tokens")
for accToken in self.tokenList:
self.LOGGER.debug("Check if AccessToken {} is out of date".format(accToken))
if (datetime.now() - accToken.timestamp).seconds > 7200:
if (datetime.now() - accToken.timestamp).seconds > valid_time:
print("delete", accToken)
self.LOGGER.info("Delete AccessToken {} from List of current Tokens".format(accToken))
self.tokenList.remove(accToken)
else:
self.LOGGER.debug("AccessToken {} is up to date. {} seconds left".format(accToken, 7200 - (datetime.now() - accToken.timestamp).seconds))
self.LOGGER.debug("AccessToken {} is up to date. {} seconds left".format(accToken, valid_time - (datetime.now() - accToken.timestamp).seconds))
self.LOGGER.debug("List of current Tokens: {}".format(self.tokenList))
self.LOGGER.info("Wait 10 Seconds")
time.sleep(10)

View File

@ -0,0 +1,161 @@
import pymysql
from geruecht import Singleton
from geruecht.model.user import User
from geruecht.model.creditList import CreditList
from datetime import datetime
class DatabaseController(metaclass=Singleton):
'''
DatabaesController
Connect to the Database and execute sql-executions
'''
def __init__(self, url='192.168.5.108', user='wu5', password='E1n$tein', database='geruecht'):
self.url = url
self.user = user
self.password = password
self.database = database
self.connect()
def connect(self):
try:
self.db = pymysql.connect(self.url, self.user, self.password, self.database, cursorclass=pymysql.cursors.DictCursor)
except Exception as err:
raise err
def getAllUser(self):
self.connect()
cursor = self.db.cursor()
try:
cursor.execute("select * from user")
data = cursor.fetchall()
self.db.close()
except Exception as err:
raise err
if data:
return [User(value) for value in data]
def getUser(self, username):
self.connect()
retVal = None
cursor = self.db.cursor()
try:
cursor.execute("select * from user where cn='{}'".format(username))
data = cursor.fetchone()
self.db.close()
except Exception as err:
raise err
if data:
retVal = User(data)
return retVal
def _convertGroupToString(self, groups):
retVal = ''
for group in groups:
if len(retVal) != 0:
retVal += ','
retVal += group
return retVal
def insertUser(self, data):
self.connect()
cursor = self.db.cursor()
groups = self._convertGroupToString(data['group'])
try:
cursor.execute("insert into user (cn, dn, firstname, lastname, gruppe) VALUES ('{}','{}','{}','{}','{}')".format(
data['cn'], data['dn'], data['givenName'], data['sn'], groups))
self.db.commit()
except Exception as err:
self.db.rollback()
self.db.close()
raise err
self.db.close()
def updateUser(self, data):
self.connect()
cursor = self.db.cursor()
groups = self._convertGroupToString(data['group'])
try:
cursor.execute("update user set dn='{}', firstname='{}', lastname='{}', gruppe='{}' where cn='{}'".format(
data['dn'], data['givenName'], data['sn'], groups, data['cn']))
self.db.commit()
except Exception as err:
self.db.rollback()
self.db.close()
print(err.__traceback__)
raise err
self.db.close()
def getCreditListFromUser(self, user, **kwargs):
self.connect()
cursor = self.db.cursor()
try:
if 'year' in kwargs:
sql = "select * from creditList where user_id={} and year_date={}".format(user.id, kwargs['year'])
else:
sql = "select * from creditList where user_id={}".format(user.id)
cursor.execute(sql)
data = cursor.fetchall()
self.db.close()
except Exception as err:
self.db.close()
raise err
if len(data) == 1:
return [CreditList(data[0])]
else:
return [CreditList(value) for value in data]
def createCreditList(self, user_id, year=datetime.now().year):
self.connect()
cursor = self.db.cursor()
try:
cursor.execute("insert into creditList (year_date, user_id) values ({},{})".format(year, user_id))
self.db.commit()
self.db.close()
except Exception as err:
self.db.close()
raise err
def updateCreditList(self, creditlist):
self.connect()
cursor = self.db.cursor()
try:
cursor.execute("select * from creditList where user_id={} and year_date={}".format(creditlist.user_id, creditlist.year))
data = cursor.fetchall()
self.db.close()
if len(data) == 0:
self.createCreditList(creditlist.user_id, creditlist.year)
sql = "update creditList set jan_guthaben={}, jan_schulden={},feb_guthaben={}, feb_schulden={}, maer_guthaben={}, maer_schulden={}, apr_guthaben={}, apr_schulden={}, mai_guthaben={}, mai_schulden={}, jun_guthaben={}, jun_schulden={}, jul_guthaben={}, jul_schulden={}, aug_guthaben={}, aug_schulden={},sep_guthaben={}, sep_schulden={},okt_guthaben={}, okt_schulden={}, nov_guthaben={}, nov_schulden={}, dez_guthaben={}, dez_schulden={}, last_schulden={} where year_date={} and user_id={}".format(creditlist.jan_guthaben, creditlist.jan_schulden,
creditlist.feb_guthaben, creditlist.feb_schulden,
creditlist.maer_guthaben, creditlist.maer_schulden,
creditlist.apr_guthaben, creditlist.apr_schulden,
creditlist.mai_guthaben, creditlist.mai_schulden,
creditlist.jun_guthaben, creditlist.jun_schulden,
creditlist.jul_guthaben, creditlist.jul_schulden,
creditlist.aug_guthaben, creditlist.aug_schulden,
creditlist.sep_guthaben, creditlist.sep_schulden,
creditlist.okt_guthaben, creditlist.okt_schulden,
creditlist.nov_guthaben, creditlist.nov_schulden,
creditlist.dez_guthaben, creditlist.dez_schulden,
creditlist.last_schulden, creditlist.year, creditlist.user_id)
print(sql)
self.connect()
cursor = self.db.cursor()
cursor.execute(sql)
self.db.commit()
self.db.close()
except Exception as err:
self.db.rollback()
self.db.close()
raise err
if __name__ == '__main__':
db = DatabaseController()
user = db.getUser('jhille')
db.getCreditListFromUser(user, year=2018)

