selfprivacy-rest-api/selfprivacy_api/actions/users.py

"""Actions to manage the users."""

import re
import uuid
import logging
from typing import Optional

from selfprivacy_api import PLEASE_UPDATE_APP_TEXT
from selfprivacy_api.models.user import UserDataUser, UserDataUserOrigin

from selfprivacy_api.utils import is_username_forbidden
from selfprivacy_api.actions.ssh import get_ssh_keys


from selfprivacy_api.repositories.users.json_user_repository import JsonUserRepository
from selfprivacy_api.repositories.users import ACTIVE_USERS_PROVIDER
from selfprivacy_api.repositories.users.exceptions import (
    SelfPrivacyAppIsOutdate,
    UserIsProtected,
    UsernameForbidden,
    UsernameNotAlphanumeric,
    UsernameTooLong,
    UserNotFound,
    UserAlreadyExists,
    InvalidConfiguration,
)

logger = logging.getLogger(__name__)


class ApiUsingWrongUserRepository(Exception):
    """
    API is using a too old or unfinished user repository. Are you debugging?
    """

    @staticmethod
    def get_error_message() -> str:
        return "API is using a too old or unfinished user repository"


def get_users(
    exclude_primary: bool = False,
    exclude_root: bool = False,
) -> list[UserDataUser]:
    users = ACTIVE_USERS_PROVIDER.get_users(
        exclude_primary=exclude_primary, exclude_root=exclude_root
    )

    if isinstance(ACTIVE_USERS_PROVIDER, JsonUserRepository):
        for user in users:
            try:
                user.ssh_keys = get_ssh_keys(username=user.username)
            except UserNotFound:
                pass

        if not exclude_root:
            users.append(
                UserDataUser(
                    username="root",
                    user_type=UserDataUserOrigin.ROOT,
                    ssh_keys=get_ssh_keys(username=user.username),
                )
            )

    return users


def create_user(
    username: str,
    password: Optional[str] = None,
    directmemberof: Optional[list[str]] = None,
    displayname: Optional[str] = None,
) -> None:

    if is_username_forbidden(username):
        raise UsernameForbidden("Username is forbidden")

    if not re.match(r"^[a-z_][a-z0-9_]+$", username):
        raise UsernameNotAlphanumeric(
            "Username must be alphanumeric and start with a letter"
        )

    if len(username) >= 32:
        raise UsernameTooLong("Username must be less than 32 characters")

    if password:
        logger.error(PLEASE_UPDATE_APP_TEXT)

    # need to maintain the logic of the old repository, since ssh management uses it.
    if not isinstance(ACTIVE_USERS_PROVIDER, JsonUserRepository):
        try:
            JsonUserRepository.create_user(
                username=username, password=str(uuid.uuid4())
            )  # random password for legacy
        except (UserAlreadyExists, InvalidConfiguration):
            pass

    ACTIVE_USERS_PROVIDER.create_user(
        username=username,
        directmemberof=directmemberof,
        displayname=displayname,
    )


def delete_user(username: str) -> None:
    if username == "root":
        raise UserIsProtected

    try:
        user = ACTIVE_USERS_PROVIDER.get_user_by_username(username=username)
    except UserNotFound:
        raise UserNotFound
    finally:
        # need to maintain the logic of the old repository, since ssh management uses it.
        if not isinstance(ACTIVE_USERS_PROVIDER, JsonUserRepository):
            try:
                JsonUserRepository.delete_user(username=username)
            except (UserNotFound, UserIsProtected):
                pass

    if user.user_type == UserDataUserOrigin.PRIMARY:
        raise UserIsProtected

    ACTIVE_USERS_PROVIDER.delete_user(username=username)


def update_user(
    username: str,
    password: Optional[str] = None,
    directmemberof: Optional[list[str]] = None,
    displayname: Optional[str] = None,
) -> None:

    if password:
        raise SelfPrivacyAppIsOutdate

    if username == "root":
        raise UserIsProtected

    ACTIVE_USERS_PROVIDER.update_user(
        username=username,
        directmemberof=directmemberof,
        displayname=displayname,
    )


