-
Notifications
You must be signed in to change notification settings - Fork 194
Expand file tree
/
Copy pathauth.py
More file actions
188 lines (141 loc) · 5.46 KB
/
auth.py
File metadata and controls
188 lines (141 loc) · 5.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
"""
SoftLayer.auth
~~~~~~~~~~~~~~
Module with the supported auth mechanisms for the SoftLayer API
:license: MIT, see LICENSE for more details.
"""
import os
__all__ = [
'BasicAuthentication',
'TokenAuthentication',
'BasicHTTPAuthentication',
'AuthenticationBase',
'X509Authentication',
'EmployeeAuthentication'
]
class AuthenticationBase(object):
"""A base authentication class intended to be overridden."""
def get_request(self, request):
"""Receives request options and returns request options.
:param options dict: dictionary of request options
"""
return request
def get_headers(self):
"""Return a dictionary of headers to be inserted for authentication.
.. deprecated:: 3.3.0
Use :func:`get_options` instead.
"""
return {}
class TokenAuthentication(AuthenticationBase):
"""Token-based authentication class.
:param user_id int: a user's id
:param auth_token str: a user's auth token, attained through
User_Customer::getPortalLoginToken
"""
def __init__(self, user_id, auth_token):
self.user_id = user_id
self.auth_token = auth_token
def get_request(self, request):
"""Sets token-based auth headers."""
request.headers['authenticate'] = {
'complexType': 'PortalLoginToken',
'userId': self.user_id,
'authToken': self.auth_token,
}
return request
def __repr__(self):
return "TokenAuthentication(%r)" % self.user_id
class BasicAuthentication(AuthenticationBase):
"""Token-based authentication class.
:param username str: a user's username
:param api_key str: a user's API key
"""
def __init__(self, username, api_key):
self.username = username
self.api_key = api_key
def get_request(self, request):
"""Sets token-based auth headers."""
# See https://cloud.ibm.com/docs/iam?topic=iam-iamapikeysforservices for why this is the way it is
if self.username == 'apikey':
request.transport_user = self.username
request.transport_password = self.api_key
else:
request.headers['authenticate'] = {
'username': self.username,
'apiKey': self.api_key,
}
return request
def __repr__(self):
return f"BasicAuthentication(username={self.username})"
class BasicHTTPAuthentication(AuthenticationBase):
"""Token-based authentication class.
:param username str: a user's username
:param api_key str: a user's API key
"""
def __init__(self, username, api_key):
self.username = username
self.api_key = api_key
def get_request(self, request):
"""Sets token-based auth headers."""
request.transport_user = self.username
request.transport_password = self.api_key
return request
def __repr__(self):
return f"BasicHTTPAuthentication(username={self.username}"
class BearerAuthentication(AuthenticationBase):
"""Bearer Token authentication class.
:param username str: a user's username, not really needed but all the others use it.
:param api_key str: a user's IAM Token
"""
def __init__(self, username, token, r_token=None):
"""For using IBM IAM authentication
:param username str: Not really needed, will be set to their current username though for logging
:param token str: the IAM Token
:param r_token str: The refresh Token, optional
"""
self.username = username
self.api_key = token
self.r_token = r_token
def get_request(self, request):
"""Sets token-based auth headers."""
request.transport_headers['Authorization'] = f'Bearer {self.api_key}'
request.transport_user = self.username
return request
def __repr__(self):
return f"BearerAuthentication(username={self.username}, token={self.api_key})"
class X509Authentication(AuthenticationBase):
"""X509Authentication authentication class.
:param certificate str: Path to a users SSL certificate for authentication
:param CA Cert str: Path to the Servers signed certificate.
"""
def __init__(self, cert, ca_cert):
self.cert = os.path.expanduser(cert)
self.ca_cert = ca_cert
def get_request(self, request):
"""Sets token-based auth headers."""
request.cert = self.cert
request.verify = self.ca_cert
return request
def __repr__(self):
return f"X509Authentication(cert={self.cert}, ca_cert={self.ca_cert})"
class EmployeeAuthentication(AuthenticationBase):
"""Token-based authentication class.
:param username str: a user's username
:param user_hash str: a user's Authentication hash
"""
def __init__(self, user_id, user_hash):
self.user_id = user_id
self.hash = user_hash
def get_request(self, request):
"""Sets token-based auth headers."""
if 'xml' in request.url:
request.headers['employeesession'] = {
'userId': self.user_id,
'authToken': self.hash,
}
else:
request.transport_user = self.user_id
request.transport_password = self.hash
return request
def __repr__(self):
return "EmployeeAuthentication(userId=%r,hash=%s)" % (self.user_id, self.hash)