flaschengeist/geruecht/controller/accesTokenController.py

116 lines
4.4 KiB
Python
Raw Normal View History

2019-04-11 21:56:55 +00:00
from geruecht.model.accessToken import AccessToken
import geruecht.controller as gc
import geruecht.controller.userController as uc
2020-01-18 22:31:49 +00:00
from geruecht.model import BAR
from geruecht.controller import LOGGER
from datetime import datetime, timedelta
2019-04-11 21:56:55 +00:00
import hashlib
from . import Singleton
2019-04-11 21:56:55 +00:00
userController = uc.UserController()
2020-01-18 22:31:49 +00:00
class AccesTokenController(metaclass=Singleton):
2019-04-17 12:46:46 +00:00
""" Control all createt AccesToken
2019-05-02 16:50:59 +00:00
2019-04-17 12:46:46 +00:00
This Class create, delete, find and manage AccesToken.
Attributes:
tokenList: List of currents AccessToken
lifetime: Variable for the Lifetime of one AccessToken in seconds.
"""
instance = None
2019-04-11 21:56:55 +00:00
tokenList = None
2019-12-30 08:22:43 +00:00
def __init__(self, lifetime=1800):
2019-04-17 12:46:46 +00:00
""" Initialize AccessTokenController
2019-05-02 16:50:59 +00:00
2019-04-17 12:46:46 +00:00
Initialize Thread and set tokenList empty.
"""
LOGGER.info("Initialize AccessTokenController")
self.lifetime = gc.accConfig
2019-04-11 21:56:55 +00:00
self.tokenList = []
def checkBar(self, user):
if (userController.checkBarUser(user)):
2020-03-04 20:38:21 +00:00
if BAR not in user.group:
user.group.append(BAR)
else:
while BAR in user.group:
user.group.remove(BAR)
2020-01-18 22:31:49 +00:00
def validateAccessToken(self, token, group):
""" Verify Accestoken
2019-05-02 16:50:59 +00:00
Verify an Accestoken and Group so if the User has permission or not.
Retrieves the accestoken if valid else retrieves False
2019-04-17 12:46:46 +00:00
Args:
token: Token to verify.
group: Group like 'moneymaster', 'gastro', 'user' or 'bar'
2019-04-17 12:46:46 +00:00
Returns:
An the AccesToken for this given Token or False.
2019-04-17 12:46:46 +00:00
"""
LOGGER.info("Verify AccessToken with token: {} and group: {}".format(token, group))
2019-04-11 21:56:55 +00:00
for accToken in self.tokenList:
2020-03-07 13:56:44 +00:00
LOGGER.debug("AccessToken is {}".format(accToken))
endTime = accToken.timestamp + timedelta(seconds=accToken.lifetime)
now = datetime.now()
LOGGER.debug("Check if AccessToken's Endtime {} is bigger then now {}".format(endTime, now))
if now <= endTime:
LOGGER.debug("Check is token {} same as in AccessToken {}".format(token, accToken))
if accToken == token:
2020-01-18 22:31:49 +00:00
self.checkBar(accToken.user)
LOGGER.debug("Check if AccesToken {} has same group {}".format(accToken, group))
if self.isSameGroup(accToken, group):
accToken.updateTimestamp()
LOGGER.info("Found AccessToken {} with token: {} and group: {}".format(accToken, token, group))
return accToken
2020-03-07 13:56:44 +00:00
else:
self.deleteAccessToken(accToken)
LOGGER.info("Found no valid AccessToken with token: {} and group: {}".format(token, group))
return False
2019-04-11 21:56:55 +00:00
2020-03-07 13:56:44 +00:00
def deleteAccessToken(self, accToken):
LOGGER.debug("AccessToken {} is no longer valid and will removed".format(accToken))
self.tokenList.remove(accToken)
2020-01-26 22:31:22 +00:00
def createAccesToken(self, user, ldap_conn):
2019-04-17 12:46:46 +00:00
""" Create an AccessToken
Create an AccessToken for an User and add it to the tokenList.
Args:
user: For wich User is to create an AccessToken
Returns:
A created Token for User
"""
LOGGER.info("Create AccessToken")
now = datetime.ctime(datetime.now())
token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest()
2020-01-18 22:31:49 +00:00
self.checkBar(user)
2020-03-07 13:56:44 +00:00
accToken = AccessToken(user, token, ldap_conn, self.lifetime, datetime.now())
LOGGER.debug("Add AccessToken {} to current Tokens".format(accToken))
self.tokenList.append(accToken)
LOGGER.info("Finished create AccessToken {} with Token {}".format(accToken, token))
2019-04-11 21:56:55 +00:00
return token
2020-01-18 22:31:49 +00:00
def isSameGroup(self, accToken, groups):
2019-04-17 12:46:46 +00:00
""" Verify group in AccessToken
2019-05-02 16:50:59 +00:00
2019-04-17 12:46:46 +00:00
Verify if the User in the AccesToken has the right group.
Args:
accToken: AccessToken to verify.
2020-01-18 22:31:49 +00:00
groups: Group to verify.
2019-05-02 16:50:59 +00:00
2019-04-17 12:46:46 +00:00
Returns:
A Bool. If the same then True else False
"""
2020-01-18 22:31:49 +00:00
print("controll if", accToken, "hase groups", groups)
LOGGER.debug("Check if AccessToken {} has group {}".format(accToken, groups))
for group in groups:
if group in accToken.user.group: return True
return False