diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/default_controller.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/default_controller.py
index 456b4ecc8bbde1dbd1aff2c88b14bee17bdcf727..27eb1c8fde859b355f543856af9f4857d36710bb 100644
--- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/default_controller.py
+++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/default_controller.py
@@ -104,18 +104,13 @@ def onboarded_invokers_post(body): # noqa: E501
"""
identity = get_jwt_identity()
- username, role = identity.split()
-
- if role != "invoker":
- prob = ProblemDetails(title="Unauthorized", status=401, detail="Role not authorized for this API route",
- cause="User role must be invoker")
- return Response(json.dumps(prob, cls=JSONEncoder), status=401, mimetype='application/json')
+ username, uuid = identity.split()
if connexion.request.is_json:
body = APIInvokerEnrolmentDetails.from_dict(connexion.request.get_json()) # noqa: E501
current_app.logger.info("Creating Invoker")
- res = invoker_operations.add_apiinvokerenrolmentdetail(body, username)
+ res = invoker_operations.add_apiinvokerenrolmentdetail(body, username, uuid)
if res.status_code == 201:
current_app.logger.info("Invoker Created")
publisher_ops.publish_message("events", "API_INVOKER_ONBOARDED")
diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py
index 1d79405b6a9237edfa41e424c18f659f47aa9990..dc186e4da140c450eb8573cf4911c17a4c023eb8 100644
--- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py
+++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py
@@ -52,13 +52,11 @@ class InvokerManagementOperations(Resource):
self.config = Config().get_config()
- def add_apiinvokerenrolmentdetail(self, apiinvokerenrolmentdetail, username):
+ def add_apiinvokerenrolmentdetail(self, apiinvokerenrolmentdetail, username, uuid):
mycol = self.db.get_col_by_name(self.db.invoker_enrolment_details)
- register = self.db.get_col_by_name_register(self.db.capif_users)
#try:
-
current_app.logger.debug("Creating invoker resource")
res = mycol.find_one({'onboarding_information.api_invoker_public_key': apiinvokerenrolmentdetail.onboarding_information.api_invoker_public_key})
@@ -83,9 +81,10 @@ class InvokerManagementOperations(Resource):
# Onboarding Date Record
invoker_dict = apiinvokerenrolmentdetail.to_dict()
invoker_dict["onboarding_date"] = datetime.now()
+ invoker_dict["username"]=username
+ invoker_dict["uuid"]=uuid
mycol.insert_one(apiinvokerenrolmentdetail.to_dict())
- register.update_one({'username':username}, {"$push":{'list_invokers':api_invoker_id}})
current_app.logger.debug("Invoker inserted in database")
current_app.logger.debug("Netapp onboarded sucessfuly")
@@ -141,7 +140,6 @@ class InvokerManagementOperations(Resource):
def remove_apiinvokerenrolmentdetail(self, onboard_id):
mycol = self.db.get_col_by_name(self.db.invoker_enrolment_details)
- register = self.db.get_col_by_name_register(self.db.capif_users)
try:
current_app.logger.debug("Removing invoker resource")
result = self.__check_api_invoker_id(onboard_id)
@@ -150,7 +148,6 @@ class InvokerManagementOperations(Resource):
return result
mycol.delete_one({'api_invoker_id':onboard_id})
- register.update_one({'list_invokers':onboard_id}, {"$pull":{'list_invokers':onboard_id}})
self.auth_manager.remove_auth_invoker(onboard_id)
current_app.logger.debug("Invoker resource removed from database")
diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/db/db.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/db/db.py
index 32a34b857cd44ea065ab6dc30b8c75a7c671fc5a..5bfcd0b1f8539727cd9d821f466e69db220f67c1 100644
--- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/db/db.py
+++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/db/db.py
@@ -15,7 +15,6 @@ class MongoDatabse():
def __init__(self):
self.config = Config().get_config()
self.db = self.__connect()
- self.register = self.__connect_register()
self.invoker_enrolment_details = self.config['mongo']['col']
self.capif_users = self.config['mongo']['capif_users_col']
self.service_col = self.config['mongo']["service_col"]
@@ -25,10 +24,6 @@ class MongoDatabse():
def get_col_by_name(self, name):
return self.db[name].with_options(codec_options=CodecOptions(tz_aware=True))
- def get_col_by_name_register(self, name):
- return self.register[name].with_options(codec_options=CodecOptions(tz_aware=True))
-
-
def __connect(self, max_retries=3, retry_delay=1):
retries = 0
@@ -48,29 +43,8 @@ class MongoDatabse():
