Make swift-auth-to-swauth work with really old devauth dbs.
Update swauth to accept non-alnum chars in account and user names.
This commit is contained in:
commit
24a624345d
@ -23,16 +23,18 @@ import sqlite3
|
|||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
gettext.install('swift', unicode=1)
|
gettext.install('swift', unicode=1)
|
||||||
if len(argv) != 4 or argv[1] != '-K':
|
if len(argv) != 2:
|
||||||
exit('Syntax: %s -K <super_admin_key> <path to auth.db>' % argv[0])
|
exit('Syntax: %s <path_to_auth.db>' % argv[0])
|
||||||
_junk, _junk, super_admin_key, auth_db = argv
|
_junk, auth_db = argv
|
||||||
# This version will not attempt to prep swauth
|
|
||||||
# call(['swauth-prep', '-K', super_admin_key])
|
|
||||||
conn = sqlite3.connect(auth_db)
|
conn = sqlite3.connect(auth_db)
|
||||||
for account, cfaccount, user, password, admin, reseller_admin in \
|
try:
|
||||||
conn.execute('SELECT account, cfaccount, user, password, admin, '
|
listing = conn.execute('SELECT account, cfaccount, user, password, '
|
||||||
'reseller_admin FROM account'):
|
'admin, reseller_admin FROM account')
|
||||||
cmd = ['swauth-add-user', '-K', super_admin_key, '-s',
|
except sqlite3.OperationalError, err:
|
||||||
|
listing = conn.execute('SELECT account, cfaccount, user, password, '
|
||||||
|
'"f", "f" FROM account')
|
||||||
|
for account, cfaccount, user, password, admin, reseller_admin in listing:
|
||||||
|
cmd = ['swauth-add-user', '-K', '<your_swauth_key>', '-s',
|
||||||
cfaccount.split('_', 1)[1]]
|
cfaccount.split('_', 1)[1]]
|
||||||
if admin == 't':
|
if admin == 't':
|
||||||
cmd.append('-a')
|
cmd.append('-a')
|
||||||
@ -40,9 +42,3 @@ if __name__ == '__main__':
|
|||||||
cmd.append('-r')
|
cmd.append('-r')
|
||||||
cmd.extend([account, user, password])
|
cmd.extend([account, user, password])
|
||||||
print ' '.join(cmd)
|
print ' '.join(cmd)
|
||||||
# For this version, the script will only print out the commands
|
|
||||||
# call(cmd)
|
|
||||||
print '----------------------------------------------------------------'
|
|
||||||
print ' Assuming the above worked perfectly, you should copy and paste '
|
|
||||||
print ' those lines into your ~/bin/recreateaccounts script.'
|
|
||||||
print '----------------------------------------------------------------'
|
|
||||||
|
@ -268,7 +268,7 @@ class Swauth(object):
|
|||||||
user_groups = (req.remote_user or '').split(',')
|
user_groups = (req.remote_user or '').split(',')
|
||||||
if '.reseller_admin' in user_groups and \
|
if '.reseller_admin' in user_groups and \
|
||||||
account != self.reseller_prefix and \
|
account != self.reseller_prefix and \
|
||||||
account[len(self.reseller_prefix)].isalnum():
|
account[len(self.reseller_prefix)] != '.':
|
||||||
return None
|
return None
|
||||||
if account in user_groups and \
|
if account in user_groups and \
|
||||||
(req.method not in ('DELETE', 'PUT') or container):
|
(req.method not in ('DELETE', 'PUT') or container):
|
||||||
@ -474,7 +474,7 @@ class Swauth(object):
|
|||||||
explained above.
|
explained above.
|
||||||
"""
|
"""
|
||||||
account = req.path_info_pop()
|
account = req.path_info_pop()
|
||||||
if req.path_info or not account.isalnum():
|
if req.path_info or not account or account[0] == '.':
|
||||||
return HTTPBadRequest(request=req)
|
return HTTPBadRequest(request=req)
|
||||||
if not self.is_account_admin(req, account):
|
if not self.is_account_admin(req, account):
|
||||||
return HTTPForbidden(request=req)
|
return HTTPForbidden(request=req)
|
||||||
@ -550,7 +550,7 @@ class Swauth(object):
|
|||||||
if not self.is_reseller_admin(req):
|
if not self.is_reseller_admin(req):
|
||||||
return HTTPForbidden(request=req)
|
return HTTPForbidden(request=req)
|
||||||
account = req.path_info_pop()
|
account = req.path_info_pop()
|
||||||
if req.path_info != '/.services' or not account.isalnum():
|
if req.path_info != '/.services' or not account or account[0] == '.':
|
||||||
return HTTPBadRequest(request=req)
|
return HTTPBadRequest(request=req)
|
||||||
try:
|
try:
|
||||||
new_services = json.loads(req.body)
|
new_services = json.loads(req.body)
|
||||||
@ -596,7 +596,7 @@ class Swauth(object):
|
|||||||
if not self.is_reseller_admin(req):
|
if not self.is_reseller_admin(req):
|
||||||
return HTTPForbidden(request=req)
|
return HTTPForbidden(request=req)
|
||||||
account = req.path_info_pop()
|
account = req.path_info_pop()
|
||||||
if req.path_info or not account.isalnum():
|
if req.path_info or not account or account[0] == '.':
|
||||||
return HTTPBadRequest(request=req)
|
return HTTPBadRequest(request=req)
|
||||||
# Ensure the container in the main auth account exists (this
|
# Ensure the container in the main auth account exists (this
|
||||||
# container represents the new account)
|
# container represents the new account)
|
||||||
@ -678,7 +678,7 @@ class Swauth(object):
|
|||||||
if not self.is_reseller_admin(req):
|
if not self.is_reseller_admin(req):
|
||||||
return HTTPForbidden(request=req)
|
return HTTPForbidden(request=req)
|
||||||
account = req.path_info_pop()
|
account = req.path_info_pop()
|
||||||
if req.path_info or not account.isalnum():
|
if req.path_info or not account or account[0] == '.':
|
||||||
return HTTPBadRequest(request=req)
|
return HTTPBadRequest(request=req)
|
||||||
# Make sure the account has no users and get the account_id
|
# Make sure the account has no users and get the account_id
|
||||||
marker = ''
|
marker = ''
|
||||||
@ -798,8 +798,8 @@ class Swauth(object):
|
|||||||
"""
|
"""
|
||||||
account = req.path_info_pop()
|
account = req.path_info_pop()
|
||||||
user = req.path_info_pop()
|
user = req.path_info_pop()
|
||||||
if req.path_info or not account.isalnum() or \
|
if req.path_info or not account or account[0] == '.' or not user or \
|
||||||
(not user.isalnum() and user != '.groups'):
|
(user[0] == '.' and user != '.groups'):
|
||||||
return HTTPBadRequest(request=req)
|
return HTTPBadRequest(request=req)
|
||||||
if not self.is_account_admin(req, account):
|
if not self.is_account_admin(req, account):
|
||||||
return HTTPForbidden(request=req)
|
return HTTPForbidden(request=req)
|
||||||
@ -873,8 +873,8 @@ class Swauth(object):
|
|||||||
req.headers.get('x-auth-user-reseller-admin') == 'true'
|
req.headers.get('x-auth-user-reseller-admin') == 'true'
|
||||||
if reseller_admin:
|
if reseller_admin:
|
||||||
admin = True
|
admin = True
|
||||||
if req.path_info or not account.isalnum() or not user.isalnum() or \
|
if req.path_info or not account or account[0] == '.' or not user or \
|
||||||
not key:
|
user[0] == '.' or not key:
|
||||||
return HTTPBadRequest(request=req)
|
return HTTPBadRequest(request=req)
|
||||||
if reseller_admin:
|
if reseller_admin:
|
||||||
if not self.is_super_admin(req):
|
if not self.is_super_admin(req):
|
||||||
@ -922,7 +922,8 @@ class Swauth(object):
|
|||||||
# Validate path info
|
# Validate path info
|
||||||
account = req.path_info_pop()
|
account = req.path_info_pop()
|
||||||
user = req.path_info_pop()
|
user = req.path_info_pop()
|
||||||
if req.path_info or not account.isalnum() or not user.isalnum():
|
if req.path_info or not account or account[0] == '.' or not user or \
|
||||||
|
user[0] == '.':
|
||||||
return HTTPBadRequest(request=req)
|
return HTTPBadRequest(request=req)
|
||||||
if not self.is_account_admin(req, account):
|
if not self.is_account_admin(req, account):
|
||||||
return HTTPForbidden(request=req)
|
return HTTPForbidden(request=req)
|
||||||
|
@ -2576,6 +2576,23 @@ class TestAuth(unittest.TestCase):
|
|||||||
{"groups": [{"name": "act:usr"}, {"name": "act"}],
|
{"groups": [{"name": "act:usr"}, {"name": "act"}],
|
||||||
"auth": "plaintext:key"})
|
"auth": "plaintext:key"})
|
||||||
|
|
||||||
|
def test_put_user_special_chars_success(self):
|
||||||
|
self.test_auth.app = FakeApp(iter([
|
||||||
|
('200 Ok', {'X-Container-Meta-Account-Id': 'AUTH_cfa'}, ''),
|
||||||
|
# PUT of user object
|
||||||
|
('201 Created', {}, '')]))
|
||||||
|
resp = Request.blank('/auth/v2/act/u_s-r',
|
||||||
|
environ={'REQUEST_METHOD': 'PUT'},
|
||||||
|
headers={'X-Auth-Admin-User': '.super_admin',
|
||||||
|
'X-Auth-Admin-Key': 'supertest',
|
||||||
|
'X-Auth-User-Key': 'key'}
|
||||||
|
).get_response(self.test_auth)
|
||||||
|
self.assertEquals(resp.status_int, 201)
|
||||||
|
self.assertEquals(self.test_auth.app.calls, 2)
|
||||||
|
self.assertEquals(json.loads(self.test_auth.app.request.body),
|
||||||
|
{"groups": [{"name": "act:u_s-r"}, {"name": "act"}],
|
||||||
|
"auth": "plaintext:key"})
|
||||||
|
|
||||||
def test_put_user_account_admin_success(self):
|
def test_put_user_account_admin_success(self):
|
||||||
self.test_auth.app = FakeApp(iter([
|
self.test_auth.app = FakeApp(iter([
|
||||||
('200 Ok', {'X-Container-Meta-Account-Id': 'AUTH_cfa'}, ''),
|
('200 Ok', {'X-Container-Meta-Account-Id': 'AUTH_cfa'}, ''),
|
||||||
|
Loading…
x
Reference in New Issue
Block a user