Skip to content

Commit

Permalink
feat: modify feature for setting refresh 'UserProfile' -> 'User'
Browse files Browse the repository at this point in the history
Signed-off-by: ImMin5 <[email protected]>
  • Loading branch information
ImMin5 committed Oct 31, 2024
1 parent 3968e9f commit e75c5ad
Show file tree
Hide file tree
Showing 7 changed files with 73 additions and 75 deletions.
6 changes: 6 additions & 0 deletions src/spaceone/identity/interface/grpc/user.py
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,12 @@ def set_required_actions(self, request, context):
response: dict = user_svc.set_required_actions(params)
return self.dict_to_message(response)

def set_refresh_timeout(self, request, context):
params, metadata = self.parse_request(request, context)
user_svc = UserService(metadata)
response: dict = user_svc.set_refresh_timeout(params)
return self.dict_to_message(response)

def delete(self, request, context):
params, metadata = self.parse_request(request, context)
user_svc = UserService(metadata)
Expand Down
6 changes: 0 additions & 6 deletions src/spaceone/identity/interface/grpc/user_profile.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,6 @@ def update(self, request, context):
response: dict = user_profile_svc.update(params)
return ParseDict(response, user_pb2.UserInfo())

def set_refresh_timeout(self, request, context):
params, metadata = self.parse_request(request, context)
user_profile_svc = UserProfileService(metadata)
response: dict = user_profile_svc.set_refresh_timeout(params)
return ParseDict(response, user_pb2.UserInfo())

def verify_email(self, request, context):
params, metadata = self.parse_request(request, context)
user_profile_svc = UserProfileService(metadata)
Expand Down
26 changes: 13 additions & 13 deletions src/spaceone/identity/manager/token_manager/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -39,15 +39,15 @@ def get_token_manager_by_auth_type(cls, auth_type):
raise ERROR_INVALID_AUTHENTICATION_TYPE(auth_type=auth_type)

def issue_token(
self,
private_jwk,
refresh_private_jwk,
domain_id,
workspace_id=None,
timeout=None,
permissions=None,
projects=None,
app_id=None,
self,
private_jwk,
refresh_private_jwk,
domain_id,
workspace_id=None,
timeout=None,
permissions=None,
projects=None,
app_id=None,
):
if self.is_authenticated is False:
raise ERROR_NOT_AUTHENTICATED()
Expand Down Expand Up @@ -89,7 +89,7 @@ def issue_token(
return {"access_token": access_token, "refresh_token": refresh_token}

def issue_temporary_token(
self, user_id: str, domain_id: str, private_jwk: dict, timeout: int
self, user_id: str, domain_id: str, private_jwk: dict, timeout: int
) -> dict:
permissions = [
"identity:UserProfile",
Expand Down Expand Up @@ -130,9 +130,9 @@ def set_timeout(self, timeout: Union[int, None]) -> int:
def _get_refresh_token_timeout(self) -> int:
refresh_timeout = self.CONST_REFRESH_TIMEOUT
if (
self.user
and self.user.role_type == "DOMAIN_ADMIN"
and self.user.refresh_timeout
self.user
and self.user.role_type == "DOMAIN_ADMIN"
and self.user.refresh_timeout
):
refresh_timeout = max(self.user.refresh_timeout, refresh_timeout)

Expand Down
7 changes: 7 additions & 0 deletions src/spaceone/identity/model/user/request.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
"UserVerifyEmailRequest",
"UserStatQueryRequest",
"UserSetRequiredActionsRequest",
"UserSetRefreshTimeout",
"UserDisableMFARequest",
"UserDeleteRequest",
"UserEnableRequest",
Expand Down Expand Up @@ -63,6 +64,12 @@ class UserSetRequiredActionsRequest(BaseModel):
domain_id: str


class UserSetRefreshTimeout(BaseModel):
user_id: str
refresh_timeout: int
domain_id: str


class UserDeleteRequest(BaseModel):
user_id: str
domain_id: str
Expand Down
7 changes: 0 additions & 7 deletions src/spaceone/identity/model/user_profile/request.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@

__all__ = [
"UserProfileUpdateRequest",
"UserProfileSetRefreshTokenTimeout",
"UserProfileVerifyEmailRequest",
"UserProfileConfirmEmailRequest",
"UserProfileResetPasswordRequest",
Expand All @@ -28,12 +27,6 @@ class UserProfileUpdateRequest(BaseModel):
domain_id: str


class UserProfileSetRefreshTokenTimeout(BaseModel):
user_id: str
refresh_timeout: int
domain_id: str


class UserProfileVerifyEmailRequest(BaseModel):
user_id: str
email: Union[str, None] = None
Expand Down
49 changes: 0 additions & 49 deletions src/spaceone/identity/service/user_profile_service.py
Original file line number Diff line number Diff line change
Expand Up @@ -82,38 +82,6 @@ def update(self, params: UserProfileUpdateRequest) -> Union[UserResponse, dict]:

return UserResponse(**user_vo.to_dict())

@transaction(permission="identity:UserProfile.write", role_types=["USER"])
@convert_model
def set_refresh_timeout(
self, params: UserProfileSetRefreshTokenTimeout
) -> Union[UserResponse, dict]:
"""
Args:
params (UserProfileSetRefreshTokenTimeout): {
"refresh_timeout": "int",
"user_id": "str", # inject from auth
"domain_id": "str" # inject from auth
}
Returns:
UserResponse:
"""

user_id = params.user_id
domain_id = params.domain_id
user_vo = self.user_mgr.get_user(user_id, domain_id)

if user_vo.role_type != "DOMAIN_ADMIN":
raise ERROR_PERMISSION_DENIED()

refresh_timeout = self._get_refresh_timeout_from_config(params.refresh_timeout)
print(refresh_timeout)
user_vo = self.user_mgr.update_user_by_vo(
{"refresh_timeout": refresh_timeout}, user_vo
)

print(user_vo.refresh_timeout)
return UserResponse(**user_vo.to_dict())

@transaction(permission="identity:UserProfile.write", role_types=["USER"])
@convert_model
def verify_email(self, params: UserProfileVerifyEmailRequest) -> None:
Expand Down Expand Up @@ -652,20 +620,3 @@ def _get_my_workspace_groups_info(
def _check_mfa_options(options, mfa_type):
if mfa_type in ["EMAIL"] and not options:
raise ERROR_REQUIRED_PARAMETER(key="options.email")

@staticmethod
def _get_refresh_timeout_from_config(refresh_timeout: int) -> int:
identity_conf = config.get_global("IDENTITY") or {}
token_conf = identity_conf.get("token", {})
config_refresh_timeout = token_conf.get("refresh_timeout")
if refresh_timeout < config_refresh_timeout:
raise ERROR_INVALID_PARAMETER(
key="refresh_timeout",
reason=f"Minimum value for refresh_timeout is {config_refresh_timeout}",
)
refresh_timeout = max(refresh_timeout, config_refresh_timeout)

config_admin_refresh_timeout = token_conf.get("admin_refresh_timeout", 2592000)
refresh_timeout = min(refresh_timeout, config_admin_refresh_timeout)

return refresh_timeout
47 changes: 47 additions & 0 deletions src/spaceone/identity/service/user_service.py
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,36 @@ def set_required_actions(

return UserResponse(**user_vo.to_dict())

@transaction(permission="identity:User.write", role_types=["DOMAIN_ADMIN"])
@convert_model
def set_refresh_timeout(
self, params: UserSetRefreshTimeout
) -> Union[UserResponse, dict]:
"""
Args:
params (UserProfileSetRefreshTimeout): {
"user_id": "str",
"refresh_timeout": "int",
"domain_id": "str" # inject from auth
}
Returns:
UserResponse:
"""

user_id = params.user_id
domain_id = params.domain_id
user_vo = self.user_mgr.get_user(user_id, domain_id)

if user_vo.role_type != "DOMAIN_ADMIN":
raise ERROR_PERMISSION_DENIED()

refresh_timeout = self._get_refresh_timeout_from_config(params.refresh_timeout)
user_vo = self.user_mgr.update_user_by_vo(
{"refresh_timeout": refresh_timeout}, user_vo
)

return UserResponse(**user_vo.to_dict())

@transaction(permission="identity:User.write", role_types=["DOMAIN_ADMIN"])
@convert_model
def delete(self, params: UserDeleteRequest) -> None:
Expand Down Expand Up @@ -527,3 +557,20 @@ def _get_domain_default_language(domain_id: str, language: str = None) -> str:
else:
language = "en"
return language

@staticmethod
def _get_refresh_timeout_from_config(refresh_timeout: int) -> int:
identity_conf = config.get_global("IDENTITY") or {}
token_conf = identity_conf.get("token", {})
config_refresh_timeout = token_conf.get("refresh_timeout")
if refresh_timeout < config_refresh_timeout:
raise ERROR_INVALID_PARAMETER(
key="refresh_timeout",
reason=f"Minimum value for refresh_timeout is {config_refresh_timeout}",
)
refresh_timeout = max(refresh_timeout, config_refresh_timeout)

config_admin_refresh_timeout = token_conf.get("admin_refresh_timeout", 2592000)
refresh_timeout = min(refresh_timeout, config_admin_refresh_timeout)

return refresh_timeout

0 comments on commit e75c5ad

Please sign in to comment.