keyosk/keyosk/database/domain.py

"""Authentication domain model definition"""
import datetime
from typing import List

import peewee

from keyosk.database._shared import KeyoskBaseModel


class Domain(KeyoskBaseModel):
    """Authentication domain storage model

    :attribute created: Datetime indicating when the domain was first created
    :attribute updated: Datetime indicating when the domain was last modified
    :attribute name: Simple URL-friendly name for the domain
    :attribute audience: Value to populate the ``audience`` claim of issued JWTs with
                         when authenticating against this domain
    :attribute title: Human-friendly display name for the domain
    :attribute description: Human-friendly longer description of the domain's usage or
                            purpose
    :attribute contact: Contact link for the domain
    :attribute enabled: Whether the domain is enabled for authentication
    :attribute enable_client_set_auth: Whether to allow accounts to authenticate using
                                       the client-set authentication secret
    :attribute enable_server_set_auth: Whether to allow accounts to authenticate using
                                       the server-set authentication secret
    :attribute lifespan_access: Number of seconds that an issued JWT access token should
                                be valid for
    :attribute lifespan_refresh: Number of seconds an an issued JWT refresh token should
                                 be valid for
    :property administration: Container of additional settings related to the
                              administration of the domain itself
    :property access_list_names: List of Access Control Lists under the domain that accounts
                                 can have permission entries on
    :property permission_names: List of permissions that can be assigned to an account's ACL
                                entry
    """

    class Meta:  # pylint: disable=too-few-public-methods,missing-docstring
        table_name = "domain"

    created = peewee.DateTimeField(null=False, default=datetime.datetime.utcnow)
    updated = peewee.DateTimeField(null=False, default=datetime.datetime.utcnow)
    name = peewee.CharField(null=False, unique=True)
    audience = peewee.CharField(null=False, unique=True)
    title = peewee.CharField(null=True)
    description = peewee.CharField(null=True)
    contact = peewee.CharField(null=True)
    enabled = peewee.BooleanField(null=False)
    enable_client_set_auth = peewee.BooleanField(null=False)
    enable_server_set_auth = peewee.BooleanField(null=False)
    enable_refresh = peewee.BooleanField(null=False)
    _lifespan_access = peewee.IntegerField(null=False)
    _lifespan_refresh = peewee.IntegerField(null=False)

    @property
    def lifespan_access(self) -> datetime.timedelta:
        """Return the access lifespan as a timedelta"""
        return datetime.timedelta(seconds=self._lifespan_access)

    @lifespan_access.setter
    def lifespan_access(self, value: datetime.timedelta):
        """Set the access lifespan as an integer from a timedelta"""
        self._lifespan_access = int(value.total_seconds())

    @property
    def lifespan_refresh(self) -> datetime.timedelta:
        """Return the refresh lifespan as a timedelta"""
        return datetime.timedelta(seconds=self._lifespan_refresh)

    @lifespan_refresh.setter
    def lifespan_refresh(self, value: datetime.timedelta):
        """Set the refresh lifespan as an integer from a timedelta"""
        self._lifespan_refresh = int(value.total_seconds())

    @staticmethod
    def dict_keys() -> List[str]:
        return [
            "uuid",
            "created",
            "updated",
            "name",
            "audience",
            "title",
            "description",
            "contact",
            "enabled",
            "enable_client_set_auth",
            "enable_server_set_auth",
            "enable_refresh",
            "lifespan_access",
            "lifespan_refresh",
            "access_lists",
            "permissions",
        ]

    @staticmethod
    def foreign_backref() -> List[str]:
        return ["access_lists", "permissions"]

    def __str__(self) -> str:
        return f"Domain '{self.name}' ({self.uuid})"


class DomainAccessList(KeyoskBaseModel):
    """Access list name model definition

    :attribute name: Name of the access control list
    :attribute domain: Authentication domain the ACL applies to
    """

    class Meta:  # pylint: disable=missing-docstring,too-few-public-methods
        table_name = "domain_acl"

    name = peewee.CharField(null=False, unique=True)
    domain = peewee.ForeignKeyField(Domain, backref="access_lists")

    @staticmethod
    def dict_keys() -> List[str]:
        return ["name"]

    def __str__(self) -> str:
        return self.name


class DomainPermission(KeyoskBaseModel):
    """Permission name model definition

    :attribute name: Name of the permission
    :attribute bitindex: Index in the generated bitmask that indicates this permission;
                         zero-indexed
    :attribute domain: Authentication domain the permission should apply to the ACLs of
    """

    class Meta:  # pylint: disable=missing-docstring,too-few-public-methods
        table_name = "domain_permission"

    name = peewee.CharField(null=False)
    bitindex = peewee.IntegerField(null=False)
    domain = peewee.ForeignKeyField(Domain, backref="permissions")