View File

@ -0,0 +1,124 @@
import ldap
from geruecht import MONEY, USER, GASTRO, BAR, Singleton
class LDAPController(metaclass=Singleton):
'''
Authentification over LDAP. Create Account on-the-fly
'''
def __init__(self, url="ldap://192.168.5.108", dn='dc=ldap,dc=example,dc=local'):
self.url = url
self.dn = dn
self.connect()
def connect(self):
try:
self.client = ldap.initialize(self.url, bytes_mode=False)
except Exception as err:
raise err
def login(self, username, password):
self.connect()
try:
self.client.bind_s("cn={},ou=user,{}".format(username, self.dn), password)
self.client.unbind_s()
except:
self.client.unbind_s()
raise Exception("Invalid Password or Username")
def getUserData(self, username):
self.connect()
search_data = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'cn={}'.format(username), ['cn', 'givenName', 'sn'])
retVal = search_data[0][1]
for k,v in retVal.items():
retVal[k] = v[0].decode('utf-8')
retVal['dn'] = self.dn
return retVal
def getGroup(self, username):
retVal = []
self.connect()
main_group_data = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'cn={}'.format(username), ['gidNumber'])
if main_group_data:
main_group_number = main_group_data[0][1]['gidNumber'][0].decode('utf-8')
group_data = self.client.search_s('ou=group,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'gidNumber={}'.format(main_group_number), ['cn'])
if group_data:
group_name = group_data[0][1]['cn'][0].decode('utf-8')
if group_name == 'ldap-user':
retVal.append(USER)
groups_data = self.client.search_s('ou=group,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'memberUID={}'.format(username), ['cn'])
for data in groups_data:
print(data[1]['cn'][0].decode('utf-8'))
group_name = data[1]['cn'][0].decode('utf-8')
if group_name == 'finanzer':
retVal.append(MONEY)
elif group_name == 'gastro':
retVal.append(GASTRO)
elif group_name == 'bar':
retVal.append(BAR)
return retVal
def __isUserInList(self, list, username):
help_list = []
for user in list:
help_list.append(user['username'])
if username in help_list:
return True
return False
def getAllUser(self):
self.connect()
retVal = []
data = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, attrlist=['cn', 'givenName', 'sn'])
for user in data:
if 'cn' in user[1]:
username = user[1]['cn'][0].decode('utf-8')
firstname = user[1]['givenName'][0].decode('utf-8')
lastname = user[1]['sn'][0].decode('utf-8')
retVal.append({'username': username, 'firstname': firstname, 'lastname': lastname})
return retVal
def searchUser(self, searchString):
self.connect()
name = searchString.split(" ")
for i in range(len(name)):
name[i] = "*"+name[i]+"*"
print(name)
name_result = []
if len(name) == 1:
if name[0] == "**":
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE,
attrlist=['cn', 'givenName', 'sn']))
else:
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'givenName={}'.format(name[0]), ['cn', 'givenName', 'sn']))
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'sn={}'.format(name[0]),['cn', 'givenName', 'sn']))
else:
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE,
'givenName={}'.format(name[1]), ['cn', 'givenName', 'sn']))
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'sn={}'.format(name[1]),
['cn', 'givenName', 'sn']))
retVal = []
for names in name_result:
for user in names:
if 'cn' in user[1]:
username = user[1]['cn'][0].decode('utf-8')
if not self.__isUserInList(retVal, username):
firstname = user[1]['givenName'][0].decode('utf-8')
lastname = user[1]['sn'][0].decode('utf-8')
retVal.append({'username': username, 'firstname': firstname, 'lastname': lastname})
return retVal
if __name__ == '__main__':
a = LDAPController()
a.getUserData('jhille')

