Merge branch 'OCF47-logs-in-register-service' into 'staging'

     # to execute the next commands in vault

     # to execute the next commands in vault

     # otherwise, if use the vault as dev's mode. Just

     # otherwise, if use the vault as dev's mode. Just

     # type the token's dev.

     # type the token's dev.

     export VAULT_TOKEN="hvs.mn50Q8kpMuxsPUsCNlwQekCd"

     export VAULT_TOKEN=""

     export DOMAIN1=*.pre-prod.int

     export DOMAIN1=*.ocf.pre-production

     export DOMAIN2=*.staging.int

     export DOMAIN2=*.ocf.validation

     export DOMAIN3=*.developer.int

     export DOMAIN3=*.ocf.develop

     # local domains

     # local domains

     # export DOMAIN4=*.pre-prod.svc.cluster.local

     # export DOMAIN4=*.pre-prod.svc.cluster.local

     openssl x509 -pubkey -noout -in server_certificate.crt.pem  > server_certificate_pub.pem

     openssl x509 -pubkey -noout -in server_certificate.crt.pem  > server_certificate_pub.pem

     #vault kv put secret/ca ca=@root_ca.crt.pem root_2023_ca.crt

     #vault kv put secret/ca ca=@root_helm.pem root_2023_ca.crt

     #cat root_2023_ca.crt root_2023_ca.crt > ca.crt

     #cat root_2023_ca.crt root_2023_ca.crt > ca.crt

import json

import json

from config import Config

from config import Config

from db.db import MongoDatabse

from db.db import MongoDatabse

import logging

app = Flask(__name__)

app = Flask(__name__)

# Create an Admin in the Admin Collection

# Create an Admin in the Admin Collection

client = MongoDatabse()

client = MongoDatabse()

if not client.get_col_by_name(client.capif_admins).find_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]}):

if not client.get_col_by_name(client.capif_admins).find_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]}):

    print(f'Inserting Initial Admin admin_name: {config["register"]["admin_users"]["admin_user"]}, admin_pass: {config["register"]["admin_users"]["admin_pass"]}')

    client.get_col_by_name(client.capif_admins).insert_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]})

    client.get_col_by_name(client.capif_admins).insert_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]})

app.config['JWT_PRIVATE_KEY'] = key_data

app.config['JWT_PRIVATE_KEY'] = key_data

app.config['REGISTRE_SECRET_KEY'] = config["register"]["register_uuid"]

app.config['REGISTRE_SECRET_KEY'] = config["register"]["register_uuid"]

app.logger.setLevel(logging.DEBUG)

app.register_blueprint(register_routes)

app.register_blueprint(register_routes)

 No newline at end of file

# Function to generate access tokens and refresh tokens

# Function to generate access tokens and refresh tokens

def generate_tokens(username):

def generate_tokens(username):

    current_app.logger.debug(f"generating admin tokens...")

    access_payload = {

    access_payload = {

        'username': username,

        'username': username,

        'exp': datetime.now() + timedelta(minutes=config["register"]["token_expiration"])

        'exp': datetime.now() + timedelta(minutes=config["register"]["token_expiration"])

    }

    }

    access_token = jwt.encode(access_payload, current_app.config['REGISTRE_SECRET_KEY'], algorithm='HS256')

    access_token = jwt.encode(access_payload, current_app.config['REGISTRE_SECRET_KEY'], algorithm='HS256')

    refresh_token = jwt.encode(refresh_payload, current_app.config['REGISTRE_SECRET_KEY'], algorithm='HS256')

    refresh_token = jwt.encode(refresh_payload, current_app.config['REGISTRE_SECRET_KEY'], algorithm='HS256')

    current_app.logger.debug(f"Access token : {access_token}\nRefresh token : {refresh_token}")

    return access_token, refresh_token

    return access_token, refresh_token

# Function in charge of verifying the basic auth

# Function in charge of verifying the basic auth

@auth.verify_password

@auth.verify_password

def verify_password(username, password):

def verify_password(username, password):

    current_app.logger.debug("Checking user credentials...")

    users = register_operation.get_users()[0].json["users"]

    users = register_operation.get_users()[0].json["users"]

    client = MongoDatabse()

    client = MongoDatabse()

    admin = client.get_col_by_name(client.capif_admins).find_one({"admin_name": username, "admin_pass": password})

    admin = client.get_col_by_name(client.capif_admins).find_one({"admin_name": username, "admin_pass": password})

    if admin:

    if admin:

        current_app.logger.debug(f"Verified admin {username}")

        return username, "admin"

        return username, "admin"

    for user in users:

    for user in users:

        if user["username"] == username and user["password"]==password:

        if user["username"] == username and user["password"]==password:

            current_app.logger.debug(f"Verified user {username}")

            return username, "client"

            return username, "client"

