File: auth.py

package info (click to toggle)
python-pyflume 0.8.7-2
links: PTS, VCS
area: main
in suites: forky, sid, trixie
size: 332 kB
sloc: python: 857; makefile: 6
file content (163 lines) | stat: -rw-r--r-- 4,711 bytes
"""Authenticates to Flume API."""

from datetime import datetime, timedelta
import json

import jwt  # install pyjwt
from requests import Session

from .constants import DEFAULT_TIMEOUT, URL_OAUTH_TOKEN  # noqa: WPS300
from .utils import configure_logger, flume_response_error  # noqa: WPS300

# Configure logging
LOGGER = configure_logger(__name__)


class FlumeAuth:  # noqa: WPS214
    """Interact with API Authentication."""

    def __init__(  # noqa: WPS211
        self,
        username,
        password,
        client_id,
        client_secret,
        flume_token=None,
        http_session=None,
        timeout=DEFAULT_TIMEOUT,
    ):
        """

        Initialize the data object.

        Args:
            username: Username to authenticate.
            password: Password to authenticate.
            client_id: API client id.
            client_secret: API client secret.
            flume_token: Pass flume token to variable.
            http_session: Requests Session()
            timeout: Requests timeout for throttling.

        """

        self._creds = {
            "client_id": client_id,
            "client_secret": client_secret,
            "username": username,
            "password": password,
        }

        if http_session is None:
            self._http_session = Session()
        else:
            self._http_session = http_session

        self._timeout = timeout
        self._token = None
        self._decoded_token = None
        self.user_id = None
        self.authorization_header = None

        self._load_token(flume_token)
        self._verify_token()

    @property
    def token(self):
        """
            Return authorization token for session.

        Returns:
            Returns the current JWT token.

        """
        return self._token

    def refresh_token(self):
        """Refresh authorization token for session."""

        payload = {
            "grant_type": "refresh_token",
            "refresh_token": self._token["refresh_token"],
            "client_id": self._creds["client_id"],
            "client_secret": self._creds["client_secret"],
        }

        self._load_token(self._request_token(payload))

    def retrieve_token(self):
        """Return authorization token for session."""

        payload = dict({"grant_type": "password"}, **self._creds)
        self._load_token(self._request_token(payload))

    def _load_token(self, token):
        """
        Update _token, decode token, user_id and auth header.

        Args:
            token: Authentication bearer token to be decoded.

        """
        jwt_options = {"verify_signature": False}
        self._token = token
        try:
            self._decoded_token = jwt.decode(
                self._token["access_token"],
                options=jwt_options,
            )
        except jwt.exceptions.DecodeError:
            LOGGER.debug("Poorly formatted Access Token, fetching token using _creds")
            self.retrieve_token()
        except TypeError:
            LOGGER.debug("Token TypeError, fetching token using _creds")
            self.retrieve_token()

        self.user_id = self._decoded_token["user_id"]

        self.authorization_header = {
            "authorization": "Bearer {0}".format(self._token.get("access_token")),
        }

    def _request_token(self, payload):
        """

        Request Authorization Payload.

        Args:
            payload: Request payload to get token request.

        Returns:
            Return response Authentication Bearer token from request.

        """

        headers = {"content-type": "application/json"}
        response = self._http_session.request(
            "POST",
            URL_OAUTH_TOKEN,
            json=payload,
            headers=headers,
            timeout=self._timeout,
        )

        LOGGER.debug("Token Payload: %s", payload)  # noqa: WPS323
        LOGGER.debug("Token Response: %s", response.text)  # noqa: WPS323

        # Check for response errors.
        flume_response_error(
            "Can't get token for user {0}".format(self._creds.get("username")),
            response,
        )

        return json.loads(response.text)["data"][0]

    def _verify_token(self):
        """Check to see if token is expiring in 12 hours."""
        token_expiration = datetime.fromtimestamp(self._decoded_token["exp"])
        time_difference = datetime.now() + timedelta(hours=12)  # noqa: WPS432
        LOGGER.debug("Token expiration time: %s", token_expiration)  # noqa: WPS323
        LOGGER.debug("Token comparison time: %s", time_difference)  # noqa: WPS323

        if token_expiration <= time_difference:
            self.refresh_token()