def get(self, token_uuid, required_acl): token_data = self._dao.token.get(token_uuid) if not token_data: raise UnknownTokenException() id_ = token_data.pop('uuid') token = Token(id_, **token_data) if token.is_expired(): raise UnknownTokenException() if not token.matches_required_acl(required_acl): raise MissingACLTokenException(required_acl) return token
def check_scopes(self, token_uuid, scopes): token_data = self._dao.token.get(token_uuid) if not token_data: raise UnknownTokenException() id_ = token_data.pop('uuid') token = Token(id_, **token_data) if token.is_expired(): raise UnknownTokenException() scope_statuses = { scope: token.matches_required_access(scope) for scope in set(scopes) } return token, scope_statuses
def new_token(self, backend, login, args): metadata = backend.get_metadata(login, args) logger.debug('metadata for %s: %s', login, metadata) auth_id = metadata['auth_id'] user_uuid = metadata.get('xivo_user_uuid') xivo_uuid = metadata['xivo_uuid'] args['acl_templates'] = self._get_acl_templates(args['backend']) args['metadata'] = metadata acls = backend.get_acls(login, args) expiration = args.get('expiration', self._default_expiration) current_time = time.time() session_payload = {} if metadata.get('tenant_uuid'): session_payload['tenant_uuid'] = metadata['tenant_uuid'] if args.get('mobile'): session_payload['mobile'] = args['mobile'] token_payload = { 'auth_id': auth_id, 'xivo_user_uuid': user_uuid, 'xivo_uuid': xivo_uuid, 'expire_t': current_time + expiration, 'issued_t': current_time, 'acls': acls or [], 'metadata': metadata, 'user_agent': args['user_agent'], 'remote_addr': args['remote_addr'], } if args.get('access_type', 'online') == 'offline': body = { 'backend': args['backend'], 'login': args['login'], 'client_id': args['client_id'], 'user_uuid': metadata['uuid'], 'user_agent': args['user_agent'], 'remote_addr': args['remote_addr'], } refresh_token = self._dao.refresh_token.create(body) token_payload['refresh_token'] = refresh_token token_uuid, session_uuid = self._dao.token.create( token_payload, session_payload ) token = Token(token_uuid, session_uuid=session_uuid, **token_payload) event = SessionCreatedEvent(session_uuid, user_uuid=auth_id, **session_payload) self._bus_publisher.publish(event) return token
def new_token(self, backend, login, args): metadata = backend.get_metadata(login, args) logger.debug('metadata for %s: %s', login, metadata) auth_id = metadata['auth_id'] xivo_user_uuid = metadata.get('xivo_user_uuid') xivo_uuid = metadata['xivo_uuid'] args['acl_templates'] = self._get_acl_templates(args['backend']) args['metadata'] = metadata acls = backend.get_acls(login, args) expiration = args.get('expiration', self._default_expiration) current_time = time.time() session_payload = {} if metadata.get('tenant_uuid'): session_payload['tenant_uuid'] = metadata['tenant_uuid'] if args.get('mobile'): session_payload['mobile'] = args['mobile'] token_payload = { 'auth_id': auth_id, 'xivo_user_uuid': xivo_user_uuid, 'xivo_uuid': xivo_uuid, 'expire_t': current_time + expiration, 'issued_t': current_time, 'acls': acls or [], 'metadata': metadata, } token_uuid, session_uuid = self._dao.token.create( token_payload, session_payload) token = Token(token_uuid, session_uuid=session_uuid, **token_payload) event = SessionCreatedEvent(session_uuid, user_uuid=auth_id, **session_payload) self._bus_publisher.publish(event) return token
def new_token_internal(self, expiration=None, acl=None): expiration = expiration if expiration is not None else self._default_expiration acl = acl or [] current_time = time.time() token_args = { 'auth_id': 'wazo-auth', 'pbx_user_uuid': None, 'xivo_uuid': None, 'expire_t': current_time + expiration, 'issued_t': current_time, 'acl': acl, 'metadata': { 'tenant_uuid': self.top_tenant_uuid }, 'user_agent': 'wazo-auth-internal', 'remote_addr': '127.0.0.1', } session_args = {} token_uuid, session_uuid = self._dao.token.create( token_args, session_args) token = Token(token_uuid, session_uuid=session_uuid, **token_args) return token
def new_token(self, backend, login, args): metadata = backend.get_metadata(login, args) logger.debug('metadata for %s: %s', login, metadata) auth_id = metadata['auth_id'] pbx_user_uuid = metadata.get('pbx_user_uuid') xivo_uuid = metadata['xivo_uuid'] tenant_uuid = metadata.get('tenant_uuid') args['acl'] = self._get_acl(args['backend']) args['metadata'] = metadata acl = backend.get_acl(login, args) expiration = args.get('expiration', self._default_expiration) current_time = time.time() session_payload = {} if tenant_uuid: session_payload['tenant_uuid'] = tenant_uuid if args.get('mobile'): session_payload['mobile'] = args['mobile'] token_payload = { 'auth_id': auth_id, 'pbx_user_uuid': pbx_user_uuid, 'xivo_uuid': xivo_uuid, 'expire_t': current_time + expiration, 'issued_t': current_time, 'acl': acl or [], 'metadata': metadata, 'user_agent': args['user_agent'], 'remote_addr': args['remote_addr'], } if args.get('access_type', 'online') == 'offline': body = { 'backend': args['backend'], 'login': args['login'] if not args.get('real_login') else args['real_login'], 'client_id': args['client_id'], 'user_uuid': metadata['uuid'], 'user_agent': args['user_agent'], 'remote_addr': args['remote_addr'], 'mobile': args['mobile'], } try: refresh_token = self._dao.refresh_token.create(body) except DuplicatedRefreshTokenException: refresh_token = self._dao.refresh_token.get_existing_refresh_token( args['client_id'], metadata['uuid'], ) else: event = RefreshTokenCreatedEvent(tenant_uuid=tenant_uuid, **body) self._bus_publisher.publish( event, headers={'tenant_uuid': tenant_uuid}) token_payload['refresh_token'] = refresh_token token_uuid, session_uuid = self._dao.token.create( token_payload, session_payload) token = Token(token_uuid, session_uuid=session_uuid, **token_payload) user_uuid = auth_id if is_uuid(auth_id) else None event = SessionCreatedEvent(session_uuid, user_uuid=user_uuid, **session_payload) headers = {'tenant_uuid': tenant_uuid} if tenant_uuid else {} self._bus_publisher.publish(event, headers=headers) return token