VRE Backend API and Scheduler
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

106 lines
3.5 KiB

# import the logging library
from .models import Token
from hawkrest import HawkAuthentication
from rest_framework import exceptions
import django.utils
import logging
from mozilla_django_oidc.auth import OIDCAuthenticationBackend
# Get an instance of a logger
logger = logging.getLogger(__name__)
class APIHawk(HawkAuthentication):
"""This is the API authentication that is using the HAWK authentication mechanism.
This class will implement a custom credentials and user lookups so that we can dynamically add new users and update tokens.
"""
def hawk_credentials_lookup(self, id):
"""This method will perform the check if the used token is an existing/known token in the database. This will not lookup a user. Only an existing token.
Args:
id (string): The token key to lookup in the database for existing token.
Raises:
exceptions.AuthenticationFailed: If the given token does not exists.
Returns:
dict: The dictionary holds the token id, the token secret and the used hashing algoritem that is used.
"""
try:
token = Token.objects.get(key=id)
except Token.DoesNotExist:
logger.warning(f'Requested to validate with invalid/non existing token: {id}')
raise exceptions.AuthenticationFailed(f'No such token: {id}')
return {
'id': id,
'key': token.secret,
'algorithm': 'sha256'
}
def hawk_user_lookup(self, request, credentials):
"""Return the user account that is connected to the used token.
Args:
request ([type]): The incoming HTTP/API request
credentials (dict): The credentials from ~hawk_credentials_lookup
Raises:
exceptions.AuthenticationFailed: If the given token does not exists to an existing user
Returns:
tuple: Returns a tuple holding the user as first item
"""
user = None
try:
user = Token.objects.get(key=credentials['id']).user
except Token.DoesNotExist:
logger.warning(f'Requested to validate non existing user: {id}')
raise exceptions.AuthenticationFailed(f'No user for token: {id}')
# Update the date time stamp to now for last access data
user.token.last_access = django.utils.timezone.now()
user.token.save()
return (user, None)
def __str__(self):
"""Authentication identifier.
Returns:
string: Returns the name of the used authentication mechanism.
"""
return 'Hawk authenticator'
class VRE_OIDC_Researcher_Update(OIDCAuthenticationBackend):
"""Update the logged in user his/her first and last name based on Surfconext login
This is done after each login.
"""
def create_user(self, claims):
user = super().create_user(claims)
user.first_name = claims.get('given_name', '')
user.last_name = claims.get('family_name', '')
user.save()
idnumber = claims.get('eduperson_principal_name', '').split('@')[0].lower()
user.researcher.idnumber = idnumber
user.researcher.save()
return user
def update_user(self, user, claims):
user.first_name = claims.get('given_name', '')
user.last_name = claims.get('family_name', '')
user.save()
idnumber = claims.get('eduperson_principal_name', '').split('@')[0].lower()
user.researcher.idnumber = idnumber
user.researcher.save()
return user