class UserClaimSchema(UnknownCheckedSchema):
type = fields.CheckedConstant("user_claim", required=True)
token = fields.String(required=True)
# Note claiming user also imply creating a first device
device_id = fields.DeviceID(required=True)
public_key = fields.PublicKey(required=True)
verify_key = fields.VerifyKey(required=True)
class SCHEMA_CLS(BaseSignedDataSchema):
# Override author field to allow for None value if signed by the root key
author = DeviceIDField(required=True, allow_none=True)
type = fields.CheckedConstant("user_certificate", required=True)
user_id = UserIDField(required=True)
# Human handle can be none in case of redacted certificate
human_handle = HumanHandleField(allow_none=True, missing=None)
public_key = fields.PublicKey(required=True)
# `profile` replaces `is_admin` field (which is still required for backward
# compatibility), hence `None` is not allowed
is_admin = fields.Boolean(required=True)
profile = UserProfileField(allow_none=False)
@post_load
def make_obj(self, data: Dict[str, Any]) -> "UserCertificateContent":
data.pop("type")
# Handle legacy `is_admin` field
default_profile = UserProfile.ADMIN if data.pop("is_admin") else UserProfile.STANDARD
try:
profile = data["profile"]
except KeyError:
data["profile"] = default_profile
else:
if default_profile == UserProfile.ADMIN and profile != UserProfile.ADMIN:
raise ValidationError(
"Fields `profile` and `is_admin` have incompatible values"
)
return UserCertificateContent(**data)
class SCHEMA_CLS(BaseSignedDataSchema):
type = fields.CheckedConstant("user_certificate", required=True)
user_id = UserIDField(required=True)
public_key = fields.PublicKey(required=True)
is_admin = fields.Boolean(required=True)
@post_load
def make_obj(self, data):
data.pop("type")
return UserCertificateContent(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("device_claim", required=True)
token = fields.String(required=True)
device_id = DeviceIDField(required=True)
verify_key = fields.VerifyKey(required=True)
answer_public_key = fields.PublicKey(required=True)
@post_load
def make_obj(self, data):
data.pop("type")
return DeviceClaimContent(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("user_claim", required=True)
token = fields.String(required=True)
# Note claiming user also imply creating a first device
device_id = DeviceIDField(required=True)
public_key = fields.PublicKey(required=True)
verify_key = fields.VerifyKey(required=True)
@post_load
def make_obj(self, data: Dict[str, Any]) -> "APIV1_UserClaimContent": # type: ignore[misc]
data.pop("type")
return APIV1_UserClaimContent(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("device_claim", required=True)
token = fields.String(required=True)
device_id = DeviceIDField(required=True)
verify_key = fields.VerifyKey(required=True)
answer_public_key = fields.PublicKey(required=True)
@post_load
def make_obj( # type: ignore[misc]
self, data: Dict[str, Any]
) -> "APIV1_DeviceClaimContent":
data.pop("type")
return APIV1_DeviceClaimContent(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("invite_user_data", required=True)
# Claimer ask for device_label/human_handle, but greeter has final word on this
requested_device_label = fields.String(allow_none=True, missing=None)
requested_human_handle = HumanHandleField(allow_none=True, missing=None)
# Note claiming user also imply creating a first device
public_key = fields.PublicKey(required=True)
verify_key = fields.VerifyKey(required=True)
@post_load
def make_obj(self, data):
data.pop("type")
return InviteUserData(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("pki_enrollment_submit_payload",
required=True)
verify_key = fields.VerifyKey(required=True)
public_key = fields.PublicKey(required=True)
requested_device_label = DeviceLabelField(required=True)
# No requested human handle given the accepter should use instead the
# information from the submitter's X509 certificate
@post_load
def make_obj(self, data: Dict[str,
Any]) -> "PkiEnrollmentSubmitPayload":
data.pop("type")
return PkiEnrollmentSubmitPayload(**data)
class DeviceClaimSchema(UnknownCheckedSchema):
type = fields.CheckedConstant("device_claim", required=True)
token = fields.String(required=True)
device_id = fields.DeviceID(required=True)
verify_key = fields.VerifyKey(required=True)
answer_public_key = fields.PublicKey(required=True)
class Invite1GreeterWaitPeerRepSchema(BaseRepSchema):
claimer_public_key = fields.PublicKey(required=True)
class Invite1GreeterWaitPeerReqSchema(BaseReqSchema):
token = fields.UUID(required=True)
greeter_public_key = fields.PublicKey(required=True)
