From 1a00f2941502d1a73b0de970d570c9340619687f Mon Sep 17 00:00:00 2001 From: allegroai <> Date: Wed, 17 Jul 2019 18:15:58 +0300 Subject: [PATCH] Add support for fix user list credentials --- server/database/__init__.py | 32 ++++++++++++++++++++++++-------- server/schema/services/auth.conf | 16 ++++++++++++++++ server/services/auth.py | 9 ++++++--- 3 files changed, 46 insertions(+), 11 deletions(-) diff --git a/server/database/__init__.py b/server/database/__init__.py index d17a56a..25add3f 100644 --- a/server/database/__init__.py +++ b/server/database/__init__.py @@ -1,3 +1,6 @@ +from os import getenv + +from furl import furl from jsonmodels import models from jsonmodels.errors import ValidationError from jsonmodels.fields import StringField @@ -8,9 +11,11 @@ from config import config from .defs import Database from .utils import get_items -log = config.logger(__file__) +log = config.logger("database") -strict = config.get('apiserver.mongo.strict', True) +strict = config.get("apiserver.mongo.strict", True) + +OVERRIDE_HOST_ENV_KEY = "MONGODB_SERVICE_SERVICE_HOST" _entries = [] @@ -21,28 +26,39 @@ class DatabaseEntry(models.Base): @property def health_alias(self): - return '__health__' + self.alias + return "__health__" + self.alias def initialize(): - db_entries = config.get('hosts.mongo', {}) + db_entries = config.get("hosts.mongo", {}) missing = [] - log.info('Initializing database connections') + log.info("Initializing database connections") + + override_hostname = getenv(OVERRIDE_HOST_ENV_KEY) + if override_hostname: + log.info(f"Using override mongodb host {override_hostname}") + for key, alias in get_items(Database).items(): if key not in db_entries: missing.append(key) continue + entry = DatabaseEntry(alias=alias, **db_entries.get(key)) + if override_hostname: + entry.host = furl(entry.host).set(host=override_hostname).url + try: entry.validate() - log.info('Registering connection to %(alias)s (%(host)s)' % entry.to_struct()) + log.info( + "Registering connection to %(alias)s (%(host)s)" % entry.to_struct() + ) register_connection(alias=alias, host=entry.host) _entries.append(entry) except ValidationError as ex: - raise Exception('Invalid database entry `%s`: %s' % (key, ex.args[0])) + raise Exception("Invalid database entry `%s`: %s" % (key, ex.args[0])) if missing: - raise ValueError('Missing database configuration for %s' % ', '.join(missing)) + raise ValueError("Missing database configuration for %s" % ", ".join(missing)) def get_entries(): diff --git a/server/schema/services/auth.conf b/server/schema/services/auth.conf index 45f160b..6bd0b42 100644 --- a/server/schema/services/auth.conf +++ b/server/schema/services/auth.conf @@ -52,6 +52,22 @@ login { } } +logout { + internal: false + allow_roles = [ "*" ] + "2.2" { + description: """Removes the authentication cookie from the current session""" + request { + type: object + additionalProperties: false + } + response { + type: object + additionalProperties: false + } + } +} + get_token_for_user { "2.1" { description: """Get a token for the specified user. Intended for internal use.""" diff --git a/server/services/auth.py b/server/services/auth.py index 322c7e2..176d2d3 100644 --- a/server/services/auth.py +++ b/server/services/auth.py @@ -31,10 +31,8 @@ log = config.logger(__file__) request_data_model=GetTokenRequest, response_data_model=GetTokenResponse, ) -def login(call): +def login(call: APICall, *_, **__): """ Generates a token based on the authenticated user (intended for use with credentials) """ - assert isinstance(call, APICall) - call.result.data_model = AuthBLL.get_token_for_user( user_id=call.identity.user, company_id=call.identity.company, @@ -47,6 +45,11 @@ def login(call): ] = call.result.data_model.token +@endpoint("auth.logout", min_version="2.2") +def logout(call: APICall, *_, **__): + call.result.cookies[config.get("apiserver.auth.session_auth_cookie_name")] = None + + @endpoint( "auth.get_token_for_user", request_data_model=GetTokenForUserRequest,