Register Logs

app = Flask(__name__)

app = Flask(__name__)

config = Config().get_config()

config = Config().get_config()

print(f"Creating superadmin CSR and keys...")

# Create a superadmin CSR and keys

# Create a superadmin CSR and keys

key = PKey()

key = PKey()

key.generate_key(TYPE_RSA, 2048)

key.generate_key(TYPE_RSA, 2048)

key_file.write(bytes(private_key))

key_file.write(bytes(private_key))

key_file.close()

key_file.close()

print(f"Requesting superadmin certificate...")

# Request superadmin certificate

# Request superadmin certificate

url = 'http://{}:{}/v1/pki_int/sign/my-ca'.format(config["ca_factory"]["url"], config["ca_factory"]["port"])  

url = 'http://{}:{}/v1/pki_int/sign/my-ca'.format(config["ca_factory"]["url"], config["ca_factory"]["port"])  

headers = {'X-Vault-Token': f"{config["ca_factory"]["token"]}"}  

headers = {'X-Vault-Token': f"{config["ca_factory"]["token"]}"}  

cert_file.write(bytes(superadmin_cert, 'utf-8'))

cert_file.write(bytes(superadmin_cert, 'utf-8'))

cert_file.close()

cert_file.close()

print(f"Requesting ca_root certificate...")

url = f"http://{config['ca_factory']['url']}:{config['ca_factory']['port']}/v1/secret/data/ca"

url = f"http://{config['ca_factory']['url']}:{config['ca_factory']['port']}/v1/secret/data/ca"

headers = {

headers = {

cert_file.write(bytes(ca_root, 'utf-8'))

cert_file.write(bytes(ca_root, 'utf-8'))

cert_file.close()

cert_file.close()

print(f"Registering blueprint...")

app.register_blueprint(helper_routes)

app.register_blueprint(helper_routes)

app.logger.setLevel(logging.DEBUG)

app.logger.setLevel(logging.DEBUG)

print(f"Starting helper!")

if __name__ == '__main__':

if __name__ == '__main__':

    app.run(host='0.0.0.0', port=8080, debug=True)

    app.run(host='0.0.0.0', port=8080, debug=True)

 No newline at end of file

from flask_jwt_extended import JWTManager

from flask_jwt_extended import JWTManager

from OpenSSL.crypto import PKey, TYPE_RSA, X509Req, dump_certificate_request, FILETYPE_PEM, dump_privatekey

from OpenSSL.crypto import PKey, TYPE_RSA, X509Req, dump_certificate_request, FILETYPE_PEM, dump_privatekey

import requests

import requests

import logging

import json

import json

from .config import Config

from .config import Config

from .db.db import MongoDatabse

from .db.db import MongoDatabse

config = Config().get_config()

config = Config().get_config()

print(f"Creating superadmin CSR and keys...")

# Create a superadmin CSR and keys

# Create a superadmin CSR and keys

key = PKey()

key = PKey()

key.generate_key(TYPE_RSA, 2048)

key.generate_key(TYPE_RSA, 2048)

key_file.write(bytes(private_key))

key_file.write(bytes(private_key))

key_file.close()

key_file.close()

print(f"Requesting superadmin certificate...")

# Request superadmin certificate

# Request superadmin certificate

url = 'http://{}:{}/v1/pki_int/sign/my-ca'.format(config["ca_factory"]["url"], config["ca_factory"]["port"])  

url = 'http://{}:{}/v1/pki_int/sign/my-ca'.format(config["ca_factory"]["url"], config["ca_factory"]["port"])  

headers = {'X-Vault-Token': f"{config["ca_factory"]["token"]}"}  

headers = {'X-Vault-Token': f"{config["ca_factory"]["token"]}"}  

cert_file.write(bytes(superadmin_cert, 'utf-8'))

cert_file.write(bytes(superadmin_cert, 'utf-8'))

cert_file.close()

cert_file.close()

print(f"Requesting ca_root certificate...")

url = f"http://{config['ca_factory']['url']}:{config['ca_factory']['port']}/v1/secret/data/ca"

url = f"http://{config['ca_factory']['url']}:{config['ca_factory']['port']}/v1/secret/data/ca"

headers = {

headers = {

cert_file.write(bytes(ca_root, 'utf-8'))

cert_file.write(bytes(ca_root, 'utf-8'))

cert_file.close()

cert_file.close()

print(f"Requesting CAPIF private key...")

