def create_token(username, ttl=None, metadata=None):
"""
:param username: Username of the user to create the token for. If the account for this user
doesn't exist yet it will be created.
:type username: ``str``
:param ttl: Token TTL (in seconds).
:type ttl: ``int``
:param metadata: Optional metadata to associate with the token.
:type metadata: ``dict``
"""
if not ttl or ttl > cfg.CONF.auth.token_ttl:
ttl = cfg.CONF.auth.token_ttl
if username:
try:
User.get_by_name(username)
except:
user = UserDB(name=username)
User.add_or_update(user)
LOG.audit('Registered new user "%s".' % username)
token = uuid.uuid4().hex
expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=ttl)
expiry = isotime.add_utc_tz(expiry)
token = TokenDB(user=username, token=token, expiry=expiry, metadata=metadata)
Token.add_or_update(token)
LOG.audit('Access granted to %s with the token set to expire at "%s".' %
('user "%s"' % username if username else "an anonymous user",
isotime.format(expiry, offset=False)))
return token
def delete_token(token):
try:
token_db = Token.get(token)
return Token.delete(token_db)
except TokenNotFoundError:
pass
except Exception:
raise
def delete_token(token):
try:
token_db = Token.get(token)
return Token.delete(token_db)
except TokenNotFoundError:
pass
except Exception:
raise
def validate_token(token_in_headers, token_in_query_params):
"""
Validate the provided authentication token.
:param token_in_headers: Authentication token provided via headers.
:type token_in_headers: ``str``
:param token_in_query_params: Authentication token provided via query params.
:type token_in_query_params: ``str``
:return: TokenDB object on success.
:rtype: :class:`.TokenDB`
"""
if not token_in_headers and not token_in_query_params:
LOG.audit('Token is not found in header or query parameyers.')
raise exceptions.TokenNotProvidedError('Token is not provided.')
if token_in_headers:
LOG.audit('Token provided in headers')
if token_in_query_params:
LOG.audit('Token provided in query parameters')
token_string = token_in_headers or token_in_query_params
token = Token.get(token_string)
if token.expiry <= isotime.add_utc_tz(datetime.datetime.utcnow()):
# TODO: purge expired tokens
LOG.audit('Token with id "%s" has expired.' % (token.id))
raise exceptions.TokenExpiredError('Token has expired.')
LOG.audit('Token with id "%s" is validated.' % (token.id))
return token
def test_delete_token(self):
token = access.create_token('manas')
access.delete_token(token.token)
try:
token = Token.get(token.token)
self.assertTrue(False, 'Delete failed was expected to pass.')
except TokenNotFoundError:
self.assertTrue(True)
def test_delete_token(self):
token = access.create_token('manas')
access.delete_token(token.token)
try:
token = Token.get(token.token)
self.assertTrue(False, 'Delete failed was expected to pass.')
except TokenNotFoundError:
self.assertTrue(True)
def _validate_token(self, env):
"""Validate token"""
if 'HTTP_X_AUTH_TOKEN' not in env:
LOG.audit('Token is not found in header.')
raise exceptions.TokenNotProvidedError('Token is not provided.')
token = Token.get(env['HTTP_X_AUTH_TOKEN'])
if token.expiry <= isotime.add_utc_tz(datetime.datetime.utcnow()):
LOG.audit('Token "%s" has expired.' % env['HTTP_X_AUTH_TOKEN'])
raise exceptions.TokenExpiredError('Token has expired.')
LOG.audit('Token "%s" is validated.' % env['HTTP_X_AUTH_TOKEN'])
return token
def _validate_token(self, env):
"""Validate token"""
if 'HTTP_X_AUTH_TOKEN' not in env:
LOG.audit('Token is not found in header.')
raise exceptions.TokenNotProvidedError('Token is not provided.')
token = Token.get(env['HTTP_X_AUTH_TOKEN'])
if token.expiry <= isotime.add_utc_tz(datetime.datetime.utcnow()):
LOG.audit('Token "%s" has expired.' % env['HTTP_X_AUTH_TOKEN'])
raise exceptions.TokenExpiredError('Token has expired.')
