2022-03-18 23:45:09 +00:00
|
|
|
from __future__ import annotations
|
|
|
|
|
2022-03-17 17:06:00 +00:00
|
|
|
from datetime import datetime
|
2022-03-18 23:45:09 +00:00
|
|
|
|
|
|
|
from passlib.context import CryptContext
|
|
|
|
from pydantic import BaseModel, validator
|
2022-03-19 18:06:17 +00:00
|
|
|
from sqlalchemy.exc import IntegrityError
|
2022-03-18 23:45:09 +00:00
|
|
|
from sqlalchemy.orm import Session
|
|
|
|
|
|
|
|
from . import models
|
2022-03-17 17:06:00 +00:00
|
|
|
|
|
|
|
|
|
|
|
class CertificateBase(BaseModel):
|
|
|
|
expiry: datetime
|
|
|
|
|
|
|
|
|
|
|
|
class CertificateCreate(CertificateBase):
|
|
|
|
owner_name: str
|
|
|
|
dn_id: int
|
|
|
|
|
|
|
|
|
|
|
|
class Certificate(CertificateBase):
|
|
|
|
id: int
|
|
|
|
|
|
|
|
class Config:
|
|
|
|
orm_mode = True
|
|
|
|
|
|
|
|
|
|
|
|
class UserBase(BaseModel):
|
|
|
|
name: str
|
2022-03-18 23:45:09 +00:00
|
|
|
capabilities: list[str]
|
|
|
|
|
|
|
|
@validator("capabilities", pre=True)
|
|
|
|
@classmethod
|
2022-03-19 00:38:57 +00:00
|
|
|
def unify_capabilities(
|
|
|
|
cls,
|
|
|
|
value: list[models.UserCapability | str]
|
|
|
|
) -> list[str]:
|
2022-03-18 23:45:09 +00:00
|
|
|
return [
|
|
|
|
capability.capability
|
2022-03-19 00:38:57 +00:00
|
|
|
if isinstance(capability, models.UserCapability)
|
|
|
|
else str(capability)
|
2022-03-18 23:45:09 +00:00
|
|
|
for capability in value
|
|
|
|
]
|
2022-03-17 17:06:00 +00:00
|
|
|
|
|
|
|
|
|
|
|
class UserCreate(UserBase):
|
|
|
|
password: str
|
|
|
|
|
|
|
|
|
|
|
|
class User(UserBase):
|
|
|
|
certificates: list[Certificate]
|
|
|
|
|
|
|
|
class Config:
|
|
|
|
orm_mode = True
|
|
|
|
|
2022-03-18 23:45:09 +00:00
|
|
|
@classmethod
|
2022-03-19 02:38:32 +00:00
|
|
|
def from_db(
|
2022-03-18 23:45:09 +00:00
|
|
|
cls,
|
|
|
|
db: Session,
|
|
|
|
name: str,
|
2022-03-19 00:38:57 +00:00
|
|
|
) -> User | None:
|
2022-03-18 23:45:09 +00:00
|
|
|
user = (db
|
|
|
|
.query(models.User)
|
|
|
|
.filter(models.User.name == name)
|
|
|
|
.first())
|
|
|
|
|
2022-03-19 00:38:57 +00:00
|
|
|
if user is None:
|
|
|
|
return None
|
|
|
|
|
|
|
|
return cls.from_orm(user)
|
|
|
|
|
|
|
|
@classmethod
|
2022-03-19 02:38:32 +00:00
|
|
|
def login(
|
2022-03-19 00:38:57 +00:00
|
|
|
cls,
|
|
|
|
db: Session,
|
|
|
|
name: str,
|
|
|
|
password: str,
|
|
|
|
crypt_context: CryptContext,
|
|
|
|
) -> User | None:
|
|
|
|
user = (db
|
|
|
|
.query(models.User)
|
|
|
|
.filter(models.User.name == name)
|
|
|
|
.first())
|
|
|
|
|
|
|
|
if user is None:
|
2022-03-19 18:06:17 +00:00
|
|
|
# inexistent user, fake doing password verification
|
2022-03-19 00:38:57 +00:00
|
|
|
crypt_context.dummy_verify()
|
|
|
|
return None
|
|
|
|
|
|
|
|
if not crypt_context.verify(password, user.password):
|
2022-03-19 18:06:17 +00:00
|
|
|
# password hash mismatch
|
2022-03-19 00:38:57 +00:00
|
|
|
return None
|
|
|
|
|
2022-03-18 23:45:09 +00:00
|
|
|
return cls.from_orm(user)
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def create(
|
|
|
|
cls,
|
|
|
|
db: Session,
|
|
|
|
user: UserCreate,
|
|
|
|
crypt_context: CryptContext,
|
2022-03-19 18:06:17 +00:00
|
|
|
) -> User | None:
|
|
|
|
try:
|
|
|
|
user = models.User(
|
|
|
|
name=user.name,
|
|
|
|
password=crypt_context.hash(user.password),
|
|
|
|
capabilities=[
|
|
|
|
models.UserCapability(capability=capability)
|
|
|
|
for capability in user.capabilities
|
|
|
|
]
|
|
|
|
)
|
|
|
|
|
|
|
|
db.add(user)
|
|
|
|
db.commit()
|
|
|
|
db.refresh(user)
|
|
|
|
|
|
|
|
return cls.from_orm(user)
|
|
|
|
|
|
|
|
except IntegrityError:
|
|
|
|
pass
|
2022-03-18 23:45:09 +00:00
|
|
|
|
2022-03-17 17:06:00 +00:00
|
|
|
|
|
|
|
class DistinguishedNameBase(BaseModel):
|
|
|
|
cn_only: bool
|
|
|
|
country: str
|
|
|
|
state: str
|
|
|
|
city: str
|
|
|
|
organization: str
|
|
|
|
organizational_unit: str
|
|
|
|
email: str
|
|
|
|
common_name: str
|
|
|
|
|
|
|
|
|
|
|
|
class DistinguishedNameCreate(DistinguishedNameBase):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class DistinguishedName(DistinguishedNameBase):
|
|
|
|
id: int
|
|
|
|
certificates: list[Certificate]
|
|
|
|
|
|
|
|
class Config:
|
|
|
|
orm_mode = True
|