An ebook/comic library service and web client
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

239 lines
6.8 KiB

  1. """Service to handle user operations."""
  2. import logging
  3. import random
  4. import string
  5. from datetime import datetime
  6. from typing import Optional, Dict, Callable, Any, Tuple
  7. from iso8601 import iso8601
  8. from atheneum import errors
  9. from atheneum.db import db
  10. from atheneum.model import User
  11. from atheneum.service import role_service
  12. from atheneum.service.authentication_service import validate_password_strength
  13. from atheneum.service.transformation_service import (
  14. BaseTransformer,
  15. register_transformer
  16. )
  17. from atheneum.service.validation_service import (
  18. BaseValidator,
  19. register_validator
  20. )
  21. from atheneum.utility import authentication_utility
  22. LOGGER = logging.getLogger(__name__)
  23. @register_transformer
  24. class UserTransformer(BaseTransformer):
  25. """Serialize User model."""
  26. type = User
  27. def _deserializers(
  28. self) -> Dict[str, Callable[[User, Any], None]]:
  29. """Define the fields and the accompanying deserializer factory."""
  30. return {
  31. 'name': self.deserialize_name,
  32. 'creationTime': self.deserialize_creation_time,
  33. 'lastLoginTime': self.deserialize_last_login_time,
  34. 'version': self.deserialize_version,
  35. 'role': self.deserialize_role,
  36. }
  37. def _serializers(self) -> Dict[str, Callable[[], Any]]:
  38. """Define the fields and the accompanying serializer factory."""
  39. return {
  40. 'name': self.serialize_name,
  41. 'creationTime': self.serialize_creation_time,
  42. 'lastLoginTime': self.serialize_last_login_time,
  43. 'version': self.serialize_version,
  44. 'role': self.serialize_role,
  45. }
  46. def serialize_name(self) -> str:
  47. """User name."""
  48. return self.model.name
  49. @staticmethod
  50. def deserialize_name(model: User, name: str) -> None:
  51. """User name."""
  52. model.name = name
  53. def serialize_creation_time(self) -> datetime:
  54. """User creation time."""
  55. return self.model.creation_time
  56. @staticmethod
  57. def deserialize_creation_time(
  58. model: User, creation_time: datetime) -> None:
  59. """User creation time."""
  60. model.creation_time = iso8601.parse_date(creation_time)
  61. def serialize_last_login_time(self) -> datetime:
  62. """User last login time."""
  63. return self.model.last_login_time
  64. @staticmethod
  65. def deserialize_last_login_time(
  66. model: User, last_login_time: datetime) -> None:
  67. """User last login time."""
  68. model.last_login_time = iso8601.parse_date(last_login_time)
  69. def serialize_version(self) -> int:
  70. """User version."""
  71. return self.model.version
  72. @staticmethod
  73. def deserialize_version(model: User, version: int) -> None:
  74. """User version."""
  75. model.version = version
  76. def serialize_role(self) -> str:
  77. """User role."""
  78. return self.model.role.value
  79. @staticmethod
  80. def deserialize_role(model: User, role_value: str) -> None:
  81. """User role."""
  82. model.role = role_service.Role(role_value)
  83. @register_validator
  84. class UserValidator(BaseValidator):
  85. """Validate User model."""
  86. type = User
  87. def _validators(
  88. self) -> Dict[str, Callable[[Any], Tuple[bool, str]]]:
  89. return {
  90. 'id': self.no_validation,
  91. 'name': self.validate_name,
  92. 'role': self.validate_role,
  93. 'password_hash': self.no_validation,
  94. 'password_revision': self.no_validation,
  95. 'creation_time': self.no_validation,
  96. 'last_login_time': self.no_validation,
  97. 'version': self.validate_version
  98. }
  99. def validate_name(self, new_name: Any) -> Tuple[bool, str]:
  100. """
  101. Name changes are only allowed to be performed by an Admin.
  102. :param new_name:
  103. :return:
  104. """
  105. validation_result = (self.request_user.role == role_service.Role.ADMIN
  106. or new_name is None)
  107. if validation_result:
  108. return validation_result, ''
  109. return (validation_result,
  110. 'Names can only be changed by an administrator')
  111. def validate_role(self, new_role: Any) -> Tuple[bool, str]:
  112. """
  113. Roles can only be increased to the level of the request_user.
  114. :param new_role:
  115. :return:
  116. """
  117. acceptable_roles = role_service.ROLES.find_children_roles(
  118. self.request_user.role)
  119. role = new_role if new_role is not None else self.model.role
  120. if role in acceptable_roles:
  121. return True, ''
  122. return False, 'Role escalation is not permitted'
  123. def find_by_name(name: str) -> Optional[User]:
  124. """
  125. Find a user by name.
  126. :param name:
  127. :return:
  128. """
  129. return User.query.filter_by(name=name).first()
  130. def register(
  131. name: str,
  132. password: Optional[str],
  133. role: Optional[str],
  134. validate_password: bool = True) -> User:
  135. """
  136. Register a new user.
  137. :param name: Desired user name. Must be unique and not already registered
  138. :param password: Password to be hashed and stored for the user
  139. :param role: Role to assign the user [ROLE_USER, ROLE_ADMIN]
  140. :param validate_password: Perform password validation
  141. :return:
  142. """
  143. if validate_password and password is not None:
  144. validate_password_strength(password)
  145. password = password if password is not None else ''.join(
  146. random.choices(string.ascii_letters + string.digits, k=32))
  147. role = role if role is not None else User.ROLE_USER
  148. if find_by_name(name=name) is not None:
  149. raise errors.ValidationError('User name is already taken.')
  150. pw_hash, pw_revision = authentication_utility.get_password_hash(password)
  151. new_user = User(
  152. name=name,
  153. role=role,
  154. password_hash=pw_hash,
  155. password_revision=pw_revision,
  156. creation_time=datetime.now(),
  157. version=0)
  158. db.session.add(new_user)
  159. db.session.commit()
  160. LOGGER.info('Registered new user: %s with role: %s', name, role)
  161. return new_user
  162. def delete(user: User) -> bool:
  163. """
  164. Delete a user.
  165. :param user:
  166. :return:
  167. """
  168. existing_user = db.session.delete(user)
  169. if existing_user is None:
  170. db.session.commit()
  171. return True
  172. return False
  173. def update_last_login_time(user: User) -> None:
  174. """
  175. Bump the last login time for the user.
  176. :param user:
  177. :return:
  178. """
  179. if user is not None:
  180. user.last_login_time = datetime.now()
  181. db.session.commit()
  182. def update_password(user: User, password: str) -> None:
  183. """
  184. Change the user password.
  185. :param user:
  186. :param password:
  187. :return:
  188. """
  189. pw_hash, pw_revision = authentication_utility.get_password_hash(
  190. password)
  191. user.password_hash = pw_hash
  192. user.password_revision = pw_revision
  193. db.session.commit()