mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-24 04:57:00 +01:00
1986 lines
130 KiB
HTML
1986 lines
130 KiB
HTML
|
|
<!doctype html>
|
|
<html lang="en" class="no-js">
|
|
<head>
|
|
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width,initial-scale=1">
|
|
|
|
|
|
|
|
|
|
<link rel="prev" href="..">
|
|
|
|
|
|
<link rel="next" href="../kanidmclientconfig/">
|
|
|
|
<link rel="icon" href="../assets/images/favicon.png">
|
|
<meta name="generator" content="mkdocs-1.4.2, mkdocs-material-9.1.8">
|
|
|
|
|
|
|
|
<title>Client - kanidm python library</title>
|
|
|
|
|
|
|
|
<link rel="stylesheet" href="../assets/stylesheets/main.ded33207.min.css">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
|
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
|
|
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
|
|
|
|
|
|
|
|
<link rel="stylesheet" href="../assets/_mkdocstrings.css">
|
|
|
|
<script>__md_scope=new URL("..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</head>
|
|
|
|
|
|
<body dir="ltr">
|
|
|
|
|
|
|
|
<script>var palette=__md_get("__palette");if(palette&&"object"==typeof palette.color)for(var key of Object.keys(palette.color))document.body.setAttribute("data-md-color-"+key,palette.color[key])</script>
|
|
|
|
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
|
|
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
|
|
<label class="md-overlay" for="__drawer"></label>
|
|
<div data-md-component="skip">
|
|
|
|
|
|
<a href="#kanidmkanidmclient" class="md-skip">
|
|
Skip to content
|
|
</a>
|
|
|
|
</div>
|
|
<div data-md-component="announce">
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<header class="md-header md-header--shadow" data-md-component="header">
|
|
<nav class="md-header__inner md-grid" aria-label="Header">
|
|
<a href=".." title="kanidm python library" class="md-header__button md-logo" aria-label="kanidm python library" data-md-component="logo">
|
|
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
|
|
|
|
</a>
|
|
<label class="md-header__button md-icon" for="__drawer">
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
|
|
</label>
|
|
<div class="md-header__title" data-md-component="header-title">
|
|
<div class="md-header__ellipsis">
|
|
<div class="md-header__topic">
|
|
<span class="md-ellipsis">
|
|
kanidm python library
|
|
</span>
|
|
</div>
|
|
<div class="md-header__topic" data-md-component="header-topic">
|
|
<span class="md-ellipsis">
|
|
|
|
Client
|
|
|
|
</span>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<label class="md-header__button md-icon" for="__search">
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
|
|
</label>
|
|
<div class="md-search" data-md-component="search" role="dialog">
|
|
<label class="md-search__overlay" for="__search"></label>
|
|
<div class="md-search__inner" role="search">
|
|
<form class="md-search__form" name="search">
|
|
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
|
|
<label class="md-search__icon md-icon" for="__search">
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
|
|
</label>
|
|
<nav class="md-search__options" aria-label="Search">
|
|
|
|
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
|
|
</button>
|
|
</nav>
|
|
|
|
</form>
|
|
<div class="md-search__output">
|
|
<div class="md-search__scrollwrap" data-md-scrollfix>
|
|
<div class="md-search-result" data-md-component="search-result">
|
|
<div class="md-search-result__meta">
|
|
Initializing search
|
|
</div>
|
|
<ol class="md-search-result__list" role="presentation"></ol>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div class="md-header__source">
|
|
<a href="https://github.com/kanidm/kanidm" title="Go to repository" class="md-source" data-md-component="source">
|
|
<div class="md-source__icon md-icon">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.4.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
|
|
</div>
|
|
<div class="md-source__repository">
|
|
kanidm/kanidm
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
</nav>
|
|
|
|
</header>
|
|
|
|
<div class="md-container" data-md-component="container">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<main class="md-main" data-md-component="main">
|
|
<div class="md-main__inner md-grid">
|
|
|
|
|
|
|
|
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
|
|
<div class="md-sidebar__scrollwrap">
|
|
<div class="md-sidebar__inner">
|
|
|
|
|
|
|
|
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
|
|
<label class="md-nav__title" for="__drawer">
|
|
<a href=".." title="kanidm python library" class="md-nav__button md-logo" aria-label="kanidm python library" data-md-component="logo">
|
|
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
|
|
|
|
</a>
|
|
kanidm python library
|
|
</label>
|
|
|
|
<div class="md-nav__source">
|
|
<a href="https://github.com/kanidm/kanidm" title="Go to repository" class="md-source" data-md-component="source">
|
|
<div class="md-source__icon md-icon">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.4.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
|
|
</div>
|
|
<div class="md-source__repository">
|
|
kanidm/kanidm
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href=".." class="md-nav__link">
|
|
Home
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--active">
|
|
|
|
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
|
|
|
|
|
|
|
|
|
|
|
|
<label class="md-nav__link md-nav__link--active" for="__toc">
|
|
Client
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<a href="./" class="md-nav__link md-nav__link--active">
|
|
Client
|
|
</a>
|
|
|
|
|
|
|
|
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<label class="md-nav__title" for="__toc">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Table of contents
|
|
</label>
|
|
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient" class="md-nav__link">
|
|
kanidm.KanidmClient
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.__init__" class="md-nav__link">
|
|
__init__()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.auth_begin" class="md-nav__link">
|
|
auth_begin()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.auth_init" class="md-nav__link">
|
|
auth_init()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.auth_step_password" class="md-nav__link">
|
|
auth_step_password()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.authenticate_password" class="md-nav__link">
|
|
authenticate_password()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.call_get" class="md-nav__link">
|
|
call_get()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.call_post" class="md-nav__link">
|
|
call_post()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.check_token_valid" class="md-nav__link">
|
|
check_token_valid()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.get_path_uri" class="md-nav__link">
|
|
get_path_uri()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.get_radius_token" class="md-nav__link">
|
|
get_radius_token()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.parse_config_data" class="md-nav__link">
|
|
parse_config_data()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.session_header" class="md-nav__link">
|
|
session_header()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../kanidmclientconfig/" class="md-nav__link">
|
|
Client Configuration
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../radiusclient/" class="md-nav__link">
|
|
RADIUS Client
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../tokenstore/" class="md-nav__link">
|
|
Token Storage
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
|
|
<div class="md-sidebar__scrollwrap">
|
|
<div class="md-sidebar__inner">
|
|
|
|
|
|
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<label class="md-nav__title" for="__toc">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Table of contents
|
|
</label>
|
|
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient" class="md-nav__link">
|
|
kanidm.KanidmClient
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.__init__" class="md-nav__link">
|
|
__init__()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.auth_begin" class="md-nav__link">
|
|
auth_begin()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.auth_init" class="md-nav__link">
|
|
auth_init()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.auth_step_password" class="md-nav__link">
|
|
auth_step_password()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.authenticate_password" class="md-nav__link">
|
|
authenticate_password()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.call_get" class="md-nav__link">
|
|
call_get()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.call_post" class="md-nav__link">
|
|
call_post()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.check_token_valid" class="md-nav__link">
|
|
check_token_valid()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.get_path_uri" class="md-nav__link">
|
|
get_path_uri()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.get_radius_token" class="md-nav__link">
|
|
get_radius_token()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.parse_config_data" class="md-nav__link">
|
|
parse_config_data()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#kanidm.KanidmClient.session_header" class="md-nav__link">
|
|
session_header()
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
</nav>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<div class="md-content" data-md-component="content">
|
|
<article class="md-content__inner md-typeset">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h1 id="kanidmkanidmclient">kanidm.KanidmClient</h1>
|
|
|
|
|
|
<div class="doc doc-object doc-class">
|
|
|
|
|
|
<a id="kanidm.KanidmClient"></a>
|
|
<div class="doc doc-contents first">
|
|
|
|
|
|
<p>Kanidm client module</p>
|
|
<p>config: a <code>KanidmClientConfig</code> object, if this is set, everything else is ignored
|
|
config_file: a <code>pathlib.Path</code> object pointing to a configuration file
|
|
uri: kanidm base URL
|
|
session: a <code>aiohttp.client.ClientSession</code>
|
|
verify_hostnames: verify the hostname is correct
|
|
verify_certificate: verify the validity of the certificate and its CA
|
|
ca_path: set this to a trusted CA certificate (PEM format)
|
|
token: a JWS from an authentication session</p>
|
|
|
|
|
|
<details class="quote">
|
|
<summary>Source code in <code>kanidm/__init__.py</code></summary>
|
|
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"> 38</span>
|
|
<span class="normal"> 39</span>
|
|
<span class="normal"> 40</span>
|
|
<span class="normal"> 41</span>
|
|
<span class="normal"> 42</span>
|
|
<span class="normal"> 43</span>
|
|
<span class="normal"> 44</span>
|
|
<span class="normal"> 45</span>
|
|
<span class="normal"> 46</span>
|
|
<span class="normal"> 47</span>
|
|
<span class="normal"> 48</span>
|
|
<span class="normal"> 49</span>
|
|
<span class="normal"> 50</span>
|
|
<span class="normal"> 51</span>
|
|
<span class="normal"> 52</span>
|
|
<span class="normal"> 53</span>
|
|
<span class="normal"> 54</span>
|
|
<span class="normal"> 55</span>
|
|
<span class="normal"> 56</span>
|
|
<span class="normal"> 57</span>
|
|
<span class="normal"> 58</span>
|
|
<span class="normal"> 59</span>
|
|
<span class="normal"> 60</span>
|
|
<span class="normal"> 61</span>
|
|
<span class="normal"> 62</span>
|
|
<span class="normal"> 63</span>
|
|
<span class="normal"> 64</span>
|
|
<span class="normal"> 65</span>
|
|
<span class="normal"> 66</span>
|
|
<span class="normal"> 67</span>
|
|
<span class="normal"> 68</span>
|
|
<span class="normal"> 69</span>
|
|
<span class="normal"> 70</span>
|
|
<span class="normal"> 71</span>
|
|
<span class="normal"> 72</span>
|
|
<span class="normal"> 73</span>
|
|
<span class="normal"> 74</span>
|
|
<span class="normal"> 75</span>
|
|
<span class="normal"> 76</span>
|
|
<span class="normal"> 77</span>
|
|
<span class="normal"> 78</span>
|
|
<span class="normal"> 79</span>
|
|
<span class="normal"> 80</span>
|
|
<span class="normal"> 81</span>
|
|
<span class="normal"> 82</span>
|
|
<span class="normal"> 83</span>
|
|
<span class="normal"> 84</span>
|
|
<span class="normal"> 85</span>
|
|
<span class="normal"> 86</span>
|
|
<span class="normal"> 87</span>
|
|
<span class="normal"> 88</span>
|
|
<span class="normal"> 89</span>
|
|
<span class="normal"> 90</span>
|
|
<span class="normal"> 91</span>
|
|
<span class="normal"> 92</span>
|
|
<span class="normal"> 93</span>
|
|
<span class="normal"> 94</span>
