You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
88 lines
1.9 KiB
88 lines
1.9 KiB
"""
|
|
Service to handle authentication
|
|
"""
|
|
import uuid
|
|
from datetime import datetime
|
|
from typing import Optional, Tuple
|
|
|
|
from nacl import pwhash
|
|
from nacl.exceptions import InvalidkeyError
|
|
|
|
from atheneum.model import User, UserToken
|
|
from atheneum.service import user_service, user_token_service
|
|
|
|
|
|
def generate_token() -> uuid.UUID:
|
|
"""
|
|
Generate a unique token
|
|
:return:
|
|
"""
|
|
return uuid.uuid4()
|
|
|
|
|
|
def get_password_hash(password: str) -> Tuple[str, int]:
|
|
"""
|
|
Retrieve argon2id password hash.
|
|
|
|
:param password: plaintext password to convert
|
|
:return: Tuple[password_hash, password_revision]
|
|
"""
|
|
return pwhash.argon2id.str(password.encode('utf8')).decode('utf8'), 1
|
|
|
|
|
|
def is_valid_password(user: User, password: str) -> bool:
|
|
"""
|
|
User password must pass pwhash verify
|
|
|
|
:param user:
|
|
:param password:
|
|
:return:
|
|
"""
|
|
assert user
|
|
|
|
try:
|
|
return pwhash.verify(
|
|
user.password_hash.encode('utf8'), password.encode('utf8'))
|
|
except InvalidkeyError:
|
|
pass
|
|
return False
|
|
|
|
|
|
def is_valid_token(user_token: Optional[UserToken]) -> bool:
|
|
"""
|
|
Token must be enabled and if it has an expiration, it must be
|
|
greater than now.
|
|
|
|
:param user_token:
|
|
:return:
|
|
"""
|
|
if user_token is None:
|
|
return False
|
|
if not user_token.enabled:
|
|
return False
|
|
if (user_token.expiration_time is not None
|
|
and user_token.expiration_time < datetime.utcnow()):
|
|
return False
|
|
return True
|
|
|
|
|
|
def bump_login(user: Optional[User]) -> None:
|
|
"""
|
|
Update the last login time for the user
|
|
|
|
:param user:
|
|
:return:
|
|
"""
|
|
if user is not None:
|
|
user_service.update_last_login_time(user)
|
|
|
|
|
|
def logout(user_token: Optional[UserToken] = None) -> None:
|
|
"""
|
|
Remove a user_token associated with a client session
|
|
|
|
:param user_token:
|
|
:return:
|
|
"""
|
|
if user_token is not None:
|
|
user_token_service.delete(user_token)
|