Source code for maasserver.models.user
# Copyright 2012 Canonical Ltd. This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).
"""MAAS-specific helpers for :class:`User`."""
from __future__ import (
absolute_import,
print_function,
unicode_literals,
)
str = None
__metaclass__ = type
__all__ = [
'create_auth_token',
'create_user',
'get_auth_tokens',
'get_creds_tuple',
'SYSTEM_USERS',
]
from maasserver import worker_user
from metadataserver import nodeinituser
from piston.models import (
Consumer,
Token,
)
# Special users internal to MAAS.
SYSTEM_USERS = [
# For nodes' access to the metadata API:
nodeinituser.user_name,
# For node-group's workers to the MAAS API:
worker_user.user_name,
]
GENERIC_CONSUMER = 'MAAS consumer'
[docs]def create_auth_token(user):
"""Create new Token and Consumer (OAuth authorisation) for `user`.
:param user: The user to create a token for.
:type user: User
:return: The created Token.
:rtype: piston.models.Token
"""
consumer = Consumer.objects.create(
user=user, name=GENERIC_CONSUMER, status='accepted')
consumer.generate_random_codes()
# This is a 'generic' consumer aimed to service many clients, hence
# we don't authenticate the consumer with key/secret key.
consumer.secret = ''
consumer.save()
token = Token.objects.create(
user=user, token_type=Token.ACCESS, consumer=consumer,
is_approved=True)
token.generate_random_codes()
return token
[docs]def get_auth_tokens(user):
"""Fetches all the user's OAuth tokens.
:return: A QuerySet of the tokens.
:rtype: django.db.models.query.QuerySet_
.. _django.db.models.query.QuerySet: https://docs.djangoproject.com/
en/dev/ref/models/querysets/
"""
return Token.objects.select_related().filter(
user=user, token_type=Token.ACCESS, is_approved=True).order_by('id')
# When a user is created: create the related profile and the default
# consumer/token.
def create_user(sender, instance, created, **kwargs):
# Avoid circular imports.
from maasserver.models.userprofile import UserProfile
# System users do not have profiles.
if created and instance.username not in SYSTEM_USERS:
# Create related UserProfile.
profile = UserProfile.objects.create(user=instance)
# Create initial authorisation token.
profile.create_authorisation_token()
[docs]def get_creds_tuple(token):
"""Return API credentials as tuple, as used in :class:`MAASOAuth`.
Returns a tuple of (consumer key, resource token, resource secret).
The consumer secret is hard-wired to the empty string.
"""
return (
token.consumer.key,
token.key,
token.secret,
)