def issue_tmp(body, requested_permissions): if body.not_before: raise BadRequest("do not specify not_before when creating a tmp token") nbf = int(time.time()) exp = calendar.timegm(body.expires.utctimetuple()) if exp <= nbf: raise BadRequest("expiration time must be in the future") max_lifetime = current_app.config.get( "RELENGAPI_TMP_TOKEN_MAX_LIFETIME", 86400) if exp > nbf + max_lifetime: raise BadRequest("expiration time is more than %d seconds in the future" % max_lifetime) perm_strs = [str(prm) for prm in requested_permissions] token = tokenstr.claims_to_str({ 'iss': 'ra2', 'typ': 'tmp', 'nbf': nbf, 'exp': exp, 'prm': perm_strs, 'mta': body.metadata, }) return types.JsonToken(typ='tmp', token=token, not_before=tz.utcfromtimestamp(nbf), expires=body.expires, permissions=perm_strs, metadata=body.metadata, disabled=False)
def issue_tmp(body, requested_permissions): if body.not_before: raise BadRequest("do not specify not_before when creating a tmp token") nbf = int(time.time()) exp = calendar.timegm(body.expires.utctimetuple()) if exp <= nbf: raise BadRequest("expiration time must be in the future") max_lifetime = current_app.config.get("RELENGAPI_TMP_TOKEN_MAX_LIFETIME", 86400) if exp > nbf + max_lifetime: raise BadRequest( "expiration time is more than %d seconds in the future" % max_lifetime) perm_strs = [str(prm) for prm in requested_permissions] token = tokenstr.claims_to_str({ 'iss': 'ra2', 'typ': 'tmp', 'nbf': nbf, 'exp': exp, 'prm': perm_strs, 'mta': body.metadata, }) return types.JsonToken(typ='tmp', token=token, not_before=tz.utcfromtimestamp(nbf), expires=body.expires, permissions=perm_strs, metadata=body.metadata, disabled=False)
def issue_prm(body, requested_permissions): session = g.db.session('relengapi') token_row = tables.Token( typ='prm', description=body.description, permissions=requested_permissions, disabled=False) session.add(token_row) session.commit() rv = token_row.to_jsontoken() rv.token = tokenstr.claims_to_str( {'iss': 'ra2', 'typ': 'prm', 'jti': 't%d' % token_row.id}) return rv
def issue_prm(body, requested_permissions): session = g.db.session('relengapi') token_row = tables.Token(typ='prm', description=body.description, permissions=requested_permissions, disabled=False) session.add(token_row) session.commit() rv = token_row.to_jsontoken() rv.token = tokenstr.claims_to_str({ 'iss': 'ra2', 'typ': 'prm', 'jti': 't%d' % token_row.id }) return rv
def issue_usr(body, requested_permissions): email = get_user_email() if not email: raise Forbidden("Authenticate with a user-related " "mechanism to issue user tokens") session = g.db.session('relengapi') token_row = tables.Token( typ='usr', user=email, description=body.description, permissions=requested_permissions, disabled=False) session.add(token_row) session.commit() rv = token_row.to_jsontoken() rv.token = tokenstr.claims_to_str( {'iss': 'ra2', 'typ': 'usr', 'jti': 't%d' % token_row.id}) return rv
def issue_usr(body, requested_permissions): email = get_user_email() if not email: raise Forbidden("Authenticate with a user-related " "mechanism to issue user tokens") session = g.db.session('relengapi') token_row = tables.Token(typ='usr', user=email, description=body.description, permissions=requested_permissions, disabled=False) session.add(token_row) session.commit() rv = token_row.to_jsontoken() rv.token = tokenstr.claims_to_str({ 'iss': 'ra2', 'typ': 'usr', 'jti': 't%d' % token_row.id }) return rv
def test_claims_to_str_to_claims(app): with app.app_context(): input_claims = {'iss': 'ra2', 'typ': 'prm', 'jti': 't10'} token_str = tokenstr.claims_to_str(input_claims) got_claims = tokenstr.str_to_claims(token_str) eq_(got_claims, input_claims)
def test_claims_to_str_to_claims(app): with app.app_context(): input_claims = {'iss': 'ra2', 'typ': 'prm', 'jti': 't10'} token_str = tokenstr.claims_to_str(input_claims) got_claims = tokenstr.str_to_claims(token_str) eq_(got_claims, input_claims)