From 7afd33460a993410f0c514c9381879c5cc899e00 Mon Sep 17 00:00:00 2001 From: Bram van Dartel Date: Wed, 6 Jul 2022 11:31:53 +0200 Subject: [PATCH 1/5] API also check username upon user.exists --- alexia/api/v1/methods/user.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/alexia/api/v1/methods/user.py b/alexia/api/v1/methods/user.py index 799a242..1d7d687 100644 --- a/alexia/api/v1/methods/user.py +++ b/alexia/api/v1/methods/user.py @@ -68,7 +68,8 @@ def user_exists(request, radius_username): return User.objects.filter(authenticationdata__backend=RADIUS_BACKEND_NAME, authenticationdata__username=radius_username).exists() or \ User.objects.filter(authenticationdata__backend=SAML2_BACKEND_NAME, - authenticationdata__username=radius_username).exists() + authenticationdata__username=radius_username).exists() or \ + User.objects.filter(username=radius_username) @jsonrpc_method('user.get(radius_username=String) -> Object', site=api_v1_site, authenticated=True, safe=True) From f37df95d751aadfb17ed74e15c5bbec05395ac81 Mon Sep 17 00:00:00 2001 From: Bram van Dartel Date: Wed, 6 Jul 2022 11:41:03 +0200 Subject: [PATCH 2/5] Fix .exists() --- alexia/api/v1/methods/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/alexia/api/v1/methods/user.py b/alexia/api/v1/methods/user.py index 1d7d687..b0bc4c7 100644 --- a/alexia/api/v1/methods/user.py +++ b/alexia/api/v1/methods/user.py @@ -69,7 +69,7 @@ def user_exists(request, radius_username): authenticationdata__username=radius_username).exists() or \ User.objects.filter(authenticationdata__backend=SAML2_BACKEND_NAME, authenticationdata__username=radius_username).exists() or \ - User.objects.filter(username=radius_username) + User.objects.filter(username=radius_username).exists() @jsonrpc_method('user.get(radius_username=String) -> Object', site=api_v1_site, authenticated=True, safe=True) From c7812e5017365242f4190203a2bc46dedcbcb747 Mon Sep 17 00:00:00 2001 From: Bram van Dartel Date: Wed, 6 Jul 2022 11:50:49 +0200 Subject: [PATCH 3/5] Also get user based on username in alexia --- alexia/api/v1/methods/rfid.py | 51 ++++++++++++++++------------------- alexia/api/v1/methods/user.py | 21 ++++++++++----- 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/alexia/api/v1/methods/rfid.py b/alexia/api/v1/methods/rfid.py index 71126fe..61f5810 100644 --- a/alexia/api/v1/methods/rfid.py +++ b/alexia/api/v1/methods/rfid.py @@ -61,7 +61,10 @@ def rfid_list(request, radius_username=None): user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, authenticationdata__username=radius_username) except User.DoesNotExist: - return [] + try: + user = User.objects.get(username=radius_username) + except User.DoesNotExist: + return [] rfidcards = rfidcards.filter(user=user) rfidcards = rfidcards.select_related('user') @@ -96,15 +99,7 @@ def rfid_get(request, radius_username): Raises error -32602 (Invalid params) if the username does not exist. """ result = [] - try: - user = User.objects.get(authenticationdata__backend=SAML2_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - try: - user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - raise InvalidParamsError('User with provided username does not exits') + get_user_by_username(radius_username) rfidcards = RfidCard.objects.filter(user=user, managed_by=request.organization) @@ -140,15 +135,7 @@ def rfid_add(request, radius_username, identifier): Raises error -32602 (Invalid params) if the RFID card is already registered by someone else. """ - try: - user = User.objects.get(authenticationdata__backend=SAML2_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - try: - user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - raise InvalidParamsError('User with provided username does not exits') + get_user_by_username(radius_username) try: rfidcard = RfidCard.objects.select_for_update().get(user=user, identifier=identifier) @@ -182,15 +169,7 @@ def rfid_remove(request, radius_username, identifier): Raises error -32602 (Invalid params) if the username does not exist. Raises error -32602 (Invalid params) if the RFID card does not exist for this person/organization. """ - try: - user = User.objects.get(authenticationdata__backend=SAML2_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - try: - user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - raise InvalidParamsError('User with provided username does not exits') + user = get_user_by_username(radius_username) try: rfidcard = RfidCard.objects.select_for_update().get(user=user, identifier=identifier) @@ -208,3 +187,19 @@ def rfid_remove(request, radius_username, identifier): rfidcard.delete() else: rfidcard.managed_by.remove(request.organization) + + +def get_user_by_username(radius_username): + try: + user = User.objects.get(authenticationdata__backend=SAML2_BACKEND_NAME, + authenticationdata__username=radius_username) + except User.DoesNotExist: + try: + user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, + authenticationdata__username=radius_username) + except User.DoesNotExist: + try: + user = User.objects.get(username=radius_username) + except User.DoesNotExist: + raise InvalidParamsError('User with provided username does not exits') + return user diff --git a/alexia/api/v1/methods/user.py b/alexia/api/v1/methods/user.py index b0bc4c7..a3edd5c 100644 --- a/alexia/api/v1/methods/user.py +++ b/alexia/api/v1/methods/user.py @@ -98,8 +98,11 @@ def user_get(request, radius_username): try: user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, authenticationdata__username=radius_username) - except: - raise ObjectNotFoundError + except User.DoesNotExist: + try: + user = User.objects.get(username=radius_username) + except: + raise ObjectNotFoundError return format_user(user) @@ -164,8 +167,11 @@ def user_get_membership(request, radius_username): try: user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, authenticationdata__username=radius_username) - except: - raise ObjectNotFoundError + except User.DoesNotExist: + try: + user = User.objects.get(username=radius_username) + except: + raise ObjectNotFoundError try: membership = Membership.objects.get( @@ -216,8 +222,11 @@ def user_get_iva_certificate(request, radius_username): try: user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, authenticationdata__username=radius_username) - except: - raise ObjectNotFoundError + except User.DoesNotExist: + try: + user = User.objects.get(username=radius_username) + except: + raise ObjectNotFoundError try: certificate = Certificate.objects.get(owner=user) From cd62b76797c66ef3e1b22636fb16886e6df8e227 Mon Sep 17 00:00:00 2001 From: Bram van Dartel Date: Wed, 6 Jul 2022 11:53:17 +0200 Subject: [PATCH 4/5] Fix user definition --- alexia/api/v1/methods/rfid.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/alexia/api/v1/methods/rfid.py b/alexia/api/v1/methods/rfid.py index 61f5810..1a2a44b 100644 --- a/alexia/api/v1/methods/rfid.py +++ b/alexia/api/v1/methods/rfid.py @@ -99,7 +99,7 @@ def rfid_get(request, radius_username): Raises error -32602 (Invalid params) if the username does not exist. """ result = [] - get_user_by_username(radius_username) + user = get_user_by_username(radius_username) rfidcards = RfidCard.objects.filter(user=user, managed_by=request.organization) @@ -135,7 +135,7 @@ def rfid_add(request, radius_username, identifier): Raises error -32602 (Invalid params) if the RFID card is already registered by someone else. """ - get_user_by_username(radius_username) + user = get_user_by_username(radius_username) try: rfidcard = RfidCard.objects.select_for_update().get(user=user, identifier=identifier) From b1c024c61c8ebb59b131d9a1f6ffcbe39ffe1442 Mon Sep 17 00:00:00 2001 From: Bram van Dartel Date: Wed, 6 Jul 2022 11:59:17 +0200 Subject: [PATCH 5/5] Change in all locations that django username can be used as well --- alexia/api/v1/methods/authorization.py | 55 +++++++++----------------- alexia/api/v1/methods/billing.py | 5 ++- alexia/api/v1/methods/scheduling.py | 5 ++- 3 files changed, 27 insertions(+), 38 deletions(-) diff --git a/alexia/api/v1/methods/authorization.py b/alexia/api/v1/methods/authorization.py index a0b6ade..7d1af32 100644 --- a/alexia/api/v1/methods/authorization.py +++ b/alexia/api/v1/methods/authorization.py @@ -42,15 +42,7 @@ def authorization_list(request, radius_username=None): authorizations = Authorization.objects.filter(organization=request.organization) if radius_username is not None: - try: - user = User.objects.get(authenticationdata__backend=SAML2_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - try: - user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - raise InvalidParamsError('User with provided username does not exist') + user = get_user_by_username(radius_username) authorizations = authorizations.filter(user=user) @@ -88,15 +80,7 @@ def authorization_get(request, radius_username): """ result = [] - try: - user = User.objects.get(authenticationdata__backend=SAML2_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - try: - user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - raise InvalidParamsError('User with provided username does not exits') + user = get_user_by_username(radius_username) authorizations = Authorization.objects.filter(user=user, organization=request.organization) @@ -137,15 +121,7 @@ def authorization_add(request, radius_username, account): Raises error -32602 (Invalid params) if the username does not exist. """ - try: - user = User.objects.get(authenticationdata__backend=SAML2_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - try: - user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - raise InvalidParamsError('User with provided username does not exits') + user = get_user_by_username(radius_username) authorization = Authorization(user=user, organization=request.organization) authorization.save() @@ -171,15 +147,7 @@ def authorization_end(request, radius_username, authorization_id): Raises error -32602 (Invalid params) if the username does not exist. Raises error -32602 (Invalid params) if provided authorization cannot be found. """ - try: - user = User.objects.get(authenticationdata__backend=SAML2_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - try: - user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, - authenticationdata__username=radius_username) - except User.DoesNotExist: - raise InvalidParamsError('User with provided username does not exits') + user = get_user_by_username(radius_username) try: authorization = Authorization.objects.select_for_update().get(user=user, @@ -194,3 +162,18 @@ def authorization_end(request, radius_username, authorization_id): return True else: return False + +def get_user_by_username(radius_username): + try: + user = User.objects.get(authenticationdata__backend=SAML2_BACKEND_NAME, + authenticationdata__username=radius_username) + except User.DoesNotExist: + try: + user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, + authenticationdata__username=radius_username) + except User.DoesNotExist: + try: + user = User.objects.get(username=radius_username) + except User.DoesNotExist: + raise InvalidParamsError('User with provided username does not exits') + return user diff --git a/alexia/api/v1/methods/billing.py b/alexia/api/v1/methods/billing.py index dc54412..19e9fc8 100644 --- a/alexia/api/v1/methods/billing.py +++ b/alexia/api/v1/methods/billing.py @@ -225,7 +225,10 @@ def order_list(request, radius_username=None): user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, authenticationdata__username=radius_username) except User.DoesNotExist: - return [] + try: + user = User.objects.get(username=radius_username) + except User.DoesNotExist: + return [] orders = orders.filter(authorization__user=user) orders = orders.select_related('event', 'authorization') diff --git a/alexia/api/v1/methods/scheduling.py b/alexia/api/v1/methods/scheduling.py index bc49671..0df96bf 100644 --- a/alexia/api/v1/methods/scheduling.py +++ b/alexia/api/v1/methods/scheduling.py @@ -53,7 +53,10 @@ def user_get_availabilities(request, radius_username): user = User.objects.get(authenticationdata__backend=RADIUS_BACKEND_NAME, authenticationdata__username=radius_username) except User.DoesNotExist: - raise InvalidParamsError('User with provided username does not exits') + try: + user = User.objects.get(username=radius_username) + except User.DoesNotExist: + raise InvalidParamsError('User with provided username does not exits') availabilities = BartenderAvailability.objects.filter(user=user, event__organizer=request.organization)