Source code for decapodlib.auth

# -*- coding: utf-8 -*-
# Copyright (c) 2016 Mirantis Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""This module contains implementation of authorization for Decapod API.

Decapod client uses `requests
<http://docs.python-requests.org/en/master/>`_ library
to access its API so authentication is done using
requests's classes. Please check `official guide
<http://docs.python-requests.org/en/master/user/advanced/#custom-authentication>`_
for details.
"""


from __future__ import absolute_import
from __future__ import unicode_literals

import threading
import weakref

import requests.auth



[docs]class V1Auth(requests.auth.AuthBase):
    """Request authentication provider for Decapod API V1.

    The idea of that provider is really simple: it stores authentication
    token from Decapod API and injects it into proper header on
    every request. If no token is defined, it will authorize for you
    transparently using :py:class:`decapodlib.client.Client` login
    method.
    """

    AUTH_URL = "/v1/auth/"
    """URL of authentication."""

    def __init__(self, client):
        self.client = weakref.ref(client)
        self.token = None
        self.token_lock = threading.RLock()

    def __call__(self, req):
        client = self.client()

        if not client:
            return req
        if req.url.endswith(self.AUTH_URL) and req.method == "POST":
            return req  # self request

        with self.token_lock:
            if not self.token:
                response = client.login()
                self.token = response["id"]

        req.headers["Authorization"] = self.token

        return req


[docs]    def revoke_token(self):
        """Resets information about known token."""

        with self.token_lock:
            self.token = None




[docs]def no_auth(request):
    """Trivial authenticator which does no authentication for a request."""

    return request