def get_user_by_username(username: str) -> UserDataUser:
    if isinstance(ACTIVE_USERS_PROVIDER, JsonUserRepository):
        return ACTIVE_USERS_PROVIDER.get_user_by_username(username=username)

    if username == "root":
        return UserDataUser(
            username="root",
            user_type=UserDataUserOrigin.ROOT,
            ssh_keys=get_ssh_keys(username="root"),
        )

    user = ACTIVE_USERS_PROVIDER.get_user_by_username(username=username)

    try:
        user.ssh_keys = get_ssh_keys(username=user.username)
    except UserNotFound:
        pass

    return user


def generate_password_reset_link(username: str) -> str:
    if isinstance(ACTIVE_USERS_PROVIDER, JsonUserRepository):
        raise ApiUsingWrongUserRepository

    if username == "root":
        raise UserIsProtected

    return ACTIVE_USERS_PROVIDER.generate_password_reset_link(username=username)
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00			`"""Actions to manage the users."""`
style: Reformat with new Black version 2024-07-26 19:59:44 +00:00
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00			`import re`
fix: from review and make new error messages 2024-12-05 23:05:28 +00:00			`import uuid`
feat: forbid modification of important user. 2024-12-11 03:13:02 +00:00			`import logging`
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00			`from typing import Optional`

feat: forbid modification of important user. 2024-12-11 03:13:02 +00:00			`from selfprivacy_api import PLEASE_UPDATE_APP_TEXT`
feat: add legacy support 2024-12-01 13:29:29 +00:00			`from selfprivacy_api.models.user import UserDataUser, UserDataUserOrigin`
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00
refactor: mv hash_password to repository 2024-11-15 14:30:51 +00:00			`from selfprivacy_api.utils import is_username_forbidden`
feat: add legacy support 2024-12-01 13:29:29 +00:00			`from selfprivacy_api.actions.ssh import get_ssh_keys`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00
fix: from review and make new error messages 2024-12-05 23:05:28 +00:00
feat: add legacy code support 2024-11-29 15:32:02 +00:00			`from selfprivacy_api.repositories.users.json_user_repository import JsonUserRepository`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00			`from selfprivacy_api.repositories.users import ACTIVE_USERS_PROVIDER`
refactor: moved json user management to a separate repository 2024-10-26 18:22:31 +00:00			`from selfprivacy_api.repositories.users.exceptions import (`
feat: forbid modification of important user. 2024-12-11 03:13:02 +00:00			`SelfPrivacyAppIsOutdate,`
feat: delete RootIsNotAvailableForModification and PrimaryUserDeletionNotAllowed 2024-12-11 09:16:38 +00:00			`UserIsProtected,`
refactor: moved json user management to a separate repository 2024-10-26 18:22:31 +00:00			`UsernameForbidden,`
			`UsernameNotAlphanumeric,`
			`UsernameTooLong,`
feat: add legacy support 2024-12-01 13:29:29 +00:00			`UserNotFound,`
fix: typing, expect errors 2024-12-05 23:41:06 +00:00			`UserAlreadyExists,`
			`InvalidConfiguration,`
refactor: moved json user management to a separate repository 2024-10-26 18:22:31 +00:00			`)`
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00
feat: forbid modification of important user. 2024-12-11 03:13:02 +00:00			`logger = logging.getLogger(__name__)`

Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00
fix: from review and make new error messages 2024-12-05 23:05:28 +00:00			`class ApiUsingWrongUserRepository(Exception):`
			`"""`
			`API is using a too old or unfinished user repository. Are you debugging?`
			`"""`

			`@staticmethod`
			`def get_error_message() -> str:`
			`return "API is using a too old or unfinished user repository"`


Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00			`def get_users(`
			`exclude_primary: bool = False,`
			`exclude_root: bool = False,`
			`) -> list[UserDataUser]:`
feat: add legacy code support 2024-11-29 15:32:02 +00:00			`users = ACTIVE_USERS_PROVIDER.get_users(`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00			`exclude_primary=exclude_primary, exclude_root=exclude_root`
			`)`
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00
fix: typing 2024-12-09 08:37:57 +00:00			`if isinstance(ACTIVE_USERS_PROVIDER, JsonUserRepository):`
feat: add legacy support 2024-12-01 13:29:29 +00:00			`for user in users:`
			`try:`
fix: missing username 2024-12-03 18:06:12 +00:00			`user.ssh_keys = get_ssh_keys(username=user.username)`
feat: add legacy support 2024-12-01 13:29:29 +00:00			`except UserNotFound:`
			`pass`

			`if not exclude_root:`
			`users.append(`
			`UserDataUser(`
			`username="root",`
fix: rename user_type 2024-12-04 14:10:14 +00:00			`user_type=UserDataUserOrigin.ROOT,`
fix: missing username 2024-12-03 18:06:12 +00:00			`ssh_keys=get_ssh_keys(username=user.username),`
feat: add legacy support 2024-12-01 13:29:29 +00:00			`)`
			`)`

feat: add legacy code support 2024-11-29 15:32:02 +00:00			`return users`

Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00
feat: update UserMutationInput 2024-11-15 00:19:24 +00:00			`def create_user(`
			`username: str,`
			`password: Optional[str] = None,`
			`directmemberof: Optional[list[str]] = None,`
fix: change default params 2024-12-10 00:52:13 +00:00			`displayname: Optional[str] = None,`
feat: update UserMutationInput 2024-11-15 00:19:24 +00:00			`) -> None:`
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00
			`if is_username_forbidden(username):`
			`raise UsernameForbidden("Username is forbidden")`

			`if not re.match(r"^[a-z_][a-z0-9_]+$", username):`
			`raise UsernameNotAlphanumeric(`
			`"Username must be alphanumeric and start with a letter"`
			`)`

			`if len(username) >= 32:`
			`raise UsernameTooLong("Username must be less than 32 characters")`

feat: forbid modification of important user. 2024-12-11 03:13:02 +00:00			`if password:`
			`logger.error(PLEASE_UPDATE_APP_TEXT)`

fix: typing, expect errors 2024-12-05 23:41:06 +00:00			`# need to maintain the logic of the old repository, since ssh management uses it.`
fix: typing 2024-12-09 08:37:57 +00:00			`if not isinstance(ACTIVE_USERS_PROVIDER, JsonUserRepository):`
fix: typing, expect errors 2024-12-05 23:41:06 +00:00			`try:`
			`JsonUserRepository.create_user(`
			`username=username, password=str(uuid.uuid4())`
			`) # random password for legacy`
			`except (UserAlreadyExists, InvalidConfiguration):`
			`pass`
feat: add legacy code support 2024-11-29 15:32:02 +00:00
fix: delete return from None functions 2024-12-05 23:12:10 +00:00			`ACTIVE_USERS_PROVIDER.create_user(`
fix: None password, fix fields 2024-11-15 00:53:20 +00:00			`username=username,`
			`directmemberof=directmemberof,`
fix: change default params 2024-12-10 00:52:13 +00:00			`displayname=displayname,`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00			`)`
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00

refactor: moved json user management to a separate repository 2024-10-26 18:22:31 +00:00			`def delete_user(username: str) -> None:`
feat: forbid modification of important user. 2024-12-11 03:13:02 +00:00			`if username == "root":`
feat: delete RootIsNotAvailableForModification and PrimaryUserDeletionNotAllowed 2024-12-11 09:16:38 +00:00			`raise UserIsProtected`
feat: forbid modification of important user. 2024-12-11 03:13:02 +00:00
feat: delete RootIsNotAvailableForModification and PrimaryUserDeletionNotAllowed 2024-12-11 09:16:38 +00:00			`try:`
			`user = ACTIVE_USERS_PROVIDER.get_user_by_username(username=username)`
			`except UserNotFound:`
			`raise UserNotFound`
			`finally:`
			`# need to maintain the logic of the old repository, since ssh management uses it.`
			`if not isinstance(ACTIVE_USERS_PROVIDER, JsonUserRepository):`
			`try:`
			`JsonUserRepository.delete_user(username=username)`
			`except (UserNotFound, UserIsProtected):`
			`pass`
feat: forbid modification of important user. 2024-12-11 03:13:02 +00:00
			`if user.user_type == UserDataUserOrigin.PRIMARY:`
feat: delete RootIsNotAvailableForModification and PrimaryUserDeletionNotAllowed 2024-12-11 09:16:38 +00:00			`raise UserIsProtected`
feat: add legacy code support 2024-11-29 15:32:02 +00:00
fix: delete return from None functions 2024-12-05 23:12:10 +00:00			`ACTIVE_USERS_PROVIDER.delete_user(username=username)`
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00

feat: update UserMutationInput 2024-11-15 00:19:24 +00:00			`def update_user(`
			`username: str,`
			`password: Optional[str] = None,`
			`directmemberof: Optional[list[str]] = None,`
fix: change default params 2024-12-10 00:52:13 +00:00			`displayname: Optional[str] = None,`
feat: update UserMutationInput 2024-11-15 00:19:24 +00:00			`) -> None:`
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00
feat: forbid modification of important user. 2024-12-11 03:13:02 +00:00			`if password:`
			`raise SelfPrivacyAppIsOutdate`

			`if username == "root":`
feat: delete RootIsNotAvailableForModification and PrimaryUserDeletionNotAllowed 2024-12-11 09:16:38 +00:00			`raise UserIsProtected`
feat: forbid modification of important user. 2024-12-11 03:13:02 +00:00
fix: delete return from None functions 2024-12-05 23:12:10 +00:00			`ACTIVE_USERS_PROVIDER.update_user(`
fix: None password, fix fields 2024-11-15 00:53:20 +00:00			`username=username,`
			`directmemberof=directmemberof,`
fix: change default params 2024-12-10 00:52:13 +00:00			`displayname=displayname,`
feat: removed unnecessary functionality from the repository 2024-11-02 23:15:51 +00:00			`)`
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 17:03:56 +00:00

fix: check none type in _check_response_type_and_not_empty 2024-12-11 07:51:22 +00:00			`def get_user_by_username(username: str) -> UserDataUser:`
fix: get_user_by_username 2024-12-11 08:22:52 +00:00			`if isinstance(ACTIVE_USERS_PROVIDER, JsonUserRepository):`
			`return ACTIVE_USERS_PROVIDER.get_user_by_username(username=username)`
feat: add legacy code support 2024-11-29 15:32:02 +00:00
fix: get_user_by_username 2024-12-11 08:22:52 +00:00			`if username == "root":`
			`return UserDataUser(`
			`username="root",`
			`user_type=UserDataUserOrigin.ROOT,`
			`ssh_keys=get_ssh_keys(username="root"),`
			`)`
feat: add legacy support 2024-12-01 13:29:29 +00:00
feat: delete RootIsNotAvailableForModification and PrimaryUserDeletionNotAllowed 2024-12-11 09:16:38 +00:00			`user = ACTIVE_USERS_PROVIDER.get_user_by_username(username=username)`
fix: get_user_by_username 2024-12-11 08:22:52 +00:00
			`try:`
			`user.ssh_keys = get_ssh_keys(username=user.username)`
			`except UserNotFound:`
			`pass`
feat: add legacy support 2024-12-01 13:29:29 +00:00
feat: add legacy code support 2024-11-29 15:32:02 +00:00			`return user`
fix: rename origin, add new mutation 2024-12-03 22:54:24 +00:00

			`def generate_password_reset_link(username: str) -> str:`
fix: typing 2024-12-09 08:37:57 +00:00			`if isinstance(ACTIVE_USERS_PROVIDER, JsonUserRepository):`
fix: from review and make new error messages 2024-12-05 23:05:28 +00:00			`raise ApiUsingWrongUserRepository`
fix: rename origin, add new mutation 2024-12-03 22:54:24 +00:00
feat: detect more errors 2024-12-10 02:15:15 +00:00			`if username == "root":`
feat: delete RootIsNotAvailableForModification and PrimaryUserDeletionNotAllowed 2024-12-11 09:16:38 +00:00			`raise UserIsProtected`
feat: detect more errors 2024-12-10 02:15:15 +00:00
fix: rename origin, add new mutation 2024-12-03 22:54:24 +00:00			`return ACTIVE_USERS_PROVIDER.generate_password_reset_link(username=username)`