Source code for datacatalog.tokens.admin

import os
import time
import hashlib
from datacatalog import settings
from .classes import Token
from .exceptions import InvalidAdminToken

__all__ = ['InvalidAdminToken', 'get_admin_token', 'validate_admin_token',
           'internal_get_admin_token', 'get_admin_key', 'get_admin_lifetime']


[docs]def get_admin_token(key, previous=False):
    """Returns a token with administrative priviledges

    Administrative tokens provide a signature that can be used to authorize
    edits and to trigger specific administrative events.

    Args:
        key (str): The key for generating admin tokens
        previous (bool, optional): Retrieve the most recently issued token for this key

    Returns:
        Token
    """
    if key is None:
        raise ValueError('Value for "key" was expected')
    expires = get_admin_lifetime()
    secret = __get_admin_salt()
    argset = [secret, key]
    ts = int(time.time())
    if previous:
        ts = ts - expires
    argset.extend(str(int(ts / expires)))
    str_argset = [str(a) for a in argset if True]
    msg = ':'.join(str_argset)
    tok = Token(hashlib.sha256(msg.encode('utf-8')).hexdigest()[
        0:settings.TOKEN_LENGTH])
    return tok



[docs]def validate_admin_token(token, key=None, permissive=True):
    """Validate an adminstrative token

    Only administrative tokens can be validated using this function.

    Args:
        token (str): The token to validate
        key (str): The "token_key" value used to generate the token
        permissive (bool, optional): Whether to error or return a Boolean on failure

    Raises:
        InvalidAdminToken: The outcome when validation fails and permissive is not set.

    Returns:
        bool: If permissive is set, validity is a Boolean value
    """

    toks = __get_admin_tokens(key)
    if token in toks:
        return True
    if permissive:
        return False
    else:
        raise InvalidAdminToken('Administrative token was not valid')



[docs]def internal_get_admin_token(key=None):
    return __get_admin_tokens(key=key)[0]


def __get_admin_tokens(key=None):
    """Gets current and previous token for a key.
    """
    toks = list()
    if key is None:
        key = get_admin_key()
    toks.append(get_admin_token(key))
    toks.append(get_admin_token(key, previous=True))
    return toks

def __get_admin_salt():
    """Internal: Get current secret for generating admin tokens
    """
    return os.environ.get(
        'CATALOG_ADMIN_TOKEN_SECRET', settings.ADMIN_TOKEN_SECRET)


[docs]def get_admin_key():
    """Get current  key for generating admin tokens
    """
    return os.environ.get(
        'CATALOG_ADMIN_TOKEN_KEY', settings.ADMIN_TOKEN_KEY)



[docs]def get_admin_lifetime():
    """Get current  expiration time (seconds) for new admin tokens
    """
    return int(
        os.environ.get(
            'CATALOG_ADMIN_TOKEN_LIFETIME', settings.ADMIN_TOKEN_LIFETIME))