X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fauthconn.py;h=0f4b52398476443fcbf22f34a805a6eab11e87ed;hp=2ebbb472c37f6a17b097439a36c7f7c222bde7e2;hb=5758955b7b394517ff5caf5506a4400cdc5aa372;hpb=ad682a52ef94fa2662e2a0f6e3f81fb7c8f5e0fe

diff --git a/osm_nbi/authconn.py b/osm_nbi/authconn.py
index 2ebbb47..0f4b523 100644
--- a/osm_nbi/authconn.py
+++ b/osm_nbi/authconn.py
@@ -23,8 +23,10 @@ Authconn implements an Abstract class for the Auth backend connector
 plugins with the definition of the methods to be implemented.
 """
 
-__author__ = "Eduardo Sousa <esousa@whitestack.com>, " \
-             "Pedro de la Cruz Ramos <pdelacruzramos@altran.com>"
+__author__ = (
+    "Eduardo Sousa <esousa@whitestack.com>, "
+    "Pedro de la Cruz Ramos <pdelacruzramos@altran.com>"
+)
 __date__ = "$27-jul-2018 23:59:59$"
 
 from http import HTTPStatus
@@ -35,6 +37,7 @@ class AuthException(Exception):
     """
     Authentication error, because token, user password not recognized
     """
+
     def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
         super(AuthException, self).__init__(message)
         self.http_code = http_code
@@ -44,6 +47,7 @@ class AuthExceptionUnauthorized(AuthException):
     """
     Authentication error, because not having rights to make this operation
     """
+
     pass
 
 
@@ -51,6 +55,7 @@ class AuthconnException(Exception):
     """
     Common and base class Exception for all authconn exceptions.
     """
+
     def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
         super(AuthconnException, self).__init__(message)
         self.http_code = http_code
@@ -60,6 +65,7 @@ class AuthconnConnectionException(AuthconnException):
     """
     Connectivity error with Auth backend.
     """
+
     def __init__(self, message, http_code=HTTPStatus.BAD_GATEWAY):
         super(AuthconnConnectionException, self).__init__(message, http_code)
 
@@ -68,6 +74,7 @@ class AuthconnNotSupportedException(AuthconnException):
     """
     The request is not supported by the Auth backend.
     """
+
     def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
         super(AuthconnNotSupportedException, self).__init__(message, http_code)
 
@@ -76,6 +83,7 @@ class AuthconnNotImplementedException(AuthconnException):
     """
     The method is not implemented by the Auth backend.
     """
+
     def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
         super(AuthconnNotImplementedException, self).__init__(message, http_code)
 
@@ -84,6 +92,7 @@ class AuthconnOperationException(AuthconnException):
     """
     The operation executed failed.
     """
+
     def __init__(self, message, http_code=HTTPStatus.INTERNAL_SERVER_ERROR):
         super(AuthconnOperationException, self).__init__(message, http_code)
 
@@ -92,6 +101,7 @@ class AuthconnNotFoundException(AuthconnException):
     """
     The operation executed failed because element not found.
     """
+
     def __init__(self, message, http_code=HTTPStatus.NOT_FOUND):
         super().__init__(message, http_code)
 
@@ -100,6 +110,7 @@ class AuthconnConflictException(AuthconnException):
     """
     The operation has conflicts.
     """
+
     def __init__(self, message, http_code=HTTPStatus.CONFLICT):
         super().__init__(message, http_code)
 
@@ -110,23 +121,26 @@ class Authconn:
     Each Auth backend connector plugin must be a subclass of
     Authconn class.
     """
-    def __init__(self, config, db):
+
+    def __init__(self, config, db, role_permissions):
         """
         Constructor of the Authconn class.
-
-        Note: each subclass
-
         :param config: configuration dictionary containing all the
         necessary configuration parameters.
+        :param db: internal database classs
+        :param role_permissions: read only role permission list
         """
         self.config = config
+        self.role_permissions = role_permissions
 
-    def authenticate(self, user, password, project=None, token_info=None):
+    def authenticate(self, credentials, token_info=None):
         """
         Authenticate a user using username/password or token_info, plus project
-        :param user: user: name, id or None
-        :param password: password or None
-        :param project: name, id, or None. If None first found project will be used to get an scope token
+        :param credentials: dictionary that contains:
+            username: name, id or None
+            password: password or None
+            project_id: name, id, or None. If None first found project will be used to get an scope token
+            other items are allowed for specific auth backends
         :param token_info: previous token_info to obtain authorization
         :return: the scoped token info or raises an exception. The token is a dictionary with:
             _id:  token string id,
@@ -202,7 +216,10 @@ class Authconn:
         users = self.get_user_list(filt)
         if not users:
             if fail:
-                raise AuthconnNotFoundException("User with {} not found".format(filt), http_code=HTTPStatus.NOT_FOUND)
+                raise AuthconnNotFoundException(
+                    "User with {} not found".format(filt),
+                    http_code=HTTPStatus.NOT_FOUND,
+                )
             else:
                 return None
         return users[0]
@@ -297,7 +314,9 @@ class Authconn:
         projs = self.get_project_list(filt)
         if not projs:
             if fail:
-                raise AuthconnNotFoundException("project with {} not found".format(filt))
+                raise AuthconnNotFoundException(
+                    "project with {} not found".format(filt)
+                )
             else:
                 return None
         return projs[0]