print(f"Reconnecting... Retry {retries} of {max_retries}")
time.sleep(retry_delay)
return None
-
- def __connect_register(self, max_retries=3, retry_delay=1):
-
- retries = 0
-
- while retries < max_retries:
- try:
- uri = f"mongodb://{self.config['mongo_register']['user']}:{self.config['mongo_register']['password']}@" \
- f"{self.config['mongo_register']['host']}:{self.config['mongo_register']['port']}"
-
-
- client = MongoClient(uri)
- mydb = client[self.config['mongo_register']['db']]
- mydb.command("ping")
- return mydb
- except AutoReconnect:
- retries += 1
- print(f"Reconnecting... Retry {retries} of {max_retries}")
- time.sleep(retry_delay)
- return None
def close_connection(self):
if self.db.client:
self.db.client.close()
- if self.register.client:
- self.register.client.close()
+
diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/default_controller.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/default_controller.py
index 70e53734507bc9a3838db164d277b808e3bc0f4e..f5bcf167319a5d29255b0b2c688c2e3ab60f460f 100644
--- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/default_controller.py
+++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/default_controller.py
@@ -59,20 +59,15 @@ def registrations_post(body): # noqa: E501
"""
identity = get_jwt_identity()
- username, role = identity.split()
+ username, uuid = identity.split()
current_app.logger.info("Registering Provider Domain")
- if role != "provider":
- prob = ProblemDetails(title="Unauthorized", status=401, detail="Role not authorized for this API route",
- cause="User role must be provider")
- return Response(json.dumps(prob, cls=JSONEncoder), status=401, mimetype='application/json')
-
if connexion.request.is_json:
body = APIProviderEnrolmentDetails.from_dict(connexion.request.get_json()) # noqa: E501
- res = provider_management_ops.register_api_provider_enrolment_details(body, username)
+ res = provider_management_ops.register_api_provider_enrolment_details(body, username, uuid)
return res
diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/provider_enrolment_details_api.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/provider_enrolment_details_api.py
index 18c5e5b72bcfbea19595d9c5c002e98d25494c82..6ba9043eb48f523d44fedab79a1510456d19b62c 100644
--- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/provider_enrolment_details_api.py
+++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/provider_enrolment_details_api.py
@@ -31,10 +31,9 @@ class ProviderManagementOperations(Resource):
Resource.__init__(self)
self.auth_manager = AuthManager()
- def register_api_provider_enrolment_details(self, api_provider_enrolment_details, username):
+ def register_api_provider_enrolment_details(self, api_provider_enrolment_details, username, uuid):
try:
mycol = self.db.get_col_by_name(self.db.provider_enrolment_details)
- register = self.db.get_col_by_name_register(self.db.capif_users)
current_app.logger.debug("Creating api provider domain")
search_filter = {'reg_sec': api_provider_enrolment_details.reg_sec}
@@ -58,10 +57,11 @@ class ProviderManagementOperations(Resource):
# Onboarding Date Record
provider_dict = api_provider_enrolment_details.to_dict()
provider_dict["onboarding_date"] = datetime.now()
+ provider_dict["username"] = username
+ provider_dict["uuid"] = uuid
mycol.insert_one(provider_dict)
- register.update_one({'username':username}, {"$push":{'list_providers':api_provider_enrolment_details.api_prov_dom_id}})
-
+
current_app.logger.debug("Provider inserted in database")
res = make_response(object=api_provider_enrolment_details, status=201)
@@ -76,7 +76,6 @@ class ProviderManagementOperations(Resource):
def delete_api_provider_enrolment_details(self, api_prov_dom_id):
try:
mycol = self.db.get_col_by_name(self.db.provider_enrolment_details)
- register = self.db.get_col_by_name_register(self.db.capif_users)
current_app.logger.debug("Deleting provider domain")
result = self.__check_api_provider_domain(api_prov_dom_id)
@@ -89,7 +88,6 @@ class ProviderManagementOperations(Resource):
amf_id = [ provider_func['api_prov_func_id'] for provider_func in result["api_prov_funcs"] if provider_func['api_prov_func_role'] == 'AMF' ]
mycol.delete_one({'api_prov_dom_id': api_prov_dom_id})
- register.update_one({'list_providers':api_prov_dom_id}, {"$pull":{'list_providers':api_prov_dom_id}})
out = "The provider matching apiProvDomainId " + api_prov_dom_id + " was offboarded."