# Request CAPIF private key to encode the CAPIF token

# Request CAPIF private key to encode the CAPIF token

url = 'http://{}:{}/v1/secret/data/server_cert/private'.format(config["ca_factory"]["url"], config["ca_factory"]["port"])

url = 'http://{}:{}/v1/secret/data/server_cert/private'.format(config["ca_factory"]["url"], config["ca_factory"]["port"])

headers = {'X-Vault-Token': f"{config["ca_factory"]["token"]}"}

headers = {'X-Vault-Token': f"{config["ca_factory"]["token"]}"}

key_data = json.loads(response.text)["data"]["data"]["key"]

key_data = json.loads(response.text)["data"]["data"]["key"]

print(f"Checking initial administrator...")

# Create an Admin in the Admin Collection

# Create an Admin in the Admin Collection

client = MongoDatabse()

client = MongoDatabse()

if not client.get_col_by_name(client.capif_admins).find_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]}):

if not client.get_col_by_name(client.capif_admins).find_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]}):

    print(f"\nInitial administrato not found, registering: ({config["register"]["admin_users"]["admin_user"]},  {config["register"]["admin_users"]["admin_pass"]})\n")

    client.get_col_by_name(client.capif_admins).insert_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]})

    client.get_col_by_name(client.capif_admins).insert_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]})

app.config['JWT_PRIVATE_KEY'] = key_data

app.config['JWT_PRIVATE_KEY'] = key_data

app.config['REGISTRE_SECRET_KEY'] = config["register"]["register_uuid"]

app.config['REGISTRE_SECRET_KEY'] = config["register"]["register_uuid"]

print(f"Registering blueprint...")

app.register_blueprint(register_routes)

app.register_blueprint(register_routes)

app.logger.setLevel(logging.DEBUG)

print(f"Starting Register!")

#----------------------------------------

#----------------------------------------

# launch

# launch

# Function to generate access tokens and refresh tokens

# Function to generate access tokens and refresh tokens

def generate_tokens(username):

def generate_tokens(username):

    current_app.logger.debug(f"generating admin tokens...")

    access_payload = {

    access_payload = {

        'username': username,

        'username': username,

        'exp': datetime.now() + timedelta(minutes=config["register"]["token_expiration"])

        'exp': datetime.now() + timedelta(minutes=config["register"]["token_expiration"])

    }

    }

    access_token = jwt.encode(access_payload, current_app.config['REGISTRE_SECRET_KEY'], algorithm='HS256')

    access_token = jwt.encode(access_payload, current_app.config['REGISTRE_SECRET_KEY'], algorithm='HS256')

    refresh_token = jwt.encode(refresh_payload, current_app.config['REGISTRE_SECRET_KEY'], algorithm='HS256')

    refresh_token = jwt.encode(refresh_payload, current_app.config['REGISTRE_SECRET_KEY'], algorithm='HS256')

    current_app.logger.debug(f"Access token : {access_token}\nRefresh token : {refresh_token}")

    return access_token, refresh_token

    return access_token, refresh_token

# Function in charge of verifying the basic auth

# Function in charge of verifying the basic auth

@auth.verify_password

@auth.verify_password

def verify_password(username, password):

def verify_password(username, password):

    current_app.logger.debug("Checking user credentials...")

    users = register_operation.get_users()[0].json["users"]

    users = register_operation.get_users()[0].json["users"]

    client = MongoDatabse()

    client = MongoDatabse()

    admin = client.get_col_by_name(client.capif_admins).find_one({"admin_name": username, "admin_pass": password})

    admin = client.get_col_by_name(client.capif_admins).find_one({"admin_name": username, "admin_pass": password})

    if admin:

    if admin:

        current_app.logger.debug(f"Verified admin {username}")

        return username, "admin"

        return username, "admin"

    for user in users:

    for user in users:

        if user["username"] == username and user["password"]==password:

        if user["username"] == username and user["password"]==password:

            current_app.logger.debug(f"Verified user {username}")

            return username, "client"

            return username, "client"

# Function responsible for verifying the token

# Function responsible for verifying the token

    def decorator(f):

    def decorator(f):

        @wraps(f)

        @wraps(f)

        def decorated(*args, **kwargs):

        def decorated(*args, **kwargs):

            current_app.logger.debug("Checking admin token...")