# Function responsible for verifying the token

# Function responsible for verifying the token

    def decorator(f):

    def decorator(f):

        @wraps(f)

        @wraps(f)

        def decorated(*args, **kwargs):

        def decorated(*args, **kwargs):

            current_app.logger.debug("Checking admin token...")

            token = request.headers.get('Authorization')

            token = request.headers.get('Authorization')

            if not token:

            if not token:

                current_app.logger.debug("Token is missing.")

                return jsonify({'message': 'Token is missing'}), 401

                return jsonify({'message': 'Token is missing'}), 401

            if token.startswith('Bearer '):

            if token.startswith('Bearer '):

                current_app.logger.debug("Token is missing.")

                token = token.split('Bearer ')[1]

                token = token.split('Bearer ')[1]

            if not token:

            if not token:

                current_app.logger.debug("Token is missing.")

                return jsonify({'message': 'Token is missing'}), 401

                return jsonify({'message': 'Token is missing'}), 401

            try:

            try:

                username = data['username']

                username = data['username']

                return f(username, *args, **kwargs)

                return f(username, *args, **kwargs)

            except Exception as e:

            except Exception as e:

                current_app.logger.debug(f"Error: {str(e)}.")

                return jsonify({'message': str(e)}), 401

                return jsonify({'message': str(e)}), 401

        return decorated

        return decorated

def login():

def login():

    username, rol = auth.current_user()

    username, rol = auth.current_user()

    if rol != "admin":

    if rol != "admin":

        current_app.logger.debug(f"User {username} trying to log in as admin")

        return jsonify(message="Unauthorized. Administrator privileges required."), 401

        return jsonify(message="Unauthorized. Administrator privileges required."), 401

    access_token, refresh_token = generate_tokens(username)

    access_token, refresh_token = generate_tokens(username)

    return jsonify({'access_token': access_token, 'refresh_token': refresh_token})

    return jsonify({'access_token': access_token, 'refresh_token': refresh_token})

@register_routes.route('/refresh', methods=['POST'])

@register_routes.route('/refresh', methods=['POST'])

@admin_required()

@admin_required()

def refresh_token(username):

def refresh_token(username):

    current_app.logger.debug(f"Refreshing token for admin {username}")

    access_token, _ = generate_tokens(username)

    access_token, _ = generate_tokens(username)

    return jsonify({'access_token': access_token})

    return jsonify({'access_token': access_token})

@register_routes.route("/createUser", methods=["POST"])

@register_routes.route("/createUser", methods=["POST"])

@admin_required()

@admin_required()

def register(username):

def register(username):

    current_app.logger.debug(f"Admin {username} creating a user...")

    required_fields = {

    required_fields = {

        "username": str,

        "username": str,

        "password": str,

        "password": str,

    }

    }

    user_info = request.get_json()

    user_info = request.get_json()

    current_app.logger.debug(f"User Info: {user_info}")

    missing_fields = []

    missing_fields = []

    for field, field_type in required_fields.items():

    for field, field_type in required_fields.items():

        if field not in user_info:

        if field not in user_info:

            missing_fields.append(field)

            missing_fields.append(field)

        elif not isinstance(user_info[field], field_type):

        elif not isinstance(user_info[field], field_type):

            current_app.logger.debug(f"Error: Field {field} must be of type {field_type.__name__}")

            return jsonify({"error": f"Field '{field}' must be of type {field_type.__name__}"}), 400

            return jsonify({"error": f"Field '{field}' must be of type {field_type.__name__}"}), 400

    for field, field_type in optional_fields.items():

    for field, field_type in optional_fields.items():

        if field in user_info and not isinstance(user_info[field], field_type):

        if field in user_info and not isinstance(user_info[field], field_type):

            current_app.logger.debug(f"Error: Field {field} must be of type {field_type.__name__}")

            return jsonify({"error": f"Optional field '{field}' must be of type {field_type.__name__}"}), 400

            return jsonify({"error": f"Optional field '{field}' must be of type {field_type.__name__}"}), 400

        if field not in user_info:

        if field not in user_info:

            user_info[field] = None

            user_info[field] = None

    if missing_fields:

    if missing_fields:

        current_app.logger.debug(f"Error: missing requuired fields : {missing_fields}")

        return jsonify({"error": "Missing required fields", "fields": missing_fields}), 400

        return jsonify({"error": "Missing required fields", "fields": missing_fields}), 400

    return register_operation.register_user(user_info)

    return register_operation.register_user(user_info)

@auth.login_required

@auth.login_required

def getauth():

def getauth():

    username, _ = auth.current_user()

    username, _ = auth.current_user()

    current_app.logger.debug(f"Obtaining authorization for the user {username}")

    return register_operation.get_auth(username)

    return register_operation.get_auth(username)

@register_routes.route("/deleteUser/<uuid>", methods=["DELETE"])

@register_routes.route("/deleteUser/<uuid>", methods=["DELETE"])

@admin_required()

@admin_required()

def remove(username, uuid):

def remove(username, uuid):

    current_app.logger.debug(f"Deleting user with id {uuid} by admin {username}")

    return register_operation.remove_user(uuid)

    return register_operation.remove_user(uuid)

@register_routes.route("/getUsers", methods=["GET"])

@register_routes.route("/getUsers", methods=["GET"])

@admin_required()

@admin_required()

def getUsers(username):

def getUsers(username):

    current_app.logger.debug(f"Returning list of users to admin {username}")

    return register_operation.get_users()

    return register_operation.get_users()

        mycol = self.db.get_col_by_name(self.db.capif_users)

        mycol = self.db.get_col_by_name(self.db.capif_users)

        exist_user = mycol.find_one({"username": user_info["username"]})

        exist_user = mycol.find_one({"username": user_info["username"]})

        if exist_user:

        if exist_user:

            current_app.logger.debug(f"User already exists : {user_info["username"]}")

            return jsonify("user already exists"), 409

            return jsonify("user already exists"), 409

        name_space = uuid.UUID(self.config["register"]["register_uuid"])

        name_space = uuid.UUID(self.config["register"]["register_uuid"])

        user_uuid = str(uuid.uuid5(name_space,user_info["username"]))

        user_uuid = str(uuid.uuid5(name_space,user_info["username"]))

        current_app.logger.debug(f"User uuid : {user_uuid}")

        user_info["uuid"] = user_uuid

        user_info["uuid"] = user_uuid

        user_info["onboarding_date"]=datetime.now()

        user_info["onboarding_date"]=datetime.now()

        obj = mycol.insert_one(user_info)

        obj = mycol.insert_one(user_info)

        current_app.logger.debug(f"User with uuid {user_uuid} and username {user_info["username"]} registered successfully")

        return jsonify(message="User registered successfully", uuid=user_uuid), 201

        return jsonify(message="User registered successfully", uuid=user_uuid), 201

    def get_auth(self, username):

    def get_auth(self, username):

            exist_user = mycol.find_one({"username": username})

            exist_user = mycol.find_one({"username": username})

            if exist_user is None:

            if exist_user is None:

                return jsonify("Not existing user with this credentials"), 400

                current_app.logger.debug(f"Not exister user with this credentials  : {username}")

                return jsonify("Not exister user with this credentials"), 400

            access_token = create_access_token(identity=(username + " " + exist_user["uuid"]))

            access_token = create_access_token(identity=(username + " " + exist_user["uuid"]))

            current_app.logger.debug(f"Access token generated for user {username} : {access_token}")

            cert_file = open("certs/ca_root.crt", 'rb')

            cert_file = open("certs/ca_root.crt", 'rb')

            ca_root = cert_file.read()

            ca_root = cert_file.read()

            cert_file.close()

            cert_file.close()

            current_app.logger.debug(f"Returning the requested information...")

            return jsonify(message="Token and CA root returned successfully", 

            return jsonify(message="Token and CA root returned successfully", 

                            access_token=access_token, 

                            access_token=access_token, 

                            ca_root=ca_root.decode("utf-8"),

                            ca_root=ca_root.decode("utf-8"),

            requests.delete(url, cert=("certs/superadmin.crt", "certs/superadmin.key"), verify="certs/ca_root.crt")

            requests.delete(url, cert=("certs/superadmin.crt", "certs/superadmin.key"), verify="certs/ca_root.crt")

            mycol.delete_one({"uuid": uuid})

            mycol.delete_one({"uuid": uuid})

            current_app.logger.debug(f"User with uuid {uuid} removed successfully")

            return jsonify(message="User removed successfully"), 204

            return jsonify(message="User removed successfully"), 204

        except Exception as e:

        except Exception as e:

            return jsonify(message=f"Errors when try remove user: {e}"), 500

            return jsonify(message=f"Errors when try remove user: {e}"), 500