flaschengeist/geruecht/controller/accesTokenController.py

from geruecht.model.accessToken import AccessToken
import geruecht.controller as gc
import geruecht.controller.mainController as mc
from geruecht.model import BAR
from datetime import datetime, timedelta
import hashlib
from . import Singleton
from geruecht.logger import getDebugLogger

debug = getDebugLogger()

mainController = mc.MainController()

class AccesTokenController(metaclass=Singleton):
    """ Control all createt AccesToken

        This Class create, delete, find and manage AccesToken.

        Attributes:
            tokenList: List of currents AccessToken
            lifetime: Variable for the Lifetime of one AccessToken in seconds.
    """
    instance = None
    tokenList = None

    def __init__(self, lifetime=1800):
        """ Initialize AccessTokenController

            Initialize Thread and set tokenList empty.
        """
        debug.info("init accesstoken controller")
        self.lifetime = gc.accConfig
        self.tokenList = []

    def checkBar(self, user):
        debug.info("check if user {{ {} }} is baruser".format(user))
        if (mainController.checkBarUser(user)):
            if BAR not in user.group:
                debug.debug("append bar to user {{ {} }}".format(user))
                user.group.append(BAR)
        else:
            while BAR in user.group:
                debug.debug("delete bar from user {{ {} }}".format(user))
                user.group.remove(BAR)
        debug.debug("user {{ {} }} groups are {{ {} }}".format(user, user.group))

    def validateAccessToken(self, token, group):
        """ Verify Accestoken

            Verify an Accestoken and Group so if the User has permission or not.
            Retrieves the accestoken if valid else retrieves False

            Args:
                token: Token to verify.
                group: Group like 'moneymaster', 'gastro', 'user' or 'bar'
            Returns:
                An the AccesToken for this given Token or False.
        """
        debug.info("check token {{ {} }} is valid")
        for accToken in self.tokenList:
            debug.debug("accesstoken is {}".format(accToken))
            endTime = accToken.timestamp + timedelta(seconds=accToken.lifetime)
            now = datetime.now()
            debug.debug("now is {{ {} }}, endtime is {{ {} }}".format(now, endTime))
            if now <= endTime:
                debug.debug("check if token {{ {} }} is same as {{ {} }}".format(token, accToken))
                if accToken == token:
                    self.checkBar(accToken.user)
                    debug.debug("check if accestoken {{ {} }} has group {{ {} }}".format(accToken, group))
                    if self.isSameGroup(accToken, group):
                        accToken.updateTimestamp()
                        debug.debug("found accesstoken {{ {} }} with token: {{ {} }} and group: {{ {} }}".format(accToken, token, group))
                        return accToken
            else:
                debug.debug("accesstoken is {{ {} }} out of date".format(accToken))
                self.deleteAccessToken(accToken)
        debug.debug("no valid accesstoken with token: {{ {} }} and group: {{ {} }}".format(token, group))
        return False

    def deleteAccessToken(self, accToken):
        debug.info("delete accesstoken {{ {} }}".format(accToken))
        self.tokenList.remove(accToken)

    def createAccesToken(self, user, ldap_conn):
        """ Create an AccessToken

            Create an AccessToken for an User and add it to the tokenList.

            Args:
                user: For wich User is to create an AccessToken

            Returns:
                A created Token for User
        """
        debug.info("creat accesstoken")
        now = datetime.ctime(datetime.now())
        token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest()
        self.checkBar(user)
        accToken = AccessToken(user, token, ldap_conn, self.lifetime, datetime.now())
        debug.debug("accesstoken is {{ {} }}".format(accToken))
        self.tokenList.append(accToken)
        return token

    def isSameGroup(self, accToken, groups):
        """ Verify group in AccessToken

            Verify if the User in the AccesToken has the right group.

            Args:
                accToken: AccessToken to verify.
                groups: Group to verify.

            Returns:
                A Bool. If the same then True else False
        """
        debug.info("check accesstoken {{ {} }} has group {{ {} }}".format(accToken, groups))
        for group in groups:
            if group in accToken.user.group: return True
        return False
new start 2019-04-11 21:56:55 +00:00			`from geruecht.model.accessToken import AccessToken`
fixed imports, bugfix that accLifetime will load from config file 2020-01-18 23:37:40 +00:00			`import geruecht.controller as gc`
vorstand can set job_kinds for day with max persons extern user can be set if job_kind is delete, all jobs are deleted for this date and job_kind 2020-05-22 19:55:14 +00:00			`import geruecht.controller.mainController as mc`
add addWorker and deletWorker 2020-01-18 22:31:49 +00:00			`from geruecht.model import BAR`
update token validatition no second thread to validate for token ... only on access it will be validate 2019-12-28 10:31:45 +00:00			`from datetime import datetime, timedelta`
new start 2019-04-11 21:56:55 +00:00			`import hashlib`
update for UnitTests new controller: userController so routes don't have to import users or creditlist and don't do logics. 2019-12-28 20:52:49 +00:00			`from . import Singleton`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`from geruecht.logger import getDebugLogger`

