113 lines
4.3 KiB
Python
113 lines
4.3 KiB
Python
from geruecht.model.accessToken import AccessToken
|
|
import geruecht.controller as gc
|
|
import geruecht.controller.userController as uc
|
|
from geruecht.model import BAR
|
|
from geruecht.controller import LOGGER
|
|
from datetime import datetime, timedelta
|
|
import hashlib
|
|
from . import Singleton
|
|
|
|
userController = uc.UserController()
|
|
|
|
class AccesTokenController(metaclass=Singleton):
|
|
""" Control all createt AccesToken
|
|
|
|
This Class create, delete, find and manage AccesToken.
|
|
|
|
Attributes:
|
|
tokenList: List of currents AccessToken
|
|
lifetime: Variable for the Lifetime of one AccessToken in seconds.
|
|
"""
|
|
instance = None
|
|
tokenList = None
|
|
|
|
def __init__(self, lifetime=1800):
|
|
""" Initialize AccessTokenController
|
|
|
|
Initialize Thread and set tokenList empty.
|
|
"""
|
|
LOGGER.info("Initialize AccessTokenController")
|
|
self.lifetime = gc.accConfig
|
|
|
|
self.tokenList = []
|
|
|
|
def checkBar(self, user):
|
|
if (userController.checkBarUser(user)):
|
|
if BAR not in user.group:
|
|
user.group.append(BAR)
|
|
else:
|
|
while BAR in user.group:
|
|
user.group.remove(BAR)
|
|
|
|
def validateAccessToken(self, token, group):
|
|
""" Verify Accestoken
|
|
|
|
Verify an Accestoken and Group so if the User has permission or not.
|
|
Retrieves the accestoken if valid else retrieves False
|
|
|
|
Args:
|
|
token: Token to verify.
|
|
group: Group like 'moneymaster', 'gastro', 'user' or 'bar'
|
|
Returns:
|
|
An the AccesToken for this given Token or False.
|
|
"""
|
|
LOGGER.info("Verify AccessToken with token: {} and group: {}".format(token, group))
|
|
for accToken in self.tokenList:
|
|
LOGGER.debug("Check is token {} same as in AccessToken {}".format(token, accToken))
|
|
if accToken == token:
|
|
LOGGER.debug("AccessToken is {}".format(accToken))
|
|
endTime = accToken.timestamp + timedelta(seconds=self.lifetime)
|
|
now = datetime.now()
|
|
LOGGER.debug("Check if AccessToken's Endtime {} is bigger then now {}".format(endTime, now))
|
|
if now <= endTime:
|
|
self.checkBar(accToken.user)
|
|
LOGGER.debug("Check if AccesToken {} has same group {}".format(accToken, group))
|
|
if self.isSameGroup(accToken, group):
|
|
accToken.updateTimestamp()
|
|
LOGGER.info("Found AccessToken {} with token: {} and group: {}".format(accToken, token, group))
|
|
return accToken
|
|
else:
|
|
LOGGER.debug("AccessToken {} is no longer valid and will removed".format(accToken))
|
|
self.tokenList.remove(accToken)
|
|
LOGGER.info("Found no valid AccessToken with token: {} and group: {}".format(token, group))
|
|
return False
|
|
|
|
def createAccesToken(self, user, ldap_conn):
|
|
""" Create an AccessToken
|
|
|
|
Create an AccessToken for an User and add it to the tokenList.
|
|
|
|
Args:
|
|
user: For wich User is to create an AccessToken
|
|
|
|
Returns:
|
|
A created Token for User
|
|
"""
|
|
LOGGER.info("Create AccessToken")
|
|
now = datetime.ctime(datetime.now())
|
|
token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest()
|
|
self.checkBar(user)
|
|
accToken = AccessToken(user, token, ldap_conn, datetime.now())
|
|
LOGGER.debug("Add AccessToken {} to current Tokens".format(accToken))
|
|
self.tokenList.append(accToken)
|
|
LOGGER.info("Finished create AccessToken {} with Token {}".format(accToken, token))
|
|
return token
|
|
|
|
def isSameGroup(self, accToken, groups):
|
|
""" Verify group in AccessToken
|
|
|
|
Verify if the User in the AccesToken has the right group.
|
|
|
|
Args:
|
|
accToken: AccessToken to verify.
|
|
groups: Group to verify.
|
|
|
|
Returns:
|
|
A Bool. If the same then True else False
|
|
"""
|
|
print("controll if", accToken, "hase groups", groups)
|
|
LOGGER.debug("Check if AccessToken {} has group {}".format(accToken, groups))
|
|
for group in groups:
|
|
if group in accToken.user.group: return True
|
|
return False
|