2019-04-11 21:56:55 +00:00
|
|
|
from geruecht.model.accessToken import AccessToken
|
2020-01-18 23:37:40 +00:00
|
|
|
import geruecht.controller as gc
|
|
|
|
import geruecht.controller.userController as uc
|
2020-01-18 22:31:49 +00:00
|
|
|
from geruecht.model import BAR
|
2019-12-28 10:31:45 +00:00
|
|
|
from datetime import datetime, timedelta
|
2019-04-11 21:56:55 +00:00
|
|
|
import hashlib
|
2019-12-28 20:52:49 +00:00
|
|
|
from . import Singleton
|
2020-03-10 18:23:52 +00:00
|
|
|
from geruecht.logger import getDebugLogger
|
|
|
|
|
|
|
|
debug = getDebugLogger()
|
2019-04-11 21:56:55 +00:00
|
|
|
|
2020-01-18 23:37:40 +00:00
|
|
|
userController = uc.UserController()
|
2020-01-18 22:31:49 +00:00
|
|
|
|
2019-12-28 10:31:45 +00:00
|
|
|
class AccesTokenController(metaclass=Singleton):
|
2019-04-17 12:46:46 +00:00
|
|
|
""" Control all createt AccesToken
|
2019-05-02 16:50:59 +00:00
|
|
|
|
2019-04-17 12:46:46 +00:00
|
|
|
This Class create, delete, find and manage AccesToken.
|
|
|
|
|
|
|
|
Attributes:
|
|
|
|
tokenList: List of currents AccessToken
|
|
|
|
lifetime: Variable for the Lifetime of one AccessToken in seconds.
|
|
|
|
"""
|
2019-05-02 23:40:13 +00:00
|
|
|
instance = None
|
2019-04-11 21:56:55 +00:00
|
|
|
tokenList = None
|
|
|
|
|
2019-12-30 08:22:43 +00:00
|
|
|
def __init__(self, lifetime=1800):
|
2019-04-17 12:46:46 +00:00
|
|
|
""" Initialize AccessTokenController
|
2019-05-02 16:50:59 +00:00
|
|
|
|
2019-04-17 12:46:46 +00:00
|
|
|
Initialize Thread and set tokenList empty.
|
|
|
|
"""
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.info("init accesstoken controller")
|
2020-01-18 23:37:40 +00:00
|
|
|
self.lifetime = gc.accConfig
|
2019-04-11 21:56:55 +00:00
|
|
|
self.tokenList = []
|
|
|
|
|
2020-01-18 23:37:40 +00:00
|
|
|
def checkBar(self, user):
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.info("check if user {{ {} }} is baruser".format(user))
|
2020-01-18 23:37:40 +00:00
|
|
|
if (userController.checkBarUser(user)):
|
2020-03-04 20:38:21 +00:00
|
|
|
if BAR not in user.group:
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.debug("append bar to user {{ {} }}".format(user))
|
2020-03-04 20:38:21 +00:00
|
|
|
user.group.append(BAR)
|
|
|
|
else:
|
|
|
|
while BAR in user.group:
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.debug("delete bar from user {{ {} }}".format(user))
|
2020-03-04 20:38:21 +00:00
|
|
|
user.group.remove(BAR)
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.debug("user {{ {} }} groups are {{ {} }}".format(user, user.group))
|
2020-01-18 22:31:49 +00:00
|
|
|
|
2019-12-28 10:31:45 +00:00
|
|
|
def validateAccessToken(self, token, group):
|
|
|
|
""" Verify Accestoken
|
2019-05-02 16:50:59 +00:00
|
|
|
|
2019-12-28 10:31:45 +00:00
|
|
|
Verify an Accestoken and Group so if the User has permission or not.
|
|
|
|
Retrieves the accestoken if valid else retrieves False
|
2019-04-17 12:46:46 +00:00
|
|
|
|
|
|
|
Args:
|
2019-12-28 10:31:45 +00:00
|
|
|
token: Token to verify.
|
|
|
|
group: Group like 'moneymaster', 'gastro', 'user' or 'bar'
|
2019-04-17 12:46:46 +00:00
|
|
|
Returns:
|
2019-12-28 10:31:45 +00:00
|
|
|
An the AccesToken for this given Token or False.
