async def login_user(request, user: str, auth_context=None):
"""User/password authentication to get an access token.
This method should be called to get an API token. This token will expire at some time. # noqa: E501
Parameters
----------
request : connexion.request
user : str
Name of the user who wants to be authenticated
auth_context : dict, optional
User's authorization context
Returns
-------
TokenResponseModel
"""
f_kwargs = {'auth_context': auth_context, 'user_id': user}
dapi = DistributedAPI(f=preprocessor.get_permissions,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_master',
is_async=False,
logger=logger)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=TokenResponseModel(
token=generate_token(user_id=user, rbac_policies=data.dikt)),
status=200,
dumps=dumps)
async def run_as_login(request, user: str, raw: bool = False) -> web.Response:
"""User/password authentication to get an access token.
This method should be called to get an API token using an authorization context body. This token will expire at some time. # noqa: E501
Parameters
----------
request : connexion.request
user : str
Name of the user who wants to be authenticated.
raw : bool, optional
Respond in raw format. Default `False`
Returns
-------
web.Response
Raw or JSON response with the generated access token.
"""
f_kwargs = {'user_id': user, 'auth_context': await request.json()}
dapi = DistributedAPI(f=preprocessor.get_permissions,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_master',
is_async=False,
logger=logger
)
data = raise_if_exc(await dapi.distribute_function())
token = None
try:
token = generate_token(user_id=user, data=data.dikt, run_as=True)
except WazuhException as e:
raise_if_exc(e)
return web.Response(text=token, content_type='text/plain', status=200) if raw \
else web.json_response(data=WazuhResult({'data': TokenResponseModel(token=token)}), status=200, dumps=dumps)
def test_generate_token(mock_raise_if_exc, mock_submit,
mock_distribute_function, mock_dapi,
mock_generate_keypair, mock_encode):
"""Verify if result is as expected"""
class NewDatetime(datetime):
def timestamp(self) -> float:
return 0
mock_raise_if_exc.return_value = security_conf
with patch('api.authentication.datetime', NewDatetime):
result = authentication.generate_token('001', {'roles': [1]})
assert result == 'test_token', 'Result is not as expected'
# Check all functions are called with expected params
mock_dapi.assert_called_once_with(f=ANY,
request_type='local_master',
is_async=False,
wait_for_complete=False,
logger=ANY)
mock_distribute_function.assert_called_once_with()
mock_raise_if_exc.assert_called_once()
mock_generate_keypair.assert_called_once()
mock_encode.assert_called_once_with(original_payload,
'-----BEGIN PRIVATE KEY-----',
algorithm='ES512')
def test_generate_token(mock_raise_if_exc, mock_submit, mock_distribute_function, mock_dapi, mock_generate_secret,
mock_encode, mock_time):
"""Verify if result is as expected"""
mock_raise_if_exc.return_value = security_conf
result = authentication.generate_token('001', {'roles': [1]})
assert result == 'test_token', 'Result is not as expected'
# Check all functions are called with expected params
mock_dapi.assert_called_once_with(f=ANY, request_type='local_master', is_async=False, wait_for_complete=True,
logger=ANY)
mock_distribute_function.assert_called_once_with()
mock_raise_if_exc.assert_called_once()
mock_generate_secret.assert_called_once()
mock_encode.assert_called_once_with(original_payload, 'test_secret_token', algorithm='HS256')
async def login_user(request, user: str, raw=False):
"""User/password authentication to get an access token.
This method should be called to get an API token. This token will expire at some time. # noqa: E501
Parameters
----------
request : connexion.request
user : str
Name of the user who wants to be authenticated
raw : bool, optional
Respond in raw format
Returns
-------
TokenResponseModel
"""
f_kwargs = {'user_id': user}
try:
# Add authorization context in case there is body in request
f_kwargs['auth_context'] = await request.json()
except JSONDecodeError:
pass
dapi = DistributedAPI(f=preprocessor.get_permissions,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_master',
is_async=False,
logger=logger)
data = raise_if_exc(await dapi.distribute_function())
token = None
try:
token = generate_token(user_id=user,
data=data.dikt,
run_as='auth_context' in f_kwargs.keys())
except WazuhException as e:
raise_if_exc(e)
if raw:
return web.Response(text=token, content_type='text/plain', status=200)
else:
return web.json_response(data=WazuhResult(
{'data': TokenResponseModel(token=token)}),
status=200,
dumps=dumps)
def create(self, request, format=None):
serializer = RegisterSerializer(data=request.data)
if not serializer.is_valid():
return Response(
InvalidPost("Invalid or Incorrect data on the post request.",
1).display_invalid_exception())
[email, password] = [item for item in serializer.data.values()]
# Checking if the email is already registered.
if User.objects.filter(email=email):
return Response(
get_json_response("false", {}, {
"code":
2,
"message":
"Invalid or Incorrect credentials. Email already registered."
}))
# Checking if the password is strong
if not len(password) > 5:
return Response(
get_json_response("false", {}, {
"code":
3,
"message":
"Invalid or Incorrect credentials. Weak credentials."
}))
[hashed_password, token_id
] = [generate_hash(password),
generate_token(email, password)]
User.objects.get_or_create(email=email,
password=hashed_password,
token_id=token_id)
return Response(
get_json_response("true", {
"email": email,
"token_id": token_id
}, {}))
