symphony-bdk-python/symphony/bdk/core/auth/auth_session.py at a484dfc8e6d39ca481b07ccdb78e5a433b559b70 · broHeryk/symphony-bdk-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
"""Module containing session handle classes.

"""
from datetime import datetime, timezone
import logging

from symphony.bdk.core.auth.exception import AuthInitializationError
from symphony.bdk.core.auth.jwt_helper import extract_token_claims


logger = logging.getLogger(__name__)

EXPIRATION_SAFETY_BUFFER_SECONDS = 5
SKD_FLAG_NAME = "canUseSimplifiedKeyDelivery"


class AuthSession:
    """RSA Authentication session handle to get session and key manager tokens from.
    It uses a BotAuthenticator to actually retrieve the tokens when needed.
    """

    def __init__(self, authenticator):
        """

        :param authenticator: the :class:`symphony.bdk.core.auth.bot_authenticator.BotAuthenticator` instance to
          retrieve the tokens from.
        """
        self._session_token = None
        self._key_manager_token = None
        self._auth_token = None
        self._authenticator = authenticator
        self._expire_at = -1

    async def refresh(self):
        """Trigger re-authentication to refresh the tokens.
        """
        logger.debug("Authenticate")
        self._session_token = await self._authenticator.retrieve_session_token()
        if await self.skd_enabled:
            self._key_manager_token = ""
            return
        self.key_manager_token = await self._authenticator.retrieve_key_manager_token()

    @property
    async def session_token(self):
        """

        :return: the session token.
        """
        if self._session_token is None:
            self._session_token = await self._authenticator.retrieve_session_token()
        return self._session_token

    @property
    async def auth_token(self):
        """Auth token request calls the same endpoint that session token.
        Therefore, session token is updated unintentionally,
         since there's no explicit way to update authorization token exclusively
         : return: (str) authorization_token like Bearer eyJh...
        """

        if (
            self._auth_token
            and self._expire_at
            > datetime.now(timezone.utc).timestamp() + EXPIRATION_SAFETY_BUFFER_SECONDS
        ):
            return self._auth_token
        token, expire_at = await self._authenticator.retrieve_session_token_object()
        self._expire_at = expire_at
        self._auth_token = token.authorization_token
        self._session_token = token.token
        return self._auth_token

    @property
    async def key_manager_token(self):
        """

        :return: the key manager token
        """

        if await self.skd_enabled:
            return ""

        if self._key_manager_token is None:
            self._key_manager_token = await self._authenticator.retrieve_key_manager_token()
        return self._key_manager_token

    @session_token.setter
    def session_token(self, value):
        """Sets the session token. Used for testing purposes only.

        :param value: the new session token.
        """
        self._session_token = value

    @key_manager_token.setter
    def key_manager_token(self, value):
        """Sets the key manager token. Used for testing purposes only.

        :param value: the new key manager token.
        """
        self._key_manager_token = value

    @property
    async def skd_enabled(self):

        token_data = extract_token_claims(await self.session_token)
        if not token_data.get(SKD_FLAG_NAME, False):
            return False
        return await self._authenticator.agent_version_service.is_skd_supported()


class OboAuthSession(AuthSession):
    """RSA OBO Authentication session handle to get the OBO session token from.
    It uses an :class:`symphony.bdk.core.auth.obo_authenticator.OboAuthenticator` to actually retrieve the tokens when
    needed.
    """

    def __init__(self, authenticator, user_id: int = None, username: str = None):
        """At least user_id or username should be defined.

        :param authenticator: the :class:`symphony.bdk.core.auth.obo_authenticator.OboAuthenticator` instance to
          retrieve the tokens from.
        :param user_id: User Id.
        :param username: Username
        """
        super().__init__(authenticator)
        if user_id is not None and username is not None:
            raise AuthInitializationError("Username and user id for OBO authentication should not be defined at "
                                          "a same time.")
        if user_id is None and username is None:
            raise AuthInitializationError("At least username or user id should be defined for "
                                          "OBO authentication.")
        self.user_id = user_id
        self.username = username

    async def refresh(self):
        """Trigger re-authentication to refresh the OBO session token.
        """
        if self.user_id is not None:
            self._session_token = await self._authenticator.retrieve_obo_session_token_by_user_id(self.user_id)
        if self.username is not None:
            self._session_token = await self._authenticator.retrieve_obo_session_token_by_username(self.username)

    @property
    async def session_token(self):
        if self._session_token is None:
            await self.refresh()
        return self._session_token

    @property
    async def key_manager_token(self):
        """

        :return: an empty string since there is no key manager token in OBO mode.
        """
        return ""


class AppAuthSession:
    """Extension application RSA authentication handle to store the tokens. It uses a
    :class:`symphony.bdk.core.auth.ext_app_authenticator.ExtensionAppAuthenticator` to actually authenticate and
    retrieve the tokens.
    """

    def __init__(self, authenticator, app_token: str):
        """

        :param authenticator: the :class:`symphony.bdk.core.auth.ext_app_authenticator.ExtensionAppAuthenticator`
          which will actually perform the authentication
        :param app_token: the application token
        """
        self._authenticator = authenticator
        self._app_token = app_token
        self._expire_at = -1
        self._symphony_token = ""

    async def refresh(self) -> None:
        """Triggers re-authentication to refresh the tokens.

        :return: None
        """
        app_tokens = await self._authenticator.authenticate_and_retrieve_tokens(self._app_token)
        self._symphony_token = app_tokens.symphony_token
        self._app_token = app_tokens.app_token
        self._expire_at = app_tokens.expire_at

    @property
    def symphony_token(self) -> str:
        """

        :return: the Symphony token
        """
        return self._symphony_token

    @property
    def app_token(self) -> str:
        """

        :return: the application token
        """
        return self._app_token

    @property
    def expire_at(self) -> int:
        """

        :return: the Unix timestamp in milliseconds of the Symphony token expiration
        """
        return self._expire_at