selfprivacy-rest-api/selfprivacy_api/repositories/users/kanidm_user_repository.py

from typing import Optional

import requests

from selfprivacy_api.utils import get_domain
from selfprivacy_api.models.user import UserDataUser, UserDataUserOrigin
from selfprivacy_api.repositories.users.abstract_user_repository import (
    AbstractUserRepository,
)

KANIDM_URL = "https://127.0.0.1:3013"
TEST_TOKEN = """eyJhbGciOiJFUzI1NiIsImtpZCI6IjVkNDUyNzdmZWUxY2UzZmNkMTViZDhkZjE3NTdlMjRkIn0.eyJhY2NvdW50X2lkIjoiYmZlN2MxNmEtNTY1NC00YzAxLWFkMjMtOWU2YjY4OTAxNDEwIiwidG9rZW5faWQiOiJmZTU5NzAxZS1iYzIyLTQwMzctYTEzNy1jZTIxYzBlNDhlZjciLCJsYWJlbCI6InRva2VuMiIsImV4cGlyeSI6bnVsbCwiaXNzdWVkX2F0IjoxNzMxMjgxMzM1LCJwdXJwb3NlIjoicmVhZHdyaXRlIn0.0fj0NAsUtBJWi1KVNKA4qi8EOHUUvaWNzeHbR82zbUVvWynnqm5ndLhFPG0v462qJXFTayonI9YJnkCaAE7a5w"""


class KanidmQueryError(Exception):
    """Error occurred during kanidm query"""


class KanidmUserRepository(AbstractUserRepository):
    @staticmethod
    def _send_query(endpoint: str, method: str = "GET", data=None):
        request_method = getattr(requests, method.lower(), None)
        full_endpoint = f"{KANIDM_URL}/v1/{endpoint}"

        try:
            response = request_method(
                full_endpoint,
                json=data,
                headers={
                    "Authorization": f"Bearer {TEST_TOKEN}",
                    "Content-Type": "application/json",
                },
                timeout=0.8,  # TODO: change timeout
                verify=False,  # TODO: REMOVE THIS NOTHALAL!!!!!
            )

            if response.status_code != 200:
                raise KanidmQueryError(
                    f"Kanidm returned {response.status_code} unexpected HTTP status code. Endpoint: {full_endpoint}. Error: {response.text}."
                )
            return response.json()

        except Exception as error:
            raise KanidmQueryError(f"Kanidm request failed! Error: {str(error)}")

    @staticmethod
    def create_user(
        username: str,
        password: Optional[str] = None,  # TODO legacy?
        displayname: Optional[str] = None,
        email: Optional[str] = None,
        directmemberof: Optional[list[str]] = None,
        memberof: Optional[list[str]] = None,
    ) -> None:
        data = {
            "attrs": {
                "name": [username],
                "displayname": [displayname if displayname else username],
                "mail": [email if email else f"{username}@{get_domain()}"],
                "class": ["user"],  # TODO read more about it
            }
        }

        if directmemberof:
            data["attrs"]["directmemberof"] = directmemberof
        if memberof:
            data["attrs"]["memberof"] = memberof

        return KanidmUserRepository._send_query(
            endpoint="person",
            method="POST",
            data=data,
        )

    def get_users(
        exclude_primary: bool = False,
        exclude_root: bool = False,
    ) -> list[UserDataUser]:
        users_data = KanidmUserRepository._send_query(endpoint="person", method="GET")
        users = []
        for user in users_data:
            attrs = user.get("attrs", {})
            user_type = UserDataUser(
                uuid=attrs.get("uuid", [None])[0],
                username=attrs.get("name", [None])[0],
                ssh_keys=["test"],  # TODO: подключить реальные SSH-ключи
                displayname=attrs.get("displayname", [None])[0],
                email=attrs.get("mail", [None])[0],
                origin=UserDataUserOrigin.NORMAL,  # TODO
                directmemberof=attrs.get("directmemberof", []),
                memberof=attrs.get("memberof", []),
            )
            users.append(user_type)
        return users

    def delete_user(username: str) -> None:
        """Deletes an existing user"""
        return KanidmUserRepository._send_query(
            endpoint=f"person/{username}", method="DELETE"
        )

    def update_user(
        username: str,
        password: Optional[str] = None,  # TODO legacy?
        displayname: Optional[str] = None,
        email: Optional[str] = None,
        directmemberof: Optional[list[str]] = None,
        memberof: Optional[list[str]] = None,
    ) -> None:
        """Updates the password of an existing user"""

        data = {
            "attrs": {
                "displayname": [displayname if displayname else username],
                "mail": [email if email else f"{username}@{get_domain()}"],
                "class": ["user"],  # TODO read more about it
            }
        }

        if directmemberof:
            data["attrs"]["directmemberof"] = directmemberof
        if memberof:
            data["attrs"]["memberof"] = memberof

        return KanidmUserRepository._send_query(
            endpoint=f"person/{username}",
            method="PATCH",
            data=data,
        )

