c.f. issue 1405 ... those 'if ldap.stuff()' are complete bullshit from the very beginning since they never return False : instead they trigger an exception which means the current error management is completely meaningless ... so this refactorize all the places if found those + add proper error messages

This commit is contained in:
Alexandre Aubin 2019-09-12 18:34:17 +02:00
parent 2e14834e6b
commit bdad4ffd71
4 changed files with 144 additions and 112 deletions

View file

@ -164,9 +164,9 @@
"domain_cannot_remove_main": "Cannot remove main domain. Set a new main domain first",
"domain_cert_gen_failed": "Unable to generate certificate",
"domain_created": "The domain has been created",
"domain_creation_failed": "Unable to create domain",
"domain_creation_failed": "Failed to create domain {domain}: {error}",
"domain_deleted": "The domain has been deleted",
"domain_deletion_failed": "Unable to delete domain",
"domain_deletion_failed": "Failed to delete domain {domain}: {error}",
"domain_dns_conf_is_just_a_recommendation": "This command shows you what is the *recommended* configuration. It does not actually set up the DNS configuration for you. It is your responsability to configure your DNS zone in your registrar according to this recommendation.",
"domain_dyndns_already_subscribed": "You've already subscribed to a DynDNS domain",
"domain_dyndns_dynette_is_unreachable": "Unable to reach YunoHost dynette, either your YunoHost is not correctly connected to the internet or the dynette server is down. Error: {error}",
@ -229,14 +229,14 @@
"group_already_exist": "Group {group} already exist",
"group_already_exist_on_system": "Group {group} already exists in the system group",
"group_created": "Group '{group}' successfully created",
"group_creation_failed": "Group creation failed for group '{group}'",
"group_creation_failed": "Failed to create group {group}: {error}",
"group_cannot_be_edited": "The group {group} cannot be edited manually.",
"group_cannot_be_deleted": "The group {group} cannot be deleted manually.",
"group_deleted": "Group '{group}' deleted",
"group_deletion_failed": "Group '{group} 'deletion failed",
"group_deletion_failed": "Failed to delete group {group}: {error}",
"group_unknown": "Group {group} unknown",
"group_updated": "Group '{group}' updated",
"group_update_failed": "Group update failed for group '{group}'",
"group_update_failed": "Failed to update group {group}: {error}",
"group_user_already_in_group": "User {user} is already in group {group}",
"group_user_not_in_group": "User {user} is not in group {group}",
"hook_exec_failed": "Script execution failed: {path:s}",
@ -430,11 +430,11 @@
"permission_already_exist": "Permission '{permission}' already exists",
"permission_cannot_remove_main": "Removing a main permission is not allowed",
"permission_created": "Permission '{permission}' created",
"permission_creation_failed": "Failed to create permission '{permission}'",
"permission_creation_failed": "Failed to create permission '{permission}': {error}",
"permission_deleted": "Permission '{permission}' deleted",
"permission_deletion_failed": "Failed to delete permission '{permission}'",
"permission_deletion_failed": "Failed to delete permission '{permission}': {error}",
"permission_not_found": "Permission '{permission}' does not seem to exist ?",
"permission_update_failed": "Failed to update permission '{permission}'",
"permission_update_failed": "Failed to update permission '{permission}' : {error}",
"permission_updated": "Permission '{permission}' updated",
"permission_update_nothing_to_do": "No permissions to update",
"port_already_closed": "Port {port:d} is already closed for {ip_version:s} connections",
@ -556,13 +556,13 @@
"upnp_enabled": "UPnP has been enabled",
"upnp_port_open_failed": "Unable to open UPnP ports",
"user_created": "The user has been created",
"user_creation_failed": "Unable to create user",
"user_creation_failed": "Unable to create user {user}: {error}",
"user_deleted": "The user has been deleted",
"user_deletion_failed": "Unable to delete user",
"user_deletion_failed": "Unable to delete user {user}: {error}",
"user_home_creation_failed": "Unable to create user home folder",
"user_info_failed": "Unable to retrieve user information",
"user_unknown": "Unknown user: {user:s}",
"user_update_failed": "Unable to update user",
"user_update_failed": "Unable to update user {user}: {error}",
"user_updated": "The user has been updated",
"users_available": "Available users:",
"yunohost_already_installed": "YunoHost is already installed",