|
|
<span class="normal"> 95</span>
|
|
<span class="normal"> 96</span>
|
|
<span class="normal"> 97</span>
|
|
<span class="normal"> 98</span>
|
|
<span class="normal"> 99</span>
|
|
<span class="normal">100</span>
|
|
<span class="normal">101</span>
|
|
<span class="normal">102</span>
|
|
<span class="normal">103</span>
|
|
<span class="normal">104</span>
|
|
<span class="normal">105</span>
|
|
<span class="normal">106</span>
|
|
<span class="normal">107</span>
|
|
<span class="normal">108</span>
|
|
<span class="normal">109</span>
|
|
<span class="normal">110</span>
|
|
<span class="normal">111</span>
|
|
<span class="normal">112</span>
|
|
<span class="normal">113</span>
|
|
<span class="normal">114</span>
|
|
<span class="normal">115</span>
|
|
<span class="normal">116</span>
|
|
<span class="normal">117</span>
|
|
<span class="normal">118</span>
|
|
<span class="normal">119</span>
|
|
<span class="normal">120</span>
|
|
<span class="normal">121</span>
|
|
<span class="normal">122</span>
|
|
<span class="normal">123</span>
|
|
<span class="normal">124</span>
|
|
<span class="normal">125</span>
|
|
<span class="normal">126</span>
|
|
<span class="normal">127</span>
|
|
<span class="normal">128</span>
|
|
<span class="normal">129</span>
|
|
<span class="normal">130</span>
|
|
<span class="normal">131</span>
|
|
<span class="normal">132</span>
|
|
<span class="normal">133</span>
|
|
<span class="normal">134</span>
|
|
<span class="normal">135</span>
|
|
<span class="normal">136</span>
|
|
<span class="normal">137</span>
|
|
<span class="normal">138</span>
|
|
<span class="normal">139</span>
|
|
<span class="normal">140</span>
|
|
<span class="normal">141</span>
|
|
<span class="normal">142</span>
|
|
<span class="normal">143</span>
|
|
<span class="normal">144</span>
|
|
<span class="normal">145</span>
|
|
<span class="normal">146</span>
|
|
<span class="normal">147</span>
|
|
<span class="normal">148</span>
|
|
<span class="normal">149</span>
|
|
<span class="normal">150</span>
|
|
<span class="normal">151</span>
|
|
<span class="normal">152</span>
|
|
<span class="normal">153</span>
|
|
<span class="normal">154</span>
|
|
<span class="normal">155</span>
|
|
<span class="normal">156</span>
|
|
<span class="normal">157</span>
|
|
<span class="normal">158</span>
|
|
<span class="normal">159</span>
|
|
<span class="normal">160</span>
|
|
<span class="normal">161</span>
|
|
<span class="normal">162</span>
|
|
<span class="normal">163</span>
|
|
<span class="normal">164</span>
|
|
<span class="normal">165</span>
|
|
<span class="normal">166</span>
|
|
<span class="normal">167</span>
|
|
<span class="normal">168</span>
|
|
<span class="normal">169</span>
|
|
<span class="normal">170</span>
|
|
<span class="normal">171</span>
|
|
<span class="normal">172</span>
|
|
<span class="normal">173</span>
|
|
<span class="normal">174</span>
|
|
<span class="normal">175</span>
|
|
<span class="normal">176</span>
|
|
<span class="normal">177</span>
|
|
<span class="normal">178</span>
|
|
<span class="normal">179</span>
|
|
<span class="normal">180</span>
|
|
<span class="normal">181</span>
|
|
<span class="normal">182</span>
|
|
<span class="normal">183</span>
|
|
<span class="normal">184</span>
|
|
<span class="normal">185</span>
|
|
<span class="normal">186</span>
|
|
<span class="normal">187</span>
|
|
<span class="normal">188</span>
|
|
<span class="normal">189</span>
|
|
<span class="normal">190</span>
|
|
<span class="normal">191</span>
|
|
<span class="normal">192</span>
|
|
<span class="normal">193</span>
|
|
<span class="normal">194</span>
|
|
<span class="normal">195</span>
|
|
<span class="normal">196</span>
|
|
<span class="normal">197</span>
|
|
<span class="normal">198</span>
|
|
<span class="normal">199</span>
|
|
<span class="normal">200</span>
|
|
<span class="normal">201</span>
|
|
<span class="normal">202</span>
|
|
<span class="normal">203</span>
|
|
<span class="normal">204</span>
|
|
<span class="normal">205</span>
|
|
<span class="normal">206</span>
|
|
<span class="normal">207</span>
|
|
<span class="normal">208</span>
|
|
<span class="normal">209</span>
|
|
<span class="normal">210</span>
|
|
<span class="normal">211</span>
|
|
<span class="normal">212</span>
|
|
<span class="normal">213</span>
|
|
<span class="normal">214</span>
|
|
<span class="normal">215</span>
|
|
<span class="normal">216</span>
|
|
<span class="normal">217</span>
|
|
<span class="normal">218</span>
|
|
<span class="normal">219</span>
|
|
<span class="normal">220</span>
|
|
<span class="normal">221</span>
|
|
<span class="normal">222</span>
|
|
<span class="normal">223</span>
|
|
<span class="normal">224</span>
|
|
<span class="normal">225</span>
|
|
<span class="normal">226</span>
|
|
<span class="normal">227</span>
|
|
<span class="normal">228</span>
|
|
<span class="normal">229</span>
|
|
<span class="normal">230</span>
|
|
<span class="normal">231</span>
|
|
<span class="normal">232</span>
|
|
<span class="normal">233</span>
|
|
<span class="normal">234</span>
|
|
<span class="normal">235</span>
|
|
<span class="normal">236</span>
|
|
<span class="normal">237</span>
|
|
<span class="normal">238</span>
|
|
<span class="normal">239</span>
|
|
<span class="normal">240</span>
|
|
<span class="normal">241</span>
|
|
<span class="normal">242</span>
|
|
<span class="normal">243</span>
|
|
<span class="normal">244</span>
|
|
<span class="normal">245</span>
|
|
<span class="normal">246</span>
|
|
<span class="normal">247</span>
|
|
<span class="normal">248</span>
|
|
<span class="normal">249</span>
|
|
<span class="normal">250</span>
|
|
<span class="normal">251</span>
|
|
<span class="normal">252</span>
|
|
<span class="normal">253</span>
|
|
<span class="normal">254</span>
|
|
<span class="normal">255</span>
|
|
<span class="normal">256</span>
|
|
<span class="normal">257</span>
|
|
<span class="normal">258</span>
|
|
<span class="normal">259</span>
|
|
<span class="normal">260</span>
|
|
<span class="normal">261</span>
|
|
<span class="normal">262</span>
|
|
<span class="normal">263</span>
|
|
<span class="normal">264</span>
|
|
<span class="normal">265</span>
|
|
<span class="normal">266</span>
|
|
<span class="normal">267</span>
|
|
<span class="normal">268</span>
|
|
<span class="normal">269</span>
|
|
<span class="normal">270</span>
|
|
<span class="normal">271</span>
|
|
<span class="normal">272</span>
|
|
<span class="normal">273</span>
|
|
<span class="normal">274</span>
|
|
<span class="normal">275</span>
|
|
<span class="normal">276</span>
|
|
<span class="normal">277</span>
|
|
<span class="normal">278</span>
|
|
<span class="normal">279</span>
|
|
<span class="normal">280</span>
|
|
<span class="normal">281</span>
|
|
<span class="normal">282</span>
|
|
<span class="normal">283</span>
|
|
<span class="normal">284</span>
|
|
<span class="normal">285</span>
|
|
<span class="normal">286</span>
|
|
<span class="normal">287</span>
|
|
<span class="normal">288</span>
|
|
<span class="normal">289</span>
|
|
<span class="normal">290</span>
|
|
<span class="normal">291</span>
|
|
<span class="normal">292</span>
|
|
<span class="normal">293</span>
|
|
<span class="normal">294</span>
|
|
<span class="normal">295</span>
|
|
<span class="normal">296</span>
|
|
<span class="normal">297</span>
|
|
<span class="normal">298</span>
|
|
<span class="normal">299</span>
|
|
<span class="normal">300</span>
|
|
<span class="normal">301</span>
|
|
<span class="normal">302</span>
|
|
<span class="normal">303</span>
|
|
<span class="normal">304</span>
|
|
<span class="normal">305</span>
|
|
<span class="normal">306</span>
|
|
<span class="normal">307</span>
|
|
<span class="normal">308</span>
|
|
<span class="normal">309</span>
|
|
<span class="normal">310</span>
|
|
<span class="normal">311</span>
|
|
<span class="normal">312</span>
|
|
<span class="normal">313</span>
|
|
<span class="normal">314</span>
|
|
<span class="normal">315</span>
|
|
<span class="normal">316</span>
|
|
<span class="normal">317</span>
|
|
<span class="normal">318</span>
|
|
<span class="normal">319</span>
|
|
<span class="normal">320</span>
|
|
<span class="normal">321</span>
|
|
<span class="normal">322</span>
|
|
<span class="normal">323</span>
|
|
<span class="normal">324</span>
|
|
<span class="normal">325</span>
|
|
<span class="normal">326</span>
|
|
<span class="normal">327</span>
|
|
<span class="normal">328</span>
|
|
<span class="normal">329</span>
|
|
<span class="normal">330</span>
|
|
<span class="normal">331</span>
|
|
<span class="normal">332</span>
|
|
<span class="normal">333</span>
|
|
<span class="normal">334</span>
|
|
<span class="normal">335</span>
|
|
<span class="normal">336</span>
|
|
<span class="normal">337</span>
|
|
<span class="normal">338</span>
|
|
<span class="normal">339</span>
|
|
<span class="normal">340</span>
|
|
<span class="normal">341</span>
|
|
<span class="normal">342</span>
|
|
<span class="normal">343</span>
|
|
<span class="normal">344</span>
|
|
<span class="normal">345</span>
|
|
<span class="normal">346</span>
|
|
<span class="normal">347</span>
|
|
<span class="normal">348</span>
|
|
<span class="normal">349</span>
|
|
<span class="normal">350</span>
|
|
<span class="normal">351</span>
|
|
<span class="normal">352</span>
|
|
<span class="normal">353</span>
|
|
<span class="normal">354</span>
|
|
<span class="normal">355</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="k">class</span> <span class="nc">KanidmClient</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""Kanidm client module</span>
|
|
|
|
<span class="sd"> config: a `KanidmClientConfig` object, if this is set, everything else is ignored</span>
|
|
<span class="sd"> config_file: a `pathlib.Path` object pointing to a configuration file</span>
|
|
<span class="sd"> uri: kanidm base URL</span>
|
|
<span class="sd"> session: a `aiohttp.client.ClientSession`</span>
|
|
<span class="sd"> verify_hostnames: verify the hostname is correct</span>
|
|
<span class="sd"> verify_certificate: verify the validity of the certificate and its CA</span>
|
|
<span class="sd"> ca_path: set this to a trusted CA certificate (PEM format)</span>
|
|
<span class="sd"> token: a JWS from an authentication session</span>
|
|
<span class="sd"> """</span>
|
|
|
|
<span class="c1"># pylint: disable=too-many-instance-attributes,too-many-arguments</span>
|
|
<span class="k">def</span> <span class="fm">__init__</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">config</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">KanidmClientConfig</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">config_file</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Union</span><span class="p">[</span><span class="n">Path</span><span class="p">,</span> <span class="nb">str</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">uri</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">verify_hostnames</span><span class="p">:</span> <span class="nb">bool</span> <span class="o">=</span> <span class="kc">True</span><span class="p">,</span>
|
|
<span class="n">verify_certificate</span><span class="p">:</span> <span class="nb">bool</span> <span class="o">=</span> <span class="kc">True</span><span class="p">,</span>
|
|
<span class="n">ca_path</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">token</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""Constructor for KanidmClient"""</span>
|
|
|
|
<span class="k">if</span> <span class="n">config</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">config</span> <span class="o">=</span> <span class="n">config</span>
|
|
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">config</span> <span class="o">=</span> <span class="n">KanidmClientConfig</span><span class="p">(</span>
|
|
<span class="n">uri</span><span class="o">=</span><span class="n">uri</span><span class="p">,</span>
|
|
<span class="n">verify_hostnames</span><span class="o">=</span><span class="n">verify_hostnames</span><span class="p">,</span>
|
|
<span class="n">verify_certificate</span><span class="o">=</span><span class="n">verify_certificate</span><span class="p">,</span>
|
|
<span class="n">ca_path</span><span class="o">=</span><span class="n">ca_path</span><span class="p">,</span>
|
|
<span class="n">auth_token</span><span class="o">=</span><span class="n">token</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">config_file</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">config_file</span><span class="p">,</span> <span class="n">Path</span><span class="p">):</span>
