openwebrx-clone/owrx/users.py

from abc import ABC, abstractmethod
from owrx.config.core import CoreConfig
from datetime import datetime, timezone
import json
import hashlib
import os
import stat

import logging

logger = logging.getLogger(__name__)


class PasswordException(Exception):
    pass


class Password(ABC):
    @staticmethod
    def from_dict(d: dict):
        if "encoding" not in d:
            raise PasswordException("password encoding not set")
        if d["encoding"] == "string":
            return CleartextPassword(d)
        elif d["encoding"] == "hash":
            return HashedPassword(d)
        raise PasswordException("invalid passord encoding: {0}".format(d["type"]))

    @abstractmethod
    def is_valid(self, inp: str) -> bool:
        pass

    @abstractmethod
    def toJson(self) -> dict:
        pass


class CleartextPassword(Password):
    def __init__(self, pwinfo):
        if isinstance(pwinfo, str):
            self._value = pwinfo
        elif isinstance(pwinfo, dict):
            self._value = pwinfo["value"]
        else:
            raise ValueError("invalid argument to ClearTextPassword()")

    def is_valid(self, inp: str) -> bool:
        return self._value == inp

    def toJson(self) -> dict:
        return {
            "encoding": "string",
            "value": self._value
        }


class HashedPassword(Password):
    def __init__(self, pwinfo, algorithm="sha256"):
        self.iterations = 100000
        if isinstance(pwinfo, str):
            self._createFromString(pwinfo, algorithm)
        else:
            self._loadFromDict(pwinfo)

    def _createFromString(self, pw: str, algorithm: str):
        self._algorithm = algorithm
        self._salt = os.urandom(32)
        dk = hashlib.pbkdf2_hmac(self._algorithm, pw.encode(), self._salt, self.iterations)
        self._hash = dk.hex()
        pass

    def _loadFromDict(self, d: dict):
        self._hash = d["value"]
        self._algorithm = d["algorithm"]
        self._salt = bytes.fromhex(d["salt"])
        pass

    def is_valid(self, inp: str) -> bool:
        dk = hashlib.pbkdf2_hmac(self._algorithm, inp.encode(), self._salt, self.iterations)
        return dk.hex() == self._hash

    def toJson(self) -> dict:
        return {
            "encoding": "hash",
            "value": self._hash,
            "algorithm": self._algorithm,
            "salt": self._salt.hex(),
        }


DefaultPasswordClass = HashedPassword


class User(object):
    def __init__(self, name: str, enabled: bool, password: Password, must_change_password: bool = False):
        self.name = name
        self.enabled = enabled
        self.password = password
        self.must_change_password = must_change_password

    def toJson(self):
        return {
            "user": self.name,
            "enabled": self.enabled,
            "must_change_password": self.must_change_password,
            "password": self.password.toJson()
        }

    @staticmethod
    def fromJson(d):
        if "user" in d and "password" in d and "enabled" in d:
            mcp = d["must_change_password"] if "must_change_password" in d else False
            return User(d["user"], d["enabled"], Password.from_dict(d["password"]), mcp)

    def setPassword(self, password: Password, must_change_password: bool = None):
        self.password = password
        if must_change_password is not None:
            self.must_change_password = must_change_password

    def is_enabled(self):
        return self.enabled

    def enable(self):
        self.enabled = True

    def disable(self):
        self.enabled = False


class UserList(object):
    sharedInstance = None

    @staticmethod
    def getSharedInstance():
        if UserList.sharedInstance is None:
            UserList.sharedInstance = UserList()
        return UserList.sharedInstance

    def __init__(self):
        self.file_modified = None
        self.users = {}

    def refresh(self):
        if self.file_modified is None or self._getUsersFileModifiedTimestamp() > self.file_modified:
            logger.debug("reloading users from disk due to file modification")
            self.users = self._loadUsers()

    def _getUsersFile(self):
        config = CoreConfig()
        return "{data_directory}/users.json".format(data_directory=config.get_data_directory())

