def nuke_org(self, token: t.Token, org_id: t.OrgId):
headers = api_utils.get_auth_headers(token)
# get teams and users in org
response = request_utils.get(
self.url + f"/dir/org/{org_id}/teams", headers=headers
)
data = api_utils.get_data(response)
teams = set()
users = set()
for team in teams:
teams.add(team["team_id"])
for u in team["members"]:
users.add(u["user_id"])
# delete teams, users, and org
for team in teams:
response = request_utils.delete(
self.url + f"/dir/team/{team}", headers=headers
)
api_utils.get_data(response)
for u in users:
response = request_utils.delete(
self.url + f"/dir/user/{u}", headers=headers
)
api_utils.get_data(response)
response = request_utils.delete(
self.url + f"/dir/org/{org_id}", headers=headers
)
api_utils.get_data(response)
def get_org_secrets(self, token: types.Token, obfuscate: bool = False) -> dict:
params = None
if obfuscate:
params = {"obfuscate": None}
response = request_utils.get(
f"{self.url}/secrets/org", headers=self._headers(token), params=params,
)
return self._get_data(response)["secrets"]
def get_refreshed_token(
self, token: t.Token, force: bool = False
) -> typing.Optional[t.Token]:
claims = self.get_unverified_claims(token)
REFRESH_WINDOW_SECS = 120
if time.time() + REFRESH_WINDOW_SECS < claims["exp"] and not force:
return token
headers = api_utils.get_auth_headers(token)
response = request_utils.get(self.url + "/auth/refresh", headers=headers)
data = self._get_data(response)
return data["AccessToken"] if data is not None else None
def is_conducto_url(url):
import urllib.error
test_endpoint = f"{url}/auth/idtoken"
# no actual auth needed, just checking for not getting a 404 and
# name resolution.
try:
r = request_utils.get(test_endpoint)
return r.status_code == 401
except urllib.error.URLError:
return False
def invite_exists(self, email: str, invite_id: str):
response = request_utils.get(
self.url + f"/dir/invite/{invite_id}/exists/{email}"
)
if response.status_code == hs.OK:
return True
elif response.status_code == hs.NOT_FOUND:
return False
else:
# let normal channels handle the unexpected error
api_utils.get_data(response)
def user(self, token: t.Token) -> dict:
user_id = None
claims = api.Auth().get_unverified_claims(token)
user_id = claims["sub"]
headers = api_utils.get_auth_headers(token)
response = request_utils.get(self.url + f"/dir/user/{user_id}", headers=headers)
if response.status_code == 404:
raise Exception(
f"No user information found. Please complete registration at {self.url}/app"
)
return api_utils.get_data(response)
def test(self, token: t.Token) -> bool:
headers = api_utils.get_auth_headers(token)
response = request_utils.get(self.url + "/auth/test", headers=headers)
if response.status_code == hs.NO_CONTENT:
return True
elif response.status_code == hs.UNAUTHORIZED:
return False
else:
text = response.read()
try:
data = json.loads(text)
except json.JSONDecodeError:
msg = text
else:
msg = data["message"] if "message" in data else data
raise Exception(msg)
def get_credentials(self, token: t.Token) -> dict:
headers = api_utils.get_auth_headers(token)
headers["Authorization"] = "Bearer {}".format(token)
response = request_utils.get(self.url + "/auth/creds", headers=headers)
data = self._get_data(response)
return data
def get_id_token(self, token: t.Token) -> typing.Optional[t.Token]:
headers = api_utils.get_auth_headers(token)
response = request_utils.get(self.url + "/auth/idtoken", headers=headers)
data = self._get_data(response)
return data["IdToken"]
def org_users(self, token: t.Token, org_id: t.OrgId) -> typing.List[dict]:
headers = api_utils.get_auth_headers(token)
response = request_utils.get(
self.url + f"/dir/org/{org_id}/users", headers=headers
)
return api_utils.get_data(response)
def org(self, token: t.Token, org_id: t.OrgId) -> dict:
headers = api_utils.get_auth_headers(token)
response = request_utils.get(self.url + f"/dir/org/{org_id}", headers=headers)
return api_utils.get_data(response)