			`debug = getDebugLogger()`
new start 2019-04-11 21:56:55 +00:00
vorstand can set job_kinds for day with max persons extern user can be set if job_kind is delete, all jobs are deleted for this date and job_kind 2020-05-22 19:55:14 +00:00			`mainController = mc.MainController()`
add addWorker and deletWorker 2020-01-18 22:31:49 +00:00
update token validatition no second thread to validate for token ... only on access it will be validate 2019-12-28 10:31:45 +00:00			`class AccesTokenController(metaclass=Singleton):`
Erste Doku hinzugefügt im Ticket #41 2019-04-17 12:46:46 +00:00			`""" Control all createt AccesToken`
Dokumentation vervollständigt 2019-05-02 16:50:59 +00:00
Erste Doku hinzugefügt im Ticket #41 2019-04-17 12:46:46 +00:00			`This Class create, delete, find and manage AccesToken.`

			`Attributes:`
			`tokenList: List of currents AccessToken`
			`lifetime: Variable for the Lifetime of one AccessToken in seconds.`
			`"""`
Task #60 erledigt. Es wird jetzt per StreamHandler geloggt und per File gespeichert. Vielleicht wird auch ein bisschen zuviel geloggt. 2019-05-02 23:40:13 +00:00			`instance = None`
new start 2019-04-11 21:56:55 +00:00			`tokenList = None`

added a Configparser 2019-12-30 08:22:43 +00:00			`def __init__(self, lifetime=1800):`
Erste Doku hinzugefügt im Ticket #41 2019-04-17 12:46:46 +00:00			`""" Initialize AccessTokenController`
Dokumentation vervollständigt 2019-05-02 16:50:59 +00:00
Erste Doku hinzugefügt im Ticket #41 2019-04-17 12:46:46 +00:00			`Initialize Thread and set tokenList empty.`
			`"""`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.info("init accesstoken controller")`
fixed imports, bugfix that accLifetime will load from config file 2020-01-18 23:37:40 +00:00			`self.lifetime = gc.accConfig`
new start 2019-04-11 21:56:55 +00:00			`self.tokenList = []`

fixed imports, bugfix that accLifetime will load from config file 2020-01-18 23:37:40 +00:00			`def checkBar(self, user):`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.info("check if user {{ {} }} is baruser".format(user))`
vorstand can set job_kinds for day with max persons extern user can be set if job_kind is delete, all jobs are deleted for this date and job_kind 2020-05-22 19:55:14 +00:00			`if (mainController.checkBarUser(user)):`
fixed ##193 2020-03-04 20:38:21 +00:00			`if BAR not in user.group:`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.debug("append bar to user {{ {} }}".format(user))`
fixed ##193 2020-03-04 20:38:21 +00:00			`user.group.append(BAR)`
			`else:`
			`while BAR in user.group:`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.debug("delete bar from user {{ {} }}".format(user))`
fixed ##193 2020-03-04 20:38:21 +00:00			`user.group.remove(BAR)`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.debug("user {{ {} }} groups are {{ {} }}".format(user, user.group))`
add addWorker and deletWorker 2020-01-18 22:31:49 +00:00
update token validatition no second thread to validate for token ... only on access it will be validate 2019-12-28 10:31:45 +00:00			`def validateAccessToken(self, token, group):`
			`""" Verify Accestoken`
Dokumentation vervollständigt 2019-05-02 16:50:59 +00:00
update token validatition no second thread to validate for token ... only on access it will be validate 2019-12-28 10:31:45 +00:00			`Verify an Accestoken and Group so if the User has permission or not.`
			`Retrieves the accestoken if valid else retrieves False`
Erste Doku hinzugefügt im Ticket #41 2019-04-17 12:46:46 +00:00
			`Args:`
update token validatition no second thread to validate for token ... only on access it will be validate 2019-12-28 10:31:45 +00:00			`token: Token to verify.`
			`group: Group like 'moneymaster', 'gastro', 'user' or 'bar'`
Erste Doku hinzugefügt im Ticket #41 2019-04-17 12:46:46 +00:00			`Returns:`
update token validatition no second thread to validate for token ... only on access it will be validate 2019-12-28 10:31:45 +00:00			`An the AccesToken for this given Token or False.`
Erste Doku hinzugefügt im Ticket #41 2019-04-17 12:46:46 +00:00			`"""`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.info("check token {{ {} }} is valid")`
new start 2019-04-11 21:56:55 +00:00			`for accToken in self.tokenList:`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.debug("accesstoken is {}".format(accToken))`
finished ##218 2020-03-07 13:56:44 +00:00			`endTime = accToken.timestamp + timedelta(seconds=accToken.lifetime)`
			`now = datetime.now()`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.debug("now is {{ {} }}, endtime is {{ {} }}".format(now, endTime))`
finished ##218 2020-03-07 13:56:44 +00:00			`if now <= endTime:`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.debug("check if token {{ {} }} is same as {{ {} }}".format(token, accToken))`
finished ##218 2020-03-07 13:56:44 +00:00			`if accToken == token:`
add addWorker and deletWorker 2020-01-18 22:31:49 +00:00			`self.checkBar(accToken.user)`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.debug("check if accestoken {{ {} }} has group {{ {} }}".format(accToken, group))`
update token validatition no second thread to validate for token ... only on access it will be validate 2019-12-28 10:31:45 +00:00			`if self.isSameGroup(accToken, group):`
			`accToken.updateTimestamp()`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.debug("found accesstoken {{ {} }} with token: {{ {} }} and group: {{ {} }}".format(accToken, token, group))`
update token validatition no second thread to validate for token ... only on access it will be validate 2019-12-28 10:31:45 +00:00			`return accToken`
finished ##218 2020-03-07 13:56:44 +00:00			`else:`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.debug("accesstoken is {{ {} }} out of date".format(accToken))`
finished ##218 2020-03-07 13:56:44 +00:00			`self.deleteAccessToken(accToken)`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.debug("no valid accesstoken with token: {{ {} }} and group: {{ {} }}".format(token, group))`
update token validatition no second thread to validate for token ... only on access it will be validate 2019-12-28 10:31:45 +00:00			`return False`
new start 2019-04-11 21:56:55 +00:00
finished ##218 2020-03-07 13:56:44 +00:00			`def deleteAccessToken(self, accToken):`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.info("delete accesstoken {{ {} }}".format(accToken))`
finished ##218 2020-03-07 13:56:44 +00:00			`self.tokenList.remove(accToken)`

