def get_permissions(objtype, objuid):
app.logger.debug("GET PERMISSIONS")
# Get UUID if required
if objtype in constants.SRV_TYPES:
objuid = None
if objtype in constants.UID_TYPES:
objuid = uuid.UUID(objuid)
else:
raise exceptions.UnknownObjType(objtype)
# Verify Tokens
objperm = constants.PERM_PERMS
utility.verify_auth_token_sigkey(flask.g.token, flask.g.srv_ac.sigkey_pub,
objperm, objtype, objuid=objuid,
error=True)
# Get Permissions
perms = flask.g.srv_ac.permissions.get(objtype=objtype, objuid=objuid)
app.logger.debug("perms = '{}'".format(perms))
# Build Response
json_out = {'objtype': objtype,
'objuid': str(objuid) if objuid else "",
'create': list(perms.v_create.by_uid()),
'read': list(perms.v_read.by_uid()),
'modify': list(perms.v_modify.by_uid()),
'delete': list(perms.v_delete.by_uid()),
'perms': list(perms.v_perms.by_uid())}
# Return Response
app.logger.debug("json_out = '{}'".format(json_out))
return flask.jsonify(json_out)
def create_authenticators():
app.logger.debug("POST AUTHENTICATORS")
# Verify Tokens
objperm = constants.PERM_CREATE
objtype = constants.TYPE_SRV_AC
utility.verify_auth_token_sigkey(flask.g.token, flask.g.srv_ac.sigkey_pub,
objperm, objtype, error=True)
# Log JSON
json_in = flask.request.get_json(force=True)
app.logger.debug("json_in = '{}'".format(json_in))
# Get Required Attributes
try:
module_name = json_in['module_name']
except KeyError as err:
msg = "Missing required parameter: {}".format(err)
app.logger.warning(msg)
raise exceptions.MissingAttributeError(msg) from err
# Get Optional Attributes
uid = json_in.get('uid', None)
module_kwargs = json_in.get('module_kwargs', {})
userdata = json_in.get('userdata', {})
# Log Attributes
app.logger.debug("uid = '{}'".format(uid))
app.logger.debug("module_name = '{}'".format(module_name))
app.logger.debug("module_kwargs = '{}'".format(module_kwargs))
app.logger.debug("userdata = '{}'".format(userdata))
# Create Authenticator
authenticator = flask.g.srv_ac.authenticators.create(key=uid, userdata=userdata,
module_name=module_name,
module_kwargs=module_kwargs)
app.logger.debug("authenticator = '{}'".format(authenticator))
# Return Response
json_out = {_KEY_AUTHENTICATORS: [authenticator.key]}
app.logger.debug("json_out = '{}'".format(json_out))
return flask.jsonify(json_out)
def get_verifiers(verifiers_uid):
app.logger.debug("GET VERIFIERS")
# Verify Tokens
objperm = constants.PERM_READ
objtype = constants.TYPE_VERIFIER
objuid = uuid.UUID(verifiers_uid)
utility.verify_auth_token_sigkey(flask.g.token, flask.g.srv_ac.sigkey_pub,
objperm, objtype, objuid=objuid,
error=True)
# Get Verifier
verifier = flask.g.srv_ac.verifiers.get(key=verifiers_uid)
app.logger.debug("verifier = '{}'".format(verifier))
# Return Response
json_out = {'uid': verifier.key,
'accounts': list(verifier.accounts.by_uid()),
'authenticators': list(verifier.authenticators.by_uid())}
app.logger.debug("json_out = '{}'".format(json_out))
return flask.jsonify(json_out)
def get_authenticators(authenticators_uid):
app.logger.debug("GET AUTHENTICATORS")
# Verify Tokens
objperm = constants.PERM_READ
objtype = constants.TYPE_AUTHENTICATOR
objuid = uuid.UUID(authenticators_uid)
utility.verify_auth_token_sigkey(flask.g.token, flask.g.srv_ac.sigkey_pub,
objperm, objtype, objuid=objuid,
error=True)
# Get Authenticator
authenticator = flask.g.srv_ac.authenticators.get(key=authenticators_uid)
app.logger.debug("authenticator = '{}'".format(authenticator))
# Return Response
json_out = {'uid': authenticator.key,
'module_name': authenticator.module_name,
'module_kwargs': authenticator.module_kwargs,
'userdata': authenticator.userdata}
app.logger.debug("json_out = '{}'".format(json_out))
return flask.jsonify(json_out)
def create_verifiers():
app.logger.debug("POST VERIFIERS")
# Verify Tokens
objperm = constants.PERM_CREATE
objtype = constants.TYPE_SRV_AC
utility.verify_auth_token_sigkey(flask.g.token, flask.g.srv_ac.sigkey_pub,
objperm, objtype, error=True)
# Log JSON
json_in = flask.request.get_json(force=True)
app.logger.debug("json_in = '{}'".format(json_in))
# Get Optional Attributes
uid = json_in.get('uid', None)
accounts = json_in.get('accounts', [])
authenticators = json_in.get('authenticators', [])
userdata = json_in.get('userdata', {})
# Log Attributes
app.logger.debug("uid = '{}'".format(uid))
app.logger.debug("accounts = '{}'".format(accounts))
app.logger.debug("authenticators = '{}'".format(authenticators))
app.logger.debug("userdata = '{}'".format(userdata))
# Create Verifier
verifier = flask.g.srv_ac.verifiers.create(key=uid, userdata=userdata,
accounts=accounts,
authenticators=authenticators)
app.logger.debug("verifier = '{}'".format(verifier))
# Return Response
json_out = {_KEY_VERIFIERS: [verifier.key]}
app.logger.debug("json_out = '{}'".format(json_out))
return flask.jsonify(json_out)
def create_permissions():
app.logger.debug("POST PERMISSIONS")
