Merge pull request #97 from arenaxr/fs-pass-renew

filestore rework password renewal and docs

Author: mwfarb

users/filestore.py

@@ -11,16 +11,36 @@
 
 
 def get_user_scope(user: User):
+    """ Helper method to construct single user filebrowser scope.
+    Args:
+        user (User): The User model this action is for.
+
+    Returns:
+        path (string): The single user scope path relative to root filebrowser path.
+    """
     return f"./users/{user.username}"
 
 
 def get_admin_login():
+    """ Helper method to construct admin filebrowser login json string.
+
+    Returns:
+        admin_login (string): The admin login json string.
+    """
     admin_login = {"username": os.environ["STORE_ADMIN_USERNAME"],
                    "password": os.environ["STORE_ADMIN_PASSWORD"]}
     return admin_login
 
 
 def get_user_login(user: User):
+    """ Helper method to construct user.username's filebrowser login json string.
+
+    Args:
+        user (User): The User model this action is for.
+
+    Returns:
+        user_login (string): The user login json string.
+    """
     if user.username == os.environ["STORE_ADMIN_USERNAME"]:
         password = os.environ["STORE_ADMIN_PASSWORD"]
     else:
@@ -31,44 +51,72 @@ def get_user_login(user: User):
 
 
 def use_filestore_auth(user: User):
+    """ Helper method of to login to user.username's filebrowser account.
+
+    Args:
+        user (User): The User model this action is for.
+
+    Returns:
+        fs_user_token (string): Updated filebrowser api jwt for user.username.
+        http_status (integer): HTTP status code from filebrowser api login.
+    """
     if not user.is_authenticated:
         return None
     verify, host = get_rest_host()
     user_login = get_user_login(user)
     user_token, status = get_filestore_token(user_login, host, verify)
     if not user_token:
-        return None
-    return user_token
+        return None, status
+    return user_token, status
 
 
 def get_filestore_token(user_login, host, verify):
+    """ Uses the filebrowser api to login the user.username's filebrowser account and return their auth jwt.
+
+    Args:
+        user_login (string): The user login json string.
+        host (string): The django runtime hostname.
+        verify (bool): True to verify the hostname tls certificate.
+
+    Returns:
+        fs_user_token (string): Updated filebrowser api jwt for user.username.
+        http_status (integer): HTTP status code from filebrowser api login.
+    """
     try:
         r_userlogin = requests.get(f"https://{host}/storemng/api/login",
                                    data=json.dumps(user_login), verify=verify, timeout=FS_API_TIMEOUT)
         r_userlogin.raise_for_status()
     except (requests.exceptions.ConnectionError, requests.exceptions.HTTPError) as err:
-        print("{0}: ".format(err))
+        print(err)
         return None, r_userlogin.status_code
     return r_userlogin.text, r_userlogin.status_code
 
 
 def add_filestore_auth(user: User):
+    """ Uses the filebrowser api to add the user.username's filebrowser account and return their auth jwt.
+
+    Args:
+        user (User): The User model this action is for.
+
+    Returns:
+        fs_user_token (string): Updated filebrowser api jwt for user.username.
+    """
     if not user.is_authenticated:
         return None
     verify, host = get_rest_host()
     # get auth for setting new user
     admin_login = get_admin_login()
     admin_token, status = get_filestore_token(admin_login, host, verify)
     if not admin_token:
-        return False
+        return None
     # get user defaults from global settings
     try:
         r_gset = requests.get(f"https://{host}/storemng/api/settings",
                               headers={"X-Auth": admin_token}, verify=verify, timeout=FS_API_TIMEOUT)
         r_gset.raise_for_status()
     except (requests.exceptions.ConnectionError, requests.exceptions.HTTPError) as err:
-        print("{0}: ".format(err))
-        return False
+        print(err)
+        return None
     settings = r_gset.json()
     # set new user options
     fs_user = {
@@ -89,35 +137,43 @@ def add_filestore_auth(user: User):
                                   data=json.dumps(fs_user), headers={"X-Auth": admin_token}, verify=verify, timeout=FS_API_TIMEOUT)
         r_useradd.raise_for_status()
     except (requests.exceptions.ConnectionError, requests.exceptions.HTTPError) as err:
-        print("{0}: ".format(err))
+        print(err)
         return None
 
     if user.is_staff:  # admin and staff get root scope
         set_filestore_scope(user)
 
-    fs_user_token = use_filestore_auth(user)
+    fs_user_token, status = use_filestore_auth(user)
     return fs_user_token
 
 
 def set_filestore_scope(user: User):
+    """ Uses the filebrowser api to reset the user.username's filebrowser account scope and return their auth jwt.
+
+    Args:
+        user (User): The User model this action is for.
+
+    Returns:
+        fs_user_token (string): Updated filebrowser api jwt for user.username.
+    """
     verify, host = get_rest_host()
     # get auth for setting new user
     admin_login = get_admin_login()
     admin_token, status = get_filestore_token(admin_login, host, verify)
     if not admin_token:
-        return False
+        return None
     # find user
-    fs_user_token = use_filestore_auth(user)
+    fs_user_token, status = use_filestore_auth(user)
     if not fs_user_token:
-        return False
+        return None
     payload = jwt.decode(fs_user_token, options={"verify_signature": False})
     try:
         r_user = requests.get(f"https://{host}/storemng/api/users/{payload['user']['id']}",
                               headers={"X-Auth": admin_token}, verify=verify, timeout=FS_API_TIMEOUT)
         r_user.raise_for_status()
     except (requests.exceptions.ConnectionError, requests.exceptions.HTTPError) as err:
-        print("{0}: ".format(err))
-        return False
+        print(err)
+        return None
     edit_user = r_user.json()
     if user.is_staff:  # admin and staff get root scope
         scope = "."
@@ -135,13 +191,75 @@ def set_filestore_scope(user: User):
                                      data=json.dumps(fs_user), headers={"X-Auth": admin_token}, verify=verify, timeout=FS_API_TIMEOUT)
             r_useradd.raise_for_status()
         except (requests.exceptions.ConnectionError, requests.exceptions.HTTPError) as err:
-            print("{0}: ".format(err))
-            return False
+            print(err)
+            return None
+
+    fs_user_token, status = use_filestore_auth(user)
+    return fs_user_token
 
-    return True
+
+def set_filestore_pass(user: User):
+    """ Uses the filebrowser api to reset the user.username's filebrowser account password and return their auth jwt.
+
+    Args:
+        user (User): The User model this action is for.
+
+    Returns:
+        fs_user_token (string): Updated filebrowser api jwt for user.username.
+    """
+    if not user.is_authenticated:
+        return None
+    if user.username == os.environ["STORE_ADMIN_USERNAME"]:
+        return None  # root admin not allowed pass renew
+    verify, host = get_rest_host()
+    # get auth for removing user
+    admin_login = get_admin_login()
+    admin_token, status = get_filestore_token(admin_login, host, verify)
+    if not admin_token:
+        return None
+    # find user without valid pass, loop through all
+    edit_user = {}
+    try:
+        r_users = requests.get(f"https://{host}/storemng/api/users",
+                               headers={"X-Auth": admin_token}, verify=verify, timeout=FS_API_TIMEOUT)
+        r_users.raise_for_status()
+    except (requests.exceptions.ConnectionError, requests.exceptions.HTTPError) as err:
+        print(err)
+        return False
+    print(r_users.text)
+    for r_user in json.loads(r_users.text):
+        if r_user["username"] == user.username:
+            edit_user = r_user
+            break
+    print(edit_user)
+    # return False
+    edit_user["password"] = user.password
+    fs_user = {
+        "what": "user",
+        "which": ["all"],
+        "data": edit_user,
+    }
+    try:
+        r_useradd = requests.put(f"https://{host}/storemng/api/users/{edit_user['id']}",
+                                 data=json.dumps(fs_user), headers={"X-Auth": admin_token}, verify=verify, timeout=FS_API_TIMEOUT)
+        r_useradd.raise_for_status()
+    except (requests.exceptions.ConnectionError, requests.exceptions.HTTPError) as err:
+        print(err)
+        return None
+
+    fs_user_token, status = use_filestore_auth(user)
+    return fs_user_token
 
 
 def delete_filestore_user(user: User):
+    """ Uses the filebrowser api to delete the user.username's filebrowser account and files.
+
+    Args:
+        user (User): The User model this action is for.
+
+    Returns:
+        bool: True when user.username's filebrowser account and files are both removed.
+    """
     if not user.is_authenticated:
         return False
     if user.username == os.environ["STORE_ADMIN_USERNAME"]:
@@ -153,7 +271,7 @@ def delete_filestore_user(user: User):
     if not admin_token:
         return False
     # find user
-    fs_user_token = use_filestore_auth(user)
+    fs_user_token, status = use_filestore_auth(user)
     if not fs_user_token:
         return False
     payload = jwt.decode(fs_user_token, options={"verify_signature": False})
@@ -162,7 +280,7 @@ def delete_filestore_user(user: User):
                               headers={"X-Auth": admin_token}, verify=verify, timeout=FS_API_TIMEOUT)
         r_user.raise_for_status()
     except (requests.exceptions.ConnectionError, requests.exceptions.HTTPError) as err:
-        print("{0}: ".format(err))
+        print(err)
         return False
     del_user = r_user.json()
     # remove user scope files
@@ -172,15 +290,15 @@ def delete_filestore_user(user: User):
                                          headers={"X-Auth": fs_user_token}, verify=verify, timeout=FS_API_TIMEOUT)
             r_filesdel.raise_for_status()
         except (requests.exceptions.ConnectionError, requests.exceptions.HTTPError) as err:
-            print("{0}: ".format(err))
+            print(err)
             return False
     # delete user from filestore db
     try:
         r_userdel = requests.delete(f"https://{host}/storemng/api/users/{del_user['id']}",
                                     headers={"X-Auth": fs_user_token}, verify=verify, timeout=FS_API_TIMEOUT)
         r_userdel.raise_for_status()
     except (requests.exceptions.ConnectionError, requests.exceptions.HTTPError) as err:
-        print("{0}: ".format(err))
+        print(err)
         return False
 
     return True

users/persistence.py

@@ -1,6 +1,5 @@
 import json
 
-import jwt
 import requests
 from requests.exceptions import HTTPError
 
@@ -54,7 +53,7 @@ def _urlopen(url, token, method, verify):
             )
         return response.text
     except (requests.exceptions.ConnectionError, HTTPError) as err:
-        print("{0}: ".format(err) + url)
+        print(f"{err}: {url}")
     except ValueError as err:
-        print(f"{response.text} {0}: ".format(err) + url)
+        print(f"{response.text} {err}: {url}")
     return None

users/views.py

@@ -25,7 +25,8 @@
 from rest_framework.schemas import AutoSchema
 
 from .filestore import (add_filestore_auth, delete_filestore_user,
-                        set_filestore_scope, use_filestore_auth)
+                        set_filestore_pass, set_filestore_scope,
+                        use_filestore_auth)
 from .forms import (DeviceForm, SceneForm, SocialSignupForm, UpdateDeviceForm,
                     UpdateSceneForm, UpdateStaffForm)
 from .models import Device, Scene
@@ -335,7 +336,7 @@ def profile_update_staff(request):
         print(f"Setting Filebrowser user {staff_username}, staff={is_staff}")
         if not set_filestore_scope(user):
             messages.error(
-                request, f"Unable to update user's filestore status.")
+                request, "Unable to update user's filestore status.")
             return redirect("user_profile")
 
     return redirect("user_profile")
@@ -369,9 +370,7 @@ def my_scenes(request):
             try:
                 user = get_user_from_id_token(gid_token)
             except (ValueError, SocialAccount.DoesNotExist) as err:
-                return JsonResponse(
-                    {"error": "{0}".format(err)}, status=status.HTTP_403_FORBIDDEN
-                )
+                return JsonResponse({"error": err}, status=status.HTTP_403_FORBIDDEN)
 
     serializer = SceneNameSerializer(get_my_scenes(user), many=True)
     return JsonResponse(serializer.data, safe=False)
@@ -493,7 +492,7 @@ def user_profile(request):
             # delete filestore files/account
             if not delete_filestore_user(request.user):
                 messages.error(
-                    request, f"Unable to delete account/files from the filestore.")
+                    request, "Unable to delete account/files from the filestore.")
                 return redirect("user_profile")
 
             # Be careful of foreign keys, in that case this is suggested:
@@ -572,9 +571,7 @@ def user_state(request):
             try:
                 user = get_user_from_id_token(gid_token)
             except (ValueError, SocialAccount.DoesNotExist) as err:
-                return JsonResponse(
-                    {"error": "{0}".format(err)}, status=status.HTTP_403_FORBIDDEN
-                )
+                return JsonResponse({"error": err}, status=status.HTTP_403_FORBIDDEN)
 
     if user.is_authenticated:
         if user.username.startswith("admin"):
@@ -612,14 +609,14 @@ def storelogin(request):
             try:
                 user = get_user_from_id_token(gid_token)
             except (ValueError, SocialAccount.DoesNotExist) as err:
-                return JsonResponse(
-                    {"error": "{0}".format(err)}, status=status.HTTP_403_FORBIDDEN
-                )
+                return JsonResponse({"error": err}, status=status.HTTP_403_FORBIDDEN)
 
     fs_user_token = None
     if user.is_authenticated:
         # try user auth
-        fs_user_token = use_filestore_auth(user)
+        fs_user_token, status = use_filestore_auth(user)
+        if status == 403:  # if django allauth pass updated by oauth, update pass
+            fs_user_token = set_filestore_pass(user)
         if not fs_user_token:
             # otherwise user needs to be added
             fs_user_token = add_filestore_auth(user)
@@ -746,9 +743,7 @@ def arena_token(request):
         try:
             user = get_user_from_id_token(gid_token)
         except (ValueError, SocialAccount.DoesNotExist) as err:
-            return JsonResponse(
-                {"error": "{0}".format(err)}, status=status.HTTP_403_FORBIDDEN
-            )
+            return JsonResponse({"error": err}, status=status.HTTP_403_FORBIDDEN)
 
     if user.is_authenticated:
         username = user.username