def delete_token(token):
try:
token_db = Token.get(token)
return Token.delete(token_db)
except TokenNotFoundError:
pass
except Exception:
raise
def delete_token(token):
try:
token_db = Token.get(token)
return Token.delete(token_db)
except TokenNotFoundError:
pass
except Exception:
raise
def create_token(username, ttl=None, metadata=None, add_missing_user=True):
"""
:param username: Username of the user to create the token for. If the account for this user
doesn't exist yet it will be created.
:type username: ``str``
:param ttl: Token TTL (in seconds).
:type ttl: ``int``
:param metadata: Optional metadata to associate with the token.
:type metadata: ``dict``
:param add_missing_user: Add the user given by `username` if they don't exist
:type add_missing_user: ``bool``
"""
if ttl:
if ttl > cfg.CONF.auth.token_ttl:
msg = 'TTL specified %s is greater than max allowed %s.' % (
ttl, cfg.CONF.auth.token_ttl)
raise TTLTooLargeException(msg)
else:
ttl = cfg.CONF.auth.token_ttl
if username:
try:
User.get_by_name(username)
except:
if add_missing_user:
user_db = UserDB(name=username)
User.add_or_update(user_db)
extra = {'username': username, 'user': user_db}
LOG.audit('Registered new user "%s".' % (username),
extra=extra)
else:
raise UserNotFoundError()
token = uuid.uuid4().hex
expiry = date_utils.get_datetime_utc_now() + datetime.timedelta(
seconds=ttl)
token = TokenDB(user=username,
token=token,
expiry=expiry,
metadata=metadata)
Token.add_or_update(token)
username_string = username if username else 'an anonymous user'
token_expire_string = isotime.format(expiry, offset=False)
extra = {'username': username, 'token_expiration': token_expire_string}
LOG.audit('Access granted to "%s" with the token set to expire at "%s".' %
(username_string, token_expire_string),
extra=extra)
return token
def create_token(username, ttl=None, metadata=None, add_missing_user=True, service=False):
"""
:param username: Username of the user to create the token for. If the account for this user
doesn't exist yet it will be created.
:type username: ``str``
:param ttl: Token TTL (in seconds).
:type ttl: ``int``
:param metadata: Optional metadata to associate with the token.
:type metadata: ``dict``
:param add_missing_user: Add the user given by `username` if they don't exist
:type add_missing_user: ``bool``
:param service: True if this is a service (non-user) token.
:type service: ``bool``
"""
if ttl:
# Note: We allow arbitrary large TTLs for service tokens.
if not service and ttl > cfg.CONF.auth.token_ttl:
msg = ('TTL specified %s is greater than max allowed %s.' % (ttl,
cfg.CONF.auth.token_ttl))
raise TTLTooLargeException(msg)
else:
ttl = cfg.CONF.auth.token_ttl
if username:
try:
User.get_by_name(username)
except:
if add_missing_user:
user_db = UserDB(name=username)
User.add_or_update(user_db)
extra = {'username': username, 'user': user_db}
LOG.audit('Registered new user "%s".' % (username), extra=extra)
else:
raise UserNotFoundError()
token = uuid.uuid4().hex
expiry = date_utils.get_datetime_utc_now() + datetime.timedelta(seconds=ttl)
token = TokenDB(user=username, token=token, expiry=expiry, metadata=metadata, service=service)
Token.add_or_update(token)
username_string = username if username else 'an anonymous user'
token_expire_string = isotime.format(expiry, offset=False)
extra = {'username': username, 'token_expiration': token_expire_string}
LOG.audit('Access granted to "%s" with the token set to expire at "%s".' %
(username_string, token_expire_string), extra=extra)
return token
def validate_token(token_in_headers, token_in_query_params):
"""
Validate the provided authentication token.
:param token_in_headers: Authentication token provided via headers.
:type token_in_headers: ``str``
:param token_in_query_params: Authentication token provided via query params.
:type token_in_query_params: ``str``
:return: TokenDB object on success.
:rtype: :class:`.TokenDB`
"""
if not token_in_headers and not token_in_query_params:
LOG.audit('Token is not found in header or query parameters.')
raise exceptions.TokenNotProvidedError('Token is not provided.')
if token_in_headers:
LOG.audit('Token provided in headers')
if token_in_query_params:
LOG.audit('Token provided in query parameters')
token_string = token_in_headers or token_in_query_params
token = Token.get(token_string)
if token.expiry <= isotime.add_utc_tz(datetime.datetime.utcnow()):
# TODO: purge expired tokens
LOG.audit('Token with id "%s" has expired.' % (token.id))
raise exceptions.TokenExpiredError('Token has expired.')
LOG.audit('Token with id "%s" is validated.' % (token.id))
return token
def validate_token(token_in_headers, token_in_query_params):
"""
Validate the provided authentication token.
:param token_in_headers: Authentication token provided via headers.
:type token_in_headers: ``str``
:param token_in_query_params: Authentication token provided via query params.
:type token_in_query_params: ``str``
:return: TokenDB object on success.