View file

@ -112,8 +112,10 @@ def domain_add(operation_logger, domain, dyndns=False):
'virtualdomain': domain,
}
if not ldap.add('virtualdomain=%s,ou=domains' % domain, attr_dict):
raise YunohostError('domain_creation_failed')
try:
ldap.add('virtualdomain=%s,ou=domains' % domain, attr_dict)
except Exception as e:
raise YunohostError('domain_creation_failed', domain=domain, error=e)
# Don't regen these conf if we're still in postinstall
if os.path.exists('/etc/yunohost/installed'):
@ -167,10 +169,12 @@ def domain_remove(operation_logger, domain, force=False):
operation_logger.start()
ldap = _get_ldap_interface()
if ldap.remove('virtualdomain=' + domain + ',ou=domains') or force:
os.system('rm -rf /etc/yunohost/certs/%s' % domain)
else:
raise YunohostError('domain_deletion_failed')
try:
ldap.remove('virtualdomain=' + domain + ',ou=domains')
except Exception as e:
raise YunohostError('domain_deletion_failed', domain=domain, error=e)
os.system('rm -rf /etc/yunohost/certs/%s' % domain)
regen_conf(names=['nginx', 'metronome', 'dnsmasq', 'postfix'])
app_ssowatconf()

View file

@ -153,36 +153,37 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
operation_logger.start()
if ldap.update('cn=%s,ou=permission' % permission,
{'groupPermission': ['cn=' + g + ',ou=groups,dc=yunohost,dc=org' for g in new_allowed_groups]}):
logger.debug(m18n.n('permission_updated', permission=permission))
try:
ldap.update('cn=%s,ou=permission' % permission,
{'groupPermission': ['cn=' + g + ',ou=groups,dc=yunohost,dc=org' for g in new_allowed_groups]})
except Exception as e:
raise YunohostError('permission_update_failed', permission=permission, error=e)
# Trigger permission sync if asked
logger.debug(m18n.n('permission_updated', permission=permission))
if sync_perm:
permission_sync_to_user()
# Trigger permission sync if asked
new_permission = user_permission_list(full=True)["permissions"][permission]
if sync_perm:
permission_sync_to_user()
# Trigger app callbacks
new_permission = user_permission_list(full=True)["permissions"][permission]
app = permission.split(".")[0]
# Trigger app callbacks
old_allowed_users = set(existing_permission["corresponding_users"])
new_allowed_users = set(new_permission["corresponding_users"])
app = permission.split(".")[0]
effectively_added_users = new_allowed_users - old_allowed_users
effectively_removed_users = old_allowed_users - new_allowed_users
old_allowed_users = set(existing_permission["corresponding_users"])
new_allowed_users = set(new_permission["corresponding_users"])
if effectively_added_users:
hook_callback('post_app_addaccess', args=[app, ','.join(effectively_added_users)])
if effectively_removed_users:
hook_callback('post_app_removeaccess', args=[app, ','.join(effectively_removed_users)])
effectively_added_users = new_allowed_users - old_allowed_users
effectively_removed_users = old_allowed_users - new_allowed_users
return new_permission
if effectively_added_users:
hook_callback('post_app_addaccess', args=[app, ','.join(effectively_added_users)])
if effectively_removed_users:
hook_callback('post_app_removeaccess', args=[app, ','.join(effectively_removed_users)])
else:
raise YunohostError('permission_update_failed', permission=permission)
return new_permission
@is_unit_operation()
@ -209,10 +210,12 @@ def user_permission_reset(operation_logger, permission, sync_perm=True):
operation_logger.start()
default_permission = {'groupPermission': ['cn=all_users,ou=groups,dc=yunohost,dc=org']}
if ldap.update('cn=%s,ou=permission' % permission, default_permission):
logger.debug(m18n.n('permission_updated', permission=permission))
