diff options
Diffstat (limited to 'osdf/adapters/aaf/aaf_authentication.py')
-rw-r--r-- | osdf/adapters/aaf/aaf_authentication.py | 46 |
1 files changed, 29 insertions, 17 deletions
diff --git a/osdf/adapters/aaf/aaf_authentication.py b/osdf/adapters/aaf/aaf_authentication.py index 26eac29..b9aa510 100644 --- a/osdf/adapters/aaf/aaf_authentication.py +++ b/osdf/adapters/aaf/aaf_authentication.py @@ -17,12 +17,14 @@ # import base64 -import re -from datetime import datetime, timedelta +from datetime import datetime +from datetime import timedelta from flask import request +import re from osdf.config.base import osdf_config -from osdf.logging.osdf_logging import error_log, debug_log +from osdf.logging.osdf_logging import debug_log +from osdf.logging.osdf_logging import error_log from osdf.utils.interfaces import RestClient AUTHZ_PERMS_USER = '{}/authz/perms/user/{}' @@ -43,7 +45,6 @@ def authenticate(uid, passwd): return has_valid_role(perms) except Exception as exp: error_log.error("Error Authenticating the user {} : {}: ".format(uid, exp)) - pass return False @@ -57,27 +58,38 @@ else return false def has_valid_role(perms): aaf_user_roles = deploy_config['aaf_user_roles'] + aaf_roles = get_role_list(perms) + for roles in aaf_user_roles: path_perm = roles.split(':') uri = path_perm[0] - role = path_perm[1].split('|')[0] - if re.search(uri, request.path) and perms: - roles = perms.get('roles') - if roles: - perm_list = roles.get('perm') - for p in perm_list: - if role == p['type']: - return True + perm = path_perm[1].split('|') + p = (perm[0], perm[1], perm[2].split()[0]) + if re.search(uri, request.path) and p in aaf_roles: + return True return False + """ -Make the remote aaf api call if user is not in the cache. +Build a list of roles tuples from the AAF response. -Return the perms """ + + +def get_role_list(perms): + role_list = [] + if perms: + roles = perms.get('roles') + if roles: + perm = roles.get('perm', []) + for p in perm: + role_list.append((p['type'], p['instance'], p['action'])) + return role_list + + def get_aaf_permissions(uid, passwd): key = base64.b64encode(bytes("{}_{}".format(uid, passwd), "ascii")) - time_delta = timedelta(hours=deploy_config.get('aaf_cache_expiry_hrs', 3)) + time_delta = timedelta(minutes=deploy_config.get('aaf_cache_expiry_mins', 5)) perms = perm_cache.get(key) @@ -91,8 +103,8 @@ def get_aaf_permissions(uid, passwd): def remote_api(passwd, uid): - headers = {"Accept": "application/Users+xml;q=1.0;charset=utf-8;version=2.0,text/xml;q=1.0;version=2.0", - "Accept": "application/Users+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0,*/*;q=1.0"} + headers = {"Accept": "application/Users+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0," + "*/*;q=1.0"} url = AUTHZ_PERMS_USER.format(deploy_config['aaf_url'], uid) rc = RestClient(userid=uid, passwd=passwd, headers=headers, url=url, log_func=debug_log.debug, req_id='aaf_user_id') |