|
|
<span class="n">config_file</span> <span class="o">=</span> <span class="n">Path</span><span class="p">(</span><span class="n">config_file</span><span class="p">)</span>
|
|
<span class="n">config_data</span> <span class="o">=</span> <span class="n">load_config</span><span class="p">(</span><span class="n">config_file</span><span class="o">.</span><span class="n">expanduser</span><span class="p">()</span><span class="o">.</span><span class="n">resolve</span><span class="p">())</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">config</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">parse_obj</span><span class="p">(</span><span class="n">config_data</span><span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">uri</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s2">"Please initialize this with a server URI"</span><span class="p">)</span>
|
|
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_ssl</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Union</span><span class="p">[</span><span class="nb">bool</span><span class="p">,</span> <span class="n">ssl</span><span class="o">.</span><span class="n">SSLContext</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_configure_ssl</span><span class="p">()</span>
|
|
|
|
<span class="k">def</span> <span class="nf">_configure_ssl</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""Sets up SSL configuration for the client"""</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">verify_certificate</span> <span class="ow">is</span> <span class="kc">False</span><span class="p">:</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_ssl</span> <span class="o">=</span> <span class="kc">False</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">if</span> <span class="p">(</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">ca_path</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span>
|
|
<span class="ow">and</span> <span class="ow">not</span> <span class="n">Path</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">ca_path</span><span class="p">)</span><span class="o">.</span><span class="n">expanduser</span><span class="p">()</span><span class="o">.</span><span class="n">resolve</span><span class="p">()</span><span class="o">.</span><span class="n">exists</span><span class="p">()</span>
|
|
<span class="p">):</span>
|
|
<span class="k">raise</span> <span class="ne">FileNotFoundError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"CA Path not found: </span><span class="si">{</span><span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">ca_path</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_ssl</span> <span class="o">=</span> <span class="n">ssl</span><span class="o">.</span><span class="n">create_default_context</span><span class="p">(</span><span class="n">cafile</span><span class="o">=</span><span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">ca_path</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">_ssl</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">False</span><span class="p">:</span>
|
|
<span class="c1"># ignoring this for typing because mypy is being weird</span>
|
|
<span class="c1"># ssl.SSLContext.check_hostname is totally a thing</span>
|
|
<span class="c1"># https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_ssl</span><span class="o">.</span><span class="n">check_hostname</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">verify_hostnames</span> <span class="c1"># type: ignore</span>
|
|
|
|
<span class="k">def</span> <span class="nf">parse_config_data</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">config_data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">],</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""hand it a config dict and it'll configure the client"""</span>
|
|
<span class="k">try</span><span class="p">:</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">parse_obj</span><span class="p">(</span><span class="n">config_data</span><span class="p">)</span>
|
|
<span class="k">except</span> <span class="n">ValidationError</span> <span class="k">as</span> <span class="n">validation_error</span><span class="p">:</span>
|
|
<span class="c1"># pylint: disable=raise-missing-from</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"Failed to validate configuration: </span><span class="si">{</span><span class="n">validation_error</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
|
|
<span class="k">async</span> <span class="k">def</span> <span class="nf">check_token_valid</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">token</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="nb">bool</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""checks if a given token is valid, or the local one if you don't pass it"""</span>
|
|
<span class="n">url</span> <span class="o">=</span> <span class="s2">"/v1/auth/valid"</span>
|
|
<span class="k">if</span> <span class="n">token</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="n">headers</span> <span class="o">=</span> <span class="p">{</span>
|
|
<span class="s2">"authorization"</span><span class="p">:</span> <span class="sa">f</span><span class="s2">"Bearer </span><span class="si">{</span><span class="n">token</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span>
|
|
<span class="s2">"content-type"</span><span class="p">:</span> <span class="s2">"application/json"</span><span class="p">,</span>
|
|
<span class="p">}</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">headers</span> <span class="o">=</span> <span class="kc">None</span>
|
|
<span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">call_get</span><span class="p">(</span><span class="n">url</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">)</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="n">result</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">result</span><span class="o">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">200</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="kc">True</span>
|
|
<span class="k">return</span> <span class="kc">False</span>
|
|
|
|
<span class="nd">@lru_cache</span><span class="p">()</span>
|
|
<span class="k">def</span> <span class="nf">get_path_uri</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">path</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="nb">str</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""turns a path into a full URI"""</span>
|
|
<span class="k">if</span> <span class="n">path</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="s2">"/"</span><span class="p">):</span>
|
|
<span class="n">path</span> <span class="o">=</span> <span class="n">path</span><span class="p">[</span><span class="mi">1</span><span class="p">:]</span>
|
|
<span class="k">return</span> <span class="sa">f</span><span class="s2">"</span><span class="si">{</span><span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">uri</span><span class="si">}{</span><span class="n">path</span><span class="si">}</span><span class="s2">"</span>
|
|
|
|
<span class="nd">@property</span>
|
|
<span class="k">def</span> <span class="nf">_token_headers</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span> <span class="o">-></span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]:</span>
|
|
<span class="w"> </span><span class="sd">"""returns an auth header with the token in it"""</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">auth_token</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s2">"Token is not set"</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="p">{</span><span class="s2">"authorization"</span><span class="p">:</span> <span class="sa">f</span><span class="s2">"Bearer </span><span class="si">{</span><span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">auth_token</span><span class="si">}</span><span class="s2">"</span><span class="p">}</span>
|
|
|
|
<span class="c1"># pylint: disable=too-many-arguments</span>
|
|
<span class="k">async</span> <span class="k">def</span> <span class="nf">_call</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">method</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
|
|
<span class="n">path</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
|
|
<span class="n">headers</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">timeout</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">json</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">params</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="n">ClientResponse</span><span class="p">:</span>
|
|
|
|
<span class="k">if</span> <span class="n">timeout</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="n">timeout</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">connect_timeout</span>
|
|
<span class="k">async</span> <span class="k">with</span> <span class="n">aiohttp</span><span class="o">.</span><span class="n">client</span><span class="o">.</span><span class="n">ClientSession</span><span class="p">()</span> <span class="k">as</span> <span class="n">session</span><span class="p">:</span>
|
|
<span class="c1"># if we have a token set, we send it.</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">auth_token</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">"Found a token internally"</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">headers</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="n">headers</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_token_headers</span>
|
|
<span class="k">elif</span> <span class="s2">"authorization"</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">headers</span><span class="p">:</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">"Setting auth headers as Authorization not in keys"</span><span class="p">)</span>
|
|
<span class="n">headers</span><span class="o">.</span><span class="n">update</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_token_headers</span><span class="p">)</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">"_call method=</span><span class="si">%s</span><span class="s2"> to </span><span class="si">%s</span><span class="s2">"</span><span class="p">,</span> <span class="n">method</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">get_path_uri</span><span class="p">(</span><span class="n">path</span><span class="p">))</span>
|
|
<span class="k">async</span> <span class="k">with</span> <span class="n">session</span><span class="o">.</span><span class="n">request</span><span class="p">(</span>
|
|
<span class="n">method</span><span class="o">=</span><span class="n">method</span><span class="p">,</span>
|
|
<span class="n">url</span><span class="o">=</span><span class="bp">self</span><span class="o">.</span><span class="n">get_path_uri</span><span class="p">(</span><span class="n">path</span><span class="p">),</span>
|
|
<span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span>
|
|
<span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">,</span>
|
|
<span class="n">json</span><span class="o">=</span><span class="n">json</span><span class="p">,</span>
|
|
<span class="n">params</span><span class="o">=</span><span class="n">params</span><span class="p">,</span>
|
|
<span class="n">ssl</span><span class="o">=</span><span class="bp">self</span><span class="o">.</span><span class="n">_ssl</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="k">as</span> <span class="n">request</span><span class="p">:</span>
|
|
<span class="n">content</span> <span class="o">=</span> <span class="k">await</span> <span class="n">request</span><span class="o">.</span><span class="n">content</span><span class="o">.</span><span class="n">read</span><span class="p">()</span>
|
|
<span class="k">try</span><span class="p">:</span>
|
|
<span class="n">response_json</span> <span class="o">=</span> <span class="n">json_lib</span><span class="o">.</span><span class="n">loads</span><span class="p">(</span><span class="n">content</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">response_json</span><span class="p">,</span> <span class="nb">dict</span><span class="p">):</span>
|
|
<span class="n">response_json</span> <span class="o">=</span> <span class="kc">None</span>
|
|
