"Alfonso Tierno <alfonso.tiernosepulveda@telefoncia.com"
__date__ = "$06-jun-2019 11:16:08$"
+import logging
+import re
+
from osm_nbi.authconn import Authconn, AuthException # , AuthconnOperationException
from osm_common.dbbase import DbException
from osm_nbi.base_topic import BaseTopic
-
-import logging
-import re
+from osm_nbi.validation import is_valid_uuid
from time import time, sleep
from http import HTTPStatus
from uuid import uuid4
token_time_window = 2 # seconds
token_delay = 1 # seconds to wait upon second request within time window
- def __init__(self, config, db):
- Authconn.__init__(self, config, db)
+ def __init__(self, config, db, role_permissions):
+ Authconn.__init__(self, config, db, role_permissions)
self.logger = logging.getLogger("nbi.authenticator.internal")
self.db = db
self.logger.exception(exmsg)
raise AuthException(exmsg, http_code=HTTPStatus.UNAUTHORIZED)
- def authenticate(self, user, password, project=None, token_info=None):
+ def authenticate(self, credentials, token_info=None):
"""
Authenticate a user using username/password or previous token_info plus project; its creates a new token
- :param user: user: name, id or None
- :param password: password or None
- :param project: name, id, or None. If None first found project will be used to get an scope token
+ :param credentials: dictionary that contains:
+ username: name, id or None
+ password: password or None
+ project_id: name, id, or None. If None first found project will be used to get an scope token
+ other items are allowed and ignored
:param token_info: previous token_info to obtain authorization
- :param remote: remote host information
:return: the scoped token info or raises an exception. The token is a dictionary with:
_id: token string id,
username: username,
now = time()
user_content = None
+ user = credentials.get("username")
+ password = credentials.get("password")
+ project = credentials.get("project_id")
# Try using username/password
if user:
"""
Get user list.
- :param filter_q: dictionary to filter user list by name (username is also admited) and/or _id
+ :param filter_q: dictionary to filter user list by:
+ name (username is also admitted). If a user id is equal to the filter name, it is also provided
+ other
:return: returns a list of users.
"""
filt = filter_q or {}
- if "name" in filt:
- filt["username"] = filt["name"]
- del filt["name"]
+ if "name" in filt: # backward compatibility
+ filt["username"] = filt.pop("name")
+ if filt.get("username") and is_valid_uuid(filt["username"]):
+ # username cannot be a uuid. If this is the case, change from username to _id
+ filt["_id"] = filt.pop("username")
users = self.db.get_list("users", filt)
project_id_name = {}
role_id_name = {}
projects / osm / NBI.git / blobdiff