lemur/lemur/users/models.py
2019-05-16 07:57:02 -07:00

100 lines
2.8 KiB
Python

"""
.. module: lemur.users.models
:platform: unix
:synopsis: This module contains all of the models need to create a user within
lemur
:copyright: (c) 2018 by Netflix Inc., see AUTHORS for more
:license: Apache, see LICENSE for more details.
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
"""
from sqlalchemy.orm import relationship
from sqlalchemy import Integer, String, Column, Boolean
from sqlalchemy.event import listen
from sqlalchemy_utils.types.arrow import ArrowType
from lemur.database import db
from lemur.models import roles_users
from lemur.extensions import bcrypt
def hash_password(mapper, connect, target):
"""
Helper function that is a listener and hashes passwords before
insertion into the database.
:param mapper:
:param connect:
:param target:
"""
target.hash_password()
class User(db.Model):
__tablename__ = "users"
id = Column(Integer, primary_key=True)
password = Column(String(128))
active = Column(Boolean())
confirmed_at = Column(ArrowType())
username = Column(String(255), nullable=False, unique=True)
email = Column(String(128), unique=True)
profile_picture = Column(String(255))
roles = relationship(
"Role",
secondary=roles_users,
passive_deletes=True,
backref=db.backref("user"),
lazy="dynamic",
)
certificates = relationship(
"Certificate", backref=db.backref("user"), lazy="dynamic"
)
pending_certificates = relationship(
"PendingCertificate", backref=db.backref("user"), lazy="dynamic"
)
authorities = relationship("Authority", backref=db.backref("user"), lazy="dynamic")
keys = relationship("ApiKey", backref=db.backref("user"), lazy="dynamic")
logs = relationship("Log", backref=db.backref("user"), lazy="dynamic")
sensitive_fields = ("password",)
def check_password(self, password):
"""
Hash a given password and check it against the stored value
to determine it's validity.
:param password:
:return:
"""
if self.password:
return bcrypt.check_password_hash(self.password, password)
def hash_password(self):
"""
Generate the secure hash for the password.
:return:
"""
if self.password:
self.password = bcrypt.generate_password_hash(self.password).decode("utf-8")
@property
def is_admin(self):
"""
Determine if the current user has the 'admin' role associated
with it.
:return:
"""
for role in self.roles:
if role.name == "admin":
return True
def __repr__(self):
return "User(username={username})".format(username=self.username)
listen(User, "before_insert", hash_password)