aboutsummaryrefslogtreecommitdiffstats
path: root/app/api/auth
diff options
context:
space:
mode:
Diffstat (limited to 'app/api/auth')
-rw-r--r--app/api/auth/__init__.py10
-rw-r--r--app/api/auth/auth.py71
-rw-r--r--app/api/auth/token.py39
3 files changed, 120 insertions, 0 deletions
diff --git a/app/api/auth/__init__.py b/app/api/auth/__init__.py
new file mode 100644
index 0000000..1e85a2a
--- /dev/null
+++ b/app/api/auth/__init__.py
@@ -0,0 +1,10 @@
+###############################################################################
+# Copyright (c) 2017 Koren Lev (Cisco Systems), Yaron Yogev (Cisco Systems) #
+# and others #
+# #
+# All rights reserved. This program and the accompanying materials #
+# are made available under the terms of the Apache License, Version 2.0 #
+# which accompanies this distribution, and is available at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+###############################################################################
+
diff --git a/app/api/auth/auth.py b/app/api/auth/auth.py
new file mode 100644
index 0000000..04fc4b9
--- /dev/null
+++ b/app/api/auth/auth.py
@@ -0,0 +1,71 @@
+###############################################################################
+# Copyright (c) 2017 Koren Lev (Cisco Systems), Yaron Yogev (Cisco Systems) #
+# and others #
+# #
+# All rights reserved. This program and the accompanying materials #
+# are made available under the terms of the Apache License, Version 2.0 #
+# which accompanies this distribution, and is available at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+###############################################################################
+from api.auth.token import Token
+from api.backends.ldap_access import LDAPAccess
+from utils.inventory_mgr import InventoryMgr
+from utils.logging.full_logger import FullLogger
+
+
+class Auth:
+
+ def __init__(self):
+ super().__init__()
+ self.inv = InventoryMgr()
+ self.log = FullLogger()
+ self.tokens_coll = self.inv.client['tokens']['api_tokens']
+ self.ldap_access = LDAPAccess()
+
+ def get_token(self, token):
+ tokens = None
+ try:
+ tokens = list(self.tokens_coll.find({'token': token}))
+ except Exception as e:
+ self.log.error('Failed to get token for ', str(e))
+
+ return tokens
+
+ def write_token(self, token):
+ error = None
+ try:
+ self.tokens_coll.insert_one(token)
+ except Exception as e:
+ self.log.error("Failed to write new token {0} to database for {1}"
+ .format(token[token], str(e)))
+ error = 'Failed to create new token'
+
+ return error
+
+ def delete_token(self, token):
+ error = None
+ try:
+ self.tokens_coll.delete_one({'token': token})
+ except Exception as e:
+ self.log.error('Failed to delete token {0} for {1}'.
+ format(token, str(e)))
+ error = 'Failed to delete token {0}'.format(token)
+
+ return error
+
+ def validate_credentials(self, username, pwd):
+ return self.ldap_access.authenticate_user(username, pwd)
+
+ def validate_token(self, token):
+ error = None
+ tokens = self.get_token(token)
+ if not tokens:
+ error = "Token {0} doesn't exist".format(token)
+ elif len(tokens) > 1:
+ self.log.error('Multiple tokens found for {0}'.format(token))
+ error = "Multiple tokens found"
+ else:
+ t = tokens[0]
+ error = Token.validate_token(t)
+
+ return error
diff --git a/app/api/auth/token.py b/app/api/auth/token.py
new file mode 100644
index 0000000..d057d22
--- /dev/null
+++ b/app/api/auth/token.py
@@ -0,0 +1,39 @@
+###############################################################################
+# Copyright (c) 2017 Koren Lev (Cisco Systems), Yaron Yogev (Cisco Systems) #
+# and others #
+# #
+# All rights reserved. This program and the accompanying materials #
+# are made available under the terms of the Apache License, Version 2.0 #
+# which accompanies this distribution, and is available at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+###############################################################################
+import datetime
+import uuid
+
+
+class Token:
+ token_lifetime = 86400
+ FIELD = 'X-AUTH-TOKEN'
+
+ @classmethod
+ def set_token_lifetime(cls, lifetime):
+ Token.token_lifetime = lifetime
+
+ @classmethod
+ def new_uuid_token(cls, method):
+ token = {}
+ token['issued_at'] = datetime.datetime.now()
+ token['expires_at'] = token['issued_at'] +\
+ datetime.timedelta(seconds=Token.token_lifetime)
+ token['token'] = uuid.uuid4().hex
+ token['method'] = method
+ return token
+
+ @classmethod
+ def validate_token(cls, token):
+ error = None
+ now = datetime.datetime.now()
+ if now > token['expires_at']:
+ error = 'Token {0} has expired'.format(token['token'])
+
+ return error