Exemple #1
0
 def refresh_token(self):
     LOG_INFO('Attempting Token Refreshing')
     token = self._iam_proxy_instance.refresh_token(self._refresh_token)
     if(token):
         if(token.get_status() == True):
             self._token_access_lock.acquire()
             self._access_token = token.get_access_token()
             self._refresh_token = token.get_refresh_token()
             self._expiry = int(token.get_expiry())
             self._token_access_lock.release()
             self.restart_timer()
             LOG_INFO('Token Refresh Completed')
         else:
             LOG_ERR(
                 'Token Refresh attempt failed:{}'.format(token.get_errorjson()))
     else:
         LOG_ERR('Token Refresh attempt failed')
Exemple #2
0
    def logoff(self, bearer_token):
        LOG_DEBUG('Logging off user with bearer :{}'.format(bearer_token))

        token_revoke_url = self.iam_endpoint + \
            global_config.IAM_TOKEN_REVOKE_URI

        auth_header = {'Authorization': str('Bearer ' + bearer_token)}

        try:
            token_revoke_response = requests.get(token_revoke_url,
                                                 headers=auth_header)
            if token_revoke_response.status_code != httplib.OK:
                # I am only interested in response JSON if request failed
                token_revoke_json = token_revoke_response.json()
                # Check that at least error code is present in response
                if ('error_code' in token_revoke_json
                        and 'error_message' in token_revoke_json):
                    LOG_ERR('Request for logoff failed with error: {}'.format(
                        token_revoke_json['error_message']))
                    # Create incomplete object
                    oauth_token = OAuthToken(
                        None, None, None, None, REQUEST_STATUS.NOK,
                        token_revoke_json['error_code'],
                        token_revoke_json['error_message'])
                else:
                    LOG_ERR('Unexpected JSON response "{}" received'.format(
                        token_revoke_json))
                    # Create incomplete object
                    oauth_token = OAuthToken(None, None, None, None,
                                             REQUEST_STATUS.NOK, 2001,
                                             ERROR_CODE[2001])
            else:
                LOG_INFO('User logged off')
                # Create incomplete object
                oauth_token = OAuthToken(None, None, None, None,
                                         REQUEST_STATUS.OK, None, None)

            return oauth_token

        except ValueError as ve:
            LOG_ERR(
                'Invalid response received while logging off:{}'.format(ve))
        except requests.exceptions.HTTPError as he:
            LOG_ERR(
                'Request for logging off failed. Error from server:{}'.format(
                    he))
        except requests.exceptions.ConnectionError as ce:
            LOG_ERR(
                'Request for logging off failed due to connection error: {}.'.
                format(ce))
        except requests.exceptions.Timeout as to:
            LOG_ERR('Request for logging off timed-out.')
        except Exception as ex:
            LOG_ERR('Unknown exception while logging off:{}.'.format(ex))

        # Flow should never reach here
        return OAuthToken(None, None, None, None, REQUEST_STATUS.NOK, 10001,
                          ERROR_CODE[10001])
Exemple #3
0
    def get_endpoints(self, bearer_token, module_name=None):
        LOG_DEBUG('Getting endpoints with bearer :{}'.format(bearer_token))

        if (module_name):
            endpoints_url = self.iam_endpoint + \
                global_config.IAM_GET_EP_URI + '/' + module_name.encode('utf8')
        else:
            endpoints_url = self.iam_endpoint + global_config.IAM_GET_EP_URI

        auth_header = {
            'Content-Type': 'application/x-www-form-urlencoded',
            'Authorization': str('Bearer ' + bearer_token)
        }

        try:
            endpoints_response = requests.get(endpoints_url,
                                              headers=auth_header)
            endpoints_json = endpoints_response.json()
            if endpoints_response.status_code != httplib.OK:
                # Check that at least error code is present in response
                if ('error_code' in endpoints_json
                        and 'error_message' in endpoints_json):
                    LOG_ERR(
                        'Request for Endpoints failed with error: {}'.format(
                            endpoints_json['error_message']))
                else:
                    LOG_ERR('Unexpected JSON response "{}" received'.format(
                        endpoints_json))
                    endpoints_json = {
                        'error_code': 2001,
                        'error_message': ERROR_CODE[2001]
                    }
            else:
                LOG_INFO('Endpoints received')

            return endpoints_json

        except ValueError as ve:
            LOG_ERR(
                'Invalid response received while getting endpoints:{}'.format(
                    ve))
        except requests.exceptions.HTTPError as he:
            LOG_ERR(
                'Request for getting endpoints failed. Error from server:{}'.
                format(he))
        except requests.exceptions.ConnectionError as ce:
            LOG_ERR(
                'Request for getting endpoints failed due to connection error: {}.'
                .format(ce))
        except requests.exceptions.Timeout as to:
            LOG_ERR('Request for getting endpoints timed-out.')
        except Exception as ex:
            LOG_ERR('Unknown exception while getting endpoints:{}.'.format(ex))

        # Flow should never reach here
        return {'error_code': 10001, 'error_message': ERROR_CODE[10001]}
Exemple #4
0
    def register_module(self, module_name, module_endpoint, target_apis, username, password):
        LOG_INFO('Registering {} reachable at {}'.format(
            module_name, module_endpoint))
        # Login before registration
        oauth_token = self.login(username, password)
        if(oauth_token and oauth_token.get_status() == REQUEST_STATUS.OK):
            register_input = {}
            register_input['target_apis'] = target_apis
            register_input['module_name'] = module_name
            register_input['module_end_point'] = module_endpoint

            register_url = self.iam_endpoint + \
                global_config.IAM_MOD_REGISTER_URI

            try:
                register_response = requests.post(
                    register_url, json=register_input)
                # If Registration is successful, nothing to do, just
                # return the the token object from login, else create
                # a new token object with registration error
                if register_response.status_code != httplib.OK:
                    LOG_ERR('Registration Failed with error: {}'.format(
                        register_response.status_code))
                    json_response = register_response.json()
                    # Check that at least error code is present in response
                    if('error_code' in json_response and
                            'error_message' in json_response):
                        LOG_ERR('Registration failed with error: {}'.format(
                            json_response['error_message']))
                        oauth_token = OAuthToken(None,
                                                 None,
                                                 None,
                                                 None,
                                                 REQUEST_STATUS.NOK,
                                                 json_response['error_code'],
                                                 json_response['error_message'])
                    else:
                        LOG_ERR(
                            'Invalid response received during registration')
                        oauth_token = OAuthToken(None,
                                                 None,
                                                 None,
                                                 None,
                                                 REQUEST_STATUS.NOK,
                                                 2001,
                                                 ERROR_CODE[2001])

                    register_response.raise_for_status()

                else:
                    LOG_INFO('Registration Successful')

            except ValueError as ve:
                LOG_ERR(
                    'Invalid response received for registration request:{}'.format(ve))
            except requests.exceptions.HTTPError as he:
                LOG_ERR(
                    'Registration request failed. Error from server:{}'.format(he))
            except requests.exceptions.ConnectionError as ce:
                LOG_ERR(
                    'Registration request failed due to connection error: {}.'.format(ce))
            except requests.exceptions.Timeout as to:
                LOG_ERR('Registration request timed-out.')
            except Exception as ex:
                LOG_ERR('Unknown exception during Registration:{}.'.format(ex))

        else:
            LOG_ERR('Registration Failed to login failure')

        return oauth_token
Exemple #5
0
    def login(self, username, password):
        oauth_token = None
        LOG_INFO('Logging in')
        LOG_DEBUG('{} logging in'.format(username))

        login_input = {}
        login_input['username'] = username
        login_input['password'] = password
        login_input['grant_type'] = global_config.OAUTH_GRANT_TYPE
        login_input['client_id'] = global_config.PROXY_CLIENT_ID
        login_input['client_pw'] = global_config.PROXY_CLIENT_KEY

