From 8252afca16cedcfc0600999a97f740ee14cf71ed Mon Sep 17 00:00:00 2001 From: Andrew Wang Date: Thu, 26 Aug 2021 02:02:47 -0400 Subject: [PATCH] adjustments part 1 --- README.md | 2 +- ceo_common/errors.py | 5 +++++ ceod/api/database.py | 22 +++++++++++----------- ceod/db/MySQLService.py | 6 ++++-- ceod/db/PostgreSQLService.py | 6 ++++-- 5 files changed, 25 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index c350db4..500219b 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ mv pg_hba.conf pg_hba.conf.old # TYPE DATABASE USER ADDRESS METHOD local all postgres md5 local sameuser all md5 -host all all 0.0.0.0/0 reject +host sameuser all 0.0.0.0/0 md5 ``` ``` systemctl restart postgresql diff --git a/ceo_common/errors.py b/ceo_common/errors.py index 8c996ec..c640419 100644 --- a/ceo_common/errors.py +++ b/ceo_common/errors.py @@ -51,6 +51,11 @@ class NoSuchListError(Exception): super().__init__('mailing list does not exist') +class InvalidUsernameError(Exception): + def __init__(self): + super().__init__('Username contains characters that are not allowed') + + class DatabaseConnectionError(Exception): def __init__(self): super().__init__('unable to connect or authenticate to sql service') diff --git a/ceod/api/database.py b/ceod/api/database.py index ff31b41..3001ee6 100644 --- a/ceod/api/database.py +++ b/ceod/api/database.py @@ -3,7 +3,7 @@ from zope import component from ceod.api.utils import authz_restrict_to_staff, authz_restrict_to_syscom, \ user_is_in_group, requires_authentication_no_realm, \ create_streaming_response, development_only -from ceo_common.errors import UserNotFoundError, DatabaseConnectionError, DatabasePermissionError +from ceo_common.errors import UserNotFoundError, DatabaseConnectionError, DatabasePermissionError, InvalidUsernameError from ceo_common.interfaces import ILDAPService, IDatabaseService @@ -13,7 +13,7 @@ bp = Blueprint('db', __name__) def create_db_from_type(db_type: str, username: str): try: if not username.isalnum(): # username should not contain symbols - raise UserNotFoundError + raise InvalidUsernameError() ldap_srv = component.getUtility(ILDAPService) ldap_srv.get_user(username) # make sure user exists db_srv = component.getUtility(IDatabaseService, db_type) @@ -21,30 +21,30 @@ def create_db_from_type(db_type: str, username: str): return {'password': password} except UserNotFoundError: return {'error': 'user not found'}, 404 + except InvalidUsernameError: + return {'error': 'username contains invalid characters'}, 400 except DatabaseConnectionError: - return {'error': 'unable to connect or authenticate to sql server'}, 400 + return {'error': 'unable to connect or authenticate to sql server'}, 500 except DatabasePermissionError: - return {'error': 'unable to perform action due to permissions'}, 502 - except: - return {'error': 'Unexpected error'}, 500 + return {'error': 'unable to perform action due to permissions'}, 500 def delete_db_from_type(db_type: str, username: str): try: if not username.isalnum(): # username should not contain symbols - raise UserNotFoundError + raise InvalidUsernameError() ldap_srv = component.getUtility(ILDAPService) ldap_srv.get_user(username) # make sure user exists db_srv = component.getUtility(IDatabaseService, db_type) db_srv.delete_db(username) except UserNotFoundError: return {'error': 'user not found'}, 404 + except InvalidUsernameError: + return {'error': 'username contains invalid characters'}, 400 except DatabaseConnectionError: - return {'error': 'unable to connect or authenticate to sql server'}, 400 + return {'error': 'unable to connect or authenticate to sql server'}, 500 except DatabasePermissionError: - return {'error': 'unable to perform action due to permissions'}, 502 - except: - return {'error': 'Unexpected error'}, 500 + return {'error': 'unable to perform action due to permissions'}, 500 @bp.route('/mysql/', methods=['POST']) diff --git a/ceod/db/MySQLService.py b/ceod/db/MySQLService.py index 875c635..bd41a9f 100644 --- a/ceod/db/MySQLService.py +++ b/ceod/db/MySQLService.py @@ -10,8 +10,10 @@ from mysql.connector.errors import InterfaceError, ProgrammingError @implementer(IDatabaseService) class MySQLService: + + type = 'mysql' + def __init__(self): - self.type = 'mysql' config = component.getUtility(IConfig) self.auth_username = config.get('mysql_username') self.auth_password = config.get('mysql_password') @@ -55,8 +57,8 @@ class MySQLService: password=self.auth_password, ) as con: with con.cursor() as cursor: - cursor.execute(drop_user) cursor.execute(drop_db) + cursor.execute(drop_user) except InterfaceError: raise DatabaseConnectionError() except ProgrammingError: diff --git a/ceod/db/PostgreSQLService.py b/ceod/db/PostgreSQLService.py index 21bf808..009542d 100644 --- a/ceod/db/PostgreSQLService.py +++ b/ceod/db/PostgreSQLService.py @@ -10,8 +10,10 @@ from psycopg2.extensions import ISOLATION_LEVEL_AUTOCOMMIT @implementer(IDatabaseService) class PostgreSQLService: + + type = 'postgresql' + def __init__(self): - self.type = 'postgresql' config = component.getUtility(IConfig) self.auth_username = config.get('postgresql_username') self.auth_password = config.get('postgresql_password') @@ -57,8 +59,8 @@ class PostgreSQLService: ) as con: con.set_isolation_level(ISOLATION_LEVEL_AUTOCOMMIT) with con.cursor() as cursor: - cursor.execute(drop_user) cursor.execute(drop_db) + cursor.execute(drop_user) except OperationalError: raise DatabaseConnectionError() except ProgrammingError: