def get_permissions(objtype, objuid): app.logger.debug("GET PERMISSIONS") # Get UUID if required if objtype in constants.SRV_TYPES: objuid = None if objtype in constants.UID_TYPES: objuid = uuid.UUID(objuid) else: raise exceptions.UnknownObjType(objtype) # Verify Tokens objperm = constants.PERM_PERMS utility.verify_auth_token_sigkey(flask.g.token, flask.g.srv_ac.sigkey_pub, objperm, objtype, objuid=objuid, error=True) # Get Permissions perms = flask.g.srv_ac.permissions.get(objtype=objtype, objuid=objuid) app.logger.debug("perms = '{}'".format(perms)) # Build Response json_out = {'objtype': objtype, 'objuid': str(objuid) if objuid else "", 'create': list(perms.v_create.by_uid()), 'read': list(perms.v_read.by_uid()), 'modify': list(perms.v_modify.by_uid()), 'delete': list(perms.v_delete.by_uid()), 'perms': list(perms.v_perms.by_uid())} # Return Response app.logger.debug("json_out = '{}'".format(json_out)) return flask.jsonify(json_out)
def create_authenticators(): app.logger.debug("POST AUTHENTICATORS") # Verify Tokens objperm = constants.PERM_CREATE objtype = constants.TYPE_SRV_AC utility.verify_auth_token_sigkey(flask.g.token, flask.g.srv_ac.sigkey_pub, objperm, objtype, error=True) # Log JSON json_in = flask.request.get_json(force=True) app.logger.debug("json_in = '{}'".format(json_in)) # Get Required Attributes try: module_name = json_in['module_name'] except KeyError as err: msg = "Missing required parameter: {}".format(err) app.logger.warning(msg) raise exceptions.MissingAttributeError(msg) from err # Get Optional Attributes uid = json_in.get('uid', None) module_kwargs = json_in.get('module_kwargs', {}) userdata = json_in.get('userdata', {}) # Log Attributes app.logger.debug("uid = '{}'".format(uid)) app.logger.debug("module_name = '{}'".format(module_name)) app.logger.debug("module_kwargs = '{}'".format(module_kwargs)) app.logger.debug("userdata = '{}'".format(userdata)) # Create Authenticator authenticator = flask.g.srv_ac.authenticators.create(key=uid, userdata=userdata, module_name=module_name, module_kwargs=module_kwargs) app.logger.debug("authenticator = '{}'".format(authenticator)) # Return Response json_out = {_KEY_AUTHENTICATORS: [authenticator.key]} app.logger.debug("json_out = '{}'".format(json_out)) return flask.jsonify(json_out)
def get_verifiers(verifiers_uid): app.logger.debug("GET VERIFIERS") # Verify Tokens objperm = constants.PERM_READ objtype = constants.TYPE_VERIFIER objuid = uuid.UUID(verifiers_uid) utility.verify_auth_token_sigkey(flask.g.token, flask.g.srv_ac.sigkey_pub, objperm, objtype, objuid=objuid, error=True) # Get Verifier verifier = flask.g.srv_ac.verifiers.get(key=verifiers_uid) app.logger.debug("verifier = '{}'".format(verifier)) # Return Response json_out = {'uid': verifier.key, 'accounts': list(verifier.accounts.by_uid()), 'authenticators': list(verifier.authenticators.by_uid())} app.logger.debug("json_out = '{}'".format(json_out)) return flask.jsonify(json_out)
def get_authenticators(authenticators_uid): app.logger.debug("GET AUTHENTICATORS") # Verify Tokens objperm = constants.PERM_READ objtype = constants.TYPE_AUTHENTICATOR objuid = uuid.UUID(authenticators_uid) utility.verify_auth_token_sigkey(flask.g.token, flask.g.srv_ac.sigkey_pub, objperm, objtype, objuid=objuid, error=True) # Get Authenticator authenticator = flask.g.srv_ac.authenticators.get(key=authenticators_uid) app.logger.debug("authenticator = '{}'".format(authenticator)) # Return Response json_out = {'uid': authenticator.key, 'module_name': authenticator.module_name, 'module_kwargs': authenticator.module_kwargs, 'userdata': authenticator.userdata} app.logger.debug("json_out = '{}'".format(json_out)) return flask.jsonify(json_out)
def create_verifiers(): app.logger.debug("POST VERIFIERS") # Verify Tokens objperm = constants.PERM_CREATE objtype = constants.TYPE_SRV_AC utility.verify_auth_token_sigkey(flask.g.token, flask.g.srv_ac.sigkey_pub, objperm, objtype, error=True) # Log JSON json_in = flask.request.get_json(force=True) app.logger.debug("json_in = '{}'".format(json_in)) # Get Optional Attributes uid = json_in.get('uid', None) accounts = json_in.get('accounts', []) authenticators = json_in.get('authenticators', []) userdata = json_in.get('userdata', {}) # Log Attributes app.logger.debug("uid = '{}'".format(uid)) app.logger.debug("accounts = '{}'".format(accounts)) app.logger.debug("authenticators = '{}'".format(authenticators)) app.logger.debug("userdata = '{}'".format(userdata)) # Create Verifier verifier = flask.g.srv_ac.verifiers.create(key=uid, userdata=userdata, accounts=accounts, authenticators=authenticators) app.logger.debug("verifier = '{}'".format(verifier)) # Return Response json_out = {_KEY_VERIFIERS: [verifier.key]} app.logger.debug("json_out = '{}'".format(json_out)) return flask.jsonify(json_out)
