def create_user(call: APICall, _, request: CreateUserRequest):
""" Create a user from. INTERNAL. """
if call.identity.role not in Role.get_system_roles(
) and request.company != call.identity.company:
raise errors.bad_request.InvalidId(
"cannot create user in another company")
user_id = AuthBLL.create_user(request=request, call=call)
call.result.data_model = CreateUserResponse(id=user_id)
def login(call: APICall, *_, **__):
""" Generates a token based on the authenticated user (intended for use with credentials) """
call.result.data_model = AuthBLL.get_token_for_user(
user_id=call.identity.user,
company_id=call.identity.company,
expiration_sec=call.data_model.expiration_sec,
)
# Add authorization cookie
call.result.set_auth_cookie(call.result.data_model.token)
def create_credentials(call: APICall, _, __):
if _is_protected_user(call.identity.user):
raise errors.bad_request.InvalidUserId("protected identity")
credentials = AuthBLL.create_credentials(
user_id=call.identity.user,
company_id=call.identity.company,
role=call.identity.role,
)
call.result.data_model = CreateCredentialsResponse(credentials=credentials)
def get_token_for_user(call: APICall, _: str, request: GetTokenForUserRequest):
""" Generates a token based on a requested user and company. INTERNAL. """
if call.identity.role not in Role.get_system_roles():
if call.identity.role != Role.admin and call.identity.user != request.user:
raise errors.bad_request.InvalidUserId(
"cannot generate token for another user")
if call.identity.company != request.company:
raise errors.bad_request.InvalidId(
"cannot generate token in another company")
call.result.data_model = AuthBLL.get_token_for_user(
user_id=request.user,
company_id=request.company,
expiration_sec=request.expiration_sec,
)
def gen_token(args):
from apiserver.bll.auth import AuthBLL
resp = AuthBLL.get_token_for_user(args.user_id, args.company_id,
parse_timespan(args.expiration))
print('Token:\n%s' % resp.token)