else:
raise YunohostError('permission_update_failed', permission=permission)
try:
ldap.update('cn=%s,ou=permission' % permission, default_permission)
except Exception as e:
raise YunohostError('permission_update_failed', permission=permission, error=e)
logger.debug(m18n.n('permission_updated', permission=permission))
if sync_perm:
permission_sync_to_user()
@ -286,13 +289,17 @@ def permission_create(operation_logger, permission, urls=None, sync_perm=True):
operation_logger.related_to.append(('app', permission.split(".")[0]))
operation_logger.start()
if ldap.add('cn=%s,ou=permission' % permission, attr_dict):
if sync_perm:
permission_sync_to_user()
logger.debug(m18n.n('permission_created', permission=permission))
return user_permission_list(full=True)["permissions"][permission]
else:
raise YunohostError('permission_creation_failed')
try:
ldap.add('cn=%s,ou=permission' % permission, attr_dict)
except Exception as e:
raise YunohostError('permission_creation_failed', permission=permission, error=e)
if sync_perm:
permission_sync_to_user()
logger.debug(m18n.n('permission_created', permission=permission))
return user_permission_list(full=True)["permissions"][permission]
@is_unit_operation()
@ -336,13 +343,17 @@ def permission_urls(operation_logger, permission, add=None, remove=None, sync_pe
operation_logger.related_to.append(('app', permission.split(".")[0]))
operation_logger.start()
if ldap.update('cn=%s,ou=permission' % permission, {'URL': new_urls}):
if sync_perm:
permission_sync_to_user()
logger.debug(m18n.n('permission_updated', permission=permission))
return user_permission_list(full=True)["permissions"][permission]
else:
raise YunohostError('permission_update_failed', permission=permission)
try:
ldap.update('cn=%s,ou=permission' % permission, {'URL': new_urls})
except Exception as e:
raise YunohostError('permission_update_failed', permission=permission, error=e)
if sync_perm:
permission_sync_to_user()
logger.debug(m18n.n('permission_updated', permission=permission))
return user_permission_list(full=True)["permissions"][permission]
@is_unit_operation()
@ -370,12 +381,15 @@ def permission_delete(operation_logger, permission, force=False, sync_perm=True)
operation_logger.related_to.append(('app', permission.split(".")[0]))
operation_logger.start()
if ldap.remove('cn=%s,ou=permission' % permission):
if sync_perm:
permission_sync_to_user()
logger.debug(m18n.n('permission_deleted', permission=permission))
else:
raise YunohostError('permission_deletion_failed', permission=permission)
try:
ldap.remove('cn=%s,ou=permission' % permission)
except Exception as e:
raise YunohostError('permission_deletion_failed', permission=permission, error=e)
if sync_perm:
permission_sync_to_user()
logger.debug(m18n.n('permission_deleted', permission=permission))
def permission_sync_to_user():
@ -410,8 +424,10 @@ def permission_sync_to_user():
'memberUid': should_be_allowed_users}
# Commit the change with the new inherited stuff
if not ldap.update('cn=%s,ou=permission' % permission_name, new_inherited_perms):
raise YunohostError('permission_update_failed', permission=permission_name)
try:
ldap.update('cn=%s,ou=permission' % permission_name, new_inherited_perms)
except Exception as e:
raise YunohostError('permission_update_failed', permission=permission_name, error=e)
logger.debug("The permission database has been resynchronized")
@ -421,6 +437,7 @@ def permission_sync_to_user():
os.system('nscd --invalidate=passwd')
os.system('nscd --invalidate=group')
def _normalize_url(url):
from yunohost.domain import _normalize_domain_path
domain = url[:url.index('/')]