def create_permissions(): app.logger.debug("POST PERMISSIONS") # Verify Tokens objperm = constants.PERM_CREATE objtype = constants.TYPE_SRV_AC utility.verify_auth_token_sigkey(flask.g.token, flask.g.srv_ac.sigkey_pub, objperm, objtype, error=True) # Log JSON json_in = flask.request.get_json(force=True) app.logger.debug("json_in = '{}'".format(json_in)) # Get Required Attributes try: objtype = json_in[constants.KEY_OBJTYPE] except KeyError as err: msg = "Missing required paremeter: {}".format(e) app.logger.warning(msg) raise exceptions.MissingAttributeError(msg) from err # Case by Obj Type app.logger.debug("objtype = '{}'".format(objtype)) if objtype in constants.SRV_TYPES: objuid = None elif objtype in constants.UID_TYPES: try: objuid = json_in[constants.KEY_OBJUID] objuid = uuid.UUID(objuid) except KeyError as err: msg = "Missing required parameter: {}".format(err) app.logger.warning(msg) raise exceptions.MissingAttributeError(msg) from err else: app.logger.debug("objuid = '{}'".format(objuid)) else: raise exceptions.UnknownObjType(objtype) app.logger.debug("objuid = '{}'".format(objuid)) # Get Verifiers v_create = json_in.get(constants.PERM_CREATE, None) v_read = json_in.get(constants.PERM_READ, None) v_modify = json_in.get(constants.PERM_MODIFY, None) v_delete = json_in.get(constants.PERM_DELETE, None) v_perms = json_in.get(constants.PERM_PERMS, None) v_default = json_in.get(constants.PERM_DEFAULT, None) # Log Verfiers app.logger.debug("v_create = '{}'".format(v_create)) app.logger.debug("v_read = '{}'".format(v_read)) app.logger.debug("v_modify = '{}'".format(v_modify)) app.logger.debug("v_delete = '{}'".format(v_delete)) app.logger.debug("v_perms = '{}'".format(v_perms)) app.logger.debug("v_default = '{}'".format(v_default)) # Create Permissions perms = flask.g.srv_ac.permissions.create(objuid=objuid, objtype=objtype, v_create=v_create, v_read=v_read, v_modify=v_modify, v_delete=v_delete, v_perms=v_perms, v_default=v_default) app.logger.debug("perms = '{}'".format(perms)) # Return Response perm_out = {constants.KEY_OBJTYPE: objtype} if objuid: perm_out[constants.KEY_OBJUID] = str(objuid) json_out = {_KEY_PERMISSIONS: [perm_out]} app.logger.debug("json_out = '{}'".format(json_out)) return flask.jsonify(json_out)
def test_verify_auth_token_sigkey(self): # Setup Key Pair pub1, priv1 = crypto.gen_key_pair() pub2, priv2 = crypto.gen_key_pair() # Test Verify - Pass accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid) out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid) self.assertTrue(out) # Test Verify - Fail (bad sig) accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) - 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid) out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid) self.assertFalse(out) # Test Verify - Fail (expiration) accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) - 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid) out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid) self.assertFalse(out) # Test Verify - Fail (objperm) accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm1 = "test_perm1" objperm2 = "test_perm2" objtype = "test_obj" objuid = uuid.uuid4() token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm1, objtype, objuid) out = utility.verify_auth_token_sigkey(token, pub1, objperm2, objtype, objuid) self.assertFalse(out) # Test Verify - Fail (objtype) accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype1 = "test_obj1" objtype2 = "test_obj2" objuid = uuid.uuid4() token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype1, objuid) out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype2, objuid) self.assertFalse(out) # Test Verify - Fail (objuid) accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid1 = uuid.uuid4() objuid2 = uuid.uuid4() token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid1) out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid2) self.assertFalse(out)