Add kind to credentials validate call

2017-10-27 14:11:19 -04:00 · 2017-10-27 14:11:19 -04:00 · 0bcda90c6e
commit 0bcda90c6e
parent 6f3d9a6fce
3 changed files with 31 additions and 15 deletions
--- a/auth/credentials.py
+++ b/auth/credentials.py
@ -1,5 +1,7 @@
 import logging

+from enum import Enum
+
 from app import authentication
 from auth.oauth import validate_oauth_token
 from auth.validateresult import ValidateResult, AuthKind
@ -11,6 +13,13 @@ logger = logging.getLogger(__name__)
 ACCESS_TOKEN_USERNAME = '$token'
 OAUTH_TOKEN_USERNAME = '$oauthtoken'

+class CredentialKind(Enum):
+  user = 'user'
+  robot = 'robot'
+  token = ACCESS_TOKEN_USERNAME
+  oauth_token = OAUTH_TOKEN_USERNAME
+
+
 def validate_credentials(auth_username, auth_password_or_token):
  """ Validates a pair of auth username and password/token credentials. """
  # Check for access tokens.
@ -19,14 +28,15 @@ def validate_credentials(auth_username, auth_password_or_token):
    try:
      token = model.token.load_token_data(auth_password_or_token)
      logger.debug('Successfully validated basic auth for access token %s', token.id)
-      return ValidateResult(AuthKind.credentials, token=token)
+      return ValidateResult(AuthKind.credentials, token=token), CredentialKind.token
    except model.DataModelException:
      logger.warning('Failed to validate basic auth for access token %s', auth_password_or_token)
-      return ValidateResult(AuthKind.credentials, error_message='Invalid access token')
+      return (ValidateResult(AuthKind.credentials, error_message='Invalid access token'),
+              CredentialKind.token)

  # Check for OAuth tokens.
  if auth_username == OAUTH_TOKEN_USERNAME:
-    return validate_oauth_token(auth_password_or_token)
+    return validate_oauth_token(auth_password_or_token), CredentialKind.oauth_token

  # Check for robots and users.
  is_robot = parse_robot_username(auth_username)
@ -34,19 +44,18 @@ def validate_credentials(auth_username, auth_password_or_token):
    logger.debug('Found basic auth header for robot %s', auth_username)
    try:
      robot = model.user.verify_robot(auth_username, auth_password_or_token)
-
      logger.debug('Successfully validated basic auth for robot %s', auth_username)
-      return ValidateResult(AuthKind.credentials, robot=robot)
+      return ValidateResult(AuthKind.credentials, robot=robot), CredentialKind.robot
    except model.InvalidRobotException as ire:
      logger.warning('Failed to validate basic auth for robot %s: %s', auth_username, ire.message)
-      return ValidateResult(AuthKind.credentials, error_message=ire.message)
+      return ValidateResult(AuthKind.credentials, error_message=ire.message), CredentialKind.robot

  # Otherwise, treat as a standard user.
  (authenticated, err) = authentication.verify_and_link_user(auth_username, auth_password_or_token,
                                                             basic_auth=True)
  if authenticated:
    logger.debug('Successfully validated basic auth for user %s', authenticated.username)
-    return ValidateResult(AuthKind.credentials, user=authenticated)
+    return ValidateResult(AuthKind.credentials, user=authenticated), CredentialKind.user
  else:
    logger.warning('Failed to validate basic auth for user %s: %s', auth_username, err)
-    return ValidateResult(AuthKind.credentials, error_message=err)
+    return ValidateResult(AuthKind.credentials, error_message=err), CredentialKind.user