Esempio n. 1
0
    def get(self, token_uuid, required_acl):
        token_data = self._dao.token.get(token_uuid)
        if not token_data:
            raise UnknownTokenException()

        id_ = token_data.pop('uuid')
        token = Token(id_, **token_data)

        if token.is_expired():
            raise UnknownTokenException()

        if not token.matches_required_acl(required_acl):
            raise MissingACLTokenException(required_acl)

        return token
Esempio n. 2
0
    def check_scopes(self, token_uuid, scopes):
        token_data = self._dao.token.get(token_uuid)
        if not token_data:
            raise UnknownTokenException()

        id_ = token_data.pop('uuid')
        token = Token(id_, **token_data)

        if token.is_expired():
            raise UnknownTokenException()

        scope_statuses = {
            scope: token.matches_required_access(scope)
            for scope in set(scopes)
        }

        return token, scope_statuses
Esempio n. 3
0
    def new_token(self, backend, login, args):
        metadata = backend.get_metadata(login, args)
        logger.debug('metadata for %s: %s', login, metadata)

        auth_id = metadata['auth_id']
        user_uuid = metadata.get('xivo_user_uuid')
        xivo_uuid = metadata['xivo_uuid']

        args['acl_templates'] = self._get_acl_templates(args['backend'])
        args['metadata'] = metadata

        acls = backend.get_acls(login, args)
        expiration = args.get('expiration', self._default_expiration)
        current_time = time.time()

        session_payload = {}
        if metadata.get('tenant_uuid'):
            session_payload['tenant_uuid'] = metadata['tenant_uuid']
        if args.get('mobile'):
            session_payload['mobile'] = args['mobile']

        token_payload = {
            'auth_id': auth_id,
            'xivo_user_uuid': user_uuid,
            'xivo_uuid': xivo_uuid,
            'expire_t': current_time + expiration,
            'issued_t': current_time,
            'acls': acls or [],
            'metadata': metadata,
            'user_agent': args['user_agent'],
            'remote_addr': args['remote_addr'],
        }

        if args.get('access_type', 'online') == 'offline':
            body = {
                'backend': args['backend'],
                'login': args['login'],
                'client_id': args['client_id'],
                'user_uuid': metadata['uuid'],
                'user_agent': args['user_agent'],
                'remote_addr': args['remote_addr'],
            }
            refresh_token = self._dao.refresh_token.create(body)
            token_payload['refresh_token'] = refresh_token

        token_uuid, session_uuid = self._dao.token.create(
            token_payload, session_payload
        )
        token = Token(token_uuid, session_uuid=session_uuid, **token_payload)

        event = SessionCreatedEvent(session_uuid, user_uuid=auth_id, **session_payload)
        self._bus_publisher.publish(event)

        return token
Esempio n. 4
0
    def new_token(self, backend, login, args):
        metadata = backend.get_metadata(login, args)
        logger.debug('metadata for %s: %s', login, metadata)

        auth_id = metadata['auth_id']
        xivo_user_uuid = metadata.get('xivo_user_uuid')
        xivo_uuid = metadata['xivo_uuid']

        args['acl_templates'] = self._get_acl_templates(args['backend'])
        args['metadata'] = metadata

        acls = backend.get_acls(login, args)
        expiration = args.get('expiration', self._default_expiration)
        current_time = time.time()

        session_payload = {}
        if metadata.get('tenant_uuid'):
            session_payload['tenant_uuid'] = metadata['tenant_uuid']
        if args.get('mobile'):
            session_payload['mobile'] = args['mobile']

        token_payload = {
            'auth_id': auth_id,
            'xivo_user_uuid': xivo_user_uuid,
            'xivo_uuid': xivo_uuid,
            'expire_t': current_time + expiration,
            'issued_t': current_time,
            'acls': acls or [],
            'metadata': metadata,
        }

        token_uuid, session_uuid = self._dao.token.create(
            token_payload, session_payload)
        token = Token(token_uuid, session_uuid=session_uuid, **token_payload)

        event = SessionCreatedEvent(session_uuid,
                                    user_uuid=auth_id,
                                    **session_payload)
        self._bus_publisher.publish(event)

        return token
Esempio n. 5
0
 def new_token_internal(self, expiration=None, acl=None):
     expiration = expiration if expiration is not None else self._default_expiration
     acl = acl or []
     current_time = time.time()
     token_args = {
         'auth_id': 'wazo-auth',
         'pbx_user_uuid': None,
         'xivo_uuid': None,
         'expire_t': current_time + expiration,
         'issued_t': current_time,
         'acl': acl,
         'metadata': {
             'tenant_uuid': self.top_tenant_uuid
         },
         'user_agent': 'wazo-auth-internal',
         'remote_addr': '127.0.0.1',
     }
     session_args = {}
     token_uuid, session_uuid = self._dao.token.create(
         token_args, session_args)
     token = Token(token_uuid, session_uuid=session_uuid, **token_args)
     return token
Esempio n. 6
0
    def new_token(self, backend, login, args):
        metadata = backend.get_metadata(login, args)
        logger.debug('metadata for %s: %s', login, metadata)

        auth_id = metadata['auth_id']
        pbx_user_uuid = metadata.get('pbx_user_uuid')
        xivo_uuid = metadata['xivo_uuid']
        tenant_uuid = metadata.get('tenant_uuid')

        args['acl'] = self._get_acl(args['backend'])
        args['metadata'] = metadata

        acl = backend.get_acl(login, args)
        expiration = args.get('expiration', self._default_expiration)
        current_time = time.time()

        session_payload = {}
        if tenant_uuid:
            session_payload['tenant_uuid'] = tenant_uuid
        if args.get('mobile'):
            session_payload['mobile'] = args['mobile']

        token_payload = {
            'auth_id': auth_id,
            'pbx_user_uuid': pbx_user_uuid,
            'xivo_uuid': xivo_uuid,
            'expire_t': current_time + expiration,
            'issued_t': current_time,
            'acl': acl or [],
            'metadata': metadata,
            'user_agent': args['user_agent'],
            'remote_addr': args['remote_addr'],
        }

        if args.get('access_type', 'online') == 'offline':
            body = {
                'backend':
                args['backend'],
                'login':
                args['login']
                if not args.get('real_login') else args['real_login'],
                'client_id':
                args['client_id'],
                'user_uuid':
                metadata['uuid'],
                'user_agent':
                args['user_agent'],
                'remote_addr':
                args['remote_addr'],
                'mobile':
                args['mobile'],
            }
            try:
                refresh_token = self._dao.refresh_token.create(body)
            except DuplicatedRefreshTokenException:
                refresh_token = self._dao.refresh_token.get_existing_refresh_token(
                    args['client_id'],
                    metadata['uuid'],
                )
            else:
                event = RefreshTokenCreatedEvent(tenant_uuid=tenant_uuid,
                                                 **body)
                self._bus_publisher.publish(
                    event, headers={'tenant_uuid': tenant_uuid})
            token_payload['refresh_token'] = refresh_token

        token_uuid, session_uuid = self._dao.token.create(
            token_payload, session_payload)
        token = Token(token_uuid, session_uuid=session_uuid, **token_payload)

        user_uuid = auth_id if is_uuid(auth_id) else None
        event = SessionCreatedEvent(session_uuid,
                                    user_uuid=user_uuid,
                                    **session_payload)
        headers = {'tenant_uuid': tenant_uuid} if tenant_uuid else {}
        self._bus_publisher.publish(event, headers=headers)

        return token