pinecrypt-gateway-backend/pinecrypt/server/tokens.py

import string
import pytz
import pymongo
from datetime import datetime, timedelta
from pinecrypt.server import mailer, const, errors, db
from pinecrypt.server.common import random


class TokenManager():
    def consume(self, uuid):
        now = datetime.utcnow().replace(tzinfo=pytz.UTC)

        doc = db.tokens.find_one_and_update({
            "uuid": uuid,
            "created": {"$lte": now + const.CLOCK_SKEW_TOLERANCE},
            "expires": {"$gte": now - const.CLOCK_SKEW_TOLERANCE},
            "used": False
        }, {
            "$set": {
              "used": now
            }
        }, return_document=pymongo.ReturnDocument.AFTER)

        if not doc:
            raise errors.TokenDoesNotExist

        return doc["subject"], doc["mail"], doc["created"], doc["expires"], doc["profile"]

    def issue(self, issuer, subject, subject_mail=None):
        # Expand variables
        subject_username = subject.name
        if not subject_mail:
          subject_mail = subject.mail

        # Generate token
        token = "".join(random.choice(string.ascii_lowercase +
                                      string.ascii_uppercase + string.digits) for _ in range(32))
        token_created = datetime.utcnow().replace(tzinfo=pytz.UTC)
        token_expires = token_created + timedelta(seconds=const.TOKEN_LIFETIME)

        d = {}
        d["expires"] = token_expires
        d["uuid"] = token
        d["issuer"] = issuer.name if issuer else None
        d["subject"] = subject_username
        d["mail"] = subject_mail
        d["used"] = False
        d["profile"] = "Roadwarrior"

        db.tokens.update_one({
            "subject": subject_username,
            "mail": subject_mail,
            "used": False
        }, {
            "$set": d,
            "$setOnInsert": {
                "created": token_created,
            }
        }, upsert=True)

        # Token lifetime in local time, to select timezone: dpkg-reconfigure tzdata
        try:
            with open("/etc/timezone") as fh:
                token_timezone = fh.read().strip()
        except EnvironmentError:
            token_timezone = None

        authority_name = const.AUTHORITY_NAMESPACE
        protocols = ",".join(const.SERVICE_PROTOCOLS)
        url = const.TOKEN_URL % locals()

        context = globals()
        context.update(locals())

        mailer.send("token.md", to=subject_mail, **context)
        return token

    def list(self, expired=False, used=False):
        query = {}

        if not used:
            query["used"] = {"$eq": False}

        if not expired:
            query["expires"] = {"$gte": datetime.utcnow().replace(tzinfo=pytz.UTC)}

        def g():
            for token in db.tokens.find(query).sort("expires", -1):
                token.pop("_id")
                token["uuid"] = token["uuid"][0:8]
                yield token
        return tuple(g())

    def purge(self, all=False):
        query = {}
        if not all:
            query["expires"] = {"$lt": datetime.utcnow().replace(tzinfo=pytz.UTC)}
        return db.tokens.remove(query)
Separated codebase from development repo 2021-05-27 12:38:44 +00:00			`import string`
			`import pytz`
			`import pymongo`
			`from datetime import datetime, timedelta`
			`from pinecrypt.server import mailer, const, errors, db`
			`from pinecrypt.server.common import random`


			`class TokenManager():`
			`def consume(self, uuid):`
			`now = datetime.utcnow().replace(tzinfo=pytz.UTC)`

			`doc = db.tokens.find_one_and_update({`
			`"uuid": uuid,`
			`"created": {"$lte": now + const.CLOCK_SKEW_TOLERANCE},`
			`"expires": {"$gte": now - const.CLOCK_SKEW_TOLERANCE},`
			`"used": False`
			`}, {`
			`"$set": {`
			`"used": now`
			`}`
			`}, return_document=pymongo.ReturnDocument.AFTER)`

			`if not doc:`
			`raise errors.TokenDoesNotExist`

			`return doc["subject"], doc["mail"], doc["created"], doc["expires"], doc["profile"]`

			`def issue(self, issuer, subject, subject_mail=None):`
			`# Expand variables`
			`subject_username = subject.name`
			`if not subject_mail:`
			`subject_mail = subject.mail`

			`# Generate token`
			`token = "".join(random.choice(string.ascii_lowercase +`
			`string.ascii_uppercase + string.digits) for _ in range(32))`
			`token_created = datetime.utcnow().replace(tzinfo=pytz.UTC)`
			`token_expires = token_created + timedelta(seconds=const.TOKEN_LIFETIME)`

			`d = {}`
			`d["expires"] = token_expires`
			`d["uuid"] = token`
			`d["issuer"] = issuer.name if issuer else None`
			`d["subject"] = subject_username`
			`d["mail"] = subject_mail`
			`d["used"] = False`
			`d["profile"] = "Roadwarrior"`

			`db.tokens.update_one({`
			`"subject": subject_username,`
			`"mail": subject_mail,`
			`"used": False`
			`}, {`
			`"$set": d,`
			`"$setOnInsert": {`
			`"created": token_created,`
			`}`
			`}, upsert=True)`

			`# Token lifetime in local time, to select timezone: dpkg-reconfigure tzdata`
			`try:`
			`with open("/etc/timezone") as fh:`
			`token_timezone = fh.read().strip()`
			`except EnvironmentError:`
			`token_timezone = None`

			`authority_name = const.AUTHORITY_NAMESPACE`
			`protocols = ",".join(const.SERVICE_PROTOCOLS)`
			`url = const.TOKEN_URL % locals()`

			`context = globals()`
			`context.update(locals())`

			`mailer.send("token.md", to=subject_mail, **context)`
			`return token`

			`def list(self, expired=False, used=False):`
			`query = {}`

			`if not used:`
			`query["used"] = {"$eq": False}`

			`if not expired:`
			`query["expires"] = {"$gte": datetime.utcnow().replace(tzinfo=pytz.UTC)}`

			`def g():`
			`for token in db.tokens.find(query).sort("expires", -1):`
			`token.pop("_id")`
			`token["uuid"] = token["uuid"][0:8]`
			`yield token`
			`return tuple(g())`

			`def purge(self, all=False):`
			`query = {}`
			`if not all:`
			`query["expires"] = {"$lt": datetime.utcnow().replace(tzinfo=pytz.UTC)}`
			`return db.tokens.remove(query)`