try:
user_query = Query().get('local:user').filter_by('email', '==', user_email).select('user_id','email','password','config')
user_details = execute_admin_query(request, user_query)
-
+
# getting the user_id from the session
for user_detail in user_details:
user_id = user_detail['user_id']
query = Query.create('user').set(sfa_user_params).select('user_hrn')
results = execute_query(wsgi_request, query)
+
if not results:
raise Exception, "Could not create %s. Already exists ?" % sfa_user_params['user_hrn']
else:
}
# Add user in the island:
- add_user = lsClient.add_user( user_data )
-
- return add_user
+ addUser = lsClient.add_user( user_data )
+
+
+ return addUser
def ls_validate_user(wsgi_request, request):
organization = request['username'].split('@')[1]
}
validate = lsClient.update_user( user_data )
+
+ addUserPublicKey = lsClient.add_user_public_key( { 'user_id' : user_id, 'public_key': request['public_key'] } )
- return validate
+ return validate and addUserPublicKey
def create_user(wsgi_request, request):
ls_validate_user( wsgi_request, request )
except Exception, e:
"Error to validate the user in Labora Scheduler."
+
+def create_user_in_ldap(wsgi_request, request, user_detail):
+ """
+ """
+
+ # saves the user to django auth_user table [needed for password reset]
+ user = User.objects.create_user(request['username'], request['email'], request['password'])
+
+ # Creating a manifold user
+ user_id = manifold_add_user(wsgi_request, request)
+
+ # Creating a Manifold account on the MySlice platform
+ # Note the JSON representation of public and private keys already includes quotes
+ account_config = {
+ 'user_hrn' : request['user_hrn'],
+ 'user_public_key' : request['public_key'],
+ }
+ if request['private_key']:
+ account_config['user_private_key'] = request['private_key']
+
+ user_id = user_detail['user_id'] + 1 # the user_id for the newly created user in local:user
+
+ # XXX TODO: Require a myslice platform
+ # ALERT: this will disapear with ROUTERV2 of Manifold
+ # We have to consider the case where several registries can be used
+ # Removed hardcoded platform = 5
+ # This platform == 'myslice' is a TMP FIX !!
+ try:
+ reg_platform_query = Query().get('local:platform') \
+ .filter_by('platform', '==', 'myslice') \
+ .select('platform_id')
+ reg_platform = execute_admin_query(wsgi_request, reg_platform_query)
+ reg_platform_id = reg_platform[0]['platform_id']
+ account_params = {
+ 'platform_id' : reg_platform_id, # XXX ALERT !!
+ 'user_id' : user_id,
+ 'auth_type' : request['auth_type'],
+ 'config' : json.dumps(account_config),
+ }
+ manifold_add_account(wsgi_request, account_params)
+ except Exception, e:
+ print "Failed creating manifold account on platform %s for user: %s" % ('myslice', request['email'])
+
+ # XXX This has to be stored centrally
+ USER_STATUS_ENABLED = 2
+
+ # Update Manifold user status
+ manifold_update_user(wsgi_request, request['username'], {'status': USER_STATUS_ENABLED})
+
+ # Add reference accounts for platforms
+ manifold_add_reference_user_accounts(wsgi_request, request)
+ from sfa.util.xrn import Xrn
+
+ auth_pi = request.get('pi', None)
+ auth_pi = list([auth_pi]) if auth_pi else list()
+
+ # We create a user request with Manifold terminology
+ sfa_user_params = {
+ 'user_hrn' : request['user_hrn'],
+ 'user_email' : request['email'],
+ 'user_urn' : Xrn(request['user_hrn'], request['type']).get_urn(),
+ 'user_type' : request['type'],
+ 'keys' : request['public_key'],
+ 'user_first_name' : request['first_name'],
+ 'user_last_name' : request['last_name'],
+ 'pi_authorities' : auth_pi,
+ 'user_enabled' : True
+ }
+
+ print request['user_hrn']
+ print request['email']
+ print request['first_name']
+ print request['last_name']
+ print request['type']
+ print request['public_key']
+
+ query = Query.create('user').set(sfa_user_params).select('user_hrn')
+
+ print query
+
+ results = execute_admin_query(wsgi_request, query)
+
+ print results
+
+ if not results:
+ raise Exception, "Could not create %s. Already exists ?" % sfa_user_params['user_hrn']
+ else:
+ subject = 'User validated'
+ msg = 'A manager of your institution has validated your account. You have now full user access to the portal.'
+ send_mail(subject, msg, 'support@fibre.org.br',[request['email']], fail_silently=False)
+ return results
+
def create_pending_user(wsgi_request, request, user_detail):
"""
"""
# Edelberto - LDAP XXX
from portal.models import PendingUser
from django.contrib.auth.models import User #Pedro
-from portal.actions import create_pending_user, create_user
+from portal.actions import create_pending_user, create_user, create_user_in_ldap, clear_user_creds
from registrationview import RegistrationView
from random import randint
from hashlib import md5
## first you must open a connection to the server
try:
# Connect to NOC
- l = ldap.initialize("ldap://200.130.15.186:389")
+ l = ldap.initialize("ldap://10.128.0.50:389")
# Bind/authenticate with a root user to search all objects
l.simple_bind_s("cn=Manager,dc=br,dc=fibre","fibre2013")
searchFilter = "uid=" + username
print searchFilter
+ in_ldap = 0
+
try:
+ if username != "admin":
ldap_result_id = l.search(baseDN, searchScope, searchFilter, retrieveAttributes)
result_set = []
result_type, result_data = l.result(ldap_result_id, 0)
print cn
sn = result_set[0][0][1]['sn'][0]
print sn
- authority_hrn = 'fibre' + '.' + username.split('@')[1]
+ fname = sn.split(' ')[0]
+ lname = sn.split(' ')[1]
+ print fname
+ print lname
+
+ #authority_hrn = 'fibre' + '.' + username.split('@')[1]
+ authority_hrn = 'fibre'
print authority_hrn
email = ldap_mail
print ldap_mail
print username
password = password
print password
- user_hrn = 'fibre' + '.' + username.split('@')[1] + '.' + username
+ # user_hrn = 'fibre' + '.' + username.split('@')[1] + '.' + username
+ user_hrn = 'fibre' + '.' + username
print user_hrn
# Based on registrationview
print email_hash
user_request = {
- #'first_name' : cn,
- 'first_name' : sn,
- 'last_name' : '',
- #'organization' : username.split('@')[1],
+ 'first_name' : fname,
+ 'last_name' : lname,
'organization' : authority_hrn,
'authority_hrn' : authority_hrn,
'email' : ldap_mail,
'email_hash' : email_hash,
'pi' : '',
'user_hrn' : user_hrn,
+ 'reasons' : 'already exists in the LDAP',
'type' : 'user',
'validation_link': 'https://' + current_site + '/portal/email_activation/'+ email_hash
}
# XXX Verify if errors exist - After!
#if not errors:
- create_pending_user(request, user_request, user_detail)
-
- create_user(request, user_request)
-
- env['state'] = "User LDAP associated. Authenticate again."
- return render_to_response(self.template, env, context_instance=RequestContext(request))
+ create_user_in_ldap(request, user_request, user_detail)
+ #create_pending_user(request, user_request, user_detail)
+ #create_user(request, user_request)
+
+ env['state'] = "LDAP associated. Please, login again."
+ return render_to_response(self.template, env, context_instance=RequestContext(request))
+
else:
env['state'] = "Access denied. Verify LDAP userEnable and password."
print e
#else:
- if in_ldap and enabled and pwd:
+ if in_ldap and enabled and pwd or username=="admin":
################################################################################
### XXX Edelberto LDAP auth end XXX
"""
direct_calls = [ 'get_testbed_info', 'get_users', 'add_user', 'delete_user', 'update_user',
- 'get_user_id_by_username' ]
+ 'get_user_id_by_username', 'add_user_public_key', 'delete_user_public_key' ]
def __init__ ( self, organization ):
- # self.url, self.key = self.getOrganizationConfigs( organization )
- self.url = "https://portal.ufrj.fibre.org.br:3002/LS-Sched/"
- self.key = "9763dd03f2da8138fb22a63d78e5e9792b59a637"
+ self.url, self.key = self.getOrganizationConfigs( organization )
def __getattr__(self, name):
method_parameters.extend(['filter'])
elif actual_name == "update_user":
method_parameters.extend(['user_id', 'new_user_data'])
- elif actual_name == "delete_user":
+ elif actual_name == "delete_user" or actual_name == "delete_user_public_key":
method_parameters.extend(['user_id'])
elif actual_name == "get_user_id_by_username":
method_parameters.extend(['username'])
elif actual_name == "add_user":
method_parameters.extend(['username', 'email', 'password', 'name', 'gidnumber',
'homedirectory'])
+ elif actual_name == "add_user_public_key":
+ method_parameters.extend(['user_id', 'public_key'])
for parameter in args:
if isinstance(parameter, (frozenset, list, set, tuple, dict)):
template_env['flowspaces']= univbrisfvlist.render(self.request)
template_env['flowspaces_form']= univbrisfvform.render(self.request)
-
# template_env['pending_resources'] = pending_resources.render(self.request)
template_env['sla_dialog'] = '' # sla_dialog.render(self.request)
template_env["theme"] = self.theme
{% if authority.authority_hrn == "fibre.cpqd" %}
{value:"{{ authority.authority_hrn }}",label:"CENTRO DE PESQUISA E DESENVOLVIMENTO EM TELECOMUNICACOES"},
{% else %}
- {% if authority.authority_hrn == "fibre.i2cat" %}
- {value:"{{ authority.authority_hrn }}",label:"FOUNDATION, RESEARCH AND INNOVATION IN THE INTERNET AREA"},
- {% else %}
- {% if authority.authority_hrn == "fibre.uth" %}
- {value:"{{ authority.authority_hrn }}",label:"UNIVERSITY OF THESSALY"},
- {% else %}
- {% if authority.authority_hrn == "fibre.bristol" %}
- {value:"{{ authority.authority_hrn }}",label:"UNIVERSITY OF BRISTOL"},
- {% else %}
- {value:"{{ authority.authority_hrn }}",label:"FIBRE"},
- {% endif %}
+ {% if authority.authority_hrn == "fibre.rnp" %}
+ {value:"{{ authority.authority_hrn }}",label:"REDE NACIONAL DE ENSINO E PESQUISA"},
+ {% else %}
+ {% if authority.authority_hrn == "fibre.i2cat" %}
+ {value:"{{ authority.authority_hrn }}",label:"FOUNDATION, RESEARCH AND INNOVATION IN THE INTERNET AREA"},
+ {% else %}
+ {% if authority.authority_hrn == "fibre.uth" %}
+ {value:"{{ authority.authority_hrn }}",label:"UNIVERSITY OF THESSALY"},
+ {% else %}
+ {% if authority.authority_hrn == "fibre.bristol" %}
+ {value:"{{ authority.authority_hrn }}",label:"UNIVERSITY OF BRISTOL"},
+ {% else %}
+ {value:"{{ authority.authority_hrn }}",label:"FIBRE"},
+ {% endif %}
{% endif %}
{% endif %}
{% endif %}
+ {% endif %}
{% endif %}
{% endif %}
{% endif %}