# Verify Tokens
objperm = constants.PERM_CREATE
objtype = constants.TYPE_SRV_AC
utility.verify_auth_token_sigkey(flask.g.token, flask.g.srv_ac.sigkey_pub,
objperm, objtype, error=True)
# Log JSON
json_in = flask.request.get_json(force=True)
app.logger.debug("json_in = '{}'".format(json_in))
# Get Required Attributes
try:
objtype = json_in[constants.KEY_OBJTYPE]
except KeyError as err:
msg = "Missing required paremeter: {}".format(e)
app.logger.warning(msg)
raise exceptions.MissingAttributeError(msg) from err
# Case by Obj Type
app.logger.debug("objtype = '{}'".format(objtype))
if objtype in constants.SRV_TYPES:
objuid = None
elif objtype in constants.UID_TYPES:
try:
objuid = json_in[constants.KEY_OBJUID]
objuid = uuid.UUID(objuid)
except KeyError as err:
msg = "Missing required parameter: {}".format(err)
app.logger.warning(msg)
raise exceptions.MissingAttributeError(msg) from err
else:
app.logger.debug("objuid = '{}'".format(objuid))
else:
raise exceptions.UnknownObjType(objtype)
app.logger.debug("objuid = '{}'".format(objuid))
# Get Verifiers
v_create = json_in.get(constants.PERM_CREATE, None)
v_read = json_in.get(constants.PERM_READ, None)
v_modify = json_in.get(constants.PERM_MODIFY, None)
v_delete = json_in.get(constants.PERM_DELETE, None)
v_perms = json_in.get(constants.PERM_PERMS, None)
v_default = json_in.get(constants.PERM_DEFAULT, None)
# Log Verfiers
app.logger.debug("v_create = '{}'".format(v_create))
app.logger.debug("v_read = '{}'".format(v_read))
app.logger.debug("v_modify = '{}'".format(v_modify))
app.logger.debug("v_delete = '{}'".format(v_delete))
app.logger.debug("v_perms = '{}'".format(v_perms))
app.logger.debug("v_default = '{}'".format(v_default))
# Create Permissions
perms = flask.g.srv_ac.permissions.create(objuid=objuid,
objtype=objtype,
v_create=v_create,
v_read=v_read,
v_modify=v_modify,
v_delete=v_delete,
v_perms=v_perms,
v_default=v_default)
app.logger.debug("perms = '{}'".format(perms))
# Return Response
perm_out = {constants.KEY_OBJTYPE: objtype}
if objuid:
perm_out[constants.KEY_OBJUID] = str(objuid)
json_out = {_KEY_PERMISSIONS: [perm_out]}
app.logger.debug("json_out = '{}'".format(json_out))
return flask.jsonify(json_out)
def test_verify_auth_token_sigkey(self):
# Setup Key Pair
pub1, priv1 = crypto.gen_key_pair()
pub2, priv2 = crypto.gen_key_pair()
# Test Verify - Pass
accountuid = uuid.uuid4()
clientuid = uuid.uuid4()
expiration = int(datetime.datetime.now().timestamp()) + 60
expiration = datetime.datetime.fromtimestamp(expiration)
objperm = "test_perm"
objtype = "test_obj"
objuid = uuid.uuid4()
token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid)
out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid)
self.assertTrue(out)
# Test Verify - Fail (bad sig)
accountuid = uuid.uuid4()
clientuid = uuid.uuid4()
expiration = int(datetime.datetime.now().timestamp()) - 60
expiration = datetime.datetime.fromtimestamp(expiration)
objperm = "test_perm"
objtype = "test_obj"
objuid = uuid.uuid4()
token = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid)
out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid)
self.assertFalse(out)
# Test Verify - Fail (expiration)
accountuid = uuid.uuid4()
clientuid = uuid.uuid4()
expiration = int(datetime.datetime.now().timestamp()) - 60
expiration = datetime.datetime.fromtimestamp(expiration)
objperm = "test_perm"
objtype = "test_obj"
objuid = uuid.uuid4()
token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid)
out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid)
self.assertFalse(out)
# Test Verify - Fail (objperm)
accountuid = uuid.uuid4()
clientuid = uuid.uuid4()
expiration = int(datetime.datetime.now().timestamp()) + 60
expiration = datetime.datetime.fromtimestamp(expiration)
objperm1 = "test_perm1"
objperm2 = "test_perm2"
objtype = "test_obj"
objuid = uuid.uuid4()
token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm1, objtype, objuid)
out = utility.verify_auth_token_sigkey(token, pub1, objperm2, objtype, objuid)
self.assertFalse(out)
# Test Verify - Fail (objtype)
accountuid = uuid.uuid4()
clientuid = uuid.uuid4()
expiration = int(datetime.datetime.now().timestamp()) + 60
expiration = datetime.datetime.fromtimestamp(expiration)
objperm = "test_perm"
objtype1 = "test_obj1"
objtype2 = "test_obj2"
objuid = uuid.uuid4()
token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype1, objuid)
out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype2, objuid)
self.assertFalse(out)
# Test Verify - Fail (objuid)
accountuid = uuid.uuid4()
clientuid = uuid.uuid4()
expiration = int(datetime.datetime.now().timestamp()) + 60
expiration = datetime.datetime.fromtimestamp(expiration)
objperm = "test_perm"
objtype = "test_obj"
objuid1 = uuid.uuid4()
objuid2 = uuid.uuid4()
token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid1)
out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid2)
self.assertFalse(out)