View File

@ -1,9 +1,8 @@
from flask import Blueprint, request, jsonify
from geruecht.finanzer import LOGGER
from datetime import datetime
from geruecht import MONEY
from geruecht import MONEY, db
from geruecht.routes import verifyAccessToken
from geruecht.model.user import User
finanzer = Blueprint("finanzer", __name__)
@ -24,11 +23,13 @@ def _getFinanzer():
accToken = verifyAccessToken(token, MONEY)
if accToken is not None:
LOGGER.debug("Get all Useres")
users = User.query.all()
users = db.getAllUser()
dic = {}
for user in users:
LOGGER.debug("Add User {} to ReturnValue".format(user))
dic[user.userID] = user.toJSON()
dic[user.cn] = user.toJSON()
creditList = db.getCreditListFromUser(user)
dic[user.cn]['creditList'] = {credit.year: credit.toJSON() for credit in creditList}
LOGGER.debug("ReturnValue is {}".format(dic))
LOGGER.info("Send main for Finanzer")
return jsonify(dic)
@ -56,13 +57,13 @@ def _getFinanzerYear():
LOGGER.debug("Get data {}".format(data))
userID = data['userId']
LOGGER.debug("UserID is {}".format(userID))
user = User.query.filter_by(userID=userID).first()
user = db.getUser(userID)
LOGGER.debug("User is {}".format(user))
dic[user.userID] = {}
dic[user.cn] = {}
LOGGER.debug("Build ReturnValue")
for geruecht in user.geruechte:
LOGGER.debug("Add Geruecht {} to ReturnValue".format(geruecht))
dic[user.userID][geruecht.year] = geruecht.toJSON()
dic[user.cn][geruecht.year] = geruecht.toJSON()
LOGGER.debug("ReturnValue is {}".format(dic))
LOGGER.info("Send Geruechte from User {}".format(user))
return jsonify(dic)
@ -103,7 +104,7 @@ def _addAmount():
LOGGER.error("KeyError in month. Month is set to default.")
month = datetime.now().month
LOGGER.debug("Year is {} and Month is {}".format(year, month))
user = User.query.filter_by(userID=userID).first()
user = db.getUser(userID)
LOGGER.debug("User is {}".format(user))
LOGGER.debug("Add amount to User {} in year {} and month {}".format(user, year, month))
user.addAmount(amount, year=year, month=month)
@ -131,7 +132,9 @@ def _addCredit():
accToken = verifyAccessToken(token, MONEY)
if accToken is not None:
data = request.get_json()
print(data)
LOGGER.debug("Get data {}".format(data))
userID = data['userId']
credit = int(data['credit'])
@ -149,7 +152,7 @@ def _addCredit():
month = datetime.now().month
LOGGER.debug("Year is {} and Month is {}".format(year, month))
user = User.query.filter_by(userID=userID).first()
user = db.getUser(userID)
LOGGER.debug("User is {}".format(user))
LOGGER.debug("Add credit to User {} in year {} and month {}".format(user, year, month))
user.addCredit(credit, year=year, month=month)