    def _getUsersFileModifiedTimestamp(self):
        timestamp = 0
        try:
            timestamp = os.path.getmtime(self._getUsersFile())
        except FileNotFoundError:
            pass
        return datetime.fromtimestamp(timestamp, timezone.utc)

    def _loadUsers(self):
        usersFile = self._getUsersFile()
        # to avoid concurrency issues and problems when parsing errors occur:
        # get early, store late
        modified = self._getUsersFileModifiedTimestamp()
        try:
            with open(usersFile, "r") as f:
                users_json = json.load(f)

            users = {u.name: u for u in [User.fromJson(d) for d in users_json]}
            self.file_modified = modified
            return users
        except FileNotFoundError:
            self.file_modified = modified
            return {}
        except json.JSONDecodeError:
            logger.exception("error while parsing users file %s", usersFile)
            return {}
        except Exception:
            logger.exception("error while processing users from %s", usersFile)
            return {}

    def _userToJson(self, u):
        return u.toJson()

    def store(self):
        usersFile = self._getUsersFile()
        users = [u.toJson() for u in self.values()]
        try:
            # don't write directly to file to avoid corruption on exceptions
            jsonContent = json.dumps(users, indent=4)
            with open(usersFile, "w") as f:
                f.write(jsonContent)
            # file should be readable by us only
            os.chmod(usersFile, stat.S_IWUSR + stat.S_IRUSR)
        except Exception:
            logger.exception("error while writing users file %s", usersFile)
        self.refresh()

    def _getUsername(self, user):
        if isinstance(user, User):
            return user.name
        elif isinstance(user, str):
            return user
        else:
            raise ValueError("invalid user type")

    def addUser(self, user: User):
        self[user.name] = user

    def deleteUser(self, user):
        del self[self._getUsername(user)]

    def __delitem__(self, key):
        self.refresh()
        if key not in self.users:
            raise KeyError("User {user} doesn't exist".format(user=key))
        del self.users[key]
        self.store()

    def __getitem__(self, item):
        self.refresh()
        return self.users[item]

    def __contains__(self, item):
        self.refresh()
        return item in self.users

    def __setitem__(self, key, value):
        self.refresh()
        if key in self.users:
            raise KeyError("User {user} already exists".format(user=key))
        self.users[key] = value
        self.store()

    def values(self):
        self.refresh()
        return self.users.values()
add first user storage implementation 2020-04-01 20:29:42 +00:00			`from abc import ABC, abstractmethod`
implement config layering 2021-02-11 18:31:44 +00:00			`from owrx.config.core import CoreConfig`
monitor user file modifications & reload if necessary 2021-02-08 16:24:59 +00:00			`from datetime import datetime, timezone`
add first user storage implementation 2020-04-01 20:29:42 +00:00			`import json`
implement hashed passwords 2021-02-06 17:38:49 +00:00			`import hashlib`
random salt for passwords 2021-02-06 17:43:37 +00:00			`import os`
update permissions on write 2021-02-18 20:07:45 +00:00			`import stat`
add first user storage implementation 2020-04-01 20:29:42 +00:00
			`import logging`

			`logger = logging.getLogger(__name__)`


			`class PasswordException(Exception):`
			`pass`


			`class Password(ABC):`
			`@staticmethod`
			`def from_dict(d: dict):`
			`if "encoding" not in d:`
			`raise PasswordException("password encoding not set")`
			`if d["encoding"] == "string":`
			`return CleartextPassword(d)`
implement hashed passwords 2021-02-06 17:38:49 +00:00			`elif d["encoding"] == "hash":`
			`return HashedPassword(d)`
add first user storage implementation 2020-04-01 20:29:42 +00:00			`raise PasswordException("invalid passord encoding: {0}".format(d["type"]))`