added ldap modifying for users 2020-01-26 22:31:22 +00:00			`def createAccesToken(self, user, ldap_conn):`
Erste Doku hinzugefügt im Ticket #41 2019-04-17 12:46:46 +00:00			`""" Create an AccessToken`

			`Create an AccessToken for an User and add it to the tokenList.`

			`Args:`
			`user: For wich User is to create an AccessToken`

			`Returns:`
			`A created Token for User`
			`"""`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.info("creat accesstoken")`
AccesTokenController ist ein Thread AccesTokenController schaut immer wieder nach, ob ein AccesToken noch valid ist. Zeitabstand beträgt bis jetzt 10 SeKunden ValidLifeTime beträgt bis jetzt 60 Sekunden 2019-04-12 12:51:37 +00:00			`now = datetime.ctime(datetime.now())`
mysql adapter and ldap adapter start adapetr for mysql not sqllite authenfication with ldap problem.. ldap and db is initialize in __init__.py when you initialize db, you initialize User and that requires ldap from __init__.py. But ldap is not initialize. if you initialize ldap, you initialize User and that requires db from __init__.py. But db is not initialize. 2019-12-19 07:12:29 +00:00			`token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest()`
add addWorker and deletWorker 2020-01-18 22:31:49 +00:00			`self.checkBar(user)`
finished ##218 2020-03-07 13:56:44 +00:00			`accToken = AccessToken(user, token, ldap_conn, self.lifetime, datetime.now())`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.debug("accesstoken is {{ {} }}".format(accToken))`
Task #60 erledigt. Es wird jetzt per StreamHandler geloggt und per File gespeichert. Vielleicht wird auch ein bisschen zuviel geloggt. 2019-05-02 23:40:13 +00:00			`self.tokenList.append(accToken)`
new start 2019-04-11 21:56:55 +00:00			`return token`

add addWorker and deletWorker 2020-01-18 22:31:49 +00:00			`def isSameGroup(self, accToken, groups):`
Erste Doku hinzugefügt im Ticket #41 2019-04-17 12:46:46 +00:00			`""" Verify group in AccessToken`
Dokumentation vervollständigt 2019-05-02 16:50:59 +00:00
Erste Doku hinzugefügt im Ticket #41 2019-04-17 12:46:46 +00:00			`Verify if the User in the AccesToken has the right group.`

			`Args:`
			`accToken: AccessToken to verify.`
add addWorker and deletWorker 2020-01-18 22:31:49 +00:00			`groups: Group to verify.`
Dokumentation vervollständigt 2019-05-02 16:50:59 +00:00
Erste Doku hinzugefügt im Ticket #41 2019-04-17 12:46:46 +00:00			`Returns:`
			`A Bool. If the same then True else False`
			`"""`
finished ##215 only database controlle is left for debugging 2020-03-10 18:23:52 +00:00			`debug.info("check accesstoken {{ {} }} has group {{ {} }}".format(accToken, groups))`
add addWorker and deletWorker 2020-01-18 22:31:49 +00:00			`for group in groups:`
			`if group in accToken.user.group: return True`
			`return False`