current_app.logger.debug("Removed provider domain from database")
diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/db/db.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/db/db.py
index a5d843a4bc61f0edac3caae779c1f16852378ea8..bb080252efefbb51854ca37dd2cf5e6ebee8d41c 100644
--- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/db/db.py
+++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/db/db.py
@@ -16,17 +16,12 @@ class MongoDatabse():
def __init__(self):
self.config = Config().get_config()
self.db = self.__connect()
- self.register = self.__connect_register()
self.provider_enrolment_details = self.config['mongo']['col']
self.capif_users = self.config['mongo']['capif_users']
self.certs_col = self.config['mongo']['certs_col']
def get_col_by_name(self, name):
return self.db[name].with_options(codec_options=CodecOptions(tz_aware=True))
- def get_col_by_name_register(self, name):
- return self.register[name].with_options(codec_options=CodecOptions(tz_aware=True))
-
-
def __connect(self, max_retries=3, retry_delay=1):
retries = 0
@@ -44,30 +39,8 @@ class MongoDatabse():
time.sleep(retry_delay)
return None
- def __connect_register(self, max_retries=3, retry_delay=1):
-
- retries = 0
-
- while retries < max_retries:
- try:
- uri = f"mongodb://{self.config['mongo_register']['user']}:{self.config['mongo_register']['password']}@" \
- f"{self.config['mongo_register']['host']}:{self.config['mongo_register']['port']}"
-
-
- client = MongoClient(uri)
- mydb = client[self.config['mongo_register']['db']]
- mydb.command("ping")
- return mydb
- except AutoReconnect:
- retries += 1
- print(f"Reconnecting... Retry {retries} of {max_retries}")
- time.sleep(retry_delay)
- return None
-
def close_connection(self):
if self.db.client:
self.db.client.close()
- if self.register.client:
- self.register.client.close()
diff --git a/services/register/config.yaml b/services/register/config.yaml
index 2ac53bd343f3b76d82906c4ed871d6f4c71afcd0..3c33fa055a00089f648cf158fa955551247d1037 100644
--- a/services/register/config.yaml
+++ b/services/register/config.yaml
@@ -12,3 +12,7 @@ ca_factory: {
"token": "dev-only-token"
}
+register: {
+ register_uuid: '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+ admin_users: {admin: "password123"}
+}
\ No newline at end of file
diff --git a/services/register/register_prepare.sh b/services/register/register_prepare.sh
index de69be7043beb9dc002bcc98004b975d31a979af..4a49b87d7039f7dba68b3f1cce00e77aaa3656c8 100644
--- a/services/register/register_prepare.sh
+++ b/services/register/register_prepare.sh
@@ -1,27 +1,16 @@
#!/bin/bash
-CERTS_FOLDER="/usr/src/app/register_service"
+CERTS_FOLDER="/usr/src/app/register_service/certs"
cd $CERTS_FOLDER
-VAULT_ADDR="http://$VAULT_HOSTNAME:$VAULT_PORT"
-VAULT_TOKEN=$VAULT_ACCESS_TOKEN
-
-curl -k -retry 30 \
- --retry-all-errors \
- --connect-timeout 5 \
- --max-time 10 \
- --retry-delay 10 \
- --retry-max-time 300 \
- --header "X-Vault-Token: $VAULT_TOKEN" \
- --request GET "$VAULT_ADDR/v1/secret/data/server_cert/private" 2>/dev/null | jq -r '.data.data.key' -j > $CERTS_FOLDER/server.key
-
openssl req -x509 \
-sha256 -days 356 \
-nodes \
-newkey rsa:2048 \
-subj "/CN=register/C=ES/L=Madrid" \
- -keyout /usr/src/app/register_service/registerCA.key -out /usr/src/app/register_service/registerCA.crt
+ -keyout /usr/src/app/register_service/certs/registerCA.key -out /usr/src/app/register_service/certs/registerCA.crt
+
-openssl genrsa -out /usr/src/app/register_service/register_key.key 2048
+openssl genrsa -out /usr/src/app/register_service/certs/register_key.key 2048
COUNTRY="ES" # 2 letter country-code
STATE="Madrid" # state or province name
@@ -37,7 +26,7 @@ COMPANY="" # company name
# DAYS="-days 365"
# create the certificate request
-cat <<__EOF__ | openssl req -new $DAYS -key /usr/src/app/register_service/register_key.key -out /usr/src/app/register_service/register.csr
+cat <<__EOF__ | openssl req -new $DAYS -key /usr/src/app/register_service/certs/register_key.key -out /usr/src/app/register_service/certs/register.csr
$COUNTRY
$STATE
$LOCALITY
@@ -49,7 +38,7 @@ $CHALLENGE
$COMPANY
