3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
18 from am_api_base import *
19 from keystoneauth1 import exceptions
20 from cmframework.apis import cmclient
23 class UsersPasswords(AMApiBase):
26 User reset password operations
28 .. :quickref: User passwords;User reset password operations
30 .. http:post:: /am/v1/users/passwords
32 **Start User reset password**
38 POST am/v1/users/passwords HTTP/1.1
39 Host: haproxyvip:61200
40 Accept: application/json
42 "user": <uuid> or <username>
43 "npassword: "Passwd_1"
46 :> json string user: The user's id or name.
47 :> json string npassword: The user's new password
56 "description": "Users password reset success."
59 :> json int code: the status code
60 :> json string description: the error description, present if code is non zero
63 endpoints = ['users/passwords']
64 parser_arguments = ['user',
68 self.logger.info("Received a reset password request!")
69 args = self.parse_args()
71 passstate = self.passwd_validator(args["npassword"])
72 if passstate is not None:
73 self.logger.error(passstate)
74 return AMApiBase.embed_data({}, 1, passstate)
76 state, user_info = self.get_uuid_and_name(args["user"])
78 status, message = self._reset_pass(user_info, args['npassword'])
81 self.logger.info("Password reset successfully!")
82 return AMApiBase.embed_data({}, 0, "Password reset successfully!")
84 self.logger.error("Internal error: {0}".format(message))
85 return AMApiBase.embed_data({}, 1, message)
87 self.logger.error(user_info)
88 return AMApiBase.embed_data({}, 1, user_info)
90 def _reset_pass(self, user_info, passwd):
92 reset = self.keystone.users.update(user_info["id"], password=passwd)
93 except exceptions.http.NotFound as ex:
94 self.logger.error("{0}".format(ex))
95 return False, "This user does not exist in the keystone!"
96 except Exception as ex:
97 self.logger.error("{0}".format(ex))
98 return False, "{0}".format(ex)
100 self.logger.info(reset)
101 passwd_hash = crypt.crypt(passwd, crypt.mksalt(crypt.METHOD_SHA512))
103 state_open, message_open = self._open_db()
106 roles = self.db.get_user_roles(user_info["id"])
108 if self.db.is_chroot_role(role):
109 # if the user has a chroot account, change the pwd of that also
111 self.linux_chroot_pass_handling(user_info["name"], "Chroot", "cloud.chroot", passwd_hash)
113 if self.check_chroot_linux_pass_state(user_info["name"], "cloud.chroot", passwd_hash):
114 return True, "Success"
115 return False, "The user handler is busy, please try again."
116 if role == "linux_user":
117 # if the user has a Linux user account, change the pwd of that also
119 self.linux_chroot_pass_handling(user_info["name"], "Linux", "cloud.linuxuser", passwd_hash)
121 if self.check_chroot_linux_pass_state(user_info["name"], "cloud.linuxuser", passwd_hash):
122 return True, "Success"
123 return False, "The user handler is busy, please try again."
124 except Exception as ex:
125 self.logger.error("Internal error: {0}".format(ex))
126 return AMApiBase.embed_data({}, 1, "Internal error: {0}".format(ex))
128 state_close, message_close = self._close_db()
133 return False, message_open
135 def linux_chroot_pass_handling(self, username, user_type, list_name, passwd):
136 cmc = cmclient.CMClient()
137 user_list = cmc.get_property(list_name)
138 user_list = json.loads(user_list)
139 self.logger.debug("{0} user list before the change: {1}".format(user_type, json.dumps(user_list)))
140 if user_list is not None:
141 self.logger.debug("The {0} user list exist!".format(user_type))
142 for val in user_list:
143 if val["name"] == username:
144 val["password"] = passwd
146 self.logger.debug("{0} user list after the change: {1}".format(user_type, json.dumps(user_list)))
147 cmc.set_property(list_name, json.dumps(user_list))
149 def check_chroot_linux_pass_state(self, username, list_name, password):
150 cmc = cmclient.CMClient()
151 user_list = cmc.get_property(list_name)
152 user_list = json.loads(user_list)
153 self.logger.debug("Start the user list check")
154 for val in user_list:
155 if val["name"] == username and val["password"] == password:
156 self.logger.debug("{0} user's password changed!".format(username))
158 self.logger.debug("{0} user's password is not changed!".format(username))