From d1accda30ea287adde0500b5280ee360e1c357a3 Mon Sep 17 00:00:00 2001 From: Loic Baron Date: Tue, 16 Sep 2014 18:06:55 -0300 Subject: [PATCH] LDAP integration adding authorities --- portal/actions.py | 106 +++++++++++++++++- portal/homeview.py | 40 ++++--- portal/lsapiclient.py | 10 +- portal/sliceresourceview.py | 1 - .../fibre/fibre_registration_view.html | 26 +++-- 5 files changed, 146 insertions(+), 37 deletions(-) diff --git a/portal/actions.py b/portal/actions.py index 2e567669..feef871d 100644 --- a/portal/actions.py +++ b/portal/actions.py @@ -57,7 +57,7 @@ def clear_user_creds(request, user_email): try: user_query = Query().get('local:user').filter_by('email', '==', user_email).select('user_id','email','password','config') user_details = execute_admin_query(request, user_query) - + # getting the user_id from the session for user_detail in user_details: user_id = user_detail['user_id'] @@ -565,6 +565,7 @@ def sfa_create_user(wsgi_request, request): query = Query.create('user').set(sfa_user_params).select('user_hrn') results = execute_query(wsgi_request, query) + if not results: raise Exception, "Could not create %s. Already exists ?" % sfa_user_params['user_hrn'] else: @@ -591,9 +592,10 @@ def ls_create_user(wsgi_request, request, user_detail): } # Add user in the island: - add_user = lsClient.add_user( user_data ) - - return add_user + addUser = lsClient.add_user( user_data ) + + + return addUser def ls_validate_user(wsgi_request, request): organization = request['username'].split('@')[1] @@ -609,8 +611,10 @@ def ls_validate_user(wsgi_request, request): } validate = lsClient.update_user( user_data ) + + addUserPublicKey = lsClient.add_user_public_key( { 'user_id' : user_id, 'public_key': request['public_key'] } ) - return validate + return validate and addUserPublicKey def create_user(wsgi_request, request): @@ -638,7 +642,99 @@ def create_user(wsgi_request, request): ls_validate_user( wsgi_request, request ) except Exception, e: "Error to validate the user in Labora Scheduler." + +def create_user_in_ldap(wsgi_request, request, user_detail): + """ + """ + + # saves the user to django auth_user table [needed for password reset] + user = User.objects.create_user(request['username'], request['email'], request['password']) + + # Creating a manifold user + user_id = manifold_add_user(wsgi_request, request) + + # Creating a Manifold account on the MySlice platform + # Note the JSON representation of public and private keys already includes quotes + account_config = { + 'user_hrn' : request['user_hrn'], + 'user_public_key' : request['public_key'], + } + if request['private_key']: + account_config['user_private_key'] = request['private_key'] + + user_id = user_detail['user_id'] + 1 # the user_id for the newly created user in local:user + + # XXX TODO: Require a myslice platform + # ALERT: this will disapear with ROUTERV2 of Manifold + # We have to consider the case where several registries can be used + # Removed hardcoded platform = 5 + # This platform == 'myslice' is a TMP FIX !! + try: + reg_platform_query = Query().get('local:platform') \ + .filter_by('platform', '==', 'myslice') \ + .select('platform_id') + reg_platform = execute_admin_query(wsgi_request, reg_platform_query) + reg_platform_id = reg_platform[0]['platform_id'] + account_params = { + 'platform_id' : reg_platform_id, # XXX ALERT !! + 'user_id' : user_id, + 'auth_type' : request['auth_type'], + 'config' : json.dumps(account_config), + } + manifold_add_account(wsgi_request, account_params) + except Exception, e: + print "Failed creating manifold account on platform %s for user: %s" % ('myslice', request['email']) + + # XXX This has to be stored centrally + USER_STATUS_ENABLED = 2 + + # Update Manifold user status + manifold_update_user(wsgi_request, request['username'], {'status': USER_STATUS_ENABLED}) + + # Add reference accounts for platforms + manifold_add_reference_user_accounts(wsgi_request, request) + from sfa.util.xrn import Xrn + + auth_pi = request.get('pi', None) + auth_pi = list([auth_pi]) if auth_pi else list() + + # We create a user request with Manifold terminology + sfa_user_params = { + 'user_hrn' : request['user_hrn'], + 'user_email' : request['email'], + 