View File

@ -1,10 +1,40 @@
from geruecht import db
from datetime import datetime
from geruecht import getLogger
import geruecht
LOGGER = getLogger(__name__)
def create_empty_data():
empty_data = {'id': 0,
'jan_guthaben': 0,
'jan_schulden': 0,
'feb_guthaben': 0,
'feb_schulden': 0,
'maer_guthaben': 0,
'maer_schulden': 0,
'apr_guthaben': 0,
'apr_schulden': 0,
'mai_guthaben': 0,
'mai_schulden': 0,
'jun_guthaben': 0,
'jun_schulden': 0,
'jul_guthaben': 0,
'jul_schulden': 0,
'aug_guthaben': 0,
'aug_schulden': 0,
'sep_guthaben': 0,
'sep_schulden': 0,
'okt_guthaben': 0,
'okt_schulden': 0,
'nov_guthaben': 0,
'nov_schulden': 0,
'dez_guthaben': 0,
'dez_schulden': 0,
'last_schulden': 0,
'year_date': datetime.now().year,
'user_id': 0}
return empty_data
class CreditList(db.Model):
class CreditList():
""" DataBase Object Credit List:
Attributes:
@ -16,50 +46,53 @@ class CreditList(db.Model):
year: Year of all Credits and Debts.
user_id: id from the User.
"""
def __init__(self, data):
LOGGER.debug("Initialize Geruecht")
id = db.Column(db.Integer, primary_key=True)
self.id = int(data['id'])
jan_guthaben = db.Column(db.Integer, nullable=False, default=0)
jan_schulden = db.Column(db.Integer, nullable=False, default=0)
self.jan_guthaben = int(data['jan_guthaben'])
self.jan_schulden = int(data['jan_schulden'])
feb_guthaben = db.Column(db.Integer, nullable=False, default=0)
feb_schulden = db.Column(db.Integer, nullable=False, default=0)
self.feb_guthaben = int(data['feb_guthaben'])
self.feb_schulden = int(data['feb_schulden'])
maer_guthaben = db.Column(db.Integer, nullable=False, default=0)
maer_schulden = db.Column(db.Integer, nullable=False, default=0)
self.maer_guthaben = int(data['maer_guthaben'])
self.maer_schulden = int(data['maer_schulden'])
apr_guthaben = db.Column(db.Integer, nullable=False, default=0)
apr_schulden = db.Column(db.Integer, nullable=False, default=0)
self.apr_guthaben = int(data['apr_guthaben'])
self.apr_schulden = int(data['apr_schulden'])
mai_guthaben = db.Column(db.Integer, nullable=False, default=0)
mai_schulden = db.Column(db.Integer, nullable=False, default=0)
self.mai_guthaben = int(data['mai_guthaben'])
self.mai_schulden = int(data['mai_schulden'])
jun_guthaben = db.Column(db.Integer, nullable=False, default=0)
jun_schulden = db.Column(db.Integer, nullable=False, default=0)
self.jun_guthaben = int(data['jun_guthaben'])
self.jun_schulden = int(data['jun_schulden'])
jul_guthaben = db.Column(db.Integer, nullable=False, default=0)
jul_schulden = db.Column(db.Integer, nullable=False, default=0)
self.jul_guthaben = int(data['jul_guthaben'])
self.jul_schulden = int(data['jul_schulden'])
aug_guthaben = db.Column(db.Integer, nullable=False, default=0)
aug_schulden = db.Column(db.Integer, nullable=False, default=0)
self.aug_guthaben = int(data['aug_guthaben'])
self.aug_schulden = int(data['aug_schulden'])
sep_guthaben = db.Column(db.Integer, nullable=False, default=0)
sep_schulden = db.Column(db.Integer, nullable=False, default=0)
self.sep_guthaben = int(data['sep_guthaben'])
self.sep_schulden = int(data['sep_schulden'])
okt_guthaben = db.Column(db.Integer, nullable=False, default=0)
okt_schulden = db.Column(db.Integer, nullable=False, default=0)
self.okt_guthaben = int(data['okt_guthaben'])
self.okt_schulden = int(data['okt_schulden'])
nov_guthaben = db.Column(db.Integer, nullable=False, default=0)
nov_schulden = db.Column(db.Integer, nullable=False, default=0)
self.nov_guthaben = int(data['nov_guthaben'])
self.nov_schulden = int(data['nov_schulden'])
dez_guthaben = db.Column(db.Integer, nullable=False, default=0)
dez_schulden = db.Column(db.Integer, nullable=False, default=0)
self.dez_guthaben = int(data['dez_guthaben'])
self.dez_schulden = int(data['dez_schulden'])
last_schulden = db.Column(db.Integer, nullable=False, default=0)
self.last_schulden = int(data['last_schulden'])
year = db.Column(db.Integer, nullable=False, default=datetime.now().year)
self.year = int(data['year_date'])
user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
self.user_id = int(data['user_id'])
self.db = geruecht.getDatabesController()
def getSchulden(self):
""" Get Schulden
@ -185,7 +218,8 @@ class CreditList(db.Model):
self.dez_schulden += amount
retValue = (self.dez_guthaben, self.dez_schulden)
db.session.commit()
#db.session.commit()
self.db.updateCreditList(self)
LOGGER.debug("Credit and Amount is {}".format(retValue))
return retValue
@ -239,8 +273,8 @@ class CreditList(db.Model):
elif month == 12:
self.dez_guthaben += credit
retValue = (self.dez_guthaben, self.dez_schulden)
db.session.commit()
self.db.updateCreditList(self)
#db.session.commit()
LOGGER.debug("Credit and Amount is {}".format(retValue))
return retValue
@ -287,6 +321,7 @@ class CreditList(db.Model):
"dez": {
"credit": self.dez_guthaben,
"depts": self.dez_schulden},
"last": self.last_schulden
}
return dic

