def authenticateUserFromToken(self, token):
'''
Checks the user authentication by token.
'''
exception1 = unauthorizedRequest('Invalid authentication credentials')
if token is None:
raise exception1
try:
logging.info("Get user credentials and check token.")
user = User().getUserByToken(token)
logging.debug("Search for the user token "+str(token)+".")
if user.token==token:
if self.__isAnExpiredToken(user.token_timestamp)==False:
tenantName = User().getTenantName(user.tenant_id)
userobj = UserData(user.id, user.username, tenantName, user.mail)
userobj.setToken(user.token, user.token_timestamp)
logging.debug("Found user token "+str(token)+" still valid.")
return userobj
else:
logging.debug("Found an expired user token "+str(token)+".")
raise UserTokenExpired("Token expired. You must authenticate again with user/pass")
raise Exception
except UserTokenExpired as ex:
raise ex
except Exception:
logging.debug("User token "+str(token)+" not found.")
raise exception1
def authenticateUserFromCredentials(self, credentials):
if "username" in credentials and "password" in credentials:
username = credentials["username"]
password = credentials["password"]
else:
raise unauthorizedRequest('Authentication credentials required')
user = User().getUser(username)
#passwordhash_check = self.getPasswordHash(password)
if user.password == password:
if user.token is not None and self.isAnExpiredToken(user.token_timestamp) is False:
logging.debug("User successfully authenticated")
return user.token
else:
# generate token and return
token, token_timestamp = self.generateToken()
User().setNewToken(user.id, token, token_timestamp)
return token
else:
logging.debug("Wrong password")
raise unauthorizedRequest('Login failed')
def ServiceCreateToken(self):
'''
@author: Alex Palesandro
Wraps the create token raising an exception if the token is not valid for some reason
'''
self.createToken()
if IDENTITY_API_VERSION == 2:
if self.tokendata['access']['token']['id'] is None:
raise unauthorizedRequest ("HTTPUnauthorized: Token not valid")
else:
self.token = self.tokendata['access'][ 'token']['id']
def authenticateUserFromTokenUserId(self, token, user_id):
'''
Checks the user authentication by token/user_id.
'''
exception1 = unauthorizedRequest('Invalid authentication credentials')
if token is None: # or user_id is None:
raise exception1
try:
logging.info("Get user credentials and check token.")
user = User().getUserByID(user_id)
logging.debug("Check the token of user "+str(user_id)+".")
if user.token==token and self.__isAnExpiredToken(user.token_timestamp)==False:
tenantName = User().getTenantName(user.tenant_id)
userobj = UserData(user.id, user.username, tenantName, user.mail)
userobj.setToken(user.token, user.token_timestamp)
logging.debug("Found user "+str(user_id)+" with a valid token.")
return userobj
raise Exception
except Exception:
logging.debug("User "+str(user_id)+" not found.")
raise exception1
def authenticateUserFromCredentials(self, username, password, tenant):
'''
Checks the user authentication by username/password/tenant.
'''
exception1 = unauthorizedRequest('Invalid authentication credentials')
if username is None or password is None: # or tenant is None:
raise exception1
logging.info("Get user credentials and check password.")
user = User().getUserByUsername(username)
# Check password
pwdhash_check = self.__getPasswordHash(password)
if user.pwdhash != pwdhash_check:
logging.debug("Wrong password.")
raise exception1
# Check tenant
tenantName = User().getTenantName(user.tenant_id)
if tenant is not None and tenantName != tenant:
logging.debug("Wrong tenant.")
raise exception1
userobj = UserData(user.id, user.username, tenantName, user.mail)
logging.info("Check current token. Get a new token, if it is needed.")
if user.token is None or self.__isAnExpiredToken(user.token_timestamp):
token,token_timestamp = User().getNewToken(user.id)
userobj.setToken(token, token_timestamp)
User().setNewToken(user.id, token, token_timestamp)
logging.debug("New token generated")
else:
userobj.setToken(user.token, user.token_timestamp)
logging.debug("Current token is valid.")
return userobj
def authenticateUserFromRESTRequest(self, request):
token = request.headers.get("X-Auth-Token")
if token is None:
raise unauthorizedRequest('Token required')
return self.authenticateUserFromToken(token)