<span class="k">except</span> <span class="n">json_lib</span><span class="o">.</span><span class="n">JSONDecodeError</span> <span class="k">as</span> <span class="n">json_error</span><span class="p">:</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">error</span><span class="p">(</span><span class="s2">"Failed to JSON Decode Response: </span><span class="si">%s</span><span class="s2">"</span><span class="p">,</span> <span class="n">json_error</span><span class="p">)</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">error</span><span class="p">(</span><span class="s2">"Response data: </span><span class="si">%s</span><span class="s2">"</span><span class="p">,</span> <span class="n">content</span><span class="p">)</span>
|
|
<span class="n">response_json</span> <span class="o">=</span> <span class="p">{}</span>
|
|
<span class="n">response_input</span> <span class="o">=</span> <span class="p">{</span>
|
|
<span class="s2">"data"</span><span class="p">:</span> <span class="n">response_json</span><span class="p">,</span>
|
|
<span class="s2">"content"</span><span class="p">:</span> <span class="n">content</span><span class="o">.</span><span class="n">decode</span><span class="p">(</span><span class="s2">"utf-8"</span><span class="p">),</span>
|
|
<span class="s2">"headers"</span><span class="p">:</span> <span class="n">request</span><span class="o">.</span><span class="n">headers</span><span class="p">,</span>
|
|
<span class="s2">"status_code"</span><span class="p">:</span> <span class="n">request</span><span class="o">.</span><span class="n">status</span><span class="p">,</span>
|
|
<span class="p">}</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="n">json_lib</span><span class="o">.</span><span class="n">dumps</span><span class="p">(</span><span class="n">response_input</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="nb">str</span><span class="p">,</span> <span class="n">indent</span><span class="o">=</span><span class="mi">4</span><span class="p">))</span>
|
|
<span class="n">response</span> <span class="o">=</span> <span class="n">ClientResponse</span><span class="o">.</span><span class="n">parse_obj</span><span class="p">(</span><span class="n">response_input</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="n">response</span>
|
|
|
|
<span class="k">async</span> <span class="k">def</span> <span class="nf">call_get</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">path</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
|
|
<span class="n">headers</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">params</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">timeout</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="n">ClientResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""does a get call to the server"""</span>
|
|
<span class="k">return</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">_call</span><span class="p">(</span><span class="s2">"GET"</span><span class="p">,</span> <span class="n">path</span><span class="p">,</span> <span class="n">headers</span><span class="p">,</span> <span class="n">timeout</span><span class="p">,</span> <span class="n">params</span><span class="o">=</span><span class="n">params</span><span class="p">)</span>
|
|
|
|
<span class="k">async</span> <span class="k">def</span> <span class="nf">call_post</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">path</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
|
|
<span class="n">headers</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">json</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">timeout</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="n">ClientResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""does a get call to the server"""</span>
|
|
|
|
<span class="k">return</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">_call</span><span class="p">(</span>
|
|
<span class="n">method</span><span class="o">=</span><span class="s2">"POST"</span><span class="p">,</span> <span class="n">path</span><span class="o">=</span><span class="n">path</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="n">json</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="k">async</span> <span class="k">def</span> <span class="nf">auth_init</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">username</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="n">AuthInitResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""init step, starts the auth session, sets the class-local session ID"""</span>
|
|
<span class="n">init_auth</span> <span class="o">=</span> <span class="p">{</span><span class="s2">"step"</span><span class="p">:</span> <span class="p">{</span><span class="s2">"init"</span><span class="p">:</span> <span class="n">username</span><span class="p">}}</span>
|
|
|
|
<span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">call_post</span><span class="p">(</span>
|
|
<span class="n">path</span><span class="o">=</span><span class="n">KANIDMURLS</span><span class="p">[</span><span class="s2">"auth"</span><span class="p">],</span>
|
|
<span class="n">json</span><span class="o">=</span><span class="n">init_auth</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">status_code</span> <span class="o">!=</span> <span class="mi">200</span><span class="p">:</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span>
|
|
<span class="s2">"Failed to authenticate, response from server: </span><span class="si">%s</span><span class="s2">"</span><span class="p">,</span>
|
|
<span class="n">response</span><span class="o">.</span><span class="n">content</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="c1"># TODO: mock test auth_init raises AuthInitFailed</span>
|
|
<span class="k">raise</span> <span class="n">AuthInitFailed</span><span class="p">(</span><span class="n">response</span><span class="o">.</span><span class="n">content</span><span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="s2">"x-kanidm-auth-session-id"</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">response</span><span class="o">.</span><span class="n">headers</span><span class="p">:</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">"response.content: </span><span class="si">%s</span><span class="s2">"</span><span class="p">,</span> <span class="n">response</span><span class="o">.</span><span class="n">content</span><span class="p">)</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">"response.headers: </span><span class="si">%s</span><span class="s2">"</span><span class="p">,</span> <span class="n">response</span><span class="o">.</span><span class="n">headers</span><span class="p">)</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span>
|
|
<span class="sa">f</span><span class="s2">"Missing x-kanidm-auth-session-id header in init auth response: </span><span class="si">{</span><span class="n">response</span><span class="o">.</span><span class="n">headers</span><span class="si">}</span><span class="s2">"</span>
|
|
<span class="p">)</span>
|
|
<span class="n">retval</span> <span class="o">=</span> <span class="n">AuthInitResponse</span><span class="o">.</span><span class="n">parse_obj</span><span class="p">(</span><span class="n">response</span><span class="o">.</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">retval</span><span class="o">.</span><span class="n">response</span> <span class="o">=</span> <span class="n">response</span>
|
|
<span class="k">return</span> <span class="n">retval</span>
|
|
|
|
<span class="k">async</span> <span class="k">def</span> <span class="nf">auth_begin</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">method</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">sessionid</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="n">ClientResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""the 'begin' step"""</span>
|
|
|
|
<span class="n">begin_auth</span> <span class="o">=</span> <span class="p">{</span>
|
|
<span class="s2">"step"</span><span class="p">:</span> <span class="p">{</span>
|
|
<span class="s2">"begin"</span><span class="p">:</span> <span class="n">method</span><span class="p">,</span>
|
|
<span class="p">},</span>
|
|
<span class="p">}</span>
|
|
<span class="n">headers</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">session_header</span><span class="p">(</span><span class="n">sessionid</span><span class="p">)</span>
|
|
|
|
<span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">call_post</span><span class="p">(</span>
|
|
<span class="n">KANIDMURLS</span><span class="p">[</span><span class="s2">"auth"</span><span class="p">],</span>
|
|
<span class="n">json</span><span class="o">=</span><span class="n">begin_auth</span><span class="p">,</span>
|
|
<span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">status_code</span> <span class="o">!=</span> <span class="mi">200</span><span class="p">:</span>
|
|
<span class="c1"># TODO: mock test for auth_begin raises AuthBeginFailed</span>
|
|
<span class="k">raise</span> <span class="n">AuthBeginFailed</span><span class="p">(</span><span class="n">response</span><span class="o">.</span><span class="n">content</span><span class="p">)</span>
|
|
|
|
<span class="n">retobject</span> <span class="o">=</span> <span class="n">AuthBeginResponse</span><span class="o">.</span><span class="n">parse_obj</span><span class="p">(</span><span class="n">response</span><span class="o">.</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">retobject</span><span class="o">.</span><span class="n">response</span> <span class="o">=</span> <span class="n">response</span>
|
|
<span class="k">return</span> <span class="n">response</span>
|
|
|
|
<span class="k">async</span> <span class="k">def</span> <span class="nf">authenticate_password</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">username</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">password</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="n">AuthStepPasswordResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""authenticates with a username and password, returns the auth token"""</span>
|
|
<span class="k">if</span> <span class="n">username</span> <span class="ow">is</span> <span class="kc">None</span> <span class="ow">and</span> <span class="n">password</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">username</span> <span class="ow">is</span> <span class="kc">None</span> <span class="ow">or</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">password</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="c1"># pylint: disable=line-too-long</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span>
|
|
<span class="s2">"Need username/password to be in caller or class settings before calling authenticate_password"</span>
|
|
<span class="p">)</span>
|
|
<span class="n">username</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">username</span>
|
|
<span class="n">password</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">password</span>
|
|
<span class="k">if</span> <span class="n">username</span> <span class="ow">is</span> <span class="kc">None</span> <span class="ow">or</span> <span class="n">password</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s2">"Username and Password need to be set somewhere!"</span><span class="p">)</span>
|
|
|
|
<span class="n">auth_init</span><span class="p">:</span> <span class="n">AuthInitResponse</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">auth_init</span><span class="p">(</span><span class="n">username</span><span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">auth_init</span><span class="o">.</span><span class="n">response</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="ne">NotImplementedError</span><span class="p">(</span><span class="s2">"This should throw a really cool response"</span><span class="p">)</span>
|
|
|
|
<span class="n">sessionid</span> <span class="o">=</span> <span class="n">auth_init</span><span class="o">.</span><span class="n">response</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s2">"x-kanidm-auth-session-id"</span><span class="p">]</span>
|
|
|
|
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">auth_init</span><span class="o">.</span><span class="n">state</span><span class="o">.</span><span class="n">choose</span><span class="p">)</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span>
|
|
<span class="c1"># there's no mechanisms at all - bail</span>
|
|
<span class="c1"># TODO: write test coverage for authenticate_password raises AuthMechUnknown</span>
|
|
<span class="k">raise</span> <span class="n">AuthMechUnknown</span><span class="p">(</span><span class="sa">f</span><span class="s2">"No auth mechanisms for </span><span class="si">{</span><span class="n">username</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
<span class="n">auth_begin</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">auth_begin</span><span class="p">(</span><span class="n">method</span><span class="o">=</span><span class="s2">"password"</span><span class="p">,</span> <span class="n">sessionid</span><span class="o">=</span><span class="n">sessionid</span><span class="p">)</span>
|
|
<span class="c1"># does a little bit of validation</span>
|
|
<span class="n">auth_begin_object</span> <span class="o">=</span> <span class="n">AuthBeginResponse</span><span class="o">.</span><span class="n">parse_obj</span><span class="p">(</span><span class="n">auth_begin</span><span class="o">.</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">auth_begin_object</span><span class="o">.</span><span class="n">response</span> <span class="o">=</span> <span class="n">auth_begin</span>
|
|
<span class="k">return</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">auth_step_password</span><span class="p">(</span><span class="n">password</span><span class="o">=</span><span class="n">password</span><span class="p">,</span> <span class="n">sessionid</span><span class="o">=</span><span class="n">sessionid</span><span class="p">)</span>
|
|
|
|
<span class="k">async</span> <span class="k">def</span> <span class="nf">auth_step_password</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">sessionid</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
|
|
<span class="n">password</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="n">AuthStepPasswordResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""does the password auth step"""</span>
|
|
|
|
<span class="k">if</span> <span class="n">password</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="n">password</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">password</span>
|
|
<span class="k">if</span> <span class="n">password</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span>
|
|
<span class="s2">"Password has to be passed to auth_step_password or in self.password!"</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="n">cred_auth</span> <span class="o">=</span> <span class="p">{</span><span class="s2">"step"</span><span class="p">:</span> <span class="p">{</span><span class="s2">"cred"</span><span class="p">:</span> <span class="p">{</span><span class="s2">"password"</span><span class="p">:</span> <span class="n">password</span><span class="p">}}}</span>
|
|
<span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">call_post</span><span class="p">(</span>
|
|
<span class="n">path</span><span class="o">=</span><span class="s2">"/v1/auth"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="n">cred_auth</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="bp">self</span><span class="o">.</span><span class="n">session_header</span><span class="p">(</span><span class="n">sessionid</span><span class="p">)</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">status_code</span> <span class="o">!=</span> <span class="mi">200</span><span class="p">:</span>
|
|
<span class="c1"># TODO: write test coverage auth_step_password raises AuthCredFailed</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">"Failed to authenticate, response: </span><span class="si">%s</span><span class="s2">"</span><span class="p">,</span> <span class="n">response</span><span class="o">.</span><span class="n">content</span><span class="p">)</span>
|
|
<span class="k">raise</span> <span class="n">AuthCredFailed</span><span class="p">(</span><span class="s2">"Failed password authentication!"</span><span class="p">)</span>
|
|
|
|
<span class="n">result</span> <span class="o">=</span> <span class="n">AuthStepPasswordResponse</span><span class="o">.</span><span class="n">parse_obj</span><span class="p">(</span><span class="n">response</span><span class="o">.</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">result</span><span class="o">.</span><span class="n">response</span> <span class="o">=</span> <span class="n">response</span>
|
|
|
|
<span class="c1"># pull the token out and set it</span>
|
|
<span class="k">if</span> <span class="n">result</span><span class="o">.</span><span class="n">state</span><span class="o">.</span><span class="n">success</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="c1"># TODO: write test coverage for AuthCredFailed</span>
|
|
<span class="k">raise</span> <span class="n">AuthCredFailed</span>
|
|
<span class="n">result</span><span class="o">.</span><span class="n">sessionid</span> <span class="o">=</span> <span class="n">result</span><span class="o">.</span><span class="n">state</span><span class="o">.</span><span class="n">success</span>
|
|
<span class="k">return</span> <span class="n">result</span>
|
|
|
|
<span class="k">def</span> <span class="nf">session_header</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">sessionid</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]:</span>
|
|
<span class="w"> </span><span class="sd">"""create a headers dict from a session id"""</span>
|
|
<span class="c1"># TODO: perhaps allow session_header to take a dict and update it, too?</span>
|
|
<span class="k">return</span> <span class="p">{</span>
|
|
<span class="s2">"X-KANIDM-AUTH-SESSION-ID"</span><span class="p">:</span> <span class="n">sessionid</span><span class="p">,</span>
|
|
<span class="p">}</span>
|
|
|
|
<span class="k">async</span> <span class="k">def</span> <span class="nf">get_radius_token</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">username</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="n">ClientResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""does the call to the radius token endpoint"""</span>
|
|
<span class="n">path</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">"/v1/account/</span><span class="si">{</span><span class="n">username</span><span class="si">}</span><span class="s2">/_radius/_token"</span>
|
|
<span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">call_get</span><span class="p">(</span><span class="n">path</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">404</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">NoMatchingEntries</span><span class="p">(</span>
|
|
<span class="sa">f</span><span class="s2">"No user found: '</span><span class="si">{</span><span class="n">username</span><span class="si">}</span><span class="s2">' </span><span class="si">{</span><span class="n">response</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s1">'x-kanidm-opid'</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span>
|
|
<span class="p">)</span>
|
|
<span class="k">return</span> <span class="n">response</span>
|
|
</code></pre></div></td></tr></table></div>
|
|
</details>
|
|
|
|
|
|
|
|
<div class="doc doc-children">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div class="doc doc-object doc-function">
|
|
|
|
|
|
|
|
<h2 id="kanidm.KanidmClient.__init__" class="doc doc-heading">
|
|
<code class="highlight language-python"><span class="fm">__init__</span><span class="p">(</span><span class="n">config</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">config_file</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">uri</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">verify_hostnames</span><span class="o">=</span><span class="kc">True</span><span class="p">,</span> <span class="n">verify_certificate</span><span class="o">=</span><span class="kc">True</span><span class="p">,</span> <span class="n">ca_path</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">token</span><span class="o">=</span><span class="kc">None</span><span class="p">)</span></code>
|
|
|
|
</h2>
|
|
|
|
|
|
<div class="doc doc-contents ">
|
|
|
|
<p>Constructor for KanidmClient</p>
|
|
|
|
<details class="quote">
|
|
<summary>Source code in <code>kanidm/__init__.py</code></summary>
|
|
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">52</span>
|
|
<span class="normal">53</span>
|
|
<span class="normal">54</span>
|
|
<span class="normal">55</span>
|
|
<span class="normal">56</span>
|
|
<span class="normal">57</span>
|
|
<span class="normal">58</span>
|
|
<span class="normal">59</span>
|
|
<span class="normal">60</span>
|
|
<span class="normal">61</span>
|
|
<span class="normal">62</span>
|
|
<span class="normal">63</span>
|
|
<span class="normal">64</span>
|
|
<span class="normal">65</span>
|
|
<span class="normal">66</span>
|
|
<span class="normal">67</span>
|
|
<span class="normal">68</span>
|
|
<span class="normal">69</span>
|
|
<span class="normal">70</span>
|
|
<span class="normal">71</span>
|
|
<span class="normal">72</span>
|
|
<span class="normal">73</span>
|
|
<span class="normal">74</span>
|
|
<span class="normal">75</span>
|
|
<span class="normal">76</span>
|
|
<span class="normal">77</span>
|
|
<span class="normal">78</span>
|
|
<span class="normal">79</span>
|
|
<span class="normal">80</span>
|
|
<span class="normal">81</span>
|
|
<span class="normal">82</span>
|
|
<span class="normal">83</span>
|
|
<span class="normal">84</span>
|
|
<span class="normal">85</span>
|
|
<span class="normal">86</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="k">def</span> <span class="fm">__init__</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">config</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">KanidmClientConfig</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">config_file</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Union</span><span class="p">[</span><span class="n">Path</span><span class="p">,</span> <span class="nb">str</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">uri</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">verify_hostnames</span><span class="p">:</span> <span class="nb">bool</span> <span class="o">=</span> <span class="kc">True</span><span class="p">,</span>
|
|
<span class="n">verify_certificate</span><span class="p">:</span> <span class="nb">bool</span> <span class="o">=</span> <span class="kc">True</span><span class="p">,</span>
|
|
<span class="n">ca_path</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">token</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""Constructor for KanidmClient"""</span>
|
|
|
|
<span class="k">if</span> <span class="n">config</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">config</span> <span class="o">=</span> <span class="n">config</span>
|
|
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">config</span> <span class="o">=</span> <span class="n">KanidmClientConfig</span><span class="p">(</span>
|
|
<span class="n">uri</span><span class="o">=</span><span class="n">uri</span><span class="p">,</span>
|
|
<span class="n">verify_hostnames</span><span class="o">=</span><span class="n">verify_hostnames</span><span class="p">,</span>
|
|
<span class="n">verify_certificate</span><span class="o">=</span><span class="n">verify_certificate</span><span class="p">,</span>
|
|
<span class="n">ca_path</span><span class="o">=</span><span class="n">ca_path</span><span class="p">,</span>
|
|
<span class="n">auth_token</span><span class="o">=</span><span class="n">token</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">config_file</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">config_file</span><span class="p">,</span> <span class="n">Path</span><span class="p">):</span>
|
|
<span class="n">config_file</span> <span class="o">=</span> <span class="n">Path</span><span class="p">(</span><span class="n">config_file</span><span class="p">)</span>
|
|
<span class="n">config_data</span> <span class="o">=</span> <span class="n">load_config</span><span class="p">(</span><span class="n">config_file</span><span class="o">.</span><span class="n">expanduser</span><span class="p">()</span><span class="o">.</span><span class="n">resolve</span><span class="p">())</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">config</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">parse_obj</span><span class="p">(</span><span class="n">config_data</span><span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">uri</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s2">"Please initialize this with a server URI"</span><span class="p">)</span>
|
|
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_ssl</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Union</span><span class="p">[</span><span class="nb">bool</span><span class="p">,</span> <span class="n">ssl</span><span class="o">.</span><span class="n">SSLContext</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_configure_ssl</span><span class="p">()</span>