__EOF__
-openssl x509 -req -in /usr/src/app/register_service/register.csr -CA /usr/src/app/register_service/registerCA.crt -CAkey /usr/src/app/register_service/registerCA.key -CAcreateserial -out /usr/src/app/register_service/register_cert.crt -days 365 -sha256
+openssl x509 -req -in /usr/src/app/register_service/certs/register.csr -CA /usr/src/app/register_service/certs/registerCA.crt -CAkey /usr/src/app/register_service/certs/registerCA.key -CAcreateserial -out /usr/src/app/register_service/certs/register_cert.crt -days 365 -sha256
cd /usr/src/app/
python3 -m register_service
\ No newline at end of file
diff --git a/services/register/register_service/__main__.py b/services/register/register_service/__main__.py
index 5225f78e731c7297259c8b6f573cdb487c2ef3c6..2548ebd241a6e07e82d042dd76c5b24db8dc6537 100644
--- a/services/register/register_service/__main__.py
+++ b/services/register/register_service/__main__.py
@@ -1,27 +1,73 @@
import os
-import base64
from flask import Flask
from .controllers.register_controller import register_routes
from flask_jwt_extended import JWTManager
+from OpenSSL.crypto import PKey, TYPE_RSA, X509Req, dump_certificate_request, FILETYPE_PEM, dump_privatekey
+import requests
+import json
+from .config import Config
app = Flask(__name__)
jwt = JWTManager(app)
-with open("/usr/src/app/register_service/server.key", "rb") as key_file:
- key_data = key_file.read()
+config = Config().get_config()
+# Create a superadmin CSR and keys
+key = PKey()
+key.generate_key(TYPE_RSA, 2048)
+req = X509Req()
+req.get_subject().O = 'Telefonica I+D'
+req.get_subject().OU = 'Innovation'
+req.get_subject().L = 'Madrid'
+req.get_subject().ST = 'Madrid'
+req.get_subject().C = 'ES'
+req.get_subject().emailAddress = 'inno@tid.es'
+req.set_pubkey(key)
+req.sign(key, 'sha256')
+
+csr_request = dump_certificate_request(FILETYPE_PEM, req)
+private_key = dump_privatekey(FILETYPE_PEM, key)
+
+# Save superadmin private key
+key_file = open("register_service/certs/superadmin.key", 'wb+')
+key_file.write(bytes(private_key))
+key_file.close()
+
+# Request superadmin certificate
+url = 'http://{}:{}/v1/pki_int/sign/my-ca'.format(config["ca_factory"]["url"], config["ca_factory"]["port"])
+headers = {'X-Vault-Token': f"{config["ca_factory"]["token"]}"}
+data = {
+ 'format':'pem_bundle',
+ 'ttl': '43000h',
+ 'csr': csr_request,
+ 'common_name': "superadmin"
+}
+
+response = requests.request("POST", url, headers=headers, data=data, verify = False)
+superadmin_cert = json.loads(response.text)['data']['certificate']
+
+# Svae the superadmin certificate
+cert_file = open("register_service/certs/superadmin.crt", 'wb')
+cert_file.write(bytes(superadmin_cert, 'utf-8'))
+cert_file.close()
+
+# Request CAPIF private key to encode the token
+url = 'http://{}:{}/v1/secret/data/server_cert/private'.format(config["ca_factory"]["url"], config["ca_factory"]["port"])
+headers = {'X-Vault-Token': f"{config["ca_factory"]["token"]}"}
+response = requests.request("GET", url, headers=headers, verify = False)
+
+key_data = json.loads(response.text)["data"]["data"]["key"]
app.config['JWT_ALGORITHM'] = 'RS256'
app.config['JWT_PRIVATE_KEY'] = key_data
app.register_blueprint(register_routes)
-
#----------------------------------------
# launch
#----------------------------------------
if __name__ == "__main__":
- app.run(debug=True, host = '0.0.0.0', port=8080, ssl_context= ("/usr/src/app/register_service/register_cert.crt", "/usr/src/app/register_service/register_key.key"))
+ app.run(debug=True, host = '0.0.0.0', port=8080, ssl_context= ("/usr/src/app/register_service/certs/register_cert.crt", "/usr/src/app/register_service/certs/register_key.key"))
diff --git a/services/register/register_service/auth_utils.py b/services/register/register_service/auth_utils.py
deleted file mode 100644
index f799772997bc614be1644391d0fed838cfd8534b..0000000000000000000000000000000000000000
--- a/services/register/register_service/auth_utils.py
+++ /dev/null
@@ -1,8 +0,0 @@
-import bcrypt
-
-def hash_password(password):
- hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
- return hashed_password
-
-def check_password(input_password, stored_password):