|
2019-04-17 12:46:46 +00:00
|
|
|
"""
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.info("check token {{ {} }} is valid")
|
2019-04-11 21:56:55 +00:00
|
|
|
for accToken in self.tokenList:
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.debug("accesstoken is {}".format(accToken))
|
2020-03-07 13:56:44 +00:00
|
|
|
endTime = accToken.timestamp + timedelta(seconds=accToken.lifetime)
|
|
|
|
now = datetime.now()
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.debug("now is {{ {} }}, endtime is {{ {} }}".format(now, endTime))
|
2020-03-07 13:56:44 +00:00
|
|
|
if now <= endTime:
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.debug("check if token {{ {} }} is same as {{ {} }}".format(token, accToken))
|
2020-03-07 13:56:44 +00:00
|
|
|
if accToken == token:
|
2020-01-18 22:31:49 +00:00
|
|
|
self.checkBar(accToken.user)
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.debug("check if accestoken {{ {} }} has group {{ {} }}".format(accToken, group))
|
2019-12-28 10:31:45 +00:00
|
|
|
if self.isSameGroup(accToken, group):
|
|
|
|
accToken.updateTimestamp()
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.debug("found accesstoken {{ {} }} with token: {{ {} }} and group: {{ {} }}".format(accToken, token, group))
|
2019-12-28 10:31:45 +00:00
|
|
|
return accToken
|
2020-03-07 13:56:44 +00:00
|
|
|
else:
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.debug("accesstoken is {{ {} }} out of date".format(accToken))
|
2020-03-07 13:56:44 +00:00
|
|
|
self.deleteAccessToken(accToken)
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.debug("no valid accesstoken with token: {{ {} }} and group: {{ {} }}".format(token, group))
|
2019-12-28 10:31:45 +00:00
|
|
|
return False
|
2019-04-11 21:56:55 +00:00
|
|
|
|
2020-03-07 13:56:44 +00:00
|
|
|
def deleteAccessToken(self, accToken):
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.info("delete accesstoken {{ {} }}".format(accToken))
|
2020-03-07 13:56:44 +00:00
|
|
|
self.tokenList.remove(accToken)
|
|
|
|
|
2020-01-26 22:31:22 +00:00
|
|
|
def createAccesToken(self, user, ldap_conn):
|
2019-04-17 12:46:46 +00:00
|
|
|
""" Create an AccessToken
|
|
|
|
|
|
|
|
Create an AccessToken for an User and add it to the tokenList.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
user: For wich User is to create an AccessToken
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
A created Token for User
|
|
|
|
"""
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.info("creat accesstoken")
|
2019-04-12 12:51:37 +00:00
|
|
|
now = datetime.ctime(datetime.now())
|
2019-12-19 07:12:29 +00:00
|
|
|
token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest()
|
2020-01-18 22:31:49 +00:00
|
|
|
self.checkBar(user)
|
2020-03-07 13:56:44 +00:00
|
|
|
accToken = AccessToken(user, token, ldap_conn, self.lifetime, datetime.now())
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.debug("accesstoken is {{ {} }}".format(accToken))
|
2019-05-02 23:40:13 +00:00
|
|
|
self.tokenList.append(accToken)
|
2019-04-11 21:56:55 +00:00
|
|
|
return token
|
|
|
|
|
2020-01-18 22:31:49 +00:00
|
|
|
def isSameGroup(self, accToken, groups):
|
2019-04-17 12:46:46 +00:00
|
|
|
""" Verify group in AccessToken
|
2019-05-02 16:50:59 +00:00
|
|
|
|
2019-04-17 12:46:46 +00:00
|
|
|
Verify if the User in the AccesToken has the right group.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
accToken: AccessToken to verify.
|
2020-01-18 22:31:49 +00:00
|
|
|
groups: Group to verify.
|
2019-05-02 16:50:59 +00:00
|
|
|
|
2019-04-17 12:46:46 +00:00
|
|
|
Returns:
|
|
|
|
A Bool. If the same then True else False
|
|
|
|
"""
|
2020-03-10 18:23:52 +00:00
|
|
|
debug.info("check accesstoken {{ {} }} has group {{ {} }}".format(accToken, groups))
|
2020-01-18 22:31:49 +00:00
|
|
|
for group in groups:
|
|
|
|
if group in accToken.user.group: return True
|
|
|
|
return False
|