:rtype: :class:`.TokenDB`
"""
if not token_in_headers and not token_in_query_params:
LOG.audit('Token is not found in header or query parameters.')
raise exceptions.TokenNotProvidedError('Token is not provided.')
if token_in_headers:
LOG.audit('Token provided in headers')
if token_in_query_params:
LOG.audit('Token provided in query parameters')
token_string = token_in_headers or token_in_query_params
token = Token.get(token_string)
if token.expiry <= date_utils.get_datetime_utc_now():
# TODO: purge expired tokens
LOG.audit('Token with id "%s" has expired.' % (token.id))
raise exceptions.TokenExpiredError('Token has expired.')
LOG.audit('Token with id "%s" is validated.' % (token.id))
return token
def test_delete_token(self):
token = access.create_token(USERNAME)
access.delete_token(token.token)
try:
token = Token.get(token.token)
self.assertTrue(False, 'Delete failed was expected to pass.')
except TokenNotFoundError:
self.assertTrue(True)
def test_delete_token(self):
token = access.create_token(USERNAME)
access.delete_token(token.token)
try:
token = Token.get(token.token)
self.assertTrue(False, 'Delete failed was expected to pass.')
except TokenNotFoundError:
self.assertTrue(True)
def create_token(username, ttl=None, metadata=None):
"""
:param username: Username of the user to create the token for. If the account for this user
doesn't exist yet it will be created.
:type username: ``str``
:param ttl: Token TTL (in seconds).
:type ttl: ``int``
:param metadata: Optional metadata to associate with the token.
:type metadata: ``dict``
"""
if ttl:
if ttl > cfg.CONF.auth.token_ttl:
msg = 'TTL specified %s is greater than max allowed %s.' % (
ttl, cfg.CONF.auth.token_ttl
)
raise TTLTooLargeException(msg)
else:
ttl = cfg.CONF.auth.token_ttl
if username:
try:
User.get_by_name(username)
except:
user = UserDB(name=username)
User.add_or_update(user)
extra = {'username': username, 'user': user}
LOG.audit('Registered new user "%s".' % (username), extra=extra)
token = uuid.uuid4().hex
expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=ttl)
expiry = isotime.add_utc_tz(expiry)
token = TokenDB(user=username, token=token, expiry=expiry, metadata=metadata)
Token.add_or_update(token)
username_string = username if username else 'an anonymous user'
token_expire_string = isotime.format(expiry, offset=False)
extra = {'username': username, 'token_expiration': token_expire_string}
LOG.audit('Access granted to "%s" with the token set to expire at "%s".' %
(username_string, token_expire_string), extra=extra)
return token
def test_token_model(self):
dt = isotime.add_utc_tz(datetime.datetime.utcnow())
tk1 = TokenAPI(user='******', token=uuid.uuid4().hex,
expiry=isotime.format(dt, offset=False))
tkdb1 = TokenAPI.to_model(tk1)
self.assertIsNotNone(tkdb1)
self.assertIsInstance(tkdb1, TokenDB)
self.assertEqual(tkdb1.user, tk1.user)
self.assertEqual(tkdb1.token, tk1.token)
self.assertEqual(tkdb1.expiry, isotime.parse(tk1.expiry))
tkdb2 = Token.add_or_update(tkdb1)
self.assertEqual(tkdb1, tkdb2)
self.assertIsNotNone(tkdb2.id)
tk2 = TokenAPI.from_model(tkdb2)
self.assertEqual(tk2.user, tk1.user)
self.assertEqual(tk2.token, tk1.token)
self.assertEqual(tk2.expiry, tk1.expiry)
def test_token_model(self):
dt = date_utils.get_datetime_utc_now()
tk1 = TokenAPI(user='******', token=uuid.uuid4().hex,
expiry=isotime.format(dt, offset=False))
tkdb1 = TokenAPI.to_model(tk1)
self.assertIsNotNone(tkdb1)
self.assertIsInstance(tkdb1, TokenDB)
self.assertEqual(tkdb1.user, tk1.user)
self.assertEqual(tkdb1.token, tk1.token)
self.assertEqual(tkdb1.expiry, isotime.parse(tk1.expiry))
tkdb2 = Token.add_or_update(tkdb1)
self.assertEqual(tkdb1, tkdb2)
self.assertIsNotNone(tkdb2.id)
tk2 = TokenAPI.from_model(tkdb2)
self.assertEqual(tk2.user, tk1.user)
self.assertEqual(tk2.token, tk1.token)
self.assertEqual(tk2.expiry, tk1.expiry)
def validate_token(token_string):
"""
Validate the provided authentication token.
:param token_string: Authentication token provided.
:type token_string: ``str``
:return: TokenDB object on success.
:rtype: :class:`.TokenDB`
"""
token = Token.get(token_string)
if token.expiry <= date_utils.get_datetime_utc_now():
# TODO: purge expired tokens
LOG.audit('Token with id "%s" has expired.' % (token.id))
raise exceptions.TokenExpiredError('Token has expired.')
LOG.audit('Token with id "%s" is validated.' % (token.id))
return token
def validate_token(token_string):
"""
Validate the provided authentication token.
:param token_string: Authentication token provided.
:type token_string: ``str``
:return: TokenDB object on success.
:rtype: :class:`.TokenDB`
"""
token = Token.get(token_string)
if token.expiry <= date_utils.get_datetime_utc_now():
# TODO: purge expired tokens
LOG.audit('Token with id "%s" has expired.' % (token.id))
raise exceptions.TokenExpiredError('Token has expired.')
LOG.audit('Token with id "%s" is validated.' % (token.id))
return token
