mirror of
https://github.com/clearml/clearml-server
synced 2025-04-06 05:55:11 +00:00
Fix user credentials reset on apiserver restart
This commit is contained in:
allegroai
parent
f3491cc9b9
commit
83a0485518
@ -73,7 +73,7 @@ def init_mongo_data():
|
|||||||
}
|
}
|
||||||
internal_user_emails.add(email.lower())
|
internal_user_emails.add(email.lower())
|
||||||
revoke = fixed_mode and credentials.get("revoke_in_fixed_mode", False)
|
revoke = fixed_mode and credentials.get("revoke_in_fixed_mode", False)
|
||||||
user_id = _ensure_auth_user(user_data, company_id, log=log, revoke=revoke)
|
user_id = _ensure_auth_user(user_data, company_id, log=log, revoke=revoke, internal_user=True)
|
||||||
if credentials.role == Role.user:
|
if credentials.role == Role.user:
|
||||||
_ensure_backend_user(user_id, company_id, credentials.display_name)
|
_ensure_backend_user(user_id, company_id, credentials.display_name)
|
||||||
|
|
||||||
|
|||||||
@ -10,7 +10,12 @@ from apiserver.service_repo.auth.fixed_user import FixedUser
|
|||||||
|
|
||||||
|
|
||||||
def _ensure_user_credentials(
|
def _ensure_user_credentials(
|
||||||
user: AuthUser, key: str, secret: str, log: Logger, revoke: bool = False
|
user: AuthUser,
|
||||||
|
key: str,
|
||||||
|
secret: str,
|
||||||
|
log: Logger,
|
||||||
|
revoke: bool = False,
|
||||||
|
internal_user: bool = False,
|
||||||
) -> None:
|
) -> None:
|
||||||
if revoke:
|
if revoke:
|
||||||
log.info(f"Revoking credentials for existing user {user.id} ({user.name})")
|
log.info(f"Revoking credentials for existing user {user.id} ({user.name})")
|
||||||
@ -19,19 +24,34 @@ def _ensure_user_credentials(
|
|||||||
return
|
return
|
||||||
|
|
||||||
if not (key and secret):
|
if not (key and secret):
|
||||||
log.info(f"Resetting credentials for existing user {user.id} ({user.name})")
|
if internal_user:
|
||||||
user.credentials = []
|
log.info(f"Resetting credentials for existing user {user.id} ({user.name})")
|
||||||
user.save()
|
user.credentials = []
|
||||||
|
user.save()
|
||||||
return
|
return
|
||||||
|
|
||||||
new_credentials = Credentials(key=key, secret=secret)
|
new_credentials = Credentials(key=key, secret=secret)
|
||||||
log.info(f"Setting credentials for existing user {user.id} ({user.name})")
|
if internal_user:
|
||||||
user.credentials = [new_credentials]
|
log.info(f"Setting credentials for existing user {user.id} ({user.name})")
|
||||||
user.save()
|
user.credentials = [new_credentials]
|
||||||
return
|
user.save()
|
||||||
|
return
|
||||||
|
|
||||||
|
if user.credentials is None:
|
||||||
|
user.credentials = []
|
||||||
|
if not any((cred.key, cred.secret) == (key, secret) for cred in user.credentials):
|
||||||
|
log.info(f"Adding credentials for existing user {user.id} ({user.name})")
|
||||||
|
user.credentials.append(new_credentials)
|
||||||
|
user.save()
|
||||||
|
|
||||||
|
|
||||||
def _ensure_auth_user(user_data: dict, company_id: str, log: Logger, revoke: bool = False) -> str:
|
def _ensure_auth_user(
|
||||||
|
user_data: dict,
|
||||||
|
company_id: str,
|
||||||
|
log: Logger,
|
||||||
|
revoke: bool = False,
|
||||||
|
internal_user: bool = False,
|
||||||
|
) -> str:
|
||||||
user_id = user_data.get("id", f"__{user_data['name']}__")
|
user_id = user_data.get("id", f"__{user_data['name']}__")
|
||||||
role = user_data["role"]
|
role = user_data["role"]
|
||||||
email = user_data["email"]
|
email = user_data["email"]
|
||||||
@ -40,12 +60,15 @@ def _ensure_auth_user(user_data: dict, company_id: str, log: Logger, revoke: boo
|
|||||||
|
|
||||||
user: AuthUser = AuthUser.objects(id=user_id).first()
|
user: AuthUser = AuthUser.objects(id=user_id).first()
|
||||||
if user:
|
if user:
|
||||||
_ensure_user_credentials(user=user, key=key, secret=secret, log=log, revoke=revoke)
|
_ensure_user_credentials(
|
||||||
if (
|
user=user,
|
||||||
user.role != role
|
key=key,
|
||||||
or user.email != email
|
secret=secret,
|
||||||
or user.autocreated != autocreated
|
log=log,
|
||||||
):
|
revoke=revoke,
|
||||||
|
internal_user=internal_user,
|
||||||
|
)
|
||||||
|
if user.role != role or user.email != email or user.autocreated != autocreated:
|
||||||
user.email = email
|
user.email = email
|
||||||
user.role = role
|
user.role = role
|
||||||
user.autocreated = autocreated
|
user.autocreated = autocreated
|
||||||
@ -54,9 +77,7 @@ def _ensure_auth_user(user_data: dict, company_id: str, log: Logger, revoke: boo
|
|||||||
return user.id
|
return user.id
|
||||||
|
|
||||||
credentials = (
|
credentials = (
|
||||||
[Credentials(key=key, secret=secret)]
|
[Credentials(key=key, secret=secret)] if not revoke and key and secret else []
|
||||||
if not revoke and key and secret
|
|
||||||
else []
|
|
||||||
)
|
)
|
||||||
log.info(f"Creating user: {user_data['name']}")
|
log.info(f"Creating user: {user_data['name']}")
|
||||||
|
|
||||||
@ -108,7 +129,9 @@ def ensure_fixed_user(user: FixedUser, log: Logger, emails: set):
|
|||||||
try:
|
try:
|
||||||
log.info(f"Updating user name: {user.name}")
|
log.info(f"Updating user name: {user.name}")
|
||||||
given_name, _, family_name = user.name.partition(" ")
|
given_name, _, family_name = user.name.partition(" ")
|
||||||
db_user.update(name=user.name, given_name=given_name, family_name=family_name)
|
db_user.update(
|
||||||
|
name=user.name, given_name=given_name, family_name=family_name
|
||||||
|
)
|
||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
else:
|
else:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user