adjustments part 1

1 year ago · 8252afca16
parent dc4d60fba2
commit 8252afca16
5 changed files with 25 additions and 16 deletions
--- a/README.md
+++ b/README.md
@ -59,7 +59,7 @@ mv pg_hba.conf pg_hba.conf.old
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
 local   all             postgres                                md5
 local   sameuser        all                                     md5
-host    all             all             0.0.0.0/0               reject
+host    sameuser        all             0.0.0.0/0               md5
 ```
 ```
 systemctl restart postgresql
--- a/ceo_common/errors.py
+++ b/ceo_common/errors.py
@ -51,6 +51,11 @@ class NoSuchListError(Exception):
        super().__init__('mailing list does not exist')


+class InvalidUsernameError(Exception):
+    def __init__(self):
+        super().__init__('Username contains characters that are not allowed')
+
+
 class DatabaseConnectionError(Exception):
    def __init__(self):
        super().__init__('unable to connect or authenticate to sql service')
--- a/ceod/api/database.py
+++ b/ceod/api/database.py
@ -3,7 +3,7 @@ from zope import component
 from ceod.api.utils import authz_restrict_to_staff, authz_restrict_to_syscom, \
    user_is_in_group, requires_authentication_no_realm, \
    create_streaming_response, development_only
-from ceo_common.errors import UserNotFoundError, DatabaseConnectionError, DatabasePermissionError
+from ceo_common.errors import UserNotFoundError, DatabaseConnectionError, DatabasePermissionError, InvalidUsernameError
 from ceo_common.interfaces import ILDAPService, IDatabaseService


@ -13,7 +13,7 @@ bp = Blueprint('db', __name__)
 def create_db_from_type(db_type: str, username: str):
    try:
        if not username.isalnum():  # username should not contain symbols
-            raise UserNotFoundError
+            raise InvalidUsernameError()
        ldap_srv = component.getUtility(ILDAPService)
        ldap_srv.get_user(username)  # make sure user exists
        db_srv = component.getUtility(IDatabaseService, db_type)
@ -21,30 +21,30 @@ def create_db_from_type(db_type: str, username: str):
        return {'password': password}
    except UserNotFoundError:
        return {'error': 'user not found'}, 404
+    except InvalidUsernameError:
+        return {'error': 'username contains invalid characters'}, 400
    except DatabaseConnectionError:
-        return {'error': 'unable to connect or authenticate to sql server'}, 400
+        return {'error': 'unable to connect or authenticate to sql server'}, 500
    except DatabasePermissionError:
-        return {'error': 'unable to perform action due to permissions'}, 502
-    except:
-        return {'error': 'Unexpected error'}, 500
+        return {'error': 'unable to perform action due to permissions'}, 500


 def delete_db_from_type(db_type: str, username: str):
    try:
        if not username.isalnum():  # username should not contain symbols
-            raise UserNotFoundError
+            raise InvalidUsernameError()
        ldap_srv = component.getUtility(ILDAPService)
        ldap_srv.get_user(username)  # make sure user exists
        db_srv = component.getUtility(IDatabaseService, db_type)
        db_srv.delete_db(username)
    except UserNotFoundError:
        return {'error': 'user not found'}, 404
+    except InvalidUsernameError:
+        return {'error': 'username contains invalid characters'}, 400
    except DatabaseConnectionError:
-        return {'error': 'unable to connect or authenticate to sql server'}, 400
+        return {'error': 'unable to connect or authenticate to sql server'}, 500
    except DatabasePermissionError:
-        return {'error': 'unable to perform action due to permissions'}, 502
-    except:
-        return {'error': 'Unexpected error'}, 500
+        return {'error': 'unable to perform action due to permissions'}, 500


@bp.route('/mysql/<username>', methods=['POST'])
--- a/ceod/db/MySQLService.py
+++ b/ceod/db/MySQLService.py
@ -10,8 +10,10 @@ from mysql.connector.errors import InterfaceError, ProgrammingError

@implementer(IDatabaseService)
 class MySQLService:
+
+    type = 'mysql'
+
    def __init__(self):
-        self.type = 'mysql'
        config = component.getUtility(IConfig)
        self.auth_username = config.get('mysql_username')
        self.auth_password = config.get('mysql_password')
@ -55,8 +57,8 @@ class MySQLService:
                    password=self.auth_password,
            ) as con:
                with con.cursor() as cursor:
-                    cursor.execute(drop_user)
                    cursor.execute(drop_db)
+                    cursor.execute(drop_user)
        except InterfaceError:
            raise DatabaseConnectionError()
        except ProgrammingError:
--- a/ceod/db/PostgreSQLService.py
+++ b/ceod/db/PostgreSQLService.py
@ -10,8 +10,10 @@ from psycopg2.extensions import ISOLATION_LEVEL_AUTOCOMMIT

@implementer(IDatabaseService)
 class PostgreSQLService:
+
+    type = 'postgresql'
+
    def __init__(self):
-        self.type = 'postgresql'
        config = component.getUtility(IConfig)
        self.auth_username = config.get('postgresql_username')
        self.auth_password = config.get('postgresql_password')
@ -57,8 +59,8 @@ class PostgreSQLService:
            ) as con:
                con.set_isolation_level(ISOLATION_LEVEL_AUTOCOMMIT)
                with con.cursor() as cursor:
-                    cursor.execute(drop_user)
                    cursor.execute(drop_db)
+                    cursor.execute(drop_user)
        except OperationalError:
            raise DatabaseConnectionError()
        except ProgrammingError: