from geruecht.model.accessToken import AccessToken import geruecht.controller as gc import geruecht.controller.userController as uc from geruecht.model import BAR from geruecht.controller import LOGGER from datetime import datetime, timedelta import hashlib from . import Singleton userController = uc.UserController() class AccesTokenController(metaclass=Singleton): """ Control all createt AccesToken This Class create, delete, find and manage AccesToken. Attributes: tokenList: List of currents AccessToken lifetime: Variable for the Lifetime of one AccessToken in seconds. """ instance = None tokenList = None def __init__(self, lifetime=1800): """ Initialize AccessTokenController Initialize Thread and set tokenList empty. """ LOGGER.info("Initialize AccessTokenController") self.lifetime = gc.accConfig self.tokenList = [] def checkBar(self, user): if (userController.checkBarUser(user)): if BAR not in user.group: user.group.append(BAR) else: while BAR in user.group: user.group.remove(BAR) def validateAccessToken(self, token, group): """ Verify Accestoken Verify an Accestoken and Group so if the User has permission or not. Retrieves the accestoken if valid else retrieves False Args: token: Token to verify. group: Group like 'moneymaster', 'gastro', 'user' or 'bar' Returns: An the AccesToken for this given Token or False. """ LOGGER.info("Verify AccessToken with token: {} and group: {}".format(token, group)) for accToken in self.tokenList: LOGGER.debug("Check is token {} same as in AccessToken {}".format(token, accToken)) if accToken == token: LOGGER.debug("AccessToken is {}".format(accToken)) endTime = accToken.timestamp + timedelta(seconds=self.lifetime) now = datetime.now() LOGGER.debug("Check if AccessToken's Endtime {} is bigger then now {}".format(endTime, now)) if now <= endTime: self.checkBar(accToken.user) LOGGER.debug("Check if AccesToken {} has same group {}".format(accToken, group)) if self.isSameGroup(accToken, group): accToken.updateTimestamp() LOGGER.info("Found AccessToken {} with token: {} and group: {}".format(accToken, token, group)) return accToken else: LOGGER.debug("AccessToken {} is no longer valid and will removed".format(accToken)) self.tokenList.remove(accToken) LOGGER.info("Found no valid AccessToken with token: {} and group: {}".format(token, group)) return False def createAccesToken(self, user, ldap_conn): """ Create an AccessToken Create an AccessToken for an User and add it to the tokenList. Args: user: For wich User is to create an AccessToken Returns: A created Token for User """ LOGGER.info("Create AccessToken") now = datetime.ctime(datetime.now()) token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest() self.checkBar(user) accToken = AccessToken(user, token, ldap_conn, datetime.now()) LOGGER.debug("Add AccessToken {} to current Tokens".format(accToken)) self.tokenList.append(accToken) LOGGER.info("Finished create AccessToken {} with Token {}".format(accToken, token)) return token def isSameGroup(self, accToken, groups): """ Verify group in AccessToken Verify if the User in the AccesToken has the right group. Args: accToken: AccessToken to verify. groups: Group to verify. Returns: A Bool. If the same then True else False """ print("controll if", accToken, "hase groups", groups) LOGGER.debug("Check if AccessToken {} has group {}".format(accToken, groups)) for group in groups: if group in accToken.user.group: return True return False