"""Service to handle user operations."""
import logging
import random
import string
from datetime import datetime
from typing import Optional, Dict, Callable, Any, Tuple
from iso8601 import iso8601
from atheneum import errors
from atheneum.db import db
from atheneum.model import User
from atheneum.service import role_service
from atheneum.service.authentication_service import validate_password_strength
from atheneum.service.transformation_service import (
BaseTransformer,
register_transformer
)
from atheneum.service.validation_service import (
BaseValidator,
register_validator
)
from atheneum.utility import authentication_utility
LOGGER = logging.getLogger(__name__)
@register_transformer
class UserTransformer(BaseTransformer):
"""Serialize User model."""
type = User
def _deserializers(
self) -> Dict[str, Callable[[User, Any], None]]:
"""Define the fields and the accompanying deserializer factory."""
return {
'name': self.deserialize_name,
'creationTime': self.deserialize_creation_time,
'lastLoginTime': self.deserialize_last_login_time,
'version': self.deserialize_version,
'role': self.deserialize_role,
}
def _serializers(self) -> Dict[str, Callable[[], Any]]:
"""Define the fields and the accompanying serializer factory."""
return {
'name': self.serialize_name,
'creationTime': self.serialize_creation_time,
'lastLoginTime': self.serialize_last_login_time,
'version': self.serialize_version,
'role': self.serialize_role,
}
def serialize_name(self) -> str:
"""User name."""
return self.model.name
@staticmethod
def deserialize_name(model: User, name: str) -> None:
"""User name."""
model.name = name
def serialize_creation_time(self) -> datetime:
"""User creation time."""
return self.model.creation_time
@staticmethod
def deserialize_creation_time(
model: User, creation_time: datetime) -> None:
"""User creation time."""
model.creation_time = iso8601.parse_date(creation_time)
def serialize_last_login_time(self) -> datetime:
"""User last login time."""
return self.model.last_login_time
@staticmethod
def deserialize_last_login_time(
model: User, last_login_time: datetime) -> None:
"""User last login time."""
model.last_login_time = iso8601.parse_date(last_login_time)
def serialize_version(self) -> int:
"""User version."""
return self.model.version
@staticmethod
def deserialize_version(model: User, version: int) -> None:
"""User version."""
model.version = version
def serialize_role(self) -> str:
"""User role."""
return self.model.role.value
@staticmethod
def deserialize_role(model: User, role_value: str) -> None:
"""User role."""
model.role = role_service.Role(role_value)
@register_validator
class UserValidator(BaseValidator):
"""Validate User model."""
type = User
def _validators(
self) -> Dict[str, Callable[[Any], Tuple[bool, str]]]:
return {
'id': self.no_validation,
'name': self.validate_name,
'role': self.validate_role,
'password_hash': self.no_validation,
'password_revision': self.no_validation,
'creation_time': self.no_validation,
'last_login_time': self.no_validation,
'version': self.validate_version
}
def validate_name(self, new_name: Any) -> Tuple[bool, str]:
"""
Name changes are only allowed to be performed by an Admin.
:param new_name:
:return:
"""
validation_result = (self.request_user.role == role_service.Role.ADMIN
or new_name is None)
if validation_result:
return validation_result, ''
return (validation_result,
'Names can only be changed by an administrator')
def validate_role(self, new_role: Any) -> Tuple[bool, str]:
"""
Roles can only be increased to the level of the request_user.
:param new_role:
:return:
"""
acceptable_roles = role_service.ROLES.find_children_roles(
self.request_user.role)
role = new_role if new_role is not None else self.model.role
if role in acceptable_roles:
return True, ''
return False, 'Role escalation is not permitted'
def find_by_name(name: str) -> Optional[User]:
"""
Find a user by name.
:param name:
:return:
"""
return User.query.filter_by(name=name).first()
def register(
name: str,
password: Optional[str],
role: Optional[str],
validate_password: bool = True) -> User:
"""
Register a new user.
:param name: Desired user name. Must be unique and not already registered
:param password: Password to be hashed and stored for the user
:param role: Role to assign the user [ROLE_USER, ROLE_ADMIN]
:param validate_password: Perform password validation
:return:
"""
if validate_password and password is not None:
validate_password_strength(password)
password = password if password is not None else ''.join(
random.choices(string.ascii_letters + string.digits, k=32))
role = role if role is not None else User.ROLE_USER
if find_by_name(name=name) is not None:
raise errors.ValidationError('User name is already taken.')
pw_hash, pw_revision = authentication_utility.get_password_hash(password)
new_user = User(
name=name,
role=role,
password_hash=pw_hash,
password_revision=pw_revision,
creation_time=datetime.now(),
version=0)
db.session.add(new_user)
db.session.commit()
LOGGER.info('Registered new user: %s with role: %s', name, role)
return new_user
def delete(user: User) -> bool:
"""
Delete a user.
:param user:
:return:
"""
existing_user = db.session.delete(user)
if existing_user is None:
db.session.commit()
return True
return False
def update_last_login_time(user: User) -> None:
"""
Bump the last login time for the user.
:param user:
:return:
"""
if user is not None:
user.last_login_time = datetime.now()
db.session.commit()
def update_password(user: User, password: str) -> None:
"""
Change the user password.
:param user:
:param password:
:return:
"""
pw_hash, pw_revision = authentication_utility.get_password_hash(
password)
user.password_hash = pw_hash
user.password_revision = pw_revision
db.session.commit()