            token = request.headers.get('Authorization')

            token = request.headers.get('Authorization')

            if not token:

            if not token:

                current_app.logger.debug("Token is missing.")

                return jsonify({'message': 'Token is missing'}), 401

                return jsonify({'message': 'Token is missing'}), 401

            if token.startswith('Bearer '):

            if token.startswith('Bearer '):

                current_app.logger.debug("Token is missing.")

                token = token.split('Bearer ')[1]

                token = token.split('Bearer ')[1]

            if not token:

            if not token:

                current_app.logger.debug("Token is missing.")

                return jsonify({'message': 'Token is missing'}), 401

                return jsonify({'message': 'Token is missing'}), 401

            try:

            try:

                username = data['username']

                username = data['username']

                return f(username, *args, **kwargs)

                return f(username, *args, **kwargs)

            except Exception as e:

            except Exception as e:

                current_app.logger.debug(f"Error: {str(e)}.")

                return jsonify({'message': str(e)}), 401

                return jsonify({'message': str(e)}), 401

        return decorated

        return decorated

def login():

def login():

    username, rol = auth.current_user()

    username, rol = auth.current_user()

    if rol != "admin":

    if rol != "admin":

        current_app.logger.debug(f"User {username} trying to log in as admin")

        return jsonify(message="Unauthorized. Administrator privileges required."), 401

        return jsonify(message="Unauthorized. Administrator privileges required."), 401

    access_token, refresh_token = generate_tokens(username)

    access_token, refresh_token = generate_tokens(username)

    return jsonify({'access_token': access_token, 'refresh_token': refresh_token})

    return jsonify({'access_token': access_token, 'refresh_token': refresh_token})

@register_routes.route('/refresh', methods=['POST'])

@register_routes.route('/refresh', methods=['POST'])

@admin_required()

@admin_required()

def refresh_token(username):

def refresh_token(username):

    current_app.logger.debug(f"Refreshing token for admin {username}")

    access_token, _ = generate_tokens(username)

    access_token, _ = generate_tokens(username)

    return jsonify({'access_token': access_token})

    return jsonify({'access_token': access_token})

@register_routes.route("/createUser", methods=["POST"])

@register_routes.route("/createUser", methods=["POST"])

@admin_required()

@admin_required()

def register(username):

def register(username):

    current_app.logger.debug(f"Admin {username} creating a user...")

    required_fields = {

    required_fields = {

        "username": str,

        "username": str,

        "password": str,

        "password": str,

    }

    }

    user_info = request.get_json()

    user_info = request.get_json()

    current_app.logger.debug(f"User Info: {user_info}")

    missing_fields = []

    missing_fields = []

    for field, field_type in required_fields.items():

    for field, field_type in required_fields.items():

        if field not in user_info:

        if field not in user_info:

            missing_fields.append(field)

            missing_fields.append(field)

        elif not isinstance(user_info[field], field_type):

        elif not isinstance(user_info[field], field_type):

            current_app.logger.debug(f"Error: Field {field} must be of type {field_type.__name__}")

            return jsonify({"error": f"Field '{field}' must be of type {field_type.__name__}"}), 400

            return jsonify({"error": f"Field '{field}' must be of type {field_type.__name__}"}), 400

    for field, field_type in optional_fields.items():

    for field, field_type in optional_fields.items():

        if field in user_info and not isinstance(user_info[field], field_type):

        if field in user_info and not isinstance(user_info[field], field_type):

            current_app.logger.debug(f"Error: Field {field} must be of type {field_type.__name__}")

            return jsonify({"error": f"Optional field '{field}' must be of type {field_type.__name__}"}), 400

            return jsonify({"error": f"Optional field '{field}' must be of type {field_type.__name__}"}), 400

        if field not in user_info:

        if field not in user_info:

            user_info[field] = None

            user_info[field] = None

    if missing_fields:

    if missing_fields:

        current_app.logger.debug(f"Error: missing requuired fields : {missing_fields}")

        return jsonify({"error": "Missing required fields", "fields": missing_fields}), 400

        return jsonify({"error": "Missing required fields", "fields": missing_fields}), 400

    return register_operation.register_user(user_info)

    return register_operation.register_user(user_info)