    def get_user_by_username(username: str) -> Optional[UserDataUser]:
        """Retrieves user data (UserDataUser) by username"""
        user_data = KanidmUserRepository._send_query(
            endpoint=f"person/{username}",
            method="GET",
        )

        if not user_data or "attrs" not in user_data:
            return None

        attrs = user_data["attrs"]

        return UserDataUser(
            uuid=attrs.get("uuid", [None])[0],
            username=attrs.get("name", [None])[0],
            displayname=attrs.get("displayname", [None])[0],
            email=attrs.get("mail", [None])[0],
            ssh_keys=attrs.get("ssh_keys", []),
            origin=UserDataUserOrigin.NORMAL,  # TODO
            directmemberof=attrs.get("directmemberof", []),
            memberof=attrs.get("memberof", []),
        )
feat: add canidm repo 2024-10-28 21:57:23 +00:00			`from typing import Optional`

feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00			`import requests`

fix: create user, add test token 2024-11-11 00:33:17 +00:00			`from selfprivacy_api.utils import get_domain`
fix: user types 2024-11-11 17:37:17 +00:00			`from selfprivacy_api.models.user import UserDataUser, UserDataUserOrigin`
feat: add canidm repo 2024-10-28 21:57:23 +00:00			`from selfprivacy_api.repositories.users.abstract_user_repository import (`
			`AbstractUserRepository,`
			`)`

fix: remove double https 2024-11-11 16:50:52 +00:00			`KANIDM_URL = "https://127.0.0.1:3013"`
fix: create user, add test token 2024-11-11 00:33:17 +00:00			`TEST_TOKEN = """eyJhbGciOiJFUzI1NiIsImtpZCI6IjVkNDUyNzdmZWUxY2UzZmNkMTViZDhkZjE3NTdlMjRkIn0.eyJhY2NvdW50X2lkIjoiYmZlN2MxNmEtNTY1NC00YzAxLWFkMjMtOWU2YjY4OTAxNDEwIiwidG9rZW5faWQiOiJmZTU5NzAxZS1iYzIyLTQwMzctYTEzNy1jZTIxYzBlNDhlZjciLCJsYWJlbCI6InRva2VuMiIsImV4cGlyeSI6bnVsbCwiaXNzdWVkX2F0IjoxNzMxMjgxMzM1LCJwdXJwb3NlIjoicmVhZHdyaXRlIn0.0fj0NAsUtBJWi1KVNKA4qi8EOHUUvaWNzeHbR82zbUVvWynnqm5ndLhFPG0v462qJXFTayonI9YJnkCaAE7a5w"""`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00

			`class KanidmQueryError(Exception):`
test: commit will be removed 2024-11-11 08:41:30 +00:00			`"""Error occurred during kanidm query"""`

feat: add canidm repo 2024-10-28 21:57:23 +00:00
			`class KanidmUserRepository(AbstractUserRepository):`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00			`@staticmethod`
fix: create user, add test token 2024-11-11 00:33:17 +00:00			`def _send_query(endpoint: str, method: str = "GET", data=None):`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00			`request_method = getattr(requests, method.lower(), None)`
fix: add endpoint debug 2024-11-11 16:36:16 +00:00			`full_endpoint = f"{KANIDM_URL}/v1/{endpoint}"`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00
			`try:`
			`response = request_method(`
fix: add endpoint debug 2024-11-11 16:36:16 +00:00			`full_endpoint,`
fix: create user, add test token 2024-11-11 00:33:17 +00:00			`json=data,`
			`headers={`
			`"Authorization": f"Bearer {TEST_TOKEN}",`
			`"Content-Type": "application/json",`
			`},`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00			`timeout=0.8, # TODO: change timeout`
fix: change return type 2024-11-11 17:09:14 +00:00			`verify=False, # TODO: REMOVE THIS NOTHALAL!!!!!`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00			`)`

			`if response.status_code != 200:`
test: commit will be removed 2024-11-11 08:41:30 +00:00			`raise KanidmQueryError(`
fix: add endpoint debug 2024-11-11 16:36:16 +00:00			`f"Kanidm returned {response.status_code} unexpected HTTP status code. Endpoint: {full_endpoint}. Error: {response.text}."`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00			`)`
fix: change return type 2024-11-11 17:09:14 +00:00			`return response.json()`
fix: error exception 2024-11-11 16:07:34 +00:00
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00			`except Exception as error:`
fix: error exception 2024-11-11 16:07:34 +00:00			`raise KanidmQueryError(f"Kanidm request failed! Error: {str(error)}")`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00
			`@staticmethod`
feat: update filds 2024-11-14 23:30:24 +00:00			`def create_user(`
			`username: str,`
refactor: mv hash_password to repository 2024-11-15 14:30:51 +00:00			`password: Optional[str] = None, # TODO legacy?`
feat: update filds 2024-11-14 23:30:24 +00:00			`displayname: Optional[str] = None,`
			`email: Optional[str] = None,`
			`directmemberof: Optional[list[str]] = None,`
			`memberof: Optional[list[str]] = None,`
			`) -> None:`
fix: create user, add test token 2024-11-11 00:33:17 +00:00			`data = {`
			`"attrs": {`
			`"name": [username],`
feat: update filds 2024-11-14 23:30:24 +00:00			`"displayname": [displayname if displayname else username],`
			`"mail": [email if email else f"{username}@{get_domain()}"],`
			`"class": ["user"], # TODO read more about it`
fix: create user, add test token 2024-11-11 00:33:17 +00:00			`}`
			`}`

