from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError from geruecht.exceptions import UsernameExistLDAP, LDAPExcetpion, PermissionDenied import geruecht.controller.databaseController as dc import geruecht.controller.ldapController as lc from geruecht.logger import getDebugLogger from geruecht.model.user import User db = dc.DatabaseController() ldap = lc.LDAPController() debug = getDebugLogger() class Base: def getAllStatus(self): debug.info("get all status for user") retVal = db.getAllStatus() debug.debug("status are {{ {} }}".format(retVal)) return retVal def getStatus(self, name): debug.info("get status of user {{ {} }}".format(name)) retVal = db.getStatus(name) debug.debug("status of user {{ {} }} is {{ {} }}".format(name, retVal)) return retVal def setStatus(self, name): debug.info("set status of user {{ {} }}".format(name)) retVal = db.setStatus(name) debug.debug( "settet status of user {{ {} }} is {{ {} }}".format(name, retVal)) return retVal def deleteStatus(self, status): debug.info("delete status {{ {} }}".format(status)) db.deleteStatus(status) def updateStatus(self, status): debug.info("update status {{ {} }}".format(status)) retVal = db.updateStatus(status) debug.debug("updated status is {{ {} }}".format(retVal)) return retVal def updateStatusOfUser(self, username, status): debug.info("update status {{ {} }} of user {{ {} }}".format( status, username)) retVal = db.updateStatusOfUser(username, status) debug.debug( "updatet status of user {{ {} }} is {{ {} }}".format(username, retVal)) return retVal def updateVotingOfUser(self, username, voting): debug.info("update voting {{ {} }} of user {{ {} }}".format( voting, username)) retVal = db.updateVotingOfUser(username, voting) debug.debug( "updatet voting of user {{ {} }} is {{ {} }}".format(username, retVal)) return retVal def lockUser(self, username, locked): debug.info("lock user {{ {} }} for credit with status {{ {} }}".format( username, locked)) user = self.getUser(username) debug.debug("user is {{ {} }}".format(user)) user.updateData({'locked': locked}) db.updateUser(user) retVal = self.getUser(username) debug.debug("locked user is {{ {} }}".format(retVal)) return retVal def updateConfig(self, username, data): debug.info( "update config of user {{ {} }} with config {{ {} }}".format(username, data)) user = self.getUser(username) debug.debug("user is {{ {} }}".format(user)) user.updateData(data) db.updateUser(user) retVal = self.getUser(username) debug.debug("updated config of user is {{ {} }}".format(retVal)) return retVal def syncLdap(self): debug.info('sync Users from Ldap') ldap_users = ldap.getAllUser() for user in ldap_users: self.getUser(user['username']) def getAllUsersfromDB(self, extern=True): debug.info("get all users from database") if (len(ldap.getAllUser()) != len(db.getAllUser())): self.syncLdap() users = db.getAllUser() debug.debug("users are {{ {} }}".format(users)) for user in users: try: debug.debug("update data from ldap") self.__updateDataFromLDAP(user) except: pass debug.debug("update creditlists") self.__updateGeruechte(user) retVal = db.getAllUser(extern=extern) debug.debug("all users are {{ {} }}".format(retVal)) return retVal def getUser(self, username): debug.info("get user {{ {} }}".format(username)) user = db.getUser(username) debug.debug("user is {{ {} }}".format(user)) groups = ldap.getGroup(username) debug.debug("groups are {{ {} }}".format(groups)) user_data = ldap.getUserData(username) debug.debug("user data from ldap is {{ {} }}".format(user_data)) user_data['gruppe'] = groups user_data['group'] = groups if user is None: debug.debug("user not exists in database -> insert into database") user = User(user_data) db.insertUser(user) else: debug.debug("update database with user") user.updateData(user_data) db.updateUser(user) user = db.getUser(username) self.__updateGeruechte(user) debug.debug("user is {{ {} }}".format(user)) return user def modifyUser(self, user, attributes, password): debug.info("modify user {{ {} }} with attributes (can't show because here can be a password)".format( user)) try: ldap_conn = ldap.bind(user, password) if attributes: if 'username' in attributes: debug.debug("change username, so change first in database") db.changeUsername(user, attributes['username']) ldap.modifyUser(user, ldap_conn, attributes) if 'username' in attributes: retVal = self.getUser(attributes['username']) debug.debug("user is {{ {} }}".format(retVal)) return retVal else: retVal = self.getUser(user.uid) debug.debug("user is {{ {} }}".format(retVal)) return retVal return self.getUser(user.uid) except UsernameExistLDAP as err: debug.debug( "username exists on ldap, rechange username on database", exc_info=True) db.changeUsername(user, user.uid) raise Exception(err) except LDAPExcetpion as err: if 'username' in attributes: db.changeUsername(user, user.uid) raise Exception(err) except LDAPPasswordIsMandatoryError as err: raise Exception('Password wurde nicht gesetzt!!') except LDAPBindError as err: raise Exception('Password ist falsch') except Exception as err: raise Exception(err) def validateUser(self, username, password): debug.info("validate user {{ {} }}".format(username)) ldap.login(username, password) def loginUser(self, username, password): debug.info("login user {{ {} }}".format(username)) try: user = self.getUser(username) debug.debug("user is {{ {} }}".format(user)) user.password = password ldap.login(username, password) return user except PermissionDenied as err: debug.debug("permission is denied", exc_info=True) raise err