View file

@ -205,32 +205,34 @@ def user_create(operation_logger, username, firstname, lastname, mail, password,
except IOError as e:
raise YunohostError('ssowat_persistent_conf_write_error', error=e.strerror)
if ldap.add('uid=%s,ou=users' % username, attr_dict):
# Invalidate passwd to take user creation into account
subprocess.call(['nscd', '-i', 'passwd'])
try:
ldap.add('uid=%s,ou=users' % username, attr_dict)
except Exception as e:
raise YunohostError('user_creation_failed', user=username, error=e)
try:
# Attempt to create user home folder
subprocess.check_call(
['su', '-', username, '-c', "''"])
except subprocess.CalledProcessError:
if not os.path.isdir('/home/{0}'.format(username)):
logger.warning(m18n.n('user_home_creation_failed'),
exc_info=1)
# Invalidate passwd to take user creation into account
subprocess.call(['nscd', '-i', 'passwd'])
# Create group for user and add to group 'all_users'
user_group_create(groupname=username, gid=uid, primary_group=True, sync_perm=False)
user_group_update(groupname='all_users', add=username, force=True, sync_perm=True)
try:
# Attempt to create user home folder
subprocess.check_call(
['su', '-', username, '-c', "''"])
except subprocess.CalledProcessError:
if not os.path.isdir('/home/{0}'.format(username)):
logger.warning(m18n.n('user_home_creation_failed'),
exc_info=1)
# TODO: Send a welcome mail to user
logger.success(m18n.n('user_created'))
# Create group for user and add to group 'all_users'
user_group_create(groupname=username, gid=uid, primary_group=True, sync_perm=False)
user_group_update(groupname='all_users', add=username, force=True, sync_perm=True)
hook_callback('post_user_create',
args=[username, mail, password, firstname, lastname])
# TODO: Send a welcome mail to user
logger.success(m18n.n('user_created'))
return {'fullname': fullname, 'username': username, 'mail': mail}
hook_callback('post_user_create',
args=[username, mail, password, firstname, lastname])
raise YunohostError('user_creation_failed')
return {'fullname': fullname, 'username': username, 'mail': mail}
@is_unit_operation([('username', 'user')])
@ -258,15 +260,17 @@ def user_delete(operation_logger, username, purge=False):
user_group_delete(username, force=True, sync_perm=True)
ldap = _get_ldap_interface()
if ldap.remove('uid=%s,ou=users' % username):
# Invalidate passwd to take user deletion into account
subprocess.call(['nscd', '-i', 'passwd'])
try:
ldap.remove('uid=%s,ou=users' % username)
except Exception as e:
raise YunohostError('user_deletion_failed', user=username, error=e)
if purge:
subprocess.call(['rm', '-rf', '/home/{0}'.format(username)])
subprocess.call(['rm', '-rf', '/var/mail/{0}'.format(username)])
else:
raise YunohostError('user_deletion_failed')
# Invalidate passwd to take user deletion into account
subprocess.call(['nscd', '-i', 'passwd'])
if purge:
subprocess.call(['rm', '-rf', '/home/{0}'.format(username)])
subprocess.call(['rm', '-rf', '/var/mail/{0}'.format(username)])
hook_callback('post_user_delete', args=[username, purge])
@ -387,12 +391,14 @@ def user_update(operation_logger, username, firstname=None, lastname=None, mail=
operation_logger.start()
if ldap.update('uid=%s,ou=users' % username, new_attr_dict):
logger.success(m18n.n('user_updated'))
app_ssowatconf()
return user_info(username)
else:
raise YunohostError('user_update_failed')
try:
ldap.update('uid=%s,ou=users' % username, new_attr_dict)
except Exception as e:
raise YunohostError('user_update_failed', user=username, error=e)
logger.success(m18n.n('user_updated'))
app_ssowatconf()
return user_info(username)
def user_info(username):
@ -476,10 +482,7 @@ def user_info(username):
'use': storage_use
}
if result:
return result_dict
else:
raise YunohostError('user_info_failed')
return result_dict
#
@ -569,13 +572,16 @@ def user_group_create(operation_logger, groupname, gid=None, primary_group=False
attr_dict["member"] = ["uid=" + groupname + ",ou=users,dc=yunohost,dc=org"]
operation_logger.start()
if ldap.add('cn=%s,ou=groups' % groupname, attr_dict):
logger.success(m18n.n('group_created', group=groupname))
if sync_perm:
permission_sync_to_user()
return {'name': groupname}
try:
ldap.add('cn=%s,ou=groups' % groupname, attr_dict)
except Exception as e:
raise YunohostError('group_creation_failed', group=groupname, error=e)
raise YunohostError('group_creation_failed', group=groupname)
if sync_perm:
permission_sync_to_user()
logger.success(m18n.n('group_created', group=groupname))
return {'name': groupname}
@is_unit_operation([('groupname', 'group')])
@ -601,13 +607,16 @@ def user_group_delete(operation_logger, groupname, force=False, sync_perm=True):
operation_logger.start()
ldap = _get_ldap_interface()
if not ldap.remove('cn=%s,ou=groups' % groupname):
raise YunohostError('group_deletion_failed', group=groupname)
try:
ldap.remove('cn=%s,ou=groups' % groupname)
except Exception as e:
raise YunohostError('group_deletion_failed', group=groupname, error=e)
logger.success(m18n.n('group_deleted', group=groupname))
if sync_perm:
permission_sync_to_user()
logger.success(m18n.n('group_deleted', group=groupname))
@is_unit_operation([('groupname', 'group')])
def user_group_update(operation_logger, groupname, add=None, remove=None, force=False, sync_perm=True):
@ -668,8 +677,10 @@ def user_group_update(operation_logger, groupname, add=None, remove=None, force=
if set(new_group) != set(current_group):
operation_logger.start()
ldap = _get_ldap_interface()
if not ldap.update('cn=%s,ou=groups' % groupname, {"member": set(new_group_dns), "memberUid": set(new_group)}):
raise YunohostError('group_update_failed', group=groupname)
try:
ldap.update('cn=%s,ou=groups' % groupname, {"member": set(new_group_dns), "memberUid": set(new_group)})
except Exception as e:
raise YunohostError('group_update_failed', group=groupname, error=e)
logger.success(m18n.n('group_updated', group=groupname))
if sync_perm: