diff --git a/common/models/user.py b/common/models/user.py index e88e31a..868343f 100644 --- a/common/models/user.py +++ b/common/models/user.py @@ -37,9 +37,11 @@ class Tenant(db.Model): license_start_date = db.Column(db.Date, nullable=True) license_end_date = db.Column(db.Date, nullable=True) allowed_monthly_interactions = db.Column(db.Integer, nullable=True) + encrypted_api_key = db.Column(db.String(500), nullable=True) # Relations users = db.relationship('User', backref='tenant') + domains = db.relationship('TenantDomain', backref='tenant') def __repr__(self): return f"" @@ -115,3 +117,23 @@ class User(db.Model, UserMixin): def has_roles(self, *args): return any(role.name in args for role in self.roles) + + +class TenantDomain(db.Model): + __bind_key__ = 'public' + __table_args__ = {'schema': 'public'} + + id = db.Column(db.Integer, primary_key=True) + tenant_id = db.Column(db.Integer, db.ForeignKey('public.tenant.id'), nullable=False) + domain = db.Column(db.String(255), unique=True, nullable=False) + valid_to = db.Column(db.Date, nullable=True) + + # Versioning Information + created_at = db.Column(db.DateTime, nullable=False, server_default=db.func.now()) + created_by = db.Column(db.Integer, db.ForeignKey(User.id), nullable=False) + updated_at = db.Column(db.DateTime, nullable=False, server_default=db.func.now(), onupdate=db.func.now()) + updated_by = db.Column(db.Integer, db.ForeignKey(User.id)) + + def __repr__(self): + return f"" + diff --git a/common/utils/key_encryption.py b/common/utils/key_encryption.py new file mode 100644 index 0000000..060a2b4 --- /dev/null +++ b/common/utils/key_encryption.py @@ -0,0 +1,51 @@ +from google.cloud import kms +from base64 import b64encode, b64decode +from Crypto.Cipher import AES +from Crypto.Random import get_random_bytes +from flask import current_app + +client = kms.KeyManagementServiceClient() +key_name = client.crypto_key_path('your-project-id', 'your-key-ring', 'your-crypto-key') + + +def encrypt_api_key(api_key): + """Encrypts the API key using the latest version of the KEK.""" + dek = get_random_bytes(32) # AES 256-bit key + cipher = AES.new(dek, AES.MODE_GCM) + ciphertext, tag = cipher.encrypt_and_digest(api_key.encode()) + + # Encrypt the DEK using the latest version of the Google Cloud KMS key + encrypt_response = client.encrypt( + request={'name': key_name, 'plaintext': dek} + ) + encrypted_dek = encrypt_response.ciphertext + + # Store the version of the key used + key_version = encrypt_response.name + + return { + 'key_version': key_version, + 'encrypted_dek': b64encode(encrypted_dek).decode('utf-8'), + 'nonce': b64encode(cipher.nonce).decode('utf-8'), + 'tag': b64encode(tag).decode('utf-8'), + 'ciphertext': b64encode(ciphertext).decode('utf-8') + } + + +def decrypt_api_key(encrypted_data): + """Decrypts the API key using the specified key version.""" + key_version = encrypted_data['key_version'] + encrypted_dek = b64decode(encrypted_data['encrypted_dek']) + nonce = b64decode(encrypted_data['nonce']) + tag = b64decode(encrypted_data['tag']) + ciphertext = b64decode(encrypted_data['ciphertext']) + + # Decrypt the DEK using the specified version of the Google Cloud KMS key + decrypt_response = client.decrypt( + request={'name': key_version, 'ciphertext': encrypted_dek} + ) + dek = decrypt_response.plaintext + + cipher = AES.new(dek, AES.MODE_GCM, nonce=nonce) + api_key = cipher.decrypt_and_verify(ciphertext, tag) + return api_key.decode() diff --git a/common/utils/view_assistants.py b/common/utils/view_assistants.py new file mode 100644 index 0000000..a7ea7aa --- /dev/null +++ b/common/utils/view_assistants.py @@ -0,0 +1,36 @@ +def prepare_table(model_objects, column_names): + """ + Converts a list of SQLAlchemy model objects into a list of dictionaries based on specified column names. + + Args: + model_objects (list): List of SQLAlchemy model instances. + column_names (list): List of strings representing the column names to be included in the dictionaries. + + Returns: + list: List of dictionaries where each dictionary represents a record with keys as column names. + """ + table_data = [ + {col: getattr(obj, col) for col in column_names} + for obj in model_objects + ] + return table_data + + +def prepare_table_for_macro(model_objects, column_attrs): + """ + Prepare data for rendering in a macro that expects each cell as a dictionary with class, type, and value. + + Args: + model_objects (list): List of model instances or dictionaries. + column_attrs (list of tuples): Each tuple contains the attribute name and additional properties like class. + + Returns: + list: A list of rows, where each row is a list of cell dictionaries. + """ + return [ + [ + {'value': getattr(obj, attr), 'class': cls, 'type': 'text'} # Adjust 'type' as needed + for attr, cls in column_attrs + ] + for obj in model_objects + ] diff --git a/eveai_app/templates/macros.html b/eveai_app/templates/macros.html index 1f9dd9c..6398d43 100644 --- a/eveai_app/templates/macros.html +++ b/eveai_app/templates/macros.html @@ -64,6 +64,53 @@ {% endmacro %} +{% macro render_selectable_table(headers, rows, selectable, id) %} +
+
+ + + + {% if selectable %} + + {% endif %} + {% for header in headers %} + + {% endfor %} + + + + {% for row in rows %} + + {% if selectable %} + + {% endif %} + {% for cell in row %} + + {% endfor %} + + {% endfor %} + +
Select{{ header }}
+ {% if cell.type == 'image' %} +
+
+ +
+
+ {% elif cell.type == 'text' %} +

{{ cell.value }}

+ {% elif cell.type == 'badge' %} + {{ cell.value }} + {% elif cell.type == 'link' %} + {{ cell.value }} + {% else %} + {{ cell.value }} + {% endif %} +
+
+
+{% endmacro %} + {% macro render_accordion(accordion_id, accordion_items, header_title, header_description) %}
diff --git a/eveai_app/templates/navbar.html b/eveai_app/templates/navbar.html index b0118fe..39b5c78 100644 --- a/eveai_app/templates/navbar.html +++ b/eveai_app/templates/navbar.html @@ -69,10 +69,13 @@
    {% if current_user.is_authenticated %} {{ dropdown('User Mgmt', 'contacts', [ - {'name': 'Select Tenant', 'url': '/user/select_tenant', 'roles': ['Super User']}, + {'name': 'Tenant List', 'url': '/user/select_tenant', 'roles': ['Super User']}, {'name': 'Tenant Registration', 'url': '/user/tenant', 'roles': ['Super User']}, + {'name': 'Generate API Key', 'url': '/user/generate_api_key', 'roles': ['Super User']}, + {'name': 'Tenant Domains', 'url': '/user/view_tenant_domains/' + session['tenant']['id']|string, 'roles': ['Super User', 'Tenant Admin']}, + {'name': 'Tenant Domain Registration', 'url': '/user/tenant_domain', 'roles': ['Super User', 'Tenant Admin']}, + {'name': 'User List', 'url': '/user/view_users/' + session['tenant']['id']|string, 'roles': ['Super User', 'Tenant Admin']}, {'name': 'User Registration', 'url': '/user/user', 'roles': ['Super User', 'Tenant Admin']}, - {'name': 'User List', 'url': '/user/view_users/' + session['tenant']['id']|string, 'roles': ['Super User', 'Tenant Admin']} ]) }} {% endif %} {% if current_user.is_authenticated %} diff --git a/eveai_app/templates/scripts.html b/eveai_app/templates/scripts.html index 9ab3d6a..406c35f 100644 --- a/eveai_app/templates/scripts.html +++ b/eveai_app/templates/scripts.html @@ -1,6 +1,7 @@ + {% block scripts %} diff --git a/eveai_app/templates/user/edit_tenant_domain.html b/eveai_app/templates/user/edit_tenant_domain.html new file mode 100644 index 0000000..5aa8f76 --- /dev/null +++ b/eveai_app/templates/user/edit_tenant_domain.html @@ -0,0 +1,24 @@ +{% extends 'base.html' %} +{% from "macros.html" import render_field %} + +{% block title %}Update Tenant Domain{% endblock %} + +{% block content_title %}Update Tenant Domain{% endblock %} +{% block content_description %}Disable a tenant domain{% endblock %} + +{% block content %} +
    + {{ form.hidden_tag() }} + {% set disabled_fields = ['domain'] %} + {% set exclude_fields = [] %} + {% for field in form %} + {{ render_field(field, disabled_fields, exclude_fields) }} + {% endfor %} + +
    +{% endblock %} + + +{% block content_footer %} + +{% endblock %} diff --git a/eveai_app/templates/user/select_tenant.html b/eveai_app/templates/user/select_tenant.html index f8ff2dc..f4ca473 100644 --- a/eveai_app/templates/user/select_tenant.html +++ b/eveai_app/templates/user/select_tenant.html @@ -1,5 +1,5 @@ {% extends 'base.html' %} -{% from "macros.html" import render_field %} +{% from "macros.html" import render_selectable_table %} {% block title %}Tenant Selection{% endblock %} @@ -8,27 +8,38 @@ {% block content %}
    - - - - - - - - - - {% for tenant in tenants %} - - - - - - {% endfor %} - -
    SelectTenant NameTenant ID
    {{ tenant.name }}{{ tenant.id }}
    - - - - + {{ render_selectable_table(headers=["Tenant ID", "Tenant Name","Website"], rows=tenants, selectable=True, id="tenantsTable") }} +
    + + + + +
    {% endblock %} +{% block scripts %} + +{% endblock %} \ No newline at end of file diff --git a/eveai_app/templates/user/tenant_domain.html b/eveai_app/templates/user/tenant_domain.html new file mode 100644 index 0000000..142514f --- /dev/null +++ b/eveai_app/templates/user/tenant_domain.html @@ -0,0 +1,24 @@ +{% extends 'base.html' %} +{% from "macros.html" import render_field %} + +{% block title %}Tenant Domain Registration{% endblock %} + +{% block content_title %}Register Tenant Domain{% endblock %} +{% block content_description %}Make a new tenant domain, which enables the chat client on the specified domain{% endblock %} + +{% block content %} +
    + {{ form.hidden_tag() }} + {% set disabled_fields = [] %} + {% set exclude_fields = [] %} + {% for field in form %} + {{ render_field(field, disabled_fields, exclude_fields) }} + {% endfor %} + +
    +{% endblock %} + + +{% block content_footer %} + +{% endblock %} diff --git a/eveai_app/templates/user/view_tenant_domains.html b/eveai_app/templates/user/view_tenant_domains.html new file mode 100644 index 0000000..771ac0f --- /dev/null +++ b/eveai_app/templates/user/view_tenant_domains.html @@ -0,0 +1,45 @@ +{% extends 'base.html' %} +{% from "macros.html" import render_selectable_table %} + +{% block title %}View Tenant Domains{% endblock %} + +{% block content_title %}Select a domain{% endblock %} +{% block content_description %}Select the domain you'd like to action upon{% endblock %} + +{% block content %} +
    + {{ render_selectable_table(headers=["ID", "Domain Name", "Valid To"], rows=tenant_domains, selectable=True, id="tenantDomainsTable") }} +
    + + +
    +
    +{% endblock %} +{% block scripts %} + +{% endblock %} \ No newline at end of file diff --git a/eveai_app/templates/user/view_users.html b/eveai_app/templates/user/view_users.html index a5c505a..f419489 100644 --- a/eveai_app/templates/user/view_users.html +++ b/eveai_app/templates/user/view_users.html @@ -1,5 +1,5 @@ {% extends 'base.html' %} -{% from "macros.html" import render_field %} +{% from "macros.html" import render_selectable_table %} {% block title %}View Users{% endblock %} @@ -7,49 +7,43 @@ {% block content_description %}Select the user you'd like to action upon{% endblock %} {% block content %} -

    Users for Selected Tenant

    - - - - - - - - - - - {% for user in users %} - - - - - - - {% endfor %} - -
    SelectUser IDNameEmail
    {{ user.id }}{{ user.name }}{{ user.email }}
    + {{ render_selectable_table(headers=["User ID", "User Name", "Email"], rows=users, selectable=True, id="usersTable") }}
    - - +{% endblock %} +{% block scripts %} -{% endblock %} +{% endblock %} \ No newline at end of file diff --git a/eveai_app/views/user_forms.py b/eveai_app/views/user_forms.py index 6541b5f..55d2918 100644 --- a/eveai_app/views/user_forms.py +++ b/eveai_app/views/user_forms.py @@ -74,3 +74,12 @@ class UserRoleForm(FlaskForm): email = EmailField('Email', validators=[DataRequired(), Email()]) roles = FieldList(FormField(RoleForm), min_entries=1) submit = SubmitField('Update Roles') + + +class TenantDomainForm(FlaskForm): + domain = StringField('Domain', validators=[DataRequired(), Length(max=80)]) + valid_to = DateField('Valid to', id='form-control datepicker', validators=[Optional()]) + submit = SubmitField('Add Domain') + + + diff --git a/eveai_app/views/user_views.py b/eveai_app/views/user_views.py index 2da8f9a..84e3703 100644 --- a/eveai_app/views/user_views.py +++ b/eveai_app/views/user_views.py @@ -2,13 +2,15 @@ import uuid from datetime import datetime as dt, timezone as tz from flask import request, redirect, url_for, flash, render_template, Blueprint, session, current_app -from flask_security import hash_password, roles_required, roles_accepted +from flask_security import hash_password, roles_required, roles_accepted, current_user from sqlalchemy.exc import SQLAlchemyError +import ast -from common.models.user import User, Tenant, Role +from common.models.user import User, Tenant, Role, TenantDomain from common.extensions import db -from .user_forms import TenantForm, CreateUserForm, EditUserForm +from .user_forms import TenantForm, CreateUserForm, EditUserForm, TenantDomainForm from common.utils.database import Database +from common.utils.view_assistants import prepare_table_for_macro user_bp = Blueprint('user_bp', __name__, url_prefix='/user') @@ -32,8 +34,10 @@ def tenant(): # Handle Embedding Variables new_tenant.html_tags = form.html_tags.data.split(',') if form.html_tags.data else [], new_tenant.html_end_tags = form.html_end_tags.data.split(',') if form.html_end_tags.data else [], - new_tenant.html_included_elements = form.html_included_elements.data.split(',') if form.html_included_elements.data else [], - new_tenant.html_excluded_elements = form.html_excluded_elements.data.split(',') if form.html_excluded_elements.data else [] + new_tenant.html_included_elements = form.html_included_elements.data.split( + ',') if form.html_included_elements.data else [], + new_tenant.html_excluded_elements = form.html_excluded_elements.data.split( + ',') if form.html_excluded_elements.data else [] # Handle Timestamps timestamp = dt.now(tz.utc) @@ -189,13 +193,17 @@ def edit_user(user_id): @roles_required('Super User') def select_tenant(): tenants = Tenant.query.all() # Fetch all tenants from the database - return render_template('user/select_tenant.html', tenants=tenants) + + prepared_data = prepare_table_for_macro(tenants, [('id', ''), ('name', ''), ('website', '')]) + + return render_template('user/select_tenant.html', tenants=prepared_data) @user_bp.route('/handle_tenant_selection', methods=['POST']) @roles_required('Super User') def handle_tenant_selection(): - tenant_id = request.form['tenant_id'] + tenant_identification = request.form['selected_row'] + tenant_id = ast.literal_eval(tenant_identification).get('value') the_tenant = Tenant.query.get(tenant_id) session['tenant'] = the_tenant.to_dict() session['default_language'] = the_tenant.default_language @@ -217,21 +225,112 @@ def handle_tenant_selection(): @user_bp.route('/view_users/') @roles_accepted('Super User', 'Tenant Admin') def view_users(tenant_id): - print(tenant_id) tenant_id = int(tenant_id) users = User.query.filter_by(tenant_id=tenant_id).all() + prepared_data = prepare_table_for_macro(users, [('id', ''), ('user_name', ''), ('email', '')]) + current_app.logger.debug(f'prepared_data: {prepared_data}') + # Render the users in a template - return render_template('user/view_users.html', users=users) + return render_template('user/view_users.html', users=prepared_data) @user_bp.route('/handle_user_action', methods=['POST']) @roles_accepted('Super User', 'Tenant Admin') def handle_user_action(): - user_id = request.form['user_id'] + user_identification = request.form['selected_row'] + user_id = ast.literal_eval(user_identification).get('value') action = request.form['action'] if action == 'edit_user': return redirect(url_for('user_bp.edit_user', user_id=user_id)) # Add more conditions for other actions return redirect(url_for('view_users')) + + +@user_bp.route('/view_tenant_domains/') +@roles_accepted('Super User', 'Tenant Admin') +def view_tenant_domains(tenant_id): + tenant_id = int(tenant_id) + tenant_domains = TenantDomain.query.filter_by(tenant_id=tenant_id).all() + + # prepare table data + prepared_data = prepare_table_for_macro(tenant_domains, [('id', ''), ('domain', ''), ('valid_to', '')]) + + # Render the users in a template + return render_template('user/view_tenant_domains.html', tenant_domains=prepared_data) + + +@user_bp.route('/handle_tenant_domain_action', methods=['POST']) +@roles_accepted('Super User', 'Tenant Admin') +def handle_tenant_domain_action(): + tenant_domain_identification = request.form['selected_row'] + tenant_domain_id = ast.literal_eval(tenant_domain_identification).get('value') + action = request.form['action'] + + if action == 'edit_tenant_domain': + return redirect(url_for('user_bp.edit_tenant_domain', tenant_domain_id=tenant_domain_id)) + # Add more conditions for other actions + return redirect(url_for('view_tenant_domains')) + + +@user_bp.route('/tenant_domain', methods=['GET', 'POST']) +@roles_accepted('Super User', 'Tenant Admin') +def tenant_domain(): + form = TenantDomainForm() + if form.validate_on_submit(): + new_tenant_domain = TenantDomain() + form.populate_obj(new_tenant_domain) + new_tenant_domain.tenant_id = session['tenant']['id'] + set_logging_information(new_tenant_domain, dt.now(tz.utc)) + + # Add the new user to the database and commit the changes + try: + db.session.add(new_tenant_domain) + db.session.commit() + flash('Tenant Domain added successfully.') + except SQLAlchemyError as e: + db.session.rollback() + flash(f'Failed to add Tenant Domain. Error: {str(e)}') + current_app.logger.error(f'Failed to create Tenant Domain {new_tenant_domain.domain}. ' + f'for tenant {session["tenant"]["id"]}' + f'Error: {str(e)}') + + return render_template('user/tenant_domain.html', form=form) + + +@user_bp.route('/tenant_domain/', methods=['GET', 'POST']) +@roles_accepted('Super User', 'Tenant Admin') +def edit_tenant_domain(tenant_domain_id): + tenant_domain = TenantDomain.query.get_or_404(tenant_domain_id) # This will return a 404 if no user is found + form = TenantDomainForm(obj=tenant_domain) + + if request.method == 'POST' and form.validate_on_submit(): + form.populate_obj(tenant_domain) + update_logging_information(tenant_domain, dt.now(tz.utc)) + try: + db.session.add(tenant_domain) + db.session.commit() + flash('Tenant Domain updated successfully.', 'success') + except SQLAlchemyError as e: + db.session.rollback() + flash(f'Failed to update Tenant Domain. Error: {str(e)}', 'danger') + current_app.logger.error(f'Failed to update Tenant Domain {tenant_domain.id}. ' + f'for tenant {session["tenant"]["id"]}' + f'Error: {str(e)}') + return redirect( + url_for('user_bp.view_tenant_domains', tenant_id=session['tenant']['id'])) # Assuming there's a user profile view to redirect to + + return render_template('user/edit_tenant_domain.html', form=form, tenant_domain_id=tenant_domain_id) + + +def set_logging_information(obj, timestamp): + obj.created_at = timestamp + obj.updated_at = timestamp + obj.created_by = current_user.id + obj.updated_by = current_user.id + + +def update_logging_information(obj, timestamp): + obj.created_by = current_user.id + obj.updated_by = current_user.id