Python TokenManager Exemples

Exemple #1

Fichier : security.py Projet : thzt16/wazuh

def revoke_current_user_tokens():
    """Revoke all current user's tokens"""
    with TokenManager() as tm:
        with AuthenticationManager() as am:
            tm.add_user_roles_rules(users={am.get_user(common.current_user.get())['id']})

    return WazuhResult({'message': f'User {common.current_user.get()} was successfully logged out'})

Exemple #2

Fichier : security.py Projet : jaydave/wazuh

def revoke_tokens():
    """Revoke all tokens in current node."""
    change_secret()
    with TokenManager() as tm:
        tm.delete_all_rules()

    return {'result': 'True'}

Exemple #3

Fichier : security.py Projet : vishnuravichand/wazuh

def revoke_tokens():
    """ Revoke all tokens """
    change_secret()
    with TokenManager() as tm:
        tm.delete_all_rules()

    return WazuhResult({'msg': 'Tokens revoked successfully'})

Exemple #4

Fichier : security.py Projet : jaydave/wazuh

def invalid_roles_tokens(roles: list = None):
    """Add the necessary rules to invalidate all affected role's tokens

    Parameters
    ----------
    roles : list
        List of modified roles
    """
    with TokenManager() as tm:
        tm.add_user_roles_rules(roles=set(roles))

Exemple #5

def invalid_users_tokens(roles: list = None, users: list = None):
    """Add the necessary rules to invalidate all affected user's tokens

    Parameters
    ----------
    roles : list
        List of modified roles
    users : str
        Modified user
    """
    related_users = check_relationships(roles=roles)
    if users:
        for user in users:
            related_users.add(user)
    with TokenManager() as tm:
        tm.add_user_rules(users=related_users)

Exemple #6

Fichier : authentication.py Projet : xuxuzhang1994/wazuh

def check_token(username, roles, token_nbf_time, run_as):
    """Check the validity of a token with the current time and the generation time of the token.

    Parameters
    ----------
    username : str
        Unique username
    roles : list
        List of roles related with the current token
    token_nbf_time : int
        Issued at time of the current token
    run_as : bool
        Indicate if the token has been granted through run_as endpoint

    Returns
    -------
    Dict with the result
    """
    # Check that the user exists
    with AuthenticationManager() as am:
        user = am.get_user(username=username)
        if not user:
            return {'valid': False}
        user_id = user['id']

        with UserRolesManager() as urm:
            user_roles = [
                role['id']
                for role in map(Roles.to_dict,
                                urm.get_all_roles_from_user(user_id=user_id))
            ]
            if not am.user_allow_run_as(
                    user['username']) and set(user_roles) != set(roles):
                return {'valid': False}
            with TokenManager() as tm:
                for role in user_roles:
                    if not tm.is_token_valid(
                            role_id=role,
                            user_id=user_id,
                            token_nbf_time=int(token_nbf_time),
                            run_as=run_as):
                        return {'valid': False}

    policies = optimize_resources(roles)

    return {'valid': True, 'policies': policies}

Exemple #7

def check_token(username, token_iat_time):
    """Check the validity of a token with the current time and the generation time of the token.

    Parameters
    ----------
    username : str
        Unique username
    token_iat_time : int
        Issued at time of the current token
    Returns
    -------
    Dict with the result
    """
    with TokenManager() as tm:
        result = tm.is_token_valid(username=username,
                                   token_iat_time=int(token_iat_time))

    return {'valid': result}

Exemple #8

Fichier : security.py Projet : vvring/wazuh

def remove_users(user_ids):
    """Remove a specified list of users

    Parameters
    ----------
    user_ids : list
        List of IDs

    Returns
    -------
    Status message
    """
    result = AffectedItemsWazuhResult(
        none_msg='No user was deleted',
        some_msg='Some users were not deleted',
        all_msg='Users were successfully deleted')
    with AuthenticationManager() as auth:
        for user_id in user_ids:
            user_id = int(user_id)
            current_user = auth.get_user(common.current_user.get())
            if not isinstance(current_user, bool) and user_id == int(
                    current_user['id']) and user_id > max_id_reserved:
                result.add_failed_item(id_=user_id, error=WazuhError(5008))
                continue
            user = auth.get_user_id(user_id)
            query = auth.delete_user(user_id)
            if not query:
                result.add_failed_item(id_=user_id, error=WazuhError(5001))
            elif query == SecurityError.ADMIN_RESOURCES:
                result.add_failed_item(id_=user_id, error=WazuhError(5004))
            elif query == SecurityError.RELATIONSHIP_ERROR:
                result.add_failed_item(id_=user_id, error=WazuhError(4025))
            elif user:
                with TokenManager() as tm:
                    tm.add_user_roles_rules(users={user_id})
                result.affected_items.append(user)
                result.total_affected_items += 1

        result.affected_items.sort(key=str)
    return result

Exemple #9

Fichier : security.py Projet : jaydave/wazuh

def invalid_run_as_tokens():
    """Add the necessary rules to invalidate all affected run_as's tokens
    """
    with TokenManager() as tm:
        tm.add_user_roles_rules(run_as=True)