    @staticmethod
    def dict_keys() -> List[str]:
        return ["name", "bitindex"]

    def __str__(self) -> str:
        return self.name
Add domain and domain administration models 2020-02-22 19:27:00 -05:00			`"""Authentication domain model definition"""`
			`import datetime`
			`from typing import List`

			`import peewee`

			`from keyosk.database._shared import KeyoskBaseModel`


			`class Domain(KeyoskBaseModel):`
			`"""Authentication domain storage model`

			`:attribute created: Datetime indicating when the domain was first created`
			`:attribute updated: Datetime indicating when the domain was last modified`
			`:attribute name: Simple URL-friendly name for the domain`
			:attribute audience: Value to populate the ``audience`` claim of issued JWTs with
			`when authenticating against this domain`
			`:attribute title: Human-friendly display name for the domain`
			`:attribute description: Human-friendly longer description of the domain's usage or`
			`purpose`
			`:attribute contact: Contact link for the domain`
			`:attribute enabled: Whether the domain is enabled for authentication`
Fix misnamed domain auth enable fields Add missing refresh expiration parameter to token model 2020-02-23 02:00:13 -05:00			`:attribute enable_client_set_auth: Whether to allow accounts to authenticate using`
			`the client-set authentication secret`
			`:attribute enable_server_set_auth: Whether to allow accounts to authenticate using`
			`the server-set authentication secret`
Add domain and domain administration models 2020-02-22 19:27:00 -05:00			`:attribute lifespan_access: Number of seconds that an issued JWT access token should`
			`be valid for`
			`:attribute lifespan_refresh: Number of seconds an an issued JWT refresh token should`
			`be valid for`
Fix linting and typing errors Document token model Fix typo accessing incorrect crypto hash in passlib Fix cyclical import around domain admin settings Deprecate unused token usage enum Document constants module Fix typing errors in fields module Fix creation order of database models Add uuid default factory for uuid field 2020-02-22 22:07:37 -05:00			`:property administration: Container of additional settings related to the`
			`administration of the domain itself`
Add domain and domain administration models 2020-02-22 19:27:00 -05:00			`:property access_list_names: List of Access Control Lists under the domain that accounts`
			`can have permission entries on`
			`:property permission_names: List of permissions that can be assigned to an account's ACL`
			`entry`
			`"""`

			`class Meta: # pylint: disable=too-few-public-methods,missing-docstring`
			`table_name = "domain"`

			`created = peewee.DateTimeField(null=False, default=datetime.datetime.utcnow)`
			`updated = peewee.DateTimeField(null=False, default=datetime.datetime.utcnow)`
			`name = peewee.CharField(null=False, unique=True)`
			`audience = peewee.CharField(null=False, unique=True)`
			`title = peewee.CharField(null=True)`
			`description = peewee.CharField(null=True)`
			`contact = peewee.CharField(null=True)`
			`enabled = peewee.BooleanField(null=False)`
Fix misnamed domain auth enable fields Add missing refresh expiration parameter to token model 2020-02-23 02:00:13 -05:00			`enable_client_set_auth = peewee.BooleanField(null=False)`
			`enable_server_set_auth = peewee.BooleanField(null=False)`
Add domain and domain administration models 2020-02-22 19:27:00 -05:00			`enable_refresh = peewee.BooleanField(null=False)`
Add tests for domain model and domain extras models Add string reprs to domain models Fix misnamed dict key names on domain model Fix improper timedelta/int conversions on domain model 2020-02-24 23:03:59 -05:00			`_lifespan_access = peewee.IntegerField(null=False)`
			`_lifespan_refresh = peewee.IntegerField(null=False)`

			`@property`
			`def lifespan_access(self) -> datetime.timedelta:`
			`"""Return the access lifespan as a timedelta"""`
			`return datetime.timedelta(seconds=self._lifespan_access)`

			`@lifespan_access.setter`
			`def lifespan_access(self, value: datetime.timedelta):`
			`"""Set the access lifespan as an integer from a timedelta"""`
			`self._lifespan_access = int(value.total_seconds())`

			`@property`
			`def lifespan_refresh(self) -> datetime.timedelta:`
			`"""Return the refresh lifespan as a timedelta"""`
			`return datetime.timedelta(seconds=self._lifespan_refresh)`

			`@lifespan_refresh.setter`
			`def lifespan_refresh(self, value: datetime.timedelta):`
			`"""Set the refresh lifespan as an integer from a timedelta"""`
			`self._lifespan_refresh = int(value.total_seconds())`
Add domain and domain administration models 2020-02-22 19:27:00 -05:00
			`@staticmethod`
			`def dict_keys() -> List[str]:`
			`return [`
			`"uuid",`
			`"created",`
			`"updated",`
			`"name",`
			`"audience",`
			`"title",`
			`"description",`
			`"contact",`
			`"enabled",`
Add tests for domain model and domain extras models Add string reprs to domain models Fix misnamed dict key names on domain model Fix improper timedelta/int conversions on domain model 2020-02-24 23:03:59 -05:00			`"enable_client_set_auth",`
			`"enable_server_set_auth",`
Add domain and domain administration models 2020-02-22 19:27:00 -05:00			`"enable_refresh",`
			`"lifespan_access",`
			`"lifespan_refresh",`
Fix hacked permission and access list string names Update domain access list and domain permission models to be dict-castable Update domain model to specify dict casting for access list and permission backrefs properly Remove unnecessary permission_names and access_list_names properties 2020-02-24 21:27:20 -05:00			`"access_lists",`
			`"permissions",`
Add domain and domain administration models 2020-02-22 19:27:00 -05:00			`]`

Fix hacked permission and access list string names Update domain access list and domain permission models to be dict-castable Update domain model to specify dict casting for access list and permission backrefs properly Remove unnecessary permission_names and access_list_names properties 2020-02-24 21:27:20 -05:00			`@staticmethod`
			`def foreign_backref() -> List[str]:`
			`return ["access_lists", "permissions"]`

Add tests for domain model and domain extras models Add string reprs to domain models Fix misnamed dict key names on domain model Fix improper timedelta/int conversions on domain model 2020-02-24 23:03:59 -05:00			`def __str__(self) -> str:`
			`return f"Domain '{self.name}' ({self.uuid})"`

Add domain and domain administration models 2020-02-22 19:27:00 -05:00
			`class DomainAccessList(KeyoskBaseModel):`
			`"""Access list name model definition`

			`:attribute name: Name of the access control list`
			`:attribute domain: Authentication domain the ACL applies to`
			`"""`

			`class Meta: # pylint: disable=missing-docstring,too-few-public-methods`
			`table_name = "domain_acl"`

!fixup make domain access list names unique 2020-02-24 23:22:49 -05:00			`name = peewee.CharField(null=False, unique=True)`
Add domain and domain administration models 2020-02-22 19:27:00 -05:00			`domain = peewee.ForeignKeyField(Domain, backref="access_lists")`

Fix hacked permission and access list string names Update domain access list and domain permission models to be dict-castable Update domain model to specify dict casting for access list and permission backrefs properly Remove unnecessary permission_names and access_list_names properties 2020-02-24 21:27:20 -05:00			`@staticmethod`
			`def dict_keys() -> List[str]:`
			`return ["name"]`

Add tests for domain model and domain extras models Add string reprs to domain models Fix misnamed dict key names on domain model Fix improper timedelta/int conversions on domain model 2020-02-24 23:03:59 -05:00			`def __str__(self) -> str:`
			`return self.name`

Add domain and domain administration models 2020-02-22 19:27:00 -05:00
			`class DomainPermission(KeyoskBaseModel):`
			`"""Permission name model definition`

			`:attribute name: Name of the permission`
			`:attribute bitindex: Index in the generated bitmask that indicates this permission;`
			`zero-indexed`
			`:attribute domain: Authentication domain the permission should apply to the ACLs of`
			`"""`

			`class Meta: # pylint: disable=missing-docstring,too-few-public-methods`
			`table_name = "domain_permission"`

			`name = peewee.CharField(null=False)`
			`bitindex = peewee.IntegerField(null=False)`
			`domain = peewee.ForeignKeyField(Domain, backref="permissions")`
Fix hacked permission and access list string names Update domain access list and domain permission models to be dict-castable Update domain model to specify dict casting for access list and permission backrefs properly Remove unnecessary permission_names and access_list_names properties 2020-02-24 21:27:20 -05:00
			`@staticmethod`
			`def dict_keys() -> List[str]:`
			`return ["name", "bitindex"]`
Add tests for domain model and domain extras models Add string reprs to domain models Fix misnamed dict key names on domain model Fix improper timedelta/int conversions on domain model 2020-02-24 23:03:59 -05:00
			`def __str__(self) -> str:`
			`return self.name`