LOG.audit('Token "%s" is validated.' % env['HTTP_X_AUTH_TOKEN'])
return token
def create_token(username, ttl=None, metadata=None):
"""
:param username: Username of the user to create the token for. If the account for this user
doesn't exist yet it will be created.
:type username: ``str``
:param ttl: Token TTL (in seconds).
:type ttl: ``int``
:param metadata: Optional metadata to associate with the token.
:type metadata: ``dict``
"""
if not ttl or ttl > cfg.CONF.auth.token_ttl:
ttl = cfg.CONF.auth.token_ttl
if username:
try:
User.get_by_name(username)
except:
user = UserDB(name=username)
User.add_or_update(user)
extra = {'username': username, 'user': user}
LOG.audit('Registered new user "%s".' % (username), extra=extra)
token = uuid.uuid4().hex
expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=ttl)
expiry = isotime.add_utc_tz(expiry)
token = TokenDB(user=username, token=token, expiry=expiry, metadata=metadata)
Token.add_or_update(token)
username_string = username if username else 'an anonymous user'
token_expire_string = isotime.format(expiry, offset=False)
extra = {'username': username, 'token_expiration': token_expire_string}
LOG.audit('Access granted to "%s" with the token set to expire at "%s".' %
(username_string, token_expire_string), extra=extra)
return token
def create_token(username, ttl=None):
if not ttl or ttl > cfg.CONF.auth.token_ttl:
ttl = cfg.CONF.auth.token_ttl
if username:
try:
User.get_by_name(username)
except:
user = UserDB(name=username)
User.add_or_update(user)
LOG.audit('Registered new user "%s".' % username)
LOG.audit('Access granted to user "%s".' % username)
token = uuid.uuid4().hex
expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=ttl)
expiry = isotime.add_utc_tz(expiry)
token = TokenDB(user=username, token=token, expiry=expiry)
Token.add_or_update(token)
LOG.audit('Access granted to %s with the token set to expire at "%s".' %
('user "%s"' % username if username else "an anonymous user",
isotime.format(expiry, offset=False)))
return token
def test_token_model(self):
dt = isotime.add_utc_tz(datetime.datetime.utcnow())
tk1 = TokenAPI(user='******', token=uuid.uuid4().hex,
expiry=isotime.format(dt, offset=False))
tkdb1 = TokenAPI.to_model(tk1)
self.assertIsNotNone(tkdb1)
self.assertIsInstance(tkdb1, TokenDB)
self.assertEqual(tkdb1.user, tk1.user)
self.assertEqual(tkdb1.token, tk1.token)
self.assertEqual(tkdb1.expiry, isotime.parse(tk1.expiry))
tkdb2 = Token.add_or_update(tkdb1)
self.assertEqual(tkdb1, tkdb2)
self.assertIsNotNone(tkdb2.id)
tk2 = TokenAPI.from_model(tkdb2)
self.assertEqual(tk2.user, tk1.user)
self.assertEqual(tk2.token, tk1.token)
self.assertEqual(tk2.expiry, tk1.expiry)
def test_token_model(self):
dt = isotime.add_utc_tz(datetime.datetime.utcnow())
tk1 = TokenAPI(user='******',
token=uuid.uuid4().hex,
expiry=isotime.format(dt, offset=False))
tkdb1 = TokenAPI.to_model(tk1)
self.assertIsNotNone(tkdb1)
self.assertIsInstance(tkdb1, TokenDB)
self.assertEqual(tkdb1.user, tk1.user)
self.assertEqual(tkdb1.token, tk1.token)
self.assertEqual(tkdb1.expiry, isotime.parse(tk1.expiry))
tkdb2 = Token.add_or_update(tkdb1)
self.assertEqual(tkdb1, tkdb2)
self.assertIsNotNone(tkdb2.id)
tk2 = TokenAPI.from_model(tkdb2)
self.assertEqual(tk2.user, tk1.user)
self.assertEqual(tk2.token, tk1.token)
self.assertEqual(tk2.expiry, tk1.expiry)
def delete_token(token):
token_db = Token.get(token)
return Token.delete(token_db)
def delete_token(token):
token_db = Token.get(token)
return Token.delete(token_db)