90 lines
2.7 KiB
Python
90 lines
2.7 KiB
Python
"""
|
|
.. module: lemur.users.models
|
|
:platform: unix
|
|
:synopsis: This module contains all of the models need to create a user within
|
|
lemur
|
|
:copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
|
|
:license: Apache, see LICENSE for more details.
|
|
|
|
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
|
|
"""
|
|
from sqlalchemy.orm import relationship
|
|
from sqlalchemy import Integer, String, Column, Boolean
|
|
from sqlalchemy.event import listen
|
|
|
|
from sqlalchemy_utils.types.arrow import ArrowType
|
|
|
|
from lemur.database import db
|
|
from lemur.models import roles_users
|
|
|
|
from lemur.extensions import bcrypt
|
|
|
|
|
|
def hash_password(mapper, connect, target):
|
|
"""
|
|
Helper function that is a listener and hashes passwords before
|
|
insertion into the database.
|
|
|
|
:param mapper:
|
|
:param connect:
|
|
:param target:
|
|
"""
|
|
target.hash_password()
|
|
|
|
|
|
class User(db.Model):
|
|
__tablename__ = 'users'
|
|
id = Column(Integer, primary_key=True)
|
|
password = Column(String(128))
|
|
active = Column(Boolean())
|
|
confirmed_at = Column(ArrowType())
|
|
username = Column(String(255), nullable=False, unique=True)
|
|
email = Column(String(128), unique=True)
|
|
profile_picture = Column(String(255))
|
|
roles = relationship('Role', secondary=roles_users, passive_deletes=True, backref=db.backref('user'), lazy='dynamic')
|
|
certificates = relationship('Certificate', backref=db.backref('user'), lazy='dynamic')
|
|
pending_certificates = relationship('PendingCertificate', backref=db.backref('user'), lazy='dynamic')
|
|
authorities = relationship('Authority', backref=db.backref('user'), lazy='dynamic')
|
|
keys = relationship('ApiKey', backref=db.backref('user'), lazy='dynamic')
|
|
logs = relationship('Log', backref=db.backref('user'), lazy='dynamic')
|
|
|
|
sensitive_fields = ('password',)
|
|
|
|
def check_password(self, password):
|
|
"""
|
|
Hash a given password and check it against the stored value
|
|
to determine it's validity.
|
|
|
|
:param password:
|
|
:return:
|
|
"""
|
|
if self.password:
|
|
return bcrypt.check_password_hash(self.password, password)
|
|
|
|
def hash_password(self):
|
|
"""
|
|
Generate the secure hash for the password.
|
|
|
|
:return:
|
|
"""
|
|
if self.password:
|
|
self.password = bcrypt.generate_password_hash(self.password).decode('utf-8')
|
|
|
|
@property
|
|
def is_admin(self):
|
|
"""
|
|
Determine if the current user has the 'admin' role associated
|
|
with it.
|
|
|
|
:return:
|
|
"""
|
|
for role in self.roles:
|
|
if role.name == 'admin':
|
|
return True
|
|
|
|
def __repr__(self):
|
|
return "User(username={username})".format(username=self.username)
|
|
|
|
|
|
listen(User, 'before_insert', hash_password)
|