			`@abstractmethod`
implement hashed passwords 2021-02-06 17:38:49 +00:00			`def is_valid(self, inp: str) -> bool:`
add first user storage implementation 2020-04-01 20:29:42 +00:00			`pass`

include command to create a user 2021-02-06 17:04:32 +00:00			`@abstractmethod`
implement hashed passwords 2021-02-06 17:38:49 +00:00			`def toJson(self) -> dict:`
include command to create a user 2021-02-06 17:04:32 +00:00			`pass`

add first user storage implementation 2020-04-01 20:29:42 +00:00
			`class CleartextPassword(Password):`
include command to create a user 2021-02-06 17:04:32 +00:00			`def __init__(self, pwinfo):`
			`if isinstance(pwinfo, str):`
			`self._value = pwinfo`
			`elif isinstance(pwinfo, dict):`
			`self._value = pwinfo["value"]`
			`else:`
			`raise ValueError("invalid argument to ClearTextPassword()")`

implement hashed passwords 2021-02-06 17:38:49 +00:00			`def is_valid(self, inp: str) -> bool:`
include command to create a user 2021-02-06 17:04:32 +00:00			`return self._value == inp`

implement hashed passwords 2021-02-06 17:38:49 +00:00			`def toJson(self) -> dict:`
include command to create a user 2021-02-06 17:04:32 +00:00			`return {`
			`"encoding": "string",`
			`"value": self._value`
			`}`
add first user storage implementation 2020-04-01 20:29:42 +00:00

implement hashed passwords 2021-02-06 17:38:49 +00:00			`class HashedPassword(Password):`
			`def __init__(self, pwinfo, algorithm="sha256"):`
			`self.iterations = 100000`
implement forced password change for generated passwords 2021-02-08 17:30:54 +00:00			`if isinstance(pwinfo, str):`
implement hashed passwords 2021-02-06 17:38:49 +00:00			`self._createFromString(pwinfo, algorithm)`
			`else:`
			`self._loadFromDict(pwinfo)`

			`def _createFromString(self, pw: str, algorithm: str):`
			`self._algorithm = algorithm`
random salt for passwords 2021-02-06 17:43:37 +00:00			`self._salt = os.urandom(32)`
			`dk = hashlib.pbkdf2_hmac(self._algorithm, pw.encode(), self._salt, self.iterations)`
implement hashed passwords 2021-02-06 17:38:49 +00:00			`self._hash = dk.hex()`
			`pass`

			`def _loadFromDict(self, d: dict):`
			`self._hash = d["value"]`
			`self._algorithm = d["algorithm"]`
random salt for passwords 2021-02-06 17:43:37 +00:00			`self._salt = bytes.fromhex(d["salt"])`
implement hashed passwords 2021-02-06 17:38:49 +00:00			`pass`

			`def is_valid(self, inp: str) -> bool:`
random salt for passwords 2021-02-06 17:43:37 +00:00			`dk = hashlib.pbkdf2_hmac(self._algorithm, inp.encode(), self._salt, self.iterations)`
implement hashed passwords 2021-02-06 17:38:49 +00:00			`return dk.hex() == self._hash`

			`def toJson(self) -> dict:`
			`return {`
			`"encoding": "hash",`
			`"value": self._hash,`
			`"algorithm": self._algorithm,`
random salt for passwords 2021-02-06 17:43:37 +00:00			`"salt": self._salt.hex(),`
implement hashed passwords 2021-02-06 17:38:49 +00:00			`}`


			`DefaultPasswordClass = HashedPassword`
default password implementation 2021-02-06 17:22:13 +00:00

add first user storage implementation 2020-04-01 20:29:42 +00:00			`class User(object):`
implement forced password change for generated passwords 2021-02-08 17:30:54 +00:00			`def __init__(self, name: str, enabled: bool, password: Password, must_change_password: bool = False):`
add first user storage implementation 2020-04-01 20:29:42 +00:00			`self.name = name`
			`self.enabled = enabled`
			`self.password = password`
implement forced password change for generated passwords 2021-02-08 17:30:54 +00:00			`self.must_change_password = must_change_password`
add first user storage implementation 2020-04-01 20:29:42 +00:00
include command to create a user 2021-02-06 17:04:32 +00:00			`def toJson(self):`
			`return {`
			`"user": self.name,`
			`"enabled": self.enabled,`
implement forced password change for generated passwords 2021-02-08 17:30:54 +00:00			`"must_change_password": self.must_change_password,`
include command to create a user 2021-02-06 17:04:32 +00:00			`"password": self.password.toJson()`
			`}`

implement forced password change for generated passwords 2021-02-08 17:30:54 +00:00			`@staticmethod`
			`def fromJson(d):`
			`if "user" in d and "password" in d and "enabled" in d:`
			`mcp = d["must_change_password"] if "must_change_password" in d else False`
			`return User(d["user"], d["enabled"], Password.from_dict(d["password"]), mcp)`

			`def setPassword(self, password: Password, must_change_password: bool = None):`
implement password reset command 2021-02-06 18:12:44 +00:00			`self.password = password`
implement forced password change for generated passwords 2021-02-08 17:30:54 +00:00			`if must_change_password is not None:`
			`self.must_change_password = must_change_password`
implement password reset command 2021-02-06 18:12:44 +00:00
implement user list, enable, disable 2021-02-08 16:04:55 +00:00			`def is_enabled(self):`
			`return self.enabled`

			`def enable(self):`
			`self.enabled = True`

			`def disable(self):`
			`self.enabled = False`

add first user storage implementation 2020-04-01 20:29:42 +00:00
			`class UserList(object):`
			`sharedInstance = None`

			`@staticmethod`
			`def getSharedInstance():`
			`if UserList.sharedInstance is None:`
			`UserList.sharedInstance = UserList()`
			`return UserList.sharedInstance`

			`def __init__(self):`
monitor user file modifications & reload if necessary 2021-02-08 16:24:59 +00:00			`self.file_modified = None`
			`self.users = {}`

			`def refresh(self):`
			`if self.file_modified is None or self._getUsersFileModifiedTimestamp() > self.file_modified:`
			`logger.debug("reloading users from disk due to file modification")`
			`self.users = self._loadUsers()`
add first user storage implementation 2020-04-01 20:29:42 +00:00
include command to create a user 2021-02-06 17:04:32 +00:00			`def _getUsersFile(self):`
			`config = CoreConfig()`
			`return "{data_directory}/users.json".format(data_directory=config.get_data_directory())`

monitor user file modifications & reload if necessary 2021-02-08 16:24:59 +00:00			`def _getUsersFileModifiedTimestamp(self):`
handle empty file 2021-02-12 16:00:35 +00:00			`timestamp = 0`
			`try:`
			`timestamp = os.path.getmtime(self._getUsersFile())`
			`except FileNotFoundError:`
			`pass`
			`return datetime.fromtimestamp(timestamp, timezone.utc)`
monitor user file modifications & reload if necessary 2021-02-08 16:24:59 +00:00
add first user storage implementation 2020-04-01 20:29:42 +00:00			`def _loadUsers(self):`
include command to create a user 2021-02-06 17:04:32 +00:00			`usersFile = self._getUsersFile()`
monitor user file modifications & reload if necessary 2021-02-08 16:24:59 +00:00			`# to avoid concurrency issues and problems when parsing errors occur:`
			`# get early, store late`
			`modified = self._getUsersFileModifiedTimestamp()`
include command to create a user 2021-02-06 17:04:32 +00:00			`try:`
			`with open(usersFile, "r") as f:`
add first user storage implementation 2020-04-01 20:29:42 +00:00			`users_json = json.load(f)`
include command to create a user 2021-02-06 17:04:32 +00:00
implement forced password change for generated passwords 2021-02-08 17:30:54 +00:00			`users = {u.name: u for u in [User.fromJson(d) for d in users_json]}`
monitor user file modifications & reload if necessary 2021-02-08 16:24:59 +00:00			`self.file_modified = modified`
			`return users`
include command to create a user 2021-02-06 17:04:32 +00:00			`except FileNotFoundError:`
handle empty file 2021-02-12 16:00:35 +00:00			`self.file_modified = modified`
include command to create a user 2021-02-06 17:04:32 +00:00			`return {}`
			`except json.JSONDecodeError:`
			`logger.exception("error while parsing users file %s", usersFile)`
			`return {}`
			`except Exception:`
			`logger.exception("error while processing users from %s", usersFile)`
			`return {}`

			`def _userToJson(self, u):`
			`return u.toJson()`

implement password reset command 2021-02-06 18:12:44 +00:00			`def store(self):`
include command to create a user 2021-02-06 17:04:32 +00:00			`usersFile = self._getUsersFile()`
monitor user file modifications & reload if necessary 2021-02-08 16:24:59 +00:00			`users = [u.toJson() for u in self.values()]`
include command to create a user 2021-02-06 17:04:32 +00:00			`try:`
prevent file corruption during json.dump 2021-02-16 16:17:09 +00:00			`# don't write directly to file to avoid corruption on exceptions`
			`jsonContent = json.dumps(users, indent=4)`
include command to create a user 2021-02-06 17:04:32 +00:00			`with open(usersFile, "w") as f:`
prevent file corruption during json.dump 2021-02-16 16:17:09 +00:00			`f.write(jsonContent)`
update permissions on write 2021-02-18 20:07:45 +00:00			`# file should be readable by us only`
			`os.chmod(usersFile, stat.S_IWUSR + stat.S_IRUSR)`
include command to create a user 2021-02-06 17:04:32 +00:00			`except Exception:`
			`logger.exception("error while writing users file %s", usersFile)`
monitor user file modifications & reload if necessary 2021-02-08 16:24:59 +00:00			`self.refresh()`
include command to create a user 2021-02-06 17:04:32 +00:00
add "silent" flag to openwebrx-admin 2021-02-06 17:57:51 +00:00			`def _getUsername(self, user):`
			`if isinstance(user, User):`
			`return user.name`
			`elif isinstance(user, str):`
			`return user`
			`else:`
			`raise ValueError("invalid user type")`

include command to create a user 2021-02-06 17:04:32 +00:00			`def addUser(self, user: User):`
			`self[user.name] = user`

implement user deletion 2021-02-06 17:15:02 +00:00			`def deleteUser(self, user):`
add "silent" flag to openwebrx-admin 2021-02-06 17:57:51 +00:00			`del self[self._getUsername(user)]`
implement user deletion 2021-02-06 17:15:02 +00:00
			`def __delitem__(self, key):`
monitor user file modifications & reload if necessary 2021-02-08 16:24:59 +00:00			`self.refresh()`
implement user deletion 2021-02-06 17:15:02 +00:00			`if key not in self.users:`
			`raise KeyError("User {user} doesn't exist".format(user=key))`
			`del self.users[key]`
implement password reset command 2021-02-06 18:12:44 +00:00			`self.store()`
implement user deletion 2021-02-06 17:15:02 +00:00
add first user storage implementation 2020-04-01 20:29:42 +00:00			`def __getitem__(self, item):`
monitor user file modifications & reload if necessary 2021-02-08 16:24:59 +00:00			`self.refresh()`
add first user storage implementation 2020-04-01 20:29:42 +00:00			`return self.users[item]`

			`def __contains__(self, item):`
monitor user file modifications & reload if necessary 2021-02-08 16:24:59 +00:00			`self.refresh()`
add first user storage implementation 2020-04-01 20:29:42 +00:00			`return item in self.users`
include command to create a user 2021-02-06 17:04:32 +00:00
			`def __setitem__(self, key, value):`
monitor user file modifications & reload if necessary 2021-02-08 16:24:59 +00:00			`self.refresh()`
include command to create a user 2021-02-06 17:04:32 +00:00			`if key in self.users:`
			`raise KeyError("User {user} already exists".format(user=key))`
			`self.users[key] = value`
implement password reset command 2021-02-06 18:12:44 +00:00			`self.store()`
implement user list, enable, disable 2021-02-08 16:04:55 +00:00
			`def values(self):`
monitor user file modifications & reload if necessary 2021-02-08 16:24:59 +00:00			`self.refresh()`
implement user list, enable, disable 2021-02-08 16:04:55 +00:00			`return self.users.values()`