class SCHEMA_CLS(BaseSignedDataSchema):
# Override author field to allow for None value if signed by the root key
author = DeviceIDField(required=True, allow_none=True)
type = fields.CheckedConstant("user_certificate", required=True)
user_id = UserIDField(required=True)
# Human handle can be none in case of redacted certificate
human_handle = HumanHandleField(allow_none=True, missing=None)
public_key = fields.PublicKey(required=True)
# `profile` replaces `is_admin` field (which is still required for backward
# compatibility), hence `None` is not allowed
is_admin = fields.Boolean(required=True)
profile = UserProfileField(allow_none=False)
@post_load
def make_obj(self, data: Dict[str, Any]) -> "UserCertificateContent":
data.pop("type")
# Handle legacy `is_admin` field
default_profile = UserProfile.ADMIN if data.pop("is_admin") else UserProfile.STANDARD
try:
profile = data["profile"]
except KeyError:
data["profile"] = default_profile
else:
if default_profile == UserProfile.ADMIN and profile != UserProfile.ADMIN:
raise ValidationError(
"Fields `profile` and `is_admin` have incompatible values"
)
return UserCertificateContent(**data)
class MessageReceivedSchema(BaseSchema):
__id__ = fields.String(required=True)
__signal__ = fields.EnumCheckedConstant(BackendEvent.MESSAGE_RECEIVED,
required=True)
organization_id = OrganizationIDField(required=True)
author = DeviceIDField(required=True)
recipient = UserIDField(required=True)
index = fields.Integer(required=True)
class SCHEMA_CLS(BaseSignedDataSchema):
type = fields.CheckedConstant("revoked_user_certificate", required=True)
user_id = UserIDField(required=True)
@post_load
def make_obj(self, data: Dict[str, Any]) -> "RevokedUserCertificateContent":
data.pop("type")
return RevokedUserCertificateContent(**data)
class InviteStatusChangedSchema(BaseSchema):
__id__ = fields.String(required=True)
__signal__ = fields.EnumCheckedConstant(BackendEvent.INVITE_STATUS_CHANGED,
required=True)
organization_id = OrganizationIDField(required=True)
greeter = UserIDField(required=True)
token = InvitationTokenField(required=True)
status = InvitationStatusField(required=True)
class UserCreatedSchema(BaseSchema):
__id__ = fields.String(required=True)
__signal__ = fields.EnumCheckedConstant(BackendEvent.USER_CREATED,
required=True)
organization_id = OrganizationIDField(required=True)
user_id = UserIDField(required=True)
user_certificate = fields.Bytes(required=True)
first_device_id = DeviceIDField(required=True)
first_device_certificate = fields.Bytes(required=True)
class RealmRolesUpdatedSchema(BaseSchema):
__id__ = fields.String(required=True)
__signal__ = fields.EnumCheckedConstant(BackendEvent.REALM_ROLES_UPDATED,
required=True)
organization_id = OrganizationIDField(required=True)
author = DeviceIDField(required=True)
realm_id = RealmIDField(required=True)
user = UserIDField(required=True)
role = RealmRoleField(required=True, allow_none=True)
class SCHEMA_CLS(BaseSignedDataSchema):
type = fields.CheckedConstant("realm_role_certificate", required=True)
realm_id = fields.UUID(required=True)
user_id = UserIDField(required=True)
role = RealmRoleField(required=True, allow_none=True)
@post_load
def make_obj(self, data: Dict[str, Any]) -> "RealmRoleCertificateContent":
data.pop("type")
return RealmRoleCertificateContent(**data)
class SCHEMA_CLS(BaseSignedDataSchema):
type = fields.CheckedConstant("user_certificate", required=True)
user_id = UserIDField(required=True)
public_key = fields.PublicKey(required=True)
is_admin = fields.Boolean(required=True)
@post_load
def make_obj(self, data):
data.pop("type")
return UserCertificateContent(**data)
class UserRevokedSchema(BaseSchema):
__id__ = fields.String(required=True)
__signal__ = fields.EnumCheckedConstant(BackendEvent.USER_REVOKED,
required=True)
organization_id = OrganizationIDField(required=True)
user_id = UserIDField(required=True)