|
|
</code></pre></div></td></tr></table></div>
|
|
</details>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="doc doc-object doc-function">
|
|
|
|
|
|
|
|
<h2 id="kanidm.KanidmClient.auth_begin" class="doc doc-heading">
|
|
<code class="highlight language-python"><span class="n">auth_begin</span><span class="p">(</span><span class="n">method</span><span class="p">,</span> <span class="n">sessionid</span><span class="p">)</span></code>
|
|
|
|
<span class="doc doc-labels">
|
|
<small class="doc doc-label doc-label-async"><code>async</code></small>
|
|
</span>
|
|
|
|
</h2>
|
|
|
|
|
|
<div class="doc doc-contents ">
|
|
|
|
<p>the 'begin' step</p>
|
|
|
|
<details class="quote">
|
|
<summary>Source code in <code>kanidm/__init__.py</code></summary>
|
|
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">246</span>
|
|
<span class="normal">247</span>
|
|
<span class="normal">248</span>
|
|
<span class="normal">249</span>
|
|
<span class="normal">250</span>
|
|
<span class="normal">251</span>
|
|
<span class="normal">252</span>
|
|
<span class="normal">253</span>
|
|
<span class="normal">254</span>
|
|
<span class="normal">255</span>
|
|
<span class="normal">256</span>
|
|
<span class="normal">257</span>
|
|
<span class="normal">258</span>
|
|
<span class="normal">259</span>
|
|
<span class="normal">260</span>
|
|
<span class="normal">261</span>
|
|
<span class="normal">262</span>
|
|
<span class="normal">263</span>
|
|
<span class="normal">264</span>
|
|
<span class="normal">265</span>
|
|
<span class="normal">266</span>
|
|
<span class="normal">267</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="k">async</span> <span class="k">def</span> <span class="nf">auth_begin</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">method</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">sessionid</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="n">ClientResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""the 'begin' step"""</span>
|
|
|
|
<span class="n">begin_auth</span> <span class="o">=</span> <span class="p">{</span>
|
|
<span class="s2">"step"</span><span class="p">:</span> <span class="p">{</span>
|
|
<span class="s2">"begin"</span><span class="p">:</span> <span class="n">method</span><span class="p">,</span>
|
|
<span class="p">},</span>
|
|
<span class="p">}</span>
|
|
<span class="n">headers</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">session_header</span><span class="p">(</span><span class="n">sessionid</span><span class="p">)</span>
|
|
|
|
<span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">call_post</span><span class="p">(</span>
|
|
<span class="n">KANIDMURLS</span><span class="p">[</span><span class="s2">"auth"</span><span class="p">],</span>
|
|
<span class="n">json</span><span class="o">=</span><span class="n">begin_auth</span><span class="p">,</span>
|
|
<span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">status_code</span> <span class="o">!=</span> <span class="mi">200</span><span class="p">:</span>
|
|
<span class="c1"># TODO: mock test for auth_begin raises AuthBeginFailed</span>
|
|
<span class="k">raise</span> <span class="n">AuthBeginFailed</span><span class="p">(</span><span class="n">response</span><span class="o">.</span><span class="n">content</span><span class="p">)</span>
|
|
|
|
<span class="n">retobject</span> <span class="o">=</span> <span class="n">AuthBeginResponse</span><span class="o">.</span><span class="n">parse_obj</span><span class="p">(</span><span class="n">response</span><span class="o">.</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">retobject</span><span class="o">.</span><span class="n">response</span> <span class="o">=</span> <span class="n">response</span>
|
|
<span class="k">return</span> <span class="n">response</span>
|
|
</code></pre></div></td></tr></table></div>
|
|
</details>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="doc doc-object doc-function">
|
|
|
|
|
|
|
|
<h2 id="kanidm.KanidmClient.auth_init" class="doc doc-heading">
|
|
<code class="highlight language-python"><span class="n">auth_init</span><span class="p">(</span><span class="n">username</span><span class="p">)</span></code>
|
|
|
|
<span class="doc doc-labels">
|
|
<small class="doc doc-label doc-label-async"><code>async</code></small>
|
|
</span>
|
|
|
|
</h2>
|
|
|
|
|
|
<div class="doc doc-contents ">
|
|
|
|
<p>init step, starts the auth session, sets the class-local session ID</p>
|
|
|
|
<details class="quote">
|
|
<summary>Source code in <code>kanidm/__init__.py</code></summary>
|
|
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">220</span>
|
|
<span class="normal">221</span>
|
|
<span class="normal">222</span>
|
|
<span class="normal">223</span>
|
|
<span class="normal">224</span>
|
|
<span class="normal">225</span>
|
|
<span class="normal">226</span>
|
|
<span class="normal">227</span>
|
|
<span class="normal">228</span>
|
|
<span class="normal">229</span>
|
|
<span class="normal">230</span>
|
|
<span class="normal">231</span>
|
|
<span class="normal">232</span>
|
|
<span class="normal">233</span>
|
|
<span class="normal">234</span>
|
|
<span class="normal">235</span>
|
|
<span class="normal">236</span>
|
|
<span class="normal">237</span>
|
|
<span class="normal">238</span>
|
|
<span class="normal">239</span>
|
|
<span class="normal">240</span>
|
|
<span class="normal">241</span>
|
|
<span class="normal">242</span>
|
|
<span class="normal">243</span>
|
|
<span class="normal">244</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="k">async</span> <span class="k">def</span> <span class="nf">auth_init</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">username</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="n">AuthInitResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""init step, starts the auth session, sets the class-local session ID"""</span>
|
|
<span class="n">init_auth</span> <span class="o">=</span> <span class="p">{</span><span class="s2">"step"</span><span class="p">:</span> <span class="p">{</span><span class="s2">"init"</span><span class="p">:</span> <span class="n">username</span><span class="p">}}</span>
|
|
|
|
<span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">call_post</span><span class="p">(</span>
|
|
<span class="n">path</span><span class="o">=</span><span class="n">KANIDMURLS</span><span class="p">[</span><span class="s2">"auth"</span><span class="p">],</span>
|
|
<span class="n">json</span><span class="o">=</span><span class="n">init_auth</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">status_code</span> <span class="o">!=</span> <span class="mi">200</span><span class="p">:</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span>
|
|
<span class="s2">"Failed to authenticate, response from server: </span><span class="si">%s</span><span class="s2">"</span><span class="p">,</span>
|
|
<span class="n">response</span><span class="o">.</span><span class="n">content</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="c1"># TODO: mock test auth_init raises AuthInitFailed</span>
|
|
<span class="k">raise</span> <span class="n">AuthInitFailed</span><span class="p">(</span><span class="n">response</span><span class="o">.</span><span class="n">content</span><span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="s2">"x-kanidm-auth-session-id"</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">response</span><span class="o">.</span><span class="n">headers</span><span class="p">:</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">"response.content: </span><span class="si">%s</span><span class="s2">"</span><span class="p">,</span> <span class="n">response</span><span class="o">.</span><span class="n">content</span><span class="p">)</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">"response.headers: </span><span class="si">%s</span><span class="s2">"</span><span class="p">,</span> <span class="n">response</span><span class="o">.</span><span class="n">headers</span><span class="p">)</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span>
|
|
<span class="sa">f</span><span class="s2">"Missing x-kanidm-auth-session-id header in init auth response: </span><span class="si">{</span><span class="n">response</span><span class="o">.</span><span class="n">headers</span><span class="si">}</span><span class="s2">"</span>
|
|
<span class="p">)</span>
|
|
<span class="n">retval</span> <span class="o">=</span> <span class="n">AuthInitResponse</span><span class="o">.</span><span class="n">parse_obj</span><span class="p">(</span><span class="n">response</span><span class="o">.</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">retval</span><span class="o">.</span><span class="n">response</span> <span class="o">=</span> <span class="n">response</span>
|
|
<span class="k">return</span> <span class="n">retval</span>
|
|
</code></pre></div></td></tr></table></div>
|
|
</details>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="doc doc-object doc-function">
|
|
|
|
|
|
|
|
<h2 id="kanidm.KanidmClient.auth_step_password" class="doc doc-heading">
|
|
<code class="highlight language-python"><span class="n">auth_step_password</span><span class="p">(</span><span class="n">sessionid</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="kc">None</span><span class="p">)</span></code>
|
|
|
|
<span class="doc doc-labels">
|
|
<small class="doc doc-label doc-label-async"><code>async</code></small>
|
|
</span>
|
|
|
|
</h2>
|
|
|
|
|
|
<div class="doc doc-contents ">
|
|
|
|
<p>does the password auth step</p>
|
|
|
|
<details class="quote">
|
|
<summary>Source code in <code>kanidm/__init__.py</code></summary>
|
|
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">303</span>
|
|
<span class="normal">304</span>
|
|
<span class="normal">305</span>
|
|
<span class="normal">306</span>
|
|
<span class="normal">307</span>
|
|
<span class="normal">308</span>
|
|
<span class="normal">309</span>
|
|
<span class="normal">310</span>
|
|
<span class="normal">311</span>
|
|
<span class="normal">312</span>
|
|
<span class="normal">313</span>
|
|
<span class="normal">314</span>
|
|
<span class="normal">315</span>
|
|
<span class="normal">316</span>
|
|
<span class="normal">317</span>
|
|
<span class="normal">318</span>
|
|
<span class="normal">319</span>
|
|
<span class="normal">320</span>
|
|
<span class="normal">321</span>
|
|
<span class="normal">322</span>
|
|
<span class="normal">323</span>
|
|
<span class="normal">324</span>
|
|
<span class="normal">325</span>
|
|
<span class="normal">326</span>
|
|
<span class="normal">327</span>
|
|
<span class="normal">328</span>
|
|
<span class="normal">329</span>
|
|
<span class="normal">330</span>
|
|
<span class="normal">331</span>
|
|
<span class="normal">332</span>
|
|
<span class="normal">333</span>
|
|
<span class="normal">334</span>
|
|
<span class="normal">335</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="k">async</span> <span class="k">def</span> <span class="nf">auth_step_password</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">sessionid</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
|
|
<span class="n">password</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="n">AuthStepPasswordResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""does the password auth step"""</span>
|
|
|
|
<span class="k">if</span> <span class="n">password</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="n">password</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">password</span>
|
|
<span class="k">if</span> <span class="n">password</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span>
|
|
<span class="s2">"Password has to be passed to auth_step_password or in self.password!"</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="n">cred_auth</span> <span class="o">=</span> <span class="p">{</span><span class="s2">"step"</span><span class="p">:</span> <span class="p">{</span><span class="s2">"cred"</span><span class="p">:</span> <span class="p">{</span><span class="s2">"password"</span><span class="p">:</span> <span class="n">password</span><span class="p">}}}</span>
|
|
<span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">call_post</span><span class="p">(</span>
|
|
