"""
Standard user can create new realms and invite new devices for himself.
Admin can invite and revoke users and on top of what standard user can do.
Outsider is only able to collaborate on existing realm and should only
access redacted certificates (hence he cannot create new realms or
get OWNER/MANAGER role on a realm)
"""
ADMIN = "ADMIN"
STANDARD = "STANDARD"
OUTSIDER = "OUTSIDER"
UserProfileField = fields.enum_field_factory(UserProfile)
@attr.s(slots=True, frozen=True, auto_attribs=True, kw_only=True, eq=False)
class UserCertificateContent(BaseAPISignedData):
class SCHEMA_CLS(BaseSignedDataSchema):
# Override author field to allow for None value if signed by the root key
author = DeviceIDField(required=True, allow_none=True)
type = fields.CheckedConstant("user_certificate", required=True)
user_id = UserIDField(required=True)
# Human handle can be none in case of redacted certificate
human_handle = HumanHandleField(allow_none=True, missing=None)
public_key = fields.PublicKey(required=True)
# `profile` replaces `is_admin` field (which is still required for backward
# compatibility), hence `None` is not allowed
backend_versions)) + "}"
self.message = (
f"No overlap between client API versions {client_versions_str} "
f"and backend API versions {backend_versions_str}")
def __str__(self) -> str:
return self.message
class HandshakeType(Enum):
AUTHENTICATED = "AUTHENTICATED"
INVITED = "INVITED"
NOT_INITIALIZED = "NOT_INITIALIZED"
HandshakeTypeField = fields.enum_field_factory(HandshakeType)
class APIV1_HandshakeType(Enum):
AUTHENTICATED = "authenticated"
ANONYMOUS = "anonymous"
ADMINISTRATION = "administration"
APIV1_HandshakeTypeField = fields.enum_field_factory(APIV1_HandshakeType)
def _settle_compatible_versions(
backend_versions: Sequence[ApiVersion],
client_versions: Sequence[ApiVersion]
) -> Tuple[ApiVersion, ApiVersion]:
"invite_2b_claimer_send_nonce_serializer",
"invite_3a_greeter_wait_peer_trust_serializer",
"invite_3b_claimer_wait_peer_trust_serializer",
"invite_3a_claimer_signify_trust_serializer",
"invite_3b_greeter_signify_trust_serializer",
"invite_4_greeter_communicate_serializer",
"invite_4_claimer_communicate_serializer",
)
class InvitationType(Enum):
USER = "******"
DEVICE = "DEVICE"
InvitationTypeField = fields.enum_field_factory(InvitationType)
class InviteNewUserReqSchema(BaseReqSchema):
type = fields.EnumCheckedConstant(InvitationType.USER, required=True)
claimer_email = fields.String(required=True)
send_email = fields.Boolean(required=True)
class InviteNewDeviceReqSchema(BaseReqSchema):
type = fields.EnumCheckedConstant(InvitationType.DEVICE, required=True)
send_email = fields.Boolean(required=True)
class InviteNewReqSchema(OneOfSchema):
type_field = "type"
from typing import Dict, cast
from enum import Enum
from parsec.api.protocol.base import BaseRepSchema, BaseReqSchema, CmdSerializer
from parsec.serde import BaseSchema, OneOfSchema, fields
class PkiEnrollmentStatus(Enum):
SUBMITTED = "SUBMITTED"
ACCEPTED = "ACCEPTED"
REJECTED = "REJECTED"
CANCELLED = "CANCELLED"
PkiEnrollmentStatusField = fields.enum_field_factory(PkiEnrollmentStatus)
# pki_enrollment_submit
class PkiEnrollmentSubmitReqSchema(BaseReqSchema):
enrollment_id = fields.UUID(required=True)
# Existing enrollment with SUMBITTED status prevent submitting new
# enrollment with similir x509 certificate unless force flag is set.
force = fields.Boolean(required=True)
submitter_der_x509_certificate = fields.Bytes(required=True)
# Duplicated certificate email field. (The backend need to check if the email is used without loading the certificate)
submitter_der_x509_certificate_email = fields.String(required=False,
missing=None,
allow_none=True)
)
class MaintenanceType(Enum):
GARBAGE_COLLECTION = "GARBAGE_COLLECTION"
REENCRYPTION = "REENCRYPTION"
class RealmRole(Enum):
OWNER = "OWNER"
MANAGER = "MANAGER"
CONTRIBUTOR = "CONTRIBUTOR"
READER = "READER"
RealmRoleField = fields.enum_field_factory(RealmRole)
MaintenanceTypeField = fields.enum_field_factory(MaintenanceType)
class RealmCreateReqSchema(BaseReqSchema):
role_certificate = fields.Bytes(required=True)
class RealmCreateRepSchema(BaseRepSchema):
pass
realm_create_serializer = CmdSerializer(RealmCreateReqSchema, RealmCreateRepSchema)
class RealmStatusReqSchema(BaseReqSchema):
