def get(self, token_uuid, required_acl):
token_data = self._dao.token.get(token_uuid)
if not token_data:
raise UnknownTokenException()
id_ = token_data.pop('uuid')
token = Token(id_, **token_data)
if token.is_expired():
raise UnknownTokenException()
if not token.matches_required_acl(required_acl):
raise MissingACLTokenException(required_acl)
return token
def check_scopes(self, token_uuid, scopes):
token_data = self._dao.token.get(token_uuid)
if not token_data:
raise UnknownTokenException()
id_ = token_data.pop('uuid')
token = Token(id_, **token_data)
if token.is_expired():
raise UnknownTokenException()
scope_statuses = {
scope: token.matches_required_access(scope)
for scope in set(scopes)
}
return token, scope_statuses
def new_token(self, backend, login, args):
metadata = backend.get_metadata(login, args)
logger.debug('metadata for %s: %s', login, metadata)
auth_id = metadata['auth_id']
user_uuid = metadata.get('xivo_user_uuid')
xivo_uuid = metadata['xivo_uuid']
args['acl_templates'] = self._get_acl_templates(args['backend'])
args['metadata'] = metadata
acls = backend.get_acls(login, args)
expiration = args.get('expiration', self._default_expiration)
current_time = time.time()
session_payload = {}
if metadata.get('tenant_uuid'):
session_payload['tenant_uuid'] = metadata['tenant_uuid']
if args.get('mobile'):
session_payload['mobile'] = args['mobile']
token_payload = {
'auth_id': auth_id,
'xivo_user_uuid': user_uuid,
'xivo_uuid': xivo_uuid,
'expire_t': current_time + expiration,
'issued_t': current_time,
'acls': acls or [],
'metadata': metadata,
'user_agent': args['user_agent'],
'remote_addr': args['remote_addr'],
}
if args.get('access_type', 'online') == 'offline':
body = {
'backend': args['backend'],
'login': args['login'],
'client_id': args['client_id'],
'user_uuid': metadata['uuid'],
'user_agent': args['user_agent'],
'remote_addr': args['remote_addr'],
}
refresh_token = self._dao.refresh_token.create(body)
token_payload['refresh_token'] = refresh_token
token_uuid, session_uuid = self._dao.token.create(
token_payload, session_payload
)
token = Token(token_uuid, session_uuid=session_uuid, **token_payload)
event = SessionCreatedEvent(session_uuid, user_uuid=auth_id, **session_payload)
self._bus_publisher.publish(event)
return token
def new_token(self, backend, login, args):
metadata = backend.get_metadata(login, args)
logger.debug('metadata for %s: %s', login, metadata)
auth_id = metadata['auth_id']
xivo_user_uuid = metadata.get('xivo_user_uuid')
xivo_uuid = metadata['xivo_uuid']
args['acl_templates'] = self._get_acl_templates(args['backend'])
args['metadata'] = metadata
acls = backend.get_acls(login, args)
expiration = args.get('expiration', self._default_expiration)
current_time = time.time()
session_payload = {}
if metadata.get('tenant_uuid'):
session_payload['tenant_uuid'] = metadata['tenant_uuid']
if args.get('mobile'):
session_payload['mobile'] = args['mobile']
token_payload = {
'auth_id': auth_id,
'xivo_user_uuid': xivo_user_uuid,
'xivo_uuid': xivo_uuid,
'expire_t': current_time + expiration,
'issued_t': current_time,
'acls': acls or [],
'metadata': metadata,
}
token_uuid, session_uuid = self._dao.token.create(
token_payload, session_payload)
token = Token(token_uuid, session_uuid=session_uuid, **token_payload)
event = SessionCreatedEvent(session_uuid,
user_uuid=auth_id,
**session_payload)
self._bus_publisher.publish(event)
return token
def new_token_internal(self, expiration=None, acl=None):
expiration = expiration if expiration is not None else self._default_expiration
acl = acl or []
current_time = time.time()
token_args = {
'auth_id': 'wazo-auth',
'pbx_user_uuid': None,
'xivo_uuid': None,
'expire_t': current_time + expiration,
'issued_t': current_time,
'acl': acl,
'metadata': {
'tenant_uuid': self.top_tenant_uuid
},
'user_agent': 'wazo-auth-internal',
'remote_addr': '127.0.0.1',
}
session_args = {}
token_uuid, session_uuid = self._dao.token.create(
token_args, session_args)
token = Token(token_uuid, session_uuid=session_uuid, **token_args)
return token
def new_token(self, backend, login, args):
metadata = backend.get_metadata(login, args)
logger.debug('metadata for %s: %s', login, metadata)
auth_id = metadata['auth_id']
pbx_user_uuid = metadata.get('pbx_user_uuid')
xivo_uuid = metadata['xivo_uuid']
tenant_uuid = metadata.get('tenant_uuid')
args['acl'] = self._get_acl(args['backend'])
args['metadata'] = metadata
acl = backend.get_acl(login, args)
expiration = args.get('expiration', self._default_expiration)
current_time = time.time()
session_payload = {}
if tenant_uuid:
session_payload['tenant_uuid'] = tenant_uuid
if args.get('mobile'):
session_payload['mobile'] = args['mobile']
token_payload = {
'auth_id': auth_id,
'pbx_user_uuid': pbx_user_uuid,
'xivo_uuid': xivo_uuid,
'expire_t': current_time + expiration,
'issued_t': current_time,
'acl': acl or [],
'metadata': metadata,
'user_agent': args['user_agent'],
'remote_addr': args['remote_addr'],
}
if args.get('access_type', 'online') == 'offline':
body = {
'backend':
args['backend'],
'login':
args['login']
if not args.get('real_login') else args['real_login'],
'client_id':
args['client_id'],
'user_uuid':
metadata['uuid'],
'user_agent':
args['user_agent'],
'remote_addr':
args['remote_addr'],
'mobile':
args['mobile'],
}
try:
refresh_token = self._dao.refresh_token.create(body)
except DuplicatedRefreshTokenException:
refresh_token = self._dao.refresh_token.get_existing_refresh_token(
args['client_id'],
metadata['uuid'],
)
else:
event = RefreshTokenCreatedEvent(tenant_uuid=tenant_uuid,
**body)
self._bus_publisher.publish(
event, headers={'tenant_uuid': tenant_uuid})
token_payload['refresh_token'] = refresh_token
token_uuid, session_uuid = self._dao.token.create(
token_payload, session_payload)
token = Token(token_uuid, session_uuid=session_uuid, **token_payload)
user_uuid = auth_id if is_uuid(auth_id) else None
event = SessionCreatedEvent(session_uuid,
user_uuid=user_uuid,
**session_payload)
headers = {'tenant_uuid': tenant_uuid} if tenant_uuid else {}
self._bus_publisher.publish(event, headers=headers)
return token