Merge pull request #27 from TachyonicProject/development

InfinityStone Code cleanup #13
TachyonicProject · May 20, 2018 · 31d3e90 · 31d3e90
2 parents d8c1f3d + 3363da9
commit 31d3e90
Show file tree

Hide file tree

Showing 15 changed files with 418 additions and 474 deletions.
diff --git a/infinitystone/auth/__init__.py b/infinitystone/auth/__init__.py
@@ -0,0 +1,2 @@
+from infinitystone.auth.mysql import MySQL
+from infinitystone.auth.example import Example
diff --git a/infinitystone/auth/example.py b/infinitystone/auth/example.py
@@ -0,0 +1,43 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2018 Christiaan Frans Rademan.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+#
+# * Neither the name of the copyright holders nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+from luxon.exceptions import AccessDeniedError
+
+
+class Example(object):
+    def password(self, username, domain, credentials):
+        try:
+            password = credentials['password']
+        except KeyError:
+            raise ValueError("No 'password' provided in 'credentials'")
+
+        if domain is None and username == 'root' and password == 'password':
+            return True
+        else:
+            raise AccessDeniedError('Invalid credentials provided')
diff --git a/infinitystone/auth/mysql.py b/infinitystone/auth/mysql.py
@@ -27,19 +27,15 @@
 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 # THE POSSIBILITY OF SUCH DAMAGE.
-from luxon import db
-from luxon.utils.password import valid as is_valid_password
-from psychokinetic.auth.driver import BaseDriver
-
 from infinitystone.utils.auth import authorize
 
-class Mysql(BaseDriver):
-    def authenticate(self, username, password, domain=None):
-            valid, credentials = authorize('tachyonic', username, password, domain)
-            if valid is True:
-                # Validate Password againts stored HASHED Value.
-                if is_valid_password(password, credentials['password']):
 
-                    self.new_token(user_id=credentials['user_id'],
-                                   username=username)
-            return valid
+class MySQL(object):
+    def password(self, username, domain, credentials):
+        try:
+            password = credentials['password']
+        except KeyError:
+            raise ValueError("No 'password' provided in 'credentials'")
+
+        authorize('tachyonic', username, password, domain)
+        return True
diff --git a/infinitystone/models/roles.py b/infinitystone/models/roles.py
@@ -39,8 +39,10 @@
     (str(uuid4()), 'Administrator', None, now()),
     (str(uuid4()), 'Account Manager', None, now()),
     (str(uuid4()), 'Billing', None, now()),
-    (str(uuid4()), 'Customer', None, now()),
     (str(uuid4()), 'Support', None, now()),
+    (str(uuid4()), 'Customer', None, now()),
+    (str(uuid4()), 'Wholesale', None, now()),
+    (str(uuid4()), 'Minion', None, now()),
 ]
 
 

diff --git a/infinitystone/policy.json b/infinitystone/policy.json
@@ -1,23 +1,32 @@
 {
-    "role:root": "'Root' in req.token.roles",
-    "role:ops": "'Operations' in req.token.roles",
-    "role:admin": "'Administrator' in req.token.roles",
-    "role:support": "'Support' in req.token.roles",
-    "role:accounts": "'Account Manager' in req.token.roles",
-    "role:billing": "'Billing' in req.token.roles",
-    "role:customer": "'Customer' in req.token.roles",
-    "login": "req.token.authenticated is True",
+    "role:root": "'Root' in req.credentials.roles",
+    "role:ops": "'Operations' in req.credentials.roles",
+    "role:admin": "'Administrator' in req.credentials.roles",
+    "role:support": "'Support' in req.credentials.roles",
+    "role:accounts": "'Account Manager' in req.credentials.roles",
+    "role:billing": "'Billing' in req.credentials.roles",
+    "role:customer": "'Customer' in req.credentials.roles",
+    "role:wholesale": "'Wholesale' in req.credentials.roles",
+    "role:minion": "'Minion' in req.credentials.roles",
+    "staff": "$role:root or $role:ops or $role:admin or $role:support or $role:accounts or $role:billing",
+    "customer": "$role:customer or $role:wholesale or $staff",
+    "services": "$role:minion or $role:root or $role:ops",
+    "login": "req.credentials.authenticated is True",
     "admin": "$role:root or $role:ops or $role:admin",
-    "users:admin": "$role:root or $role:ops or $role:admin or $role:support",
-    "users:view": "$users:admin",
+    "users:admin": "$role:root or $role:ops or $role:admin or $role:support or $role:wholesale",
+    "users:view": "$staff or $customer",
     "roles:admin": "$role:root",
-    "roles:view": "$roles:admin",
+    "roles:view": "$staff",
     "domains:admin": "$role:root",
-    "domains:view": "$domains:admin",
-    "tenants:admin": "$role:root or $role:ops or $role:admin or $role:support or $role:billing or $role:accounts or $role:billing",
-    "tenants:view": "$tenants:admin",
-    "services:admin": "$login",
-    "services:view": "$login",
+    "domains:view": "$login",
+    "tenants:admin": "$staff",
+    "tenants:view": "$staff or $customer",
+    "infrastructure:admin": "$role:root or $role:ops",
+    "infrastructure:view": "$staff or $services",
+    "services:admin": "$staff",
+    "services:view": "$staff or $customer or $services",
+    "monitor:admin": "$staff",
+    "monitor:view": "$staff or $services",
     "billing:admin": "$role:root or $role:billing",
-    "billing:users": "$login"
+    "billing:view": "$staff or $customer"
 }
diff --git a/infinitystone/settings.ini b/infinitystone/settings.ini
@@ -5,7 +5,7 @@ log_stdout = True
 debug = True
 
 [auth]
-driver = infinitystone.auth.mysql:Mysql
+driver = infinitystone.auth:MySQL
 
 [tokens]
 expire = 3600

diff --git a/infinitystone/utils/api.py b/infinitystone/utils/api.py