- return bcrypt.checkpw(input_password.encode('utf-8'), stored_password)
\ No newline at end of file
diff --git a/services/register/register_service/controllers/register_controller.py b/services/register/register_service/controllers/register_controller.py
index 71af562e59cbe6af5909fa65bd8d83f265ea490b..119e493bbb0f2e41db1524745fd405cca0b019ca 100644
--- a/services/register/register_service/controllers/register_controller.py
+++ b/services/register/register_service/controllers/register_controller.py
@@ -1,39 +1,68 @@
#!/usr/bin/env python3
-from flask import Flask, jsonify, request, Blueprint
-from flask_jwt_extended import JWTManager, jwt_required, create_access_token
-from pymongo import MongoClient
+from flask import current_app, Flask, jsonify, request, Blueprint
from ..core.register_operations import RegisterOperations
-import secrets
+from ..config import Config
+from flask_httpauth import HTTPBasicAuth
+
+auth = HTTPBasicAuth()
+
+config = Config().get_config()
+
+@auth.verify_password
+def verify_password(username, password):
+ users = register_operation.get_users()[0].json["users"]
+ if username in config["register"]["admin_users"] and password == config["register"]["admin_users"][username]:
+ return username, "admin"
+ for user in users:
+ if user["username"] == username and user["password"]==password:
+ return username, "client"
+
+def admin_required(fn):
+ def wrapper(*args, **kwargs):
+ username, role = auth.current_user()
+ if role == 'admin':
+ return fn(*args, **kwargs)
+ else:
+ return {"Access denied. Administrator privileges required."}, 403
+ wrapper.__name__ = fn.__name__
+ return wrapper
register_routes = Blueprint("register_routes", __name__)
register_operation = RegisterOperations()
-@register_routes.route("/register", methods=["POST"])
+@register_routes.route("/createUser", methods=["POST"])
+@auth.login_required
+@admin_required
def register():
username = request.json["username"]
password = request.json["password"]
description = request.json["description"]
- role = request.json["role"]
- cn = request.json["cn"]
- if role != "invoker" and role != "provider":
- return jsonify(message="Role must be invoker or provider"), 400
-
-
- return register_operation.register_user(username, password, description, cn, role)
+ email = request.json["email"]
+ return register_operation.register_user(username, password, description, email)
@register_routes.route("/getauth", methods=["POST"])
+@auth.login_required
def getauth():
username = request.json["username"]
password = request.json["password"]
return register_operation.get_auth(username, password)
-@register_routes.route("/remove", methods=["DELETE"])
+@register_routes.route("/deleteUser", methods=["DELETE"])
+@auth.login_required
+@admin_required
def remove():
username = request.json["username"]
password = request.json["password"]
return register_operation.remove_user(username, password)
+
+
+@register_routes.route("/getUsers", methods=["GET"])
+@auth.login_required
+@admin_required
+def getUsers():
+ return register_operation.get_users()
diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py
index bef2f65e1438828b41db6cbd5a7c8938c1bd5922..a6e89923f3ab7f0da18ccf58e9977c00b581b875 100644
--- a/services/register/register_service/core/register_operations.py
+++ b/services/register/register_service/core/register_operations.py
@@ -1,14 +1,14 @@
-from flask import Flask, jsonify, request, current_app
+from flask import current_app, Flask, jsonify, request, Response
from flask_jwt_extended import create_access_token
from ..db.db import MongoDatabse
from datetime import datetime
from ..config import Config
-from register_service import auth_utils
import secrets
import requests
import json
import sys
-
+import uuid
+
class RegisterOperations:
def __init__(self):
@@ -16,28 +16,20 @@ class RegisterOperations:
self.mimetype = 'application/json'
self.config = Config().get_config()
- def register_user(self, username, password, description, cn, role):
+ def register_user(self, username, password, description, email):
mycol = self.db.get_col_by_name(self.db.capif_users)
exist_user = mycol.find_one({"username": username})