        login_url = self.iam_endpoint + global_config.IAM_USER_LOGIN_URI

        try:
            login_response = requests.post(login_url, json=login_input)
            if login_response.status_code == httplib.OK:
                LOG_INFO('Login Successful')
                token_response = login_response.json()
                # Check that mandatory parameters are present in response
                if('access_token' in token_response and
                        'refresh_token' in token_response and
                        'scope' in token_response and
                        'token_type' in token_response and
                        'expires_in' in token_response):
                    # Create a token object from the response
                    oauth_token = OAuthToken(token_response['access_token'],
                                             token_response['refresh_token'],
                                             token_response['expires_in'],
                                             token_response['scope'],
                                             REQUEST_STATUS.OK)
                else:
                    LOG_INFO('No token received after login')
                    # Check that at least error code is present in response
                    if('error_code' in token_response and
                            'error_message' in token_response):
                        # Create incomplete object
                        LOG_ERR(
                            'Login failed with error: {}'.format(token_response['error_message']))
                        oauth_token = OAuthToken(None,
                                                 None,
                                                 None,
                                                 None,
                                                 REQUEST_STATUS.NOK,
                                                 token_response['error_code'],
                                                 token_response['error_message'])
                    else:
                        LOG_ERR('Invalid Token response received during login')
                        # Create incomplete object
                        oauth_token = OAuthToken(None,
                                                 None,
                                                 None,
                                                 None,
                                                 REQUEST_STATUS.NOK,
                                                 2001,
                                                 ERROR_CODE[2001])

            else:
                LOG_ERR('Login Failed with unhandled error')
                login_response.raise_for_status()

        except ValueError as ve:
            LOG_ERR(
                'Invalid response received for login request:{}'.format(ve))
        except requests.exceptions.HTTPError as he:
            LOG_ERR('Login request failed. Error from server:{}'.format(he))
        except requests.exceptions.ConnectionError as ce:
            LOG_ERR(
                'Login request failed due to connection error: {}.'.format(ce))
        except requests.exceptions.Timeout as to:
            LOG_ERR('Login request timed-out.')
        except Exception as ex:
            LOG_ERR('Unknown exception during login:{}.'.format(ex))

        return oauth_token
Exemple #6
0
    def refresh_token(self, refresh_token):
        oauth_token = None
        LOG_INFO('Refreshing token')
        LOG_DEBUG('Attempting token refresh with {}'.format(refresh_token))

        refresh_token_input = {}
        refresh_token_input['grant_type'] = global_config.OAUTH_REFRESH_GRANT
        refresh_token_input['refresh_token'] = refresh_token
        refresh_token_input['client_id'] = global_config.PROXY_CLIENT_ID
        refresh_token_input['client_pw'] = global_config.PROXY_CLIENT_KEY

        refresh_token_url = self.iam_endpoint + \
            global_config.IAM_REFRESH_TOKEN_URI

        try:
            refresh_token_response = requests.post(
                refresh_token_url, json=refresh_token_input)
            if refresh_token_response.status_code == httplib.OK:
                LOG_INFO('Token Refresh Successful')
                token_response = refresh_token_response.json()
                # Check that mandatory parameters are present in response
                if('access_token' in token_response and
                        'refresh_token' in token_response and
                        'scope' in token_response and
                        'token_type' in token_response and
                        'expires_in' in token_response):
                    # Create a token object from the response
                    oauth_token = OAuthToken(token_response['access_token'],
                                             token_response['refresh_token'],
                                             token_response['expires_in'],
                                             token_response['scope'],
                                             REQUEST_STATUS.OK)
                else:
                    LOG_INFO('No token received after token refresh')
                    # Check that at least error code is present in response
                    if('error_code' in token_response and
                            'error_message' in token_response):
                        # Create incomplete object
                        LOG_ERR('Token Refresh failed with error: {}'.format(
                            token_response['error_message']))
                        oauth_token = OAuthToken(None,
                                                 None,
                                                 None,
                                                 None,
                                                 REQUEST_STATUS.NOK,
                                                 token_response['error_code'],
                                                 token_response['error_message'])
                    else:
                        LOG_ERR(
                            'Invalid Token response received during refresh')
                        # Create incomplete object
                        oauth_token = OAuthToken(None,
                                                 None,
                                                 None,
                                                 None,
                                                 REQUEST_STATUS.NOK,
                                                 2001,
                                                 ERROR_CODE[2001])
            else:
                LOG_ERR('Token Refresh failed with unhandled error')
                refresh_token_response.raise_for_status()

