diff options
Diffstat (limited to 'auth-server-poc/src')
| -rw-r--r-- | auth-server-poc/src/app.py | 54 | ||||
| -rwxr-xr-x | auth-server-poc/src/authn.py | 97 |
2 files changed, 0 insertions, 151 deletions
diff --git a/auth-server-poc/src/app.py b/auth-server-poc/src/app.py deleted file mode 100644 index 37a7030..0000000 --- a/auth-server-poc/src/app.py +++ /dev/null @@ -1,54 +0,0 @@ -from flask import Flask, request -from flask_restful import Api, Resource -from flask_jwt_extended import create_access_token, JWTManager -from flask_cors import CORS - -import authn - -app = Flask(__name__) -cors = CORS( - app, - resources={r"/api/*": {"origins": "*"}}, - expose_headers=["Content-Type", "Authorization", "X-Total-Count"], -) -api = Api(app, prefix="/api/v1.0") -jwt = JWTManager(app) - -PEM_PRIVATE = "/opt/auth-server-poc/cert/private.pem" -PEM_PUBLIC = "/opt/auth-server-poc/cert/public.pem" -USERDB_YAML = "/opt/auth-server-poc/userdb/userdb.yaml" - -app.config["JWT_PRIVATE_KEY"] = open(PEM_PRIVATE).read() -app.config["JWT_PUBLIC_KEY"] = open(PEM_PUBLIC).read() -app.config["JWT_ALGORITHM"] = "ES256" -app.config["JWT_IDENTITY_CLAIM"] = "sub" -app.config["JWT_ACCESS_TOKEN_EXPIRES"] = False - - -class AuthApi(Resource): - def post(self): - - identity = request.environ.get("REMOTE_USER") - db = authn.UserDB(USERDB_YAML) - additional_claims = { - "type": "access", - "read": db.read_perms(identity), - "write": db.write_perms(identity), - } - - access_token = create_access_token( - identity=identity, - additional_claims=additional_claims, - ) - - return {"access_token": access_token}, 200 - - -@app.route("/") -def index(): - return "<p>Username: {}</p><p>Auth type: {}</p>".format( - request.environ.get("REMOTE_USER"), request.environ.get("AUTH_TYPE") - ) - - -api.add_resource(AuthApi, "/auth") diff --git a/auth-server-poc/src/authn.py b/auth-server-poc/src/authn.py deleted file mode 100755 index 8b32cdc..0000000 --- a/auth-server-poc/src/authn.py +++ /dev/null @@ -1,97 +0,0 @@ -#! /usr/bin/env python3 - -import yaml - - -class Authz: - def __init__(self, org, perms): - self._org = org - self._perms = perms - - def dump(self): - return "{}: {}".format(self._org, self._perms) - - def read_p(self): - return "r" in self._perms - - def write_p(self): - return "w" in self._perms - - -class User: - def __init__(self, username, authz): - self._username = username - self._authz = {} - for org, perms in authz.items(): - self._authz[org] = Authz(org, perms) - - def dump(self): - return [ - "{}: {}".format(self._username, auth.dump()) - for auth in self._authz.values() - ] - - def orgnames(self): - return [x for x in self._authz.keys()] - - def read_perms(self): - acc = [] - for k, v in self._authz.items(): - if v.read_p(): - acc.append(k) - return acc - - def write_perms(self): - acc = [] - for k, v in self._authz.items(): - if v.write_p(): - acc.append(k) - return acc - - -class UserDB: - def __init__(self, yamlfile): - self._users = {} - for u, d in yaml.safe_load(open(yamlfile)).items(): - self._users[u] = User(u, d["authz"]) - - def dump(self): - return [u.dump() for u in self._users.values()] - - def orgs_for_user(self, username): - return self._users.get(username).orgnames() - - def read_perms(self, username): - user = self._users.get(username) - if not user: - return None - return user.read_perms() - - def write_perms(self, username): - user = self._users.get(username) - if not user: - return None - return user.write_perms() - - -def self_test(): - db = UserDB("userdb.yaml") - print(db.dump()) - - orgs = db.orgs_for_user("user3") - assert "sunet.se" in orgs - assert "su.se" in orgs - assert len(orgs) == 2 - - rp = db.read_perms("user3", "pw3") - assert len(rp) == 2 - assert "sunet.se" in rp - assert "su.se" in rp - - wp = db.write_perms("user3", "pw3") - assert len(wp) == 1 - assert "sunet.se" in wp - - -if __name__ == "__main__": - self_test() |