if exist_user:
return jsonify("user already exists"), 409
+
+ name_space = uuid.UUID(self.config["register"]["register_uuid"])
+ user_uuid = str(uuid.uuid5(name_space, username))
- hashed_password = auth_utils.hash_password(password)
- user_info = dict(_id=secrets.token_hex(7), username=username, password=hashed_password, role=role, description=description, cn=cn, list_invokers=[], list_providers=[])
+ user_info = dict(uuid=user_uuid, username=username, password=password, description=description, email=email, onboarding_date=datetime.now())
obj = mycol.insert_one(user_info)
- if role == "invoker":
- return jsonify(message="invoker registered successfully",
- id=obj.inserted_id,
- ccf_onboarding_url="api-invoker-management/v1/onboardedInvokers",
- ccf_discover_url="service-apis/v1/allServiceAPIs?api-invoker-id="), 201
- else:
- return jsonify(message="provider" + " registered successfully",
- id=obj.inserted_id,
- ccf_api_onboarding_url="api-provider-management/v1/registrations",
- ccf_publish_url="published-apis/v1/<apfId>/service-apis"), 201
-
+ return jsonify(message="invoker registered successfully", uuid=user_uuid), 201
def get_auth(self, username, password):
@@ -45,16 +37,12 @@ class RegisterOperations:
try:
- exist_user = mycol.find_one({"username": username})
+ exist_user = mycol.find_one({"username": username, "password": password})
if exist_user is None:
- return jsonify("No user with these credentials"), 400
+ return jsonify("Not exister user with this credentials"), 400
- stored_password = exist_user["password"]
- if not auth_utils.check_password(password, stored_password):
- return jsonify("No user with these credentials"), 400
-
- access_token = create_access_token(identity=(username + " " + exist_user["role"]))
+ access_token = create_access_token(identity=(username + " " + exist_user["uuid"]))
url = f"http://{self.config['ca_factory']['url']}:{self.config['ca_factory']['port']}/v1/secret/data/ca"
headers = {
@@ -62,7 +50,13 @@ class RegisterOperations:
}
response = requests.request("GET", url, headers=headers, verify = False)
response_payload = json.loads(response.text)
- return jsonify(message="Token and CA root returned successfully", access_token=access_token, ca_root=response_payload['data']['data']['ca']), 200
+ return jsonify(message="Token and CA root returned successfully",
+ access_token=access_token,
+ ca_root=response_payload['data']['data']['ca'],
+ ccf_api_onboarding_url="api-provider-management/v1/registrations",
+ ccf_publish_url="published-apis/v1/<apfId>/service-apis",
+ ccf_onboarding_url="api-invoker-management/v1/onboardedInvokers",
+ ccf_discover_url="service-apis/v1/allServiceAPIs?api-invoker-id="), 200
except Exception as e:
return jsonify(message=f"Errors when try getting auth: {e}"), 500
@@ -71,17 +65,22 @@ class RegisterOperations:
mycol = self.db.get_col_by_name(self.db.capif_users)
try:
- exist_user = mycol.find_one({"username": username})
+ mycol.delete_one({"username": username, "password": password})
+
+
+ # Request to the helper to delete invokers and providers
- if exist_user is None:
- return jsonify("No user with these credentials"), 400
- stored_password = exist_user["password"]
- if not auth_utils.check_password(password, stored_password):
- return jsonify("No user with these credentials"), 400
-
- mycol.delete_one({"username": username})
return jsonify(message="User removed successfully"), 204
except Exception as e:
return jsonify(message=f"Errors when try remove user: {e}"), 500
+
+ def get_users(self):
+ mycol = self.db.get_col_by_name(self.db.capif_users)
+
+ try:
+ users=list(mycol.find({}, {"_id":0}))
+ return jsonify(message="Users successfully obtained", users=users), 200
+ except Exception as e:
+ return jsonify(message=f"Error trying to get users: {e}"), 500
diff --git a/services/register/requirements.txt b/services/register/requirements.txt
index 05b9f7dfa88c8967b3cb20c0686e05d3c90076e0..c5446a6bfcd8efcd5623e685b22fe6f2eac48c46 100644
--- a/services/register/requirements.txt
+++ b/services/register/requirements.txt
@@ -7,3 +7,4 @@ pyopenssl
pyyaml
requests
bcrypt
+flask_httpauth
\ No newline at end of file