<span class="n">path</span><span class="o">=</span><span class="s2">"/v1/auth"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="n">cred_auth</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="bp">self</span><span class="o">.</span><span class="n">session_header</span><span class="p">(</span><span class="n">sessionid</span><span class="p">)</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">status_code</span> <span class="o">!=</span> <span class="mi">200</span><span class="p">:</span>
|
|
<span class="c1"># TODO: write test coverage auth_step_password raises AuthCredFailed</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">"Failed to authenticate, response: </span><span class="si">%s</span><span class="s2">"</span><span class="p">,</span> <span class="n">response</span><span class="o">.</span><span class="n">content</span><span class="p">)</span>
|
|
<span class="k">raise</span> <span class="n">AuthCredFailed</span><span class="p">(</span><span class="s2">"Failed password authentication!"</span><span class="p">)</span>
|
|
|
|
<span class="n">result</span> <span class="o">=</span> <span class="n">AuthStepPasswordResponse</span><span class="o">.</span><span class="n">parse_obj</span><span class="p">(</span><span class="n">response</span><span class="o">.</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">result</span><span class="o">.</span><span class="n">response</span> <span class="o">=</span> <span class="n">response</span>
|
|
|
|
<span class="c1"># pull the token out and set it</span>
|
|
<span class="k">if</span> <span class="n">result</span><span class="o">.</span><span class="n">state</span><span class="o">.</span><span class="n">success</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="c1"># TODO: write test coverage for AuthCredFailed</span>
|
|
<span class="k">raise</span> <span class="n">AuthCredFailed</span>
|
|
<span class="n">result</span><span class="o">.</span><span class="n">sessionid</span> <span class="o">=</span> <span class="n">result</span><span class="o">.</span><span class="n">state</span><span class="o">.</span><span class="n">success</span>
|
|
<span class="k">return</span> <span class="n">result</span>
|
|
</code></pre></div></td></tr></table></div>
|
|
</details>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="doc doc-object doc-function">
|
|
|
|
|
|
|
|
<h2 id="kanidm.KanidmClient.authenticate_password" class="doc doc-heading">
|
|
<code class="highlight language-python"><span class="n">authenticate_password</span><span class="p">(</span><span class="n">username</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="kc">None</span><span class="p">)</span></code>
|
|
|
|
<span class="doc doc-labels">
|
|
<small class="doc doc-label doc-label-async"><code>async</code></small>
|
|
</span>
|
|
|
|
</h2>
|
|
|
|
|
|
<div class="doc doc-contents ">
|
|
|
|
<p>authenticates with a username and password, returns the auth token</p>
|
|
|
|
<details class="quote">
|
|
<summary>Source code in <code>kanidm/__init__.py</code></summary>
|
|
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">269</span>
|
|
<span class="normal">270</span>
|
|
<span class="normal">271</span>
|
|
<span class="normal">272</span>
|
|
<span class="normal">273</span>
|
|
<span class="normal">274</span>
|
|
<span class="normal">275</span>
|
|
<span class="normal">276</span>
|
|
<span class="normal">277</span>
|
|
<span class="normal">278</span>
|
|
<span class="normal">279</span>
|
|
<span class="normal">280</span>
|
|
<span class="normal">281</span>
|
|
<span class="normal">282</span>
|
|
<span class="normal">283</span>
|
|
<span class="normal">284</span>
|
|
<span class="normal">285</span>
|
|
<span class="normal">286</span>
|
|
<span class="normal">287</span>
|
|
<span class="normal">288</span>
|
|
<span class="normal">289</span>
|
|
<span class="normal">290</span>
|
|
<span class="normal">291</span>
|
|
<span class="normal">292</span>
|
|
<span class="normal">293</span>
|
|
<span class="normal">294</span>
|
|
<span class="normal">295</span>
|
|
<span class="normal">296</span>
|
|
<span class="normal">297</span>
|
|
<span class="normal">298</span>
|
|
<span class="normal">299</span>
|
|
<span class="normal">300</span>
|
|
<span class="normal">301</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="k">async</span> <span class="k">def</span> <span class="nf">authenticate_password</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">username</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">password</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="n">AuthStepPasswordResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""authenticates with a username and password, returns the auth token"""</span>
|
|
<span class="k">if</span> <span class="n">username</span> <span class="ow">is</span> <span class="kc">None</span> <span class="ow">and</span> <span class="n">password</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">username</span> <span class="ow">is</span> <span class="kc">None</span> <span class="ow">or</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">password</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="c1"># pylint: disable=line-too-long</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span>
|
|
<span class="s2">"Need username/password to be in caller or class settings before calling authenticate_password"</span>
|
|
<span class="p">)</span>
|
|
<span class="n">username</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">username</span>
|
|
<span class="n">password</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">password</span>
|
|
<span class="k">if</span> <span class="n">username</span> <span class="ow">is</span> <span class="kc">None</span> <span class="ow">or</span> <span class="n">password</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s2">"Username and Password need to be set somewhere!"</span><span class="p">)</span>
|
|
|
|
<span class="n">auth_init</span><span class="p">:</span> <span class="n">AuthInitResponse</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">auth_init</span><span class="p">(</span><span class="n">username</span><span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">auth_init</span><span class="o">.</span><span class="n">response</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="ne">NotImplementedError</span><span class="p">(</span><span class="s2">"This should throw a really cool response"</span><span class="p">)</span>
|
|
|
|
<span class="n">sessionid</span> <span class="o">=</span> <span class="n">auth_init</span><span class="o">.</span><span class="n">response</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s2">"x-kanidm-auth-session-id"</span><span class="p">]</span>
|
|
|
|
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">auth_init</span><span class="o">.</span><span class="n">state</span><span class="o">.</span><span class="n">choose</span><span class="p">)</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span>
|
|
<span class="c1"># there's no mechanisms at all - bail</span>
|
|
<span class="c1"># TODO: write test coverage for authenticate_password raises AuthMechUnknown</span>
|
|
<span class="k">raise</span> <span class="n">AuthMechUnknown</span><span class="p">(</span><span class="sa">f</span><span class="s2">"No auth mechanisms for </span><span class="si">{</span><span class="n">username</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
<span class="n">auth_begin</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">auth_begin</span><span class="p">(</span><span class="n">method</span><span class="o">=</span><span class="s2">"password"</span><span class="p">,</span> <span class="n">sessionid</span><span class="o">=</span><span class="n">sessionid</span><span class="p">)</span>
|
|
<span class="c1"># does a little bit of validation</span>
|
|
<span class="n">auth_begin_object</span> <span class="o">=</span> <span class="n">AuthBeginResponse</span><span class="o">.</span><span class="n">parse_obj</span><span class="p">(</span><span class="n">auth_begin</span><span class="o">.</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">auth_begin_object</span><span class="o">.</span><span class="n">response</span> <span class="o">=</span> <span class="n">auth_begin</span>
|
|
<span class="k">return</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">auth_step_password</span><span class="p">(</span><span class="n">password</span><span class="o">=</span><span class="n">password</span><span class="p">,</span> <span class="n">sessionid</span><span class="o">=</span><span class="n">sessionid</span><span class="p">)</span>
|
|
</code></pre></div></td></tr></table></div>
|
|
</details>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="doc doc-object doc-function">
|
|
|
|
|
|
|
|
<h2 id="kanidm.KanidmClient.call_get" class="doc doc-heading">
|
|
<code class="highlight language-python"><span class="n">call_get</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">params</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="kc">None</span><span class="p">)</span></code>
|
|
|
|
<span class="doc doc-labels">
|
|
<small class="doc doc-label doc-label-async"><code>async</code></small>
|
|
</span>
|
|
|
|
</h2>
|
|
|
|
|
|
<div class="doc doc-contents ">
|
|
|
|
<p>does a get call to the server</p>
|
|
|
|
<details class="quote">
|
|
<summary>Source code in <code>kanidm/__init__.py</code></summary>
|
|
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">197</span>
|
|
<span class="normal">198</span>
|
|
<span class="normal">199</span>
|
|
<span class="normal">200</span>
|
|
<span class="normal">201</span>
|
|
<span class="normal">202</span>
|
|
<span class="normal">203</span>
|
|
<span class="normal">204</span>
|
|
<span class="normal">205</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="k">async</span> <span class="k">def</span> <span class="nf">call_get</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">path</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
|
|
<span class="n">headers</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">params</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">timeout</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="n">ClientResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""does a get call to the server"""</span>
|
|
<span class="k">return</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">_call</span><span class="p">(</span><span class="s2">"GET"</span><span class="p">,</span> <span class="n">path</span><span class="p">,</span> <span class="n">headers</span><span class="p">,</span> <span class="n">timeout</span><span class="p">,</span> <span class="n">params</span><span class="o">=</span><span class="n">params</span><span class="p">)</span>
|
|
</code></pre></div></td></tr></table></div>
|
|
</details>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="doc doc-object doc-function">
|
|
|
|
|
|
|
|
<h2 id="kanidm.KanidmClient.call_post" class="doc doc-heading">
|
|
<code class="highlight language-python"><span class="n">call_post</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="kc">None</span><span class="p">)</span></code>
|
|
|
|
<span class="doc doc-labels">
|
|
<small class="doc doc-label doc-label-async"><code>async</code></small>
|
|
</span>
|
|
|
|
</h2>
|
|
|
|
|
|
<div class="doc doc-contents ">
|
|
|
|
<p>does a get call to the server</p>
|
|
|
|
<details class="quote">
|
|
<summary>Source code in <code>kanidm/__init__.py</code></summary>
|
|
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">207</span>
|
|
<span class="normal">208</span>
|
|
<span class="normal">209</span>
|
|
<span class="normal">210</span>
|
|
<span class="normal">211</span>
|
|
<span class="normal">212</span>
|
|
<span class="normal">213</span>
|
|
<span class="normal">214</span>
|
|
<span class="normal">215</span>
|
|
<span class="normal">216</span>
|
|
<span class="normal">217</span>
|
|
<span class="normal">218</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="k">async</span> <span class="k">def</span> <span class="nf">call_post</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">path</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
|
|
<span class="n">headers</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">json</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="n">timeout</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="n">ClientResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""does a get call to the server"""</span>
|
|
|
|
<span class="k">return</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">_call</span><span class="p">(</span>
|
|
