From 0d118a5f600b06616c2841e92642a303d8785269 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jordan=20Aug=C3=A9?= Date: Tue, 11 Feb 2014 17:35:22 +0100 Subject: [PATCH] SFA = Validation of Slices add user to slice & Update User keys, email and other params --- portal/accountview.py | 11 +++++++---- portal/actions.py | 27 ++++++++++++++++++++++----- portal/joinview.py | 1 + portal/models.py | 3 ++- portal/registrationview.py | 1 + portal/slicerequestview.py | 8 +++++++- 6 files changed, 40 insertions(+), 11 deletions(-) diff --git a/portal/accountview.py b/portal/accountview.py index f366555d..2a929bde 100644 --- a/portal/accountview.py +++ b/portal/accountview.py @@ -328,7 +328,7 @@ def account_process(request): private_key = json.dumps(private.exportKey()) public = private.publickey() public_key = json.dumps(public.exportKey(format='OpenSSH')) - # updating maniolf local:account table + # updating manifold local:account table account_config = json.loads(account_detail['config']) # preserving user_hrn user_hrn = account_config.get('user_hrn','N/A') @@ -338,9 +338,9 @@ def account_process(request): user_params = { 'config': keypair, 'auth_type':'managed'} manifold_update_account(request,user_params) # updating sfa - #public_key = public_key.replace('"', ''); - #user_pub_key = {'keys': public_key} - #sfa_update_user(request, user_hrn, user_pub_key) + public_key = public_key.replace('"', ''); + user_pub_key = {'keys': public_key} + sfa_update_user(request, user_hrn, user_pub_key) messages.success(request, 'Sucess: New Keypair Generated! Delegation of your credentials will be automatic.') return HttpResponseRedirect("/portal/account/") else: @@ -368,6 +368,9 @@ def account_process(request): #update manifold local:account table user_params = { 'config': file_content, 'auth_type':'user'} manifold_update_account(request,user_params) + # updating sfa + user_pub_key = {'keys': file_content} + sfa_update_user(request, user_hrn, user_pub_key) messages.success(request, 'Publickey uploaded! Please delegate your credentials using SFA: http://trac.myslice.info/wiki/DelegatingCredentials') return HttpResponseRedirect("/portal/account/") else: diff --git a/portal/actions.py b/portal/actions.py index 3be1176c..87e07d55 100644 --- a/portal/actions.py +++ b/portal/actions.py @@ -36,6 +36,8 @@ def authority_get_pi_emails(request, authority_hrn): # SFA add record (user, slice) def sfa_add_user(request, user_params): + if 'email' in user_params: + params['user_email'] = params['email'] query = Query.create('user').set(user_params).select('user_hrn') results = execute_query(request, query) if not results: @@ -44,6 +46,8 @@ def sfa_add_user(request, user_params): def sfa_update_user(request, user_hrn, user_params): # user_params: keys [public_key] + if 'email' in user_params: + params['user_email'] = params['email'] query = Query.update('user').filter_by('user_hrn', '==', user_hrn).set(user_params).select('user_hrn') results = execute_query(request,query) return results @@ -64,8 +68,14 @@ def sfa_add_authority(request, authority_params): return results def sfa_add_user_to_slice(request, user_hrn, slice_params): +# UPDATE myslice:slice SET researcher=['ple.upmc.jordan_auge','ple.inria.thierry_parmentelat','ple.upmc.loic_baron','ple.upmc.ciro_scognamiglio','ple.upmc.mohammed-yasin_rahman','ple.upmc.azerty'] where slice_hrn=='ple.upmc.myslicedemo' + query_current_users = Query.get('slice').select('user').filter_by('slice_hrn','==',slice_params['hrn']) + results_current_users = execute_query(request, query_current_users) + slice_params['researcher'] = slice_params['researcher'] | results_current_users query = Query.update('slice').filter_by('user_hrn', '==', user_hrn).set(slice_params).select('slice_hrn') results = execute_query(request, query) +# Also possible but not supported yet +# UPDATE myslice:user SET slice=['ple.upmc.agent','ple.upmc.myslicedemo','ple.upmc.tophat'] where user_hrn=='ple.upmc.azerty' if not results: raise Exception, "Could not create %s. Already exists ?" % slice_params['hrn'] return results @@ -145,7 +155,7 @@ def make_request_slice(slice): request = {} request['type'] = 'slice' request['id'] = slice.id - request['user_email'] = slice.user_email + request['user_hrn'] = slice.user_hrn