View File

@ -1,10 +1,12 @@
from geruecht import db, bcrypt, getLogger
from geruecht.model.creditList import CreditList
from geruecht import getLogger
import geruecht
from geruecht.model.creditList import CreditList, create_empty_data
from datetime import datetime
LOGGER = getLogger(__name__)
class User(db.Model):
class User():
""" Database Object for User
Table for all safed User
@ -18,15 +20,28 @@ class User(db.Model):
group: Which group is the User? moneymaster, gastro, user or bar?
password: salted hashed password for the User.
"""
id = db.Column(db.Integer, primary_key=True)
userID = db.Column(db.String, nullable=False, unique=True)
username = db.Column(db.String, nullable=False, unique=True)
firstname = db.Column(db.String, nullable=False)
lastname = db.Column(db.String, nullable=False)
group = db.Column(db.String, nullable=False)
password = db.Column(db.String, nullable=False)
def __init__(self, data):
self.id = int(data['id'])
self.cn = data['cn']
self.dn = data['dn']
self.firstname = data['firstname']
self.lastname = data['lastname']
self.group = data['gruppe']
if type(data['gruppe']) == list:
self.group = data['gruppe']
elif type(data['gruppe']) == str:
self.group = data['gruppe'].split(',')
geruechte = db.relationship('CreditList', backref='user', lazy=True)
self.db = geruecht.getDatabesController()
self.ldap = geruecht.getLDAPController()
self.geruechte = []
geruechte = self.db.getCreditListFromUser(self)
if type(geruechte) == list:
self.geruechte = geruechte
elif type(geruechte) == CreditList:
self.geruechte.append(geruechte)
self.updateGeruecht()
#geruechte = db.relationship('CreditList', backref='user', lazy=True)
def createGeruecht(self, amount=0, year=datetime.now().year):
""" Create Geruecht
@ -42,10 +57,14 @@ class User(db.Model):
the created geruecht
"""
LOGGER.debug("Create Geruecht for user {} in year {}".format(self, year))
credit = CreditList(user_id=self.id, last_schulden=amount, year=year)
db.session.add(credit)
db.session.commit()
credit = CreditList.query.filter_by(year=year, user_id=self.id).first()
data = create_empty_data()
data['user_id'] = self.id
data['last_schulden'] = amount
data['year_date'] = year
credit = CreditList(data)
self.geruechte.append(credit)
self.db.updateCreditList(credit)
credit = self.db.getCreditListFromUser(self, year=year)
LOGGER.debug("Created Geruecht {}".format(credit))
return credit
@ -72,7 +91,7 @@ class User(db.Model):
self.updateGeruecht()
return geruecht
return self.getGeruecht(year=year)
def addAmount(self, amount, year=datetime.now().year, month=datetime.now().month):
""" Add Amount
@ -92,8 +111,7 @@ class User(db.Model):
geruecht = self.getGeruecht(year=year)
retVal = geruecht.addAmount(amount, month=month)
db.session.add(geruecht)
db.session.commit()
self.db.updateCreditList(geruecht)
self.updateGeruecht()
@ -117,8 +135,7 @@ class User(db.Model):
geruecht = self.getGeruecht(year=year)
retVal = geruecht.addCredit(credit, month=month)
db.session.add(geruecht)
