flaschengeist/geruecht/controller/accesTokenController.py

113 lines
4.3 KiB
Python

from geruecht.model.accessToken import AccessToken
import geruecht.controller as gc
import geruecht.controller.userController as uc
from geruecht.model import BAR
from geruecht.controller import LOGGER
from datetime import datetime, timedelta
import hashlib
from . import Singleton
userController = uc.UserController()
class AccesTokenController(metaclass=Singleton):
""" Control all createt AccesToken
This Class create, delete, find and manage AccesToken.
Attributes:
tokenList: List of currents AccessToken
lifetime: Variable for the Lifetime of one AccessToken in seconds.
"""
instance = None
tokenList = None
def __init__(self, lifetime=1800):
""" Initialize AccessTokenController
Initialize Thread and set tokenList empty.
"""
LOGGER.info("Initialize AccessTokenController")
self.lifetime = gc.accConfig
self.tokenList = []
def checkBar(self, user):
if (userController.checkBarUser(user)):
if BAR not in user.group:
user.group.append(BAR)
else:
while BAR in user.group:
user.group.remove(BAR)
def validateAccessToken(self, token, group):
""" Verify Accestoken
Verify an Accestoken and Group so if the User has permission or not.
Retrieves the accestoken if valid else retrieves False
Args:
token: Token to verify.
group: Group like 'moneymaster', 'gastro', 'user' or 'bar'
Returns:
An the AccesToken for this given Token or False.
"""
LOGGER.info("Verify AccessToken with token: {} and group: {}".format(token, group))
for accToken in self.tokenList:
LOGGER.debug("Check is token {} same as in AccessToken {}".format(token, accToken))
if accToken == token:
LOGGER.debug("AccessToken is {}".format(accToken))
endTime = accToken.timestamp + timedelta(seconds=self.lifetime)
now = datetime.now()
LOGGER.debug("Check if AccessToken's Endtime {} is bigger then now {}".format(endTime, now))
if now <= endTime:
self.checkBar(accToken.user)
LOGGER.debug("Check if AccesToken {} has same group {}".format(accToken, group))
if self.isSameGroup(accToken, group):
accToken.updateTimestamp()
LOGGER.info("Found AccessToken {} with token: {} and group: {}".format(accToken, token, group))
return accToken
else:
LOGGER.debug("AccessToken {} is no longer valid and will removed".format(accToken))
self.tokenList.remove(accToken)
LOGGER.info("Found no valid AccessToken with token: {} and group: {}".format(token, group))
return False
def createAccesToken(self, user, ldap_conn):
""" Create an AccessToken
Create an AccessToken for an User and add it to the tokenList.
Args:
user: For wich User is to create an AccessToken
Returns:
A created Token for User
"""
LOGGER.info("Create AccessToken")
now = datetime.ctime(datetime.now())
token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest()
self.checkBar(user)
accToken = AccessToken(user, token, ldap_conn, datetime.now())
LOGGER.debug("Add AccessToken {} to current Tokens".format(accToken))
self.tokenList.append(accToken)
LOGGER.info("Finished create AccessToken {} with Token {}".format(accToken, token))
return token
def isSameGroup(self, accToken, groups):
""" Verify group in AccessToken
Verify if the User in the AccesToken has the right group.
Args:
accToken: AccessToken to verify.
groups: Group to verify.
Returns:
A Bool. If the same then True else False
"""
print("controll if", accToken, "hase groups", groups)
LOGGER.debug("Check if AccessToken {} has group {}".format(accToken, groups))
for group in groups:
if group in accToken.user.group: return True
return False