blob: 33a916c03a55ab3e48c1a64e78fa649c382e1ac5 [file]
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
from openserverless import app
from openserverless.impl.auth.auth_service import AuthService
from openserverless.security.ow_authorize import ow_authorize
from flask import request
import openserverless.common.response_builder as res_builder
from flasgger import swag_from
@app.route('/system/api/v1/auth/<login>',methods=['PATCH'])
@ow_authorize(pass_user_data=True)
def password(login, **kwargs):
"""
Update the user password patching the corresponding wsku/<login> entry.
---
tags:
- Authentication Api
summary: Login an OpenServerless user using login/password payload
operationId: patchOpsUser
security:
- openwhiskBasicAuth: []
consumes:
- application/json
definitions:
LoginUpdateData:
type: object
properties:
password:
type: string
new_password:
type: string
required:
- password
- new_password
MessageData:
type: object
properties:
message:
type: object
status:
type: string
Message:
type: object
properties:
message:
type: string
status:
type: string
parameters:
- in: path
name: login
description: The username requiring the password update.
required: true
schema:
type: string
- in: body
name: User
description: the password update payload.
required: true
schema:
$ref: '#/definitions/LoginUpdateData'
responses:
200:
description: Logged in User data
schema:
$ref: '#/definitions/MessageData'
401:
description: Access denied due to wrong credentials.
schema:
$ref: '#/definitions/Message'
"""
update_data = request.get_json()
if 'ow-auth-user' in kwargs:
authorized_data = kwargs['ow-auth-user']
if login not in authorized_data['login']:
return res_builder.build_error_message(f"invalid AUTH token for user {login}", 401)
auth_service = AuthService()
return auth_service.update_password(login,update_data['password'],update_data['new_password'])
@app.route('/system/api/v1/auth',methods=['POST'])
def login():
"""
Perform the user Authentication relying on wsku metadata stored into internal CouchDB.
---
tags:
- Authentication Api
summary: Login an OpenServerless user using login/password payload
operationId: loginOpsUser
consumes:
- application/json
parameters:
- in: body
name: User
description: The user to login.
required: true
schema:
$ref: '#/definitions/LoginData'
responses:
200:
description: Logged in User data
schema:
$ref: '#/definitions/MessageData'
401:
description: Access denied due to wrong credentials.
schema:
$ref: '#/definitions/Message'
"""
login_data = request.get_json()
auth_service = AuthService()
return auth_service.login(login_data['login'], login_data['password'])