UserDB

Complexity

Total Complexity

2

Size/Duplication

Total Lines	18
Duplicated Lines	0 %

Importance

Changes	2
Bugs	0	Features	2

2 Methods

Rating	Name	Duplication	Size	Complexity
A	get_permission_assignments()	0	3	1
A	get_roles()	0	8	1

# Licensed to the StackStorm, Inc ('StackStorm') under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import copy
import mongoengine as me

from st2common.constants.secrets import MASKED_ATTRIBUTE_VALUE
from st2common.constants.types import ResourceType
from st2common.fields import ComplexDateTimeField
from st2common.models.db import stormbase
from st2common.services.rbac import get_roles_for_user
from st2common.util import date as date_utils

__all__ = [
    'UserDB',
    'TokenDB',
    'ApiKeyDB'
]


class UserDB(stormbase.StormFoundationDB):
    name = me.StringField(required=True, unique=True)
    is_service = me.BooleanField(required=True, default=False)
    nicknames = me.DictField(required=False,
                             help_text='"Nickname + origin" pairs for ChatOps auth')

    def get_roles(self):
        """
        Retrieve roles assigned to that user.

        :rtype: ``list`` of :class:`RoleDB`
        """
        result = get_roles_for_user(user_db=self)
        return result

    def get_permission_assignments(self):
        # TODO
        pass


class TokenDB(stormbase.StormFoundationDB):
    user = me.StringField(required=True)
    token = me.StringField(required=True, unique=True)
    expiry = me.DateTimeField(required=True)
    metadata = me.DictField(required=False,
                            help_text='Arbitrary metadata associated with this token')


class ApiKeyDB(stormbase.StormFoundationDB, stormbase.UIDFieldMixin):

Empty class docstring

    """
    """
    RESOURCE_TYPE = ResourceType.API_KEY
    UID_FIELDS = ['key_hash']

    user = me.StringField(required=True)
    key_hash = me.StringField(required=True, unique=True)
    metadata = me.DictField(required=False,
                            help_text='Arbitrary metadata associated with this token')
    created_at = ComplexDateTimeField(default=date_utils.get_datetime_utc_now,
                                      help_text='The creation time of this ApiKey.')
    enabled = me.BooleanField(required=True, default=True,
                              help_text='A flag indicating whether the ApiKey is enabled.')

    meta = {
        'indexes': [
            {'fields': ['user']},
            {'fields': ['key_hash']}
        ]
    }

    def __init__(self, *args, **values):
        super(ApiKeyDB, self).__init__(*args, **values)
        self.uid = self.get_uid()

    def mask_secrets(self, value):
        result = copy.deepcopy(value)

        # In theory the key_hash is safe to return as it is one way. On the other
        # hand given that this is actually a secret no real point in letting the hash
        # escape. Since uid contains key_hash masking that as well.
        result['key_hash'] = MASKED_ATTRIBUTE_VALUE
        result['uid'] = MASKED_ATTRIBUTE_VALUE
        return result


MODELS = [UserDB, TokenDB, ApiKeyDB]