<span class="n">method</span><span class="o">=</span><span class="s2">"POST"</span><span class="p">,</span> <span class="n">path</span><span class="o">=</span><span class="n">path</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="n">json</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span>
|
|
<span class="p">)</span>
|
|
</code></pre></div></td></tr></table></div>
|
|
</details>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="doc doc-object doc-function">
|
|
|
|
|
|
|
|
<h2 id="kanidm.KanidmClient.check_token_valid" class="doc doc-heading">
|
|
<code class="highlight language-python"><span class="n">check_token_valid</span><span class="p">(</span><span class="n">token</span><span class="o">=</span><span class="kc">None</span><span class="p">)</span></code>
|
|
|
|
<span class="doc doc-labels">
|
|
<small class="doc doc-label doc-label-async"><code>async</code></small>
|
|
</span>
|
|
|
|
</h2>
|
|
|
|
|
|
<div class="doc doc-contents ">
|
|
|
|
<p>checks if a given token is valid, or the local one if you don't pass it</p>
|
|
|
|
<details class="quote">
|
|
<summary>Source code in <code>kanidm/__init__.py</code></summary>
|
|
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">116</span>
|
|
<span class="normal">117</span>
|
|
<span class="normal">118</span>
|
|
<span class="normal">119</span>
|
|
<span class="normal">120</span>
|
|
<span class="normal">121</span>
|
|
<span class="normal">122</span>
|
|
<span class="normal">123</span>
|
|
<span class="normal">124</span>
|
|
<span class="normal">125</span>
|
|
<span class="normal">126</span>
|
|
<span class="normal">127</span>
|
|
<span class="normal">128</span>
|
|
<span class="normal">129</span>
|
|
<span class="normal">130</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="k">async</span> <span class="k">def</span> <span class="nf">check_token_valid</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">token</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="nb">bool</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""checks if a given token is valid, or the local one if you don't pass it"""</span>
|
|
<span class="n">url</span> <span class="o">=</span> <span class="s2">"/v1/auth/valid"</span>
|
|
<span class="k">if</span> <span class="n">token</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="n">headers</span> <span class="o">=</span> <span class="p">{</span>
|
|
<span class="s2">"authorization"</span><span class="p">:</span> <span class="sa">f</span><span class="s2">"Bearer </span><span class="si">{</span><span class="n">token</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span>
|
|
<span class="s2">"content-type"</span><span class="p">:</span> <span class="s2">"application/json"</span><span class="p">,</span>
|
|
<span class="p">}</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">headers</span> <span class="o">=</span> <span class="kc">None</span>
|
|
<span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">call_get</span><span class="p">(</span><span class="n">url</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">)</span>
|
|
<span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="n">result</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">result</span><span class="o">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">200</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="kc">True</span>
|
|
<span class="k">return</span> <span class="kc">False</span>
|
|
</code></pre></div></td></tr></table></div>
|
|
</details>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="doc doc-object doc-function">
|
|
|
|
|
|
|
|
<h2 id="kanidm.KanidmClient.get_path_uri" class="doc doc-heading">
|
|
<code class="highlight language-python"><span class="n">get_path_uri</span><span class="p">(</span><span class="n">path</span><span class="p">)</span></code>
|
|
|
|
<span class="doc doc-labels">
|
|
<small class="doc doc-label doc-label-cached"><code>cached</code></small>
|
|
</span>
|
|
|
|
</h2>
|
|
|
|
|
|
<div class="doc doc-contents ">
|
|
|
|
<p>turns a path into a full URI</p>
|
|
|
|
<details class="quote">
|
|
<summary>Source code in <code>kanidm/__init__.py</code></summary>
|
|
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">132</span>
|
|
<span class="normal">133</span>
|
|
<span class="normal">134</span>
|
|
<span class="normal">135</span>
|
|
<span class="normal">136</span>
|
|
<span class="normal">137</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="nd">@lru_cache</span><span class="p">()</span>
|
|
<span class="k">def</span> <span class="nf">get_path_uri</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">path</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="nb">str</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""turns a path into a full URI"""</span>
|
|
<span class="k">if</span> <span class="n">path</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="s2">"/"</span><span class="p">):</span>
|
|
<span class="n">path</span> <span class="o">=</span> <span class="n">path</span><span class="p">[</span><span class="mi">1</span><span class="p">:]</span>
|
|
<span class="k">return</span> <span class="sa">f</span><span class="s2">"</span><span class="si">{</span><span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">uri</span><span class="si">}{</span><span class="n">path</span><span class="si">}</span><span class="s2">"</span>
|
|
</code></pre></div></td></tr></table></div>
|
|
</details>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="doc doc-object doc-function">
|
|
|
|
|
|
|
|
<h2 id="kanidm.KanidmClient.get_radius_token" class="doc doc-heading">
|
|
<code class="highlight language-python"><span class="n">get_radius_token</span><span class="p">(</span><span class="n">username</span><span class="p">)</span></code>
|
|
|
|
<span class="doc doc-labels">
|
|
<small class="doc doc-label doc-label-async"><code>async</code></small>
|
|
</span>
|
|
|
|
</h2>
|
|
|
|
|
|
<div class="doc doc-contents ">
|
|
|
|
<p>does the call to the radius token endpoint</p>
|
|
|
|
<details class="quote">
|
|
<summary>Source code in <code>kanidm/__init__.py</code></summary>
|
|
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">347</span>
|
|
<span class="normal">348</span>
|
|
<span class="normal">349</span>
|
|
<span class="normal">350</span>
|
|
<span class="normal">351</span>
|
|
<span class="normal">352</span>
|
|
<span class="normal">353</span>
|
|
<span class="normal">354</span>
|
|
<span class="normal">355</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="k">async</span> <span class="k">def</span> <span class="nf">get_radius_token</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">username</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="n">ClientResponse</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""does the call to the radius token endpoint"""</span>
|
|
<span class="n">path</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">"/v1/account/</span><span class="si">{</span><span class="n">username</span><span class="si">}</span><span class="s2">/_radius/_token"</span>
|
|
<span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="o">.</span><span class="n">call_get</span><span class="p">(</span><span class="n">path</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">404</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">NoMatchingEntries</span><span class="p">(</span>
|
|
<span class="sa">f</span><span class="s2">"No user found: '</span><span class="si">{</span><span class="n">username</span><span class="si">}</span><span class="s2">' </span><span class="si">{</span><span class="n">response</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s1">'x-kanidm-opid'</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span>
|
|
<span class="p">)</span>
|
|
<span class="k">return</span> <span class="n">response</span>
|
|
</code></pre></div></td></tr></table></div>
|
|
</details>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="doc doc-object doc-function">
|
|
|
|
|
|
|
|
<h2 id="kanidm.KanidmClient.parse_config_data" class="doc doc-heading">
|
|
<code class="highlight language-python"><span class="n">parse_config_data</span><span class="p">(</span><span class="n">config_data</span><span class="p">)</span></code>
|
|
|
|
</h2>
|
|
|
|
|
|
<div class="doc doc-contents ">
|
|
|
|
<p>hand it a config dict and it'll configure the client</p>
|
|
|
|
<details class="quote">
|
|
<summary>Source code in <code>kanidm/__init__.py</code></summary>
|
|
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">105</span>
|
|
<span class="normal">106</span>
|
|
<span class="normal">107</span>
|
|
<span class="normal">108</span>
|
|
<span class="normal">109</span>
|
|
<span class="normal">110</span>
|
|
<span class="normal">111</span>
|
|
<span class="normal">112</span>
|
|
<span class="normal">113</span>
|
|
<span class="normal">114</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="k">def</span> <span class="nf">parse_config_data</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">config_data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">],</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""hand it a config dict and it'll configure the client"""</span>
|
|
<span class="k">try</span><span class="p">:</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">parse_obj</span><span class="p">(</span><span class="n">config_data</span><span class="p">)</span>
|
|
<span class="k">except</span> <span class="n">ValidationError</span> <span class="k">as</span> <span class="n">validation_error</span><span class="p">:</span>
|
|
<span class="c1"># pylint: disable=raise-missing-from</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"Failed to validate configuration: </span><span class="si">{</span><span class="n">validation_error</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
</code></pre></div></td></tr></table></div>
|
|
</details>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="doc doc-object doc-function">
|
|
|
|
|
|
|
|
<h2 id="kanidm.KanidmClient.session_header" class="doc doc-heading">
|
|
<code class="highlight language-python"><span class="n">session_header</span><span class="p">(</span><span class="n">sessionid</span><span class="p">)</span></code>
|
|
|
|
</h2>
|
|
|
|
|
|
<div class="doc doc-contents ">
|
|
|
|
<p>create a headers dict from a session id</p>
|
|
|
|
<details class="quote">
|
|
<summary>Source code in <code>kanidm/__init__.py</code></summary>
|
|
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">337</span>
|
|
<span class="normal">338</span>
|
|
<span class="normal">339</span>
|
|
<span class="normal">340</span>
|
|
<span class="normal">341</span>
|
|
<span class="normal">342</span>
|
|
<span class="normal">343</span>
|
|
<span class="normal">344</span>
|
|
<span class="normal">345</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="k">def</span> <span class="nf">session_header</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="p">,</span>
|
|
<span class="n">sessionid</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
|
|
<span class="p">)</span> <span class="o">-></span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]:</span>
|
|
<span class="w"> </span><span class="sd">"""create a headers dict from a session id"""</span>
|
|
<span class="c1"># TODO: perhaps allow session_header to take a dict and update it, too?</span>
|
|
<span class="k">return</span> <span class="p">{</span>
|
|
<span class="s2">"X-KANIDM-AUTH-SESSION-ID"</span><span class="p">:</span> <span class="n">sessionid</span><span class="p">,</span>
|
|
<span class="p">}</span>
|
|
</code></pre></div></td></tr></table></div>
|
|
</details>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</article>
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
</main>
|
|
|
|
<footer class="md-footer">
|
|
|
|
<div class="md-footer-meta md-typeset">
|
|
<div class="md-footer-meta__inner md-grid">
|
|
<div class="md-copyright">
|
|
|
|
|
|
Made with
|
|
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
|
|
Material for MkDocs
|
|
</a>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
</footer>
|
|
|
|
</div>
|
|
<div class="md-dialog" data-md-component="dialog">
|
|
<div class="md-dialog__inner md-typeset"></div>
|
|
</div>
|
|
|
|
<script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.208ed371.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
|
|
|
|
|
|
<script src="../assets/javascripts/bundle.51198bba.min.js"></script>
|
|
|
|
|
|
</body>
|
|
</html> |