summaryrefslogtreecommitdiff
path: root/src/authn.py
blob: e90118a1afc97ca8172f4591d694e553411617e7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

#! /usr/bin/env python3

import yaml


class Authz:
    def __init__(self, org, perms):
        self._org = org
        self._perms = perms

    def dump(self):
        return "{}: {}".format(self._org, self._perms)

    def read_p(self):
        return 'r' in self._perms

    def write_p(self):
        return 'w' in self._perms


class User:
    def __init__(self, username, pw, authz):
        self._username = username
        self._password = pw
        self._authz = {}
        for org, perms in authz.items():
            self._authz[org] = Authz(org, perms)

    def dump(self):
        return ["{}/{}: {}".format(self._username, self._password, auth.dump())
                for auth in self._authz.values()]

    def authn_p(self, pw):
        return pw == self._password

    def orgnames(self):
        return [x for x in self._authz.keys()]

    def read_perms(self):
        acc = []
        for k, v in self._authz.items():
            if v.read_p():
                acc.append(k)
        return acc

    def write_perms(self):
        acc = []
        for k, v in self._authz.items():
            if v.write_p():
                acc.append(k)
        return acc


class UserDB:
    def __init__(self, yamlfile):
        self._users = {}
        for u, d in yaml.safe_load(open(yamlfile)).items():
            self._users[u] = User(u, d['pw'], d['authz'])

    def dump(self):
        return [u.dump() for u in self._users.values()]

    def user_authn_p(self, username, password):
        user = self._users.get(username)
        if not user:
            return False
        return user.authn_p(password)

    def orgs_for_user(self, username):
        return self._users.get(username).orgnames()

    def read_perms(self, username, password):
        user = self._users.get(username)
        if not user:
            return None
        if not user.authn_p(password):
            return None
        return user.read_perms()

    def write_perms(self, username, password):
        user = self._users.get(username)
        if not user:
            return None
        if not user.authn_p(password):
            return None
        return user.write_perms()


def self_test():
    db = UserDB('userdb.yaml')
    print(db.dump())

    orgs = db.orgs_for_user('user3')
    assert('sunet.se' in orgs)
    assert('su.se' in orgs)
    assert(len(orgs) == 2)

    assert(db.user_authn_p('user3', 'pw3') == True)
    assert(db.user_authn_p('user3', 'wrongpw') == False)

    rp = db.read_perms('user3', 'pw3')
    assert(len(rp) == 2)
    assert('sunet.se' in rp)
    assert('su.se' in rp)

    wp = db.write_perms('user3', 'pw3')
    assert(len(wp) == 1)
    assert('sunet.se' in wp)


if __name__ == '__main__':
    self_test()
generated by cgit v1.1 at 2025-05-15 03:44:58 +0000