db.session.commit()
self.db.updateCreditList(geruecht)
self.updateGeruecht()
@ -137,8 +154,7 @@ class User(db.Model):
geruecht.last_schulden = 0
if index != 0:
geruecht.last_schulden = (self.geruechte[index - 1].getSchulden() * -1)
db.session.commit()
self.db.updateCreditList(geruecht)
def sortYear(self, geruecht):
""" Sort Year
@ -161,14 +177,21 @@ class User(db.Model):
A Dic with static Attributes.
"""
dic = {
"userId": self.userID,
"username": self.username,
"userId": self.cn,
"cn": self.cn,
"dn": self.dn,
"firstname": self.firstname,
"lastname": self.lastname,
"group": self.group,
"username": self.cn
}
return dic
def updateUser(self):
data = self.ldap.getUserData(self.cn)
data['group'] = self.ldap.getGroup(self.cn)
self.db.updateUser(data)
def login(self, password):
""" Login for the User
@ -178,7 +201,14 @@ class User(db.Model):
A Bool. True if the password is correct and False if it isn't.
"""
LOGGER.debug("Login User {}".format(self))
return True if bcrypt.check_password_hash(self.password, password) else False
try:
self.ldap.login(self.cn, password)
self.updateUser()
return True
except:
return False
def __repr__(self):
return "User({}, {}, {})".format(self.userID, self.username, self.group)
return "User({}, {}, {})".format(self.cn, self.dn, self.group)

View File

@ -1,10 +1,11 @@
from geruecht import app, db, accesTokenController, MONEY, BAR, USER, GASTRO, LOGGER
from geruecht import ldapController as ldap
from geruecht.model.user import User
from geruecht.model.creditList import CreditList
from geruecht.model.priceList import PriceList
from datetime import datetime
from flask import request, jsonify
def login(user, password):
return user.login(password)
def verifyAccessToken(token, group):
""" Verify Accestoken
@ -58,18 +59,36 @@ def _login():
"""
LOGGER.info("Start log in.")
data = request.get_json()
print(data)
LOGGER.debug("JSON from request: {}".format(data))
username = data['username']
password = data['password']
LOGGER.info("search {} in database".format(username))
user = db.getUser(username)
if user is None:
LOGGER.info("User {} not found. Authenticate over LDAP and create User.")
try:
ldap.login(username, password)
LOGGER.info("Authentification successfull. Search Group")
groups = ldap.getGroup(username)
LOGGER.info("Get userdata from LDAP")
user_data = ldap.getUserData(username)
user_data['group'] = groups
LOGGER.info('Insert user {} into database')
db.insertUser(user_data)
except Exception as err:
return jsonify({"error": str(err)}), 401
LOGGER.info("{} try to log in".format(username))
user = User.query.filter_by(username=username).first()
user = db.getUser(username)
LOGGER.debug("User is {}".format(user))
if user:
LOGGER.debug("Check login for User {}".format(user))
if user.login(password):
if login(user, password):
token = accesTokenController.createAccesToken(user)
dic = user.toJSON()
dic["token"] = token
dic["accessToken"] = token
LOGGER.info("User {} success login.".format(username))
return jsonify(dic)
else: