100 lines
2.8 KiB
Python
100 lines
2.8 KiB
Python
"""
|
|
.. module: lemur.users.models
|
|
:platform: unix
|
|
:synopsis: This module contains all of the models need to create a user within
|
|
lemur
|
|
:copyright: (c) 2018 by Netflix Inc., see AUTHORS for more
|
|
:license: Apache, see LICENSE for more details.
|
|
|
|
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
|
|
"""
|
|
from sqlalchemy.orm import relationship
|
|
from sqlalchemy import Integer, String, Column, Boolean
|
|
from sqlalchemy.event import listen
|
|
|
|
from sqlalchemy_utils.types.arrow import ArrowType
|
|
|
|
from lemur.database import db
|
|
from lemur.models import roles_users
|
|
|
|
from lemur.extensions import bcrypt
|
|
|
|
|
|
def hash_password(mapper, connect, target):
|
|
"""
|
|
Helper function that is a listener and hashes passwords before
|
|
insertion into the database.
|
|
|
|
:param mapper:
|
|
:param connect:
|
|
:param target:
|
|
"""
|
|
target.hash_password()
|
|
|
|
|
|
class User(db.Model):
|
|
__tablename__ = "users"
|
|
id = Column(Integer, primary_key=True)
|
|
password = Column(String(128))
|
|
active = Column(Boolean())
|
|
confirmed_at = Column(ArrowType())
|
|
username = Column(String(255), nullable=False, unique=True)
|
|
email = Column(String(128), unique=True)
|
|
profile_picture = Column(String(255))
|
|
roles = relationship(
|
|
"Role",
|
|
secondary=roles_users,
|
|
passive_deletes=True,
|
|
backref=db.backref("user"),
|
|
lazy="dynamic",
|
|
)
|
|
certificates = relationship(
|
|
"Certificate", backref=db.backref("user"), lazy="dynamic"
|
|
)
|
|
pending_certificates = relationship(
|
|
"PendingCertificate", backref=db.backref("user"), lazy="dynamic"
|
|
)
|
|
authorities = relationship("Authority", backref=db.backref("user"), lazy="dynamic")
|
|
keys = relationship("ApiKey", backref=db.backref("user"), lazy="dynamic")
|
|
logs = relationship("Log", backref=db.backref("user"), lazy="dynamic")
|
|
|
|
sensitive_fields = ("password",)
|
|
|
|
def check_password(self, password):
|
|
"""
|
|
Hash a given password and check it against the stored value
|
|
to determine it's validity.
|
|
|
|
:param password:
|
|
:return:
|
|
"""
|
|
if self.password:
|
|
return bcrypt.check_password_hash(self.password, password)
|
|
|
|
def hash_password(self):
|
|
"""
|
|
Generate the secure hash for the password.
|
|
|
|
:return:
|
|
"""
|
|
if self.password:
|
|
self.password = bcrypt.generate_password_hash(self.password).decode("utf-8")
|
|
|
|
@property
|
|
def is_admin(self):
|
|
"""
|
|
Determine if the current user has the 'admin' role associated
|
|
with it.
|
|
|
|
:return:
|
|
"""
|
|
for role in self.roles:
|
|
if role.name == "admin":
|
|
return True
|
|
|
|
def __repr__(self):
|
|
return "User(username={username})".format(username=self.username)
|
|
|
|
|
|
listen(User, "before_insert", hash_password)
|