feat: update filds 2024-11-14 23:30:24 +00:00			`if directmemberof:`
			`data["attrs"]["directmemberof"] = directmemberof`
			`if memberof:`
			`data["attrs"]["memberof"] = memberof`

feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00			`return KanidmUserRepository._send_query(`
fix: create user, add test token 2024-11-11 00:33:17 +00:00			`endpoint="person",`
			`method="POST",`
			`data=data,`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00			`)`

feat: add canidm repo 2024-10-28 21:57:23 +00:00			`def get_users(`
			`exclude_primary: bool = False,`
			`exclude_root: bool = False,`
			`) -> list[UserDataUser]:`
fix: missing _send_query 2024-11-11 17:41:44 +00:00			`users_data = KanidmUserRepository._send_query(endpoint="person", method="GET")`
fix: user types 2024-11-11 17:37:17 +00:00			`users = []`
			`for user in users_data:`
			`attrs = user.get("attrs", {})`
			`user_type = UserDataUser(`
			`uuid=attrs.get("uuid", [None])[0],`
fix: change name to username 2024-11-11 17:49:51 +00:00			`username=attrs.get("name", [None])[0],`
feat: update filds 2024-11-14 23:30:24 +00:00			`ssh_keys=["test"], # TODO: подключить реальные SSH-ключи`
fix: user types 2024-11-11 17:37:17 +00:00			`displayname=attrs.get("displayname", [None])[0],`
			`email=attrs.get("mail", [None])[0],`
			`origin=UserDataUserOrigin.NORMAL, # TODO`
feat: update filds 2024-11-14 23:30:24 +00:00			`directmemberof=attrs.get("directmemberof", []),`
			`memberof=attrs.get("memberof", []),`
fix: user types 2024-11-11 17:37:17 +00:00			`)`
			`users.append(user_type)`
			`return users`
feat: add canidm repo 2024-10-28 21:57:23 +00:00
			`def delete_user(username: str) -> None:`
			`"""Deletes an existing user"""`
feat: update filds 2024-11-14 23:30:24 +00:00			`return KanidmUserRepository._send_query(`
			`endpoint=f"person/{username}", method="DELETE"`
			`)`
feat: add canidm repo 2024-10-28 21:57:23 +00:00
feat: update filds 2024-11-14 23:30:24 +00:00			`def update_user(`
			`username: str,`
refactor: mv hash_password to repository 2024-11-15 14:30:51 +00:00			`password: Optional[str] = None, # TODO legacy?`
feat: update filds 2024-11-14 23:30:24 +00:00			`displayname: Optional[str] = None,`
			`email: Optional[str] = None,`
			`directmemberof: Optional[list[str]] = None,`
			`memberof: Optional[list[str]] = None,`
			`) -> None:`
feat: add canidm repo 2024-10-28 21:57:23 +00:00			`"""Updates the password of an existing user"""`
feat: update filds 2024-11-14 23:30:24 +00:00
			`data = {`
			`"attrs": {`
			`"displayname": [displayname if displayname else username],`
			`"mail": [email if email else f"{username}@{get_domain()}"],`
			`"class": ["user"], # TODO read more about it`
			`}`
			`}`

			`if directmemberof:`
			`data["attrs"]["directmemberof"] = directmemberof`
			`if memberof:`
			`data["attrs"]["memberof"] = memberof`

			`return KanidmUserRepository._send_query(`
			`endpoint=f"person/{username}",`
			`method="PATCH",`
			`data=data,`
			`)`
feat: add canidm repo 2024-10-28 21:57:23 +00:00
			`def get_user_by_username(username: str) -> Optional[UserDataUser]:`
			`"""Retrieves user data (UserDataUser) by username"""`
feat: update filds 2024-11-14 23:30:24 +00:00			`user_data = KanidmUserRepository._send_query(`
			`endpoint=f"person/{username}",`
			`method="GET",`
			`)`

			`if not user_data or "attrs" not in user_data:`
			`return None`

			`attrs = user_data["attrs"]`

			`return UserDataUser(`
			`uuid=attrs.get("uuid", [None])[0],`
			`username=attrs.get("name", [None])[0],`
			`displayname=attrs.get("displayname", [None])[0],`
			`email=attrs.get("mail", [None])[0],`
			`ssh_keys=attrs.get("ssh_keys", []),`
			`origin=UserDataUserOrigin.NORMAL, # TODO`
			`directmemberof=attrs.get("directmemberof", []),`
			`memberof=attrs.get("memberof", []),`
			`)`