        except ValueError as ve:
            LOG_ERR(
                'Invalid response received for token refresh request:{}'.format(ve))
        except requests.exceptions.HTTPError as he:
            LOG_ERR(
                'Token Refresh request failed. Error from server:{}'.format(he))
        except requests.exceptions.ConnectionError as ce:
            LOG_ERR(
                'Token Refresh request failed due to connection error: {}.'.format(ce))
        except requests.exceptions.Timeout as to:
            LOG_ERR('Token Refresh request timed-out.')
        except Exception as ex:
            LOG_ERR('Unknown exception during Token Refresh:{}.'.format(ex))

        return oauth_token
Exemple #7
0
    def is_token_valid(self, bearer_token):
        if(not bearer_token):
            LOG_ERR('Token Validation request missing token')
            return OAuthToken(None, None, None, None,
                              REQUEST_STATUS.NOK,
                              2002,
                              ERROR_CODE[2002])

        LOG_DEBUG('Validating bearer token:{}'.format(bearer_token))
        token_validate_url = self.iam_endpoint + \
            global_config.IAM_TOKEN_VALIDATE_URI + bearer_token

        try:
            token_validate_response = requests.get(token_validate_url,
                                                   auth=(global_config.PROXY_CLIENT_ID,
                                                         global_config.PROXY_CLIENT_KEY))
            token_validate_json = token_validate_response.json()
            if token_validate_response.status_code != httplib.OK:
                # Check that at least error code is present in response
                if('error_code' in token_validate_json and
                        'error_message' in token_validate_json):
                    LOG_ERR('Request for validating token failed with error: {}'
                            .format(token_validate_json['error_message']))
                    # Create dummy token object
                    return OAuthToken(None,
                                      None,
                                      None,
                                      None,
                                      REQUEST_STATUS.NOK,
                                      token_validate_json['error_code'],
                                      token_validate_json['error_message'])
                else:
                    LOG_ERR(
                        'Unexpected JSON response "{}" received'.format(token_validate_json))
                    # Create dummy token object
                    return OAuthToken(None,
                                      None,
                                      None,
                                      None,
                                      REQUEST_STATUS.NOK,
                                      2001,
                                      ERROR_CODE[2001])
            else:
                LOG_INFO('Token Validated')
                # Response includes too many details,
                # no one interested now, so don't report :(
                LOG_DEBUG('Validated response:{}'.format(token_validate_json))
                # Create dummy token object
                return OAuthToken(None,
                                  None,
                                  None,
                                  None,
                                  REQUEST_STATUS.OK,
                                  None,
                                  None)

        except ValueError as ve:
            LOG_ERR(
                'Invalid response received while validating token:{}'.format(ve))
        except requests.exceptions.HTTPError as he:
            LOG_ERR(
                'Request for validating token failed. Error from server:{}'.format(he))
        except requests.exceptions.ConnectionError as ce:
            LOG_ERR(
                'Request for validating token failed due to connection error: {}.'.format(ce))
        except requests.exceptions.Timeout as to:
            LOG_ERR('Request for validating token timed-out.')
        except Exception as ex:
            LOG_ERR('Unknown exception while validating token:{}.'.format(ex))

        # Flow should never reach here
        return OAuthToken(None, None, None, None, REQUEST_STATUS.NOK,
                          10001, ERROR_CODE[10001])