diff options
Diffstat (limited to 'app/api/auth')
-rw-r--r-- | app/api/auth/__init__.py | 10 | ||||
-rw-r--r-- | app/api/auth/auth.py | 71 | ||||
-rw-r--r-- | app/api/auth/token.py | 39 |
3 files changed, 120 insertions, 0 deletions
diff --git a/app/api/auth/__init__.py b/app/api/auth/__init__.py new file mode 100644 index 0000000..1e85a2a --- /dev/null +++ b/app/api/auth/__init__.py @@ -0,0 +1,10 @@ +############################################################################### +# Copyright (c) 2017 Koren Lev (Cisco Systems), Yaron Yogev (Cisco Systems) # +# and others # +# # +# All rights reserved. This program and the accompanying materials # +# are made available under the terms of the Apache License, Version 2.0 # +# which accompanies this distribution, and is available at # +# http://www.apache.org/licenses/LICENSE-2.0 # +############################################################################### + diff --git a/app/api/auth/auth.py b/app/api/auth/auth.py new file mode 100644 index 0000000..04fc4b9 --- /dev/null +++ b/app/api/auth/auth.py @@ -0,0 +1,71 @@ +############################################################################### +# Copyright (c) 2017 Koren Lev (Cisco Systems), Yaron Yogev (Cisco Systems) # +# and others # +# # +# All rights reserved. This program and the accompanying materials # +# are made available under the terms of the Apache License, Version 2.0 # +# which accompanies this distribution, and is available at # +# http://www.apache.org/licenses/LICENSE-2.0 # +############################################################################### +from api.auth.token import Token +from api.backends.ldap_access import LDAPAccess +from utils.inventory_mgr import InventoryMgr +from utils.logging.full_logger import FullLogger + + +class Auth: + + def __init__(self): + super().__init__() + self.inv = InventoryMgr() + self.log = FullLogger() + self.tokens_coll = self.inv.client['tokens']['api_tokens'] + self.ldap_access = LDAPAccess() + + def get_token(self, token): + tokens = None + try: + tokens = list(self.tokens_coll.find({'token': token})) + except Exception as e: + self.log.error('Failed to get token for ', str(e)) + + return tokens + + def write_token(self, token): + error = None + try: + self.tokens_coll.insert_one(token) + except Exception as e: + self.log.error("Failed to write new token {0} to database for {1}" + .format(token[token], str(e))) + error = 'Failed to create new token' + + return error + + def delete_token(self, token): + error = None + try: + self.tokens_coll.delete_one({'token': token}) + except Exception as e: + self.log.error('Failed to delete token {0} for {1}'. + format(token, str(e))) + error = 'Failed to delete token {0}'.format(token) + + return error + + def validate_credentials(self, username, pwd): + return self.ldap_access.authenticate_user(username, pwd) + + def validate_token(self, token): + error = None + tokens = self.get_token(token) + if not tokens: + error = "Token {0} doesn't exist".format(token) + elif len(tokens) > 1: + self.log.error('Multiple tokens found for {0}'.format(token)) + error = "Multiple tokens found" + else: + t = tokens[0] + error = Token.validate_token(t) + + return error diff --git a/app/api/auth/token.py b/app/api/auth/token.py new file mode 100644 index 0000000..d057d22 --- /dev/null +++ b/app/api/auth/token.py @@ -0,0 +1,39 @@ +############################################################################### +# Copyright (c) 2017 Koren Lev (Cisco Systems), Yaron Yogev (Cisco Systems) # +# and others # +# # +# All rights reserved. This program and the accompanying materials # +# are made available under the terms of the Apache License, Version 2.0 # +# which accompanies this distribution, and is available at # +# http://www.apache.org/licenses/LICENSE-2.0 # +############################################################################### +import datetime +import uuid + + +class Token: + token_lifetime = 86400 + FIELD = 'X-AUTH-TOKEN' + + @classmethod + def set_token_lifetime(cls, lifetime): + Token.token_lifetime = lifetime + + @classmethod + def new_uuid_token(cls, method): + token = {} + token['issued_at'] = datetime.datetime.now() + token['expires_at'] = token['issued_at'] +\ + datetime.timedelta(seconds=Token.token_lifetime) + token['token'] = uuid.uuid4().hex + token['method'] = method + return token + + @classmethod + def validate_token(cls, token): + error = None + now = datetime.datetime.now() + if now > token['expires_at']: + error = 'Token {0} has expired'.format(token['token']) + + return error |