'user_urn' : Xrn(request['user_hrn'], request['type']).get_urn(), + 'user_type' : request['type'], + 'keys' : request['public_key'], + 'user_first_name' : request['first_name'], + 'user_last_name' : request['last_name'], + 'pi_authorities' : auth_pi, + 'user_enabled' : True + } + + print request['user_hrn'] + print request['email'] + print request['first_name'] + print request['last_name'] + print request['type'] + print request['public_key'] + + query = Query.create('user').set(sfa_user_params).select('user_hrn') + + print query + + results = execute_admin_query(wsgi_request, query) + + print results + + if not results: + raise Exception, "Could not create %s. Already exists ?" % sfa_user_params['user_hrn'] + else: + subject = 'User validated' + msg = 'A manager of your institution has validated your account. You have now full user access to the portal.' + send_mail(subject, msg, 'support@fibre.org.br',[request['email']], fail_silently=False) + return results + def create_pending_user(wsgi_request, request, user_detail): """ """ diff --git a/portal/homeview.py b/portal/homeview.py index 7efd4205..ec6012c8 100644 --- a/portal/homeview.py +++ b/portal/homeview.py @@ -16,7 +16,7 @@ from manifoldapi.manifoldapi import execute_query, execute_admin_quer # Edelberto - LDAP XXX from portal.models import PendingUser from django.contrib.auth.models import User #Pedro -from portal.actions import create_pending_user, create_user +from portal.actions import create_pending_user, create_user, create_user_in_ldap, clear_user_creds from registrationview import RegistrationView from random import randint from hashlib import md5 @@ -62,7 +62,7 @@ class HomeView (FreeAccessView, ThemeView): ## first you must open a connection to the server try: # Connect to NOC - l = ldap.initialize("ldap://200.130.15.186:389") + l = ldap.initialize("ldap://10.128.0.50:389") # Bind/authenticate with a root user to search all objects l.simple_bind_s("cn=Manager,dc=br,dc=fibre","fibre2013") @@ -79,7 +79,10 @@ class HomeView (FreeAccessView, ThemeView): searchFilter = "uid=" + username print searchFilter + in_ldap = 0 + try: + if username != "admin": ldap_result_id = l.search(baseDN, searchScope, searchFilter, retrieveAttributes) result_set = [] result_type, result_data = l.result(ldap_result_id, 0) @@ -125,7 +128,13 @@ class HomeView (FreeAccessView, ThemeView): print cn sn = result_set[0][0][1]['sn'][0] print sn - authority_hrn = 'fibre' + '.' + username.split('@')[1] + fname = sn.split(' ')[0] + lname = sn.split(' ')[1] + print fname + print lname + + #authority_hrn = 'fibre' + '.' + username.split('@')[1] + authority_hrn = 'fibre' print authority_hrn email = ldap_mail print ldap_mail @@ -133,7 +142,8 @@ class HomeView (FreeAccessView, ThemeView): print username password = password print password - user_hrn = 'fibre' + '.' + username.split('@')[1] + '.' + username + # user_hrn = 'fibre' + '.' + username.split('@')[1] + '.' + username + user_hrn = 'fibre' + '.' + username print user_hrn # Based on registrationview @@ -150,10 +160,8 @@ class HomeView (FreeAccessView, ThemeView): print email_hash user_request = { - #'first_name' : cn, - 'first_name' : sn, - 'last_name' : '', - #'organization' : username.split('@')[1], + 'first_name' : fname, + 'last_name' : lname, 'organization' : authority_hrn, 'authority_hrn' : authority_hrn, 'email' : ldap_mail, @@ -163,6 +171,7 @@ class HomeView (FreeAccessView, ThemeView): 'email_hash' : email_hash, 'pi' : '', 'user_hrn' : user_hrn, + 'reasons' : 'already exists in the LDAP', 'type' : 'user', 'validation_link': 'https://' + current_site + '/portal/email_activation/'+ email_hash } @@ -208,13 +217,14 @@ class HomeView (FreeAccessView, ThemeView): # XXX Verify if errors exist - After! #if not errors: - create_pending_user(request, user_request, user_detail) - - create_user(request, user_request) - - env['state'] = "User LDAP associated. Authenticate again." - return render_to_response(self.template, env, context_instance=RequestContext(request)) + create_user_in_ldap(request, user_request, user_detail) + #create_pending_user(request, user_request, user_detail) + #create_user(request, user_request) + + env['state'] = "LDAP associated. Please, login again." + return render_to_response(self.template, env, context_instance=RequestContext(request)) + else: env['state'] = "Access denied. Verify LDAP userEnable and password." @@ -232,7 +242,7 @@ class HomeView (FreeAccessView, ThemeView): print e #else: - if in_ldap and enabled and pwd: + if in_ldap and enabled and pwd or username=="admin": ################################################################################ ### XXX Edelberto LDAP auth end XXX diff --git a/portal/lsapiclient.py b/portal/lsapiclient.py index 16287082..ead040e0 100644 --- a/portal/lsapiclient.py +++ b/portal/lsapiclient.py @@ -13,12 +13,10 @@ class LaboraSchedulerClient: """ direct_calls = [ 'get_testbed_info', 'get_users', 'add_user', 'delete_user', 'update_user', - 'get_user_id_by_username' ] + 'get_user_id_by_username', 'add_user_public_key', 'delete_user_public_key' ] def __init__ ( self, organization ): - # self.url, self.key = self.getOrganizationConfigs( organization ) - self.url = "https://portal.ufrj.fibre.org.br:3002/LS-Sched/" - self.key = "9763dd03f2da8138fb22a63d78e5e9792b59a637" + self.url, self.key = self.getOrganizationConfigs( organization ) def __getattr__(self, name): @@ -45,13 +43,15 @@ class LaboraSchedulerClient: method_parameters.extend(['filter']) elif actual_name == "update_user": method_parameters.extend(['user_id', 'new_user_data']) - elif actual_name == "delete_user": + elif actual_name == "delete_user" or actual_name == "delete_user_public_key": method_parameters.extend(['user_id']) elif actual_name == "get_user_id_by_username": method_parameters.extend(['username']) elif actual_name == "add_user": method_parameters.extend(['username', 'email', 'password', 'name', 'gidnumber', 'homedirectory']) + elif actual_name == "add_user_public_key": + method_parameters.extend(['user_id', 'public_key']) for parameter in args: if isinstance(parameter, (frozenset, list, set, tuple, dict)): diff --git a/portal/sliceresourceview.py b/portal/sliceresourceview.py index 9db52c09..e5614b04 100644 --- a/portal/sliceresourceview.py +++ b/portal/sliceresourceview.py @@ -345,7 +345,6 @@ class SliceResourceView (LoginRequiredView, ThemeView): template_env['flowspaces']= univbrisfvlist.render(self.request) template_env['flowspaces_form']= univbrisfvform.render(self.request) - # template_env['pending_resources'] = pending_resources.render(self.request) template_env['sla_dialog'] = '' # sla_dialog.render(self.request) template_env["theme"] = self.theme diff --git a/portal/templates/fibre/fibre_registration_view.html b/portal/templates/fibre/fibre_registration_view.html index b9236d6b..5dbf84c3 100644 --- a/portal/templates/fibre/fibre_registration_view.html +++ b/portal/templates/fibre/fibre_registration_view.html @@ -199,20 +199,24 @@ $(document).ready(function(){ {% if authority.authority_hrn == "fibre.cpqd" %} {value:"{{ authority.authority_hrn }}",label:"CENTRO DE PESQUISA E DESENVOLVIMENTO EM TELECOMUNICACOES"}, {% else %} - {% if authority.authority_hrn == "fibre.i2cat" %} - {value:"{{ authority.authority_hrn }}",label:"FOUNDATION, RESEARCH AND INNOVATION IN THE INTERNET AREA"}, - {% else %} - {% if authority.authority_hrn == "fibre.uth" %} - {value:"{{ authority.authority_hrn }}",label:"UNIVERSITY OF THESSALY"}, - {% else %} - {% if authority.authority_hrn == "fibre.bristol" %} - {value:"{{ authority.authority_hrn }}",label:"UNIVERSITY OF BRISTOL"}, - {% else %} - {value:"{{ authority.authority_hrn }}",label:"FIBRE"}, - {% endif %} + {% if authority.authority_hrn == "fibre.rnp" %} + {value:"{{ authority.authority_hrn }}",label:"REDE NACIONAL DE ENSINO E PESQUISA"}, + {% else %} + {% if authority.authority_hrn == "fibre.i2cat" %} + {value:"{{ authority.authority_hrn }}",label:"FOUNDATION, RESEARCH AND INNOVATION IN THE INTERNET AREA"}, + {% else %} + {% if authority.authority_hrn == "fibre.uth" %} + {value:"{{ authority.authority_hrn }}",label:"UNIVERSITY OF THESSALY"}, + {% else %} + {% if authority.authority_hrn == "fibre.bristol" %} + {value:"{{ authority.authority_hrn }}",label:"UNIVERSITY OF BRISTOL"}, + {% else %} + {value:"{{ authority.authority_hrn }}",label:"FIBRE"}, + {% endif %} {% endif %} {% endif %} {% endif %} + {% endif %} {% endif %} {% endif %} {% endif %} -- 2.43.0