Flaschengeist/flaschengeist
Flaschengeist
/
flaschengeist
7
0
Fork 0
Code Issues 20 Pull Requests Packages Projects Releases 2 Wiki Activity
flaschengeist/geruecht/controller/accesTokenController.py

120 lines
4.5 KiB
Python
Raw Blame History

from geruecht.model.accessToken import AccessToken
import geruecht.controller as gc
import geruecht.controller.userController as uc
from geruecht.model import BAR
from datetime import datetime, timedelta
import hashlib
from . import Singleton
from geruecht.logger import getDebugLogger
debug = getDebugLogger()
userController = uc.UserController()
class AccesTokenController(metaclass=Singleton):
""" Control all createt AccesToken
This Class create, delete, find and manage AccesToken.
Attributes:
tokenList: List of currents AccessToken
lifetime: Variable for the Lifetime of one AccessToken in seconds.
"""
instance = None
tokenList = None
def __init__(self, lifetime=1800):
""" Initialize AccessTokenController
Initialize Thread and set tokenList empty.
"""
debug.info("init accesstoken controller")
self.lifetime = gc.accConfig
self.tokenList = []
def checkBar(self, user):
debug.info("check if user {{ {} }} is baruser".format(user))
if (userController.checkBarUser(user)):
if BAR not in user.group:
debug.debug("append bar to user {{ {} }}".format(user))
user.group.append(BAR)
else:
while BAR in user.group:
debug.debug("delete bar from user {{ {} }}".format(user))
user.group.remove(BAR)
debug.debug("user {{ {} }} groups are {{ {} }}".format(user, user.group))
def validateAccessToken(self, token, group):
""" Verify Accestoken
Verify an Accestoken and Group so if the User has permission or not.
Retrieves the accestoken if valid else retrieves False
Args:
token: Token to verify.
group: Group like 'moneymaster', 'gastro', 'user' or 'bar'
Returns:
An the AccesToken for this given Token or False.
"""
debug.info("check token {{ {} }} is valid")
for accToken in self.tokenList:
debug.debug("accesstoken is {}".format(accToken))
endTime = accToken.timestamp + timedelta(seconds=accToken.lifetime)
now = datetime.now()
debug.debug("now is {{ {} }}, endtime is {{ {} }}".format(now, endTime))
if now <= endTime:
debug.debug("check if token {{ {} }} is same as {{ {} }}".format(token, accToken))
if accToken == token:
self.checkBar(accToken.user)
debug.debug("check if accestoken {{ {} }} has group {{ {} }}".format(accToken, group))
if self.isSameGroup(accToken, group):
accToken.updateTimestamp()
debug.debug("found accesstoken {{ {} }} with token: {{ {} }} and group: {{ {} }}".format(accToken, token, group))
return accToken
else:
debug.debug("accesstoken is {{ {} }} out of date".format(accToken))
self.deleteAccessToken(accToken)
debug.debug("no valid accesstoken with token: {{ {} }} and group: {{ {} }}".format(token, group))
return False
def deleteAccessToken(self, accToken):
debug.info("delete accesstoken {{ {} }}".format(accToken))
self.tokenList.remove(accToken)
def createAccesToken(self, user, ldap_conn):
""" Create an AccessToken
Create an AccessToken for an User and add it to the tokenList.
Args:
user: For wich User is to create an AccessToken
Returns:
A created Token for User
"""
debug.info("creat accesstoken")
now = datetime.ctime(datetime.now())
token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest()
self.checkBar(user)
accToken = AccessToken(user, token, ldap_conn, self.lifetime, datetime.now())
debug.debug("accesstoken is {{ {} }}".format(accToken))
self.tokenList.append(accToken)
return token
def isSameGroup(self, accToken, groups):
""" Verify group in AccessToken
Verify if the User in the AccesToken has the right group.
Args:
accToken: AccessToken to verify.
groups: Group to verify.
Returns:
A Bool. If the same then True else False
"""
debug.info("check accesstoken {{ {} }} has group {{ {} }}".format(accToken, groups))
for group in groups:
if group in accToken.user.group: return True
return False
Reference in New Issue View Git Blame Copy Permalink