@auth.login_required

@auth.login_required

def getauth():

def getauth():

    username, _ = auth.current_user()

    username, _ = auth.current_user()

    current_app.logger.debug(f"Obtaining authorization for the user {username}")

    return register_operation.get_auth(username)

    return register_operation.get_auth(username)

@register_routes.route("/deleteUser/<uuid>", methods=["DELETE"])

@register_routes.route("/deleteUser/<uuid>", methods=["DELETE"])

@admin_required()

@admin_required()

def remove(username, uuid):

def remove(username, uuid):

    current_app.logger.debug(f"Deleting user with id {uuid} by admin {username}")

    return register_operation.remove_user(uuid)

    return register_operation.remove_user(uuid)

@register_routes.route("/getUsers", methods=["GET"])

@register_routes.route("/getUsers", methods=["GET"])

@admin_required()

@admin_required()

def getUsers(username):

def getUsers(username):

    current_app.logger.debug(f"Returning list of users to admin {username}")

    return register_operation.get_users()

    return register_operation.get_users()

        mycol = self.db.get_col_by_name(self.db.capif_users)

        mycol = self.db.get_col_by_name(self.db.capif_users)

        exist_user = mycol.find_one({"username": user_info["username"]})

        exist_user = mycol.find_one({"username": user_info["username"]})

        if exist_user:

        if exist_user:

            current_app.logger.debug(f"User already exists : {user_info["username"]}")

            return jsonify("user already exists"), 409

            return jsonify("user already exists"), 409

        name_space = uuid.UUID(self.config["register"]["register_uuid"])

        name_space = uuid.UUID(self.config["register"]["register_uuid"])

        user_uuid = str(uuid.uuid5(name_space,user_info["username"]))

        user_uuid = str(uuid.uuid5(name_space,user_info["username"]))

        current_app.logger.debug(f"User uuid : {user_uuid}")

        user_info["uuid"] = user_uuid

        user_info["uuid"] = user_uuid

        user_info["onboarding_date"]=datetime.now()

        user_info["onboarding_date"]=datetime.now()

        obj = mycol.insert_one(user_info)

        obj = mycol.insert_one(user_info)

        current_app.logger.debug(f"User with uuid {user_uuid} and username {user_info["username"]} registered successfully")

        return jsonify(message="User registered successfully", uuid=user_uuid), 201

        return jsonify(message="User registered successfully", uuid=user_uuid), 201

    def get_auth(self, username):

    def get_auth(self, username):

            exist_user = mycol.find_one({"username": username})

            exist_user = mycol.find_one({"username": username})

            if exist_user is None:

            if exist_user is None:

                current_app.logger.debug(f"Not exister user with this credentials  : {username}")

                return jsonify("Not exister user with this credentials"), 400

                return jsonify("Not exister user with this credentials"), 400

            access_token = create_access_token(identity=(username + " " + exist_user["uuid"]))

            access_token = create_access_token(identity=(username + " " + exist_user["uuid"]))

            current_app.logger.debug(f"Access token generated for user {username} : {access_token}")

            cert_file = open("register_service/certs/ca_root.crt", 'rb')

            cert_file = open("register_service/certs/ca_root.crt", 'rb')

            ca_root = cert_file.read()

            ca_root = cert_file.read()

            cert_file.close()

            cert_file.close()

            current_app.logger.debug(f"Returning the requested information...")

            return jsonify(message="Token and CA root returned successfully", 

            return jsonify(message="Token and CA root returned successfully", 

                            access_token=access_token, 

                            access_token=access_token, 

                            ca_root=ca_root.decode("utf-8"),

                            ca_root=ca_root.decode("utf-8"),

            requests.delete(url, cert=("register_service/certs/superadmin.crt", "register_service/certs/superadmin.key"), verify="register_service/certs/ca_root.crt")

            requests.delete(url, cert=("register_service/certs/superadmin.crt", "register_service/certs/superadmin.key"), verify="register_service/certs/ca_root.crt")

            mycol.delete_one({"uuid": uuid})

            mycol.delete_one({"uuid": uuid})

            current_app.logger.debug(f"User with uuid {uuid} removed successfully")

            return jsonify(message="User removed successfully"), 204

            return jsonify(message="User removed successfully"), 204

        except Exception as e:

        except Exception as e:

            return jsonify(message=f"Errors when try remove user: {e}"), 500

            return jsonify(message=f"Errors when try remove user: {e}"), 500