request['timestamp'] = slice.created request['authority_hrn'] = slice.authority_hrn request['slice_name'] = slice.slice_name @@ -253,7 +263,7 @@ def portal_validate_request(wsgi_request, request_ids): 'email' : request['email'], #'slices' : None, #'researcher': None, - #'pi' : None, + 'pi' : request['pi'], 'enabled' : True } # ignored in request: id, timestamp, password @@ -276,7 +286,7 @@ def portal_validate_request(wsgi_request, request_ids): request_status['SFA user'] = {'status': False, 'description': str(e)} user_params = {'status':2} - manifold_update_user(request, request['email'],user_params) + manifold_update_user(request, request['email'], user_params) # MANIFOLD user should be added beforehand, during registration #try: @@ -297,13 +307,20 @@ def portal_validate_request(wsgi_request, request_ids): # XXX tmp sfa dependency from sfa.util.xrn import Xrn urn = Xrn(hrn, request['type']).get_urn() - + + # Add User to Slice if we have the user_hrn in pendingslice table + if 'user_hrn' in request: + user_hrn = request['user_hrn'] + print "Slice %s will be created for %s" % (hrn,request['user_hrn']) + else: + user_hrn='' + print "Slice %s will be created without users %s" % (hrn) sfa_slice_params = { 'hrn' : hrn, 'urn' : urn, 'type' : request['type'], #'slices' : None, - #'researcher': None, + 'researcher' : [user_hrn], #'pi' : None, 'enabled' : True } diff --git a/portal/joinview.py b/portal/joinview.py index 42f7ac56..e513a603 100644 --- a/portal/joinview.py +++ b/portal/joinview.py @@ -144,6 +144,7 @@ class JoinView (FreeAccessView): email = reg_email, password = reg_password, keypair = account_config, + pi = reg_auth, ) b.save() diff --git a/portal/models.py b/portal/models.py index 08b095ce..65c97bc4 100644 --- a/portal/models.py +++ b/portal/models.py @@ -63,6 +63,7 @@ class PendingUser(models.Model): keypair = models.TextField() authority_hrn = models.TextField() login = models.TextField() + pi = models.TextField() created = models.DateTimeField(auto_now_add = True) # models.ForeignKey(Institution) @@ -86,7 +87,7 @@ class PendingAuthority(models.Model): class PendingSlice(models.Model): slice_name = models.TextField() - user_email = models.TextField() + user_hrn = models.TextField() authority_hrn = models.TextField(null=True) number_of_nodes = models.TextField(default=0) type_of_nodes = models.TextField(default='NA') diff --git a/portal/registrationview.py b/portal/registrationview.py index fed383f7..455b1754 100644 --- a/portal/registrationview.py +++ b/portal/registrationview.py @@ -149,6 +149,7 @@ class RegistrationView (FreeAccessView): email = reg_email, password = request.POST['password'], keypair = account_config, + pi = '', ) b.save() # saves the user to django auth_user table [needed for password reset] diff --git a/portal/slicerequestview.py b/portal/slicerequestview.py index 7865428d..4975a92f 100644 --- a/portal/slicerequestview.py +++ b/portal/slicerequestview.py @@ -37,6 +37,10 @@ class SliceRequestView (LoginRequiredAutoLogoutView): user_email = execute_query(self.request, user_query) self.user_email = user_email[0].get('email') + user_query = Query().get('user').select('user_hrn').filter_by('user_hrn','==','$user_hrn') + user_hrn = execute_query(self.request, user_query) + self.user_hrn = user_hrn[0].get('user_hrn') + page = Page(request) page.add_css_files ( [ "http://code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css" ] ) @@ -49,6 +53,7 @@ class SliceRequestView (LoginRequiredAutoLogoutView): number_of_nodes = request.POST.get('number_of_nodes', '') purpose = request.POST.get('purpose', '') email = self.user_email + user_hrn = self.user_hrn cc_myself = True if (authority_hrn is None or authority_hrn == ''): @@ -70,7 +75,7 @@ class SliceRequestView (LoginRequiredAutoLogoutView): } s = PendingSlice( slice_name = slice_name, - user_email = email, + user_hrn = user_hrn, authority_hrn = authority_hrn, number_of_nodes = number_of_nodes, purpose = purpose @@ -96,6 +101,7 @@ class SliceRequestView (LoginRequiredAutoLogoutView): 'number_of_nodes': request.POST.get('number_of_nodes', ''), 'purpose': request.POST.get('purpose', ''), 'email': self.user_email, + 'user_hrn': self.user_hrn, 'cc_myself': True, 'authorities': authorities, } -- 2.43.0