new direction

2 files changed, 0 insertions, 151 deletions

diff --git a/auth-server-poc/src/app.py b/auth-server-poc/src/app.py
deleted file mode 100644
index 37a7030..0000000
--- a/auth-server-poc/src/app.py
+++ /dev/null
@@ -1,54 +0,0 @@
-from flask import Flask, request
-from flask_restful import Api, Resource
-from flask_jwt_extended import create_access_token, JWTManager
-from flask_cors import CORS
-
-import authn
-
-app = Flask(__name__)
-cors = CORS(
-    app,
-    resources={r"/api/*": {"origins": "*"}},
-    expose_headers=["Content-Type", "Authorization", "X-Total-Count"],
-)
-api = Api(app, prefix="/api/v1.0")
-jwt = JWTManager(app)
-
-PEM_PRIVATE = "/opt/auth-server-poc/cert/private.pem"
-PEM_PUBLIC = "/opt/auth-server-poc/cert/public.pem"
-USERDB_YAML = "/opt/auth-server-poc/userdb/userdb.yaml"
-
-app.config["JWT_PRIVATE_KEY"] = open(PEM_PRIVATE).read()
-app.config["JWT_PUBLIC_KEY"] = open(PEM_PUBLIC).read()
-app.config["JWT_ALGORITHM"] = "ES256"
-app.config["JWT_IDENTITY_CLAIM"] = "sub"
-app.config["JWT_ACCESS_TOKEN_EXPIRES"] = False
-
-
-class AuthApi(Resource):
-    def post(self):
-
-        identity = request.environ.get("REMOTE_USER")
-        db = authn.UserDB(USERDB_YAML)
-        additional_claims = {
-            "type": "access",
-            "read": db.read_perms(identity),
-            "write": db.write_perms(identity),
-        }
-
-        access_token = create_access_token(
-            identity=identity,
-            additional_claims=additional_claims,
-        )
-
-        return {"access_token": access_token}, 200
-
-
-@app.route("/")
-def index():
-    return "<p>Username: {}</p><p>Auth type: {}</p>".format(
-        request.environ.get("REMOTE_USER"), request.environ.get("AUTH_TYPE")
-    )
-
-
-api.add_resource(AuthApi, "/auth")
diff --git a/auth-server-poc/src/authn.py b/auth-server-poc/src/authn.py
deleted file mode 100755
index 8b32cdc..0000000
--- a/auth-server-poc/src/authn.py
+++ /dev/null
@@ -1,97 +0,0 @@
-#! /usr/bin/env python3
-
-import yaml
-
-
-class Authz:
-    def __init__(self, org, perms):
-        self._org = org
-        self._perms = perms
-
-    def dump(self):
-        return "{}: {}".format(self._org, self._perms)
-
-    def read_p(self):
-        return "r" in self._perms
-
-    def write_p(self):
-        return "w" in self._perms
-
-
-class User:
-    def __init__(self, username, authz):
-        self._username = username
-        self._authz = {}
-        for org, perms in authz.items():
-            self._authz[org] = Authz(org, perms)
-
-    def dump(self):
-        return [
-            "{}: {}".format(self._username, auth.dump())
-            for auth in self._authz.values()
-        ]
-
-    def orgnames(self):
-        return [x for x in self._authz.keys()]
-
-    def read_perms(self):
-        acc = []
-        for k, v in self._authz.items():
-            if v.read_p():
-                acc.append(k)
-        return acc
-
-    def write_perms(self):
-        acc = []
-        for k, v in self._authz.items():
-            if v.write_p():
-                acc.append(k)
-        return acc
-
-
-class UserDB:
-    def __init__(self, yamlfile):
-        self._users = {}
-        for u, d in yaml.safe_load(open(yamlfile)).items():
-            self._users[u] = User(u, d["authz"])
-
-    def dump(self):
-        return [u.dump() for u in self._users.values()]
-
-    def orgs_for_user(self, username):
-        return self._users.get(username).orgnames()
-
-    def read_perms(self, username):
-        user = self._users.get(username)
-        if not user:
-            return None
-        return user.read_perms()
-
-    def write_perms(self, username):
-        user = self._users.get(username)
-        if not user:
-            return None
-        return user.write_perms()
-
-
-def self_test():
-    db = UserDB("userdb.yaml")
-    print(db.dump())
-
-    orgs = db.orgs_for_user("user3")
-    assert "sunet.se" in orgs
-    assert "su.se" in orgs
-    assert len(orgs) == 2
-
-    rp = db.read_perms("user3", "pw3")
-    assert len(rp) == 2
-    assert "sunet.se" in rp
-    assert "su.se" in rp
-
-    wp = db.write_perms("user3", "pw3")
-    assert len(wp) == 1
-    assert "sunet.se" in wp
-
-
-if __name__ == "__main__":
-    self_test()