From: Michael Tremer Date: Thu, 6 Oct 2022 14:40:42 +0000 (+0000) Subject: users: Add a key for each user X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ab655b6c25393e0e2f6e55ac9939e48fe11aaa86;p=pbs.git users: Add a key for each user Signed-off-by: Michael Tremer --- diff --git a/src/buildservice/users.py b/src/buildservice/users.py index 33dbbb1b..c0a8e4e6 100644 --- a/src/buildservice/users.py +++ b/src/buildservice/users.py @@ -56,7 +56,7 @@ class Users(base.Object): return res.count - def create(self, name, realname=None): + async def create(self, name, realname=None): # XXX check if username has the correct name # Check if name is already taken @@ -64,15 +64,18 @@ class Users(base.Object): if user: raise ValueError("Username %s already taken" % name) + # Generate a new key for this user + key = await self.backend.keys.generate(name) + # Create new user - user = self._get_user("INSERT INTO users(name, realname) \ - VALUES(%s, %s) RETURNING *", name, realname) + user = self._get_user("INSERT INTO users(name, realname, key_id) \ + VALUES(%s, %s, %s) RETURNING *", name, realname, key) log.debug("Created user %s" % user.name) return user - def create_from_ldap(self, name): + async def create_from_ldap(self, name): log.debug("Creating user %s from LDAP" % name) # Get required attributes from LDAP @@ -80,7 +83,7 @@ class Users(base.Object): assert dn # Create regular user - user = self.create(name, realname=attr["cn"][0]) + user = await self.create(name, realname=attr["cn"][0]) # Add all email addresses and activate them for email in attr["mail"]: @@ -103,13 +106,13 @@ class Users(base.Object): LEFT JOIN users_emails ON users.id = users_emails.user_id \ WHERE users_emails.email = %s", email) - def find(self, username): + async def find(self, username): # Search for a user object user = self.get_by_name(username) # If not user exists, yet, we can import it from LDAP if not user: - user = self.create_from_ldap(username) + user = await self.create_from_ldap(username) # If we found a user which has been deleted, we won't return it if user and user.deleted: @@ -375,6 +378,13 @@ class User(base.DataObject): return list(sessions) + # Key Management + + @lazy_property + def key(self): + if self.data.key_id: + return self.backend.keys.get_by_id(self.data.key_id) + # Quota def get_quota(self): diff --git a/src/database.sql b/src/database.sql index e9df88df..29c7cfb7 100644 --- a/src/database.sql +++ b/src/database.sql @@ -1321,7 +1321,8 @@ CREATE TABLE public.users ( registered_at timestamp without time zone DEFAULT now() NOT NULL, admin boolean DEFAULT false NOT NULL, quota bigint, - perms text[] DEFAULT ARRAY[]::text[] NOT NULL + perms text[] DEFAULT ARRAY[]::text[] NOT NULL, + key_id integer NOT NULL ); @@ -2552,6 +2553,14 @@ ALTER TABLE ONLY public.users_emails ADD CONSTRAINT users_emails_user_id FOREIGN KEY (user_id) REFERENCES public.users(id) ON DELETE CASCADE; +-- +-- Name: users users_key_id; Type: FK CONSTRAINT; Schema: public; Owner: pakfire +-- + +ALTER TABLE ONLY public.users + ADD CONSTRAINT users_key_id FOREIGN KEY (key_id) REFERENCES public.keys(id); + + -- -- PostgreSQL database dump complete -- diff --git a/src/web/auth.py b/src/web/auth.py index a3166ac6..87141183 100644 --- a/src/web/auth.py +++ b/src/web/auth.py @@ -133,7 +133,7 @@ class KerberosAuthMixin(object): class LoginHandler(KerberosAuthMixin, base.BaseHandler): - def get(self): + async def get(self): username = self.get_authenticated_user() if not username: # Ask to authenticate @@ -145,7 +145,7 @@ class LoginHandler(KerberosAuthMixin, base.BaseHandler): with self.db.transaction(): # Otherwise fetch the authenticated user - user = self.backend.users.find(username) + user = await self.backend.users.find(username) if not user: raise tornado.web.HTTPError(500, "Could not find user %s" % username)