2 # Copyright 2013 The Swarming Authors. All rights reserved.
3 # Use of this source code is governed under the Apache License, Version 2.0 that
4 # can be found in the LICENSE file.
6 """Client tool to perform various authentication related tasks."""
13 from third_party import colorama
14 from third_party.depot_tools import fix_encoding
15 from third_party.depot_tools import subcommand
18 from utils import oauth
19 from utils import tools
22 def add_auth_options(parser):
23 """Adds command line options related to authentication."""
24 parser.auth_group = optparse.OptionGroup(parser, 'Authentication')
25 parser.auth_group.add_option(
28 default='bot' if tools.is_headless() else 'oauth',
29 help='Authentication method to use: %s. [default: %%default]' %
30 ', '.join(net.AUTH_METHODS))
31 parser.add_option_group(parser.auth_group)
32 oauth.add_oauth_options(parser)
35 def process_auth_options(parser, options):
36 """Configures process-wide authentication parameters based on |options|."""
37 if options.auth_method not in net.AUTH_METHODS:
38 parser.error('Invalid --auth-method value: %s' % options.auth_method)
39 net.configure_auth(options.auth_method, oauth_options=options)
42 class AuthServiceError(Exception):
43 """Unexpected response from authentication service."""
46 class AuthService(object):
47 """Represents remote Authentication service."""
49 def __init__(self, url):
50 self._service = net.get_http_service(url)
52 def login(self, allow_user_interaction):
53 """Refreshes cached access token or creates a new one."""
54 return self._service.login(allow_user_interaction)
57 """Purges cached access token."""
58 return self._service.logout()
60 def get_current_identity(self):
61 """Returns identity associated with currently used credentials.
64 user:<email> - if using OAuth or cookie based authentication.
65 bot:<id> - if using HMAC based authentication.
66 anonymous:anonymous - if not authenticated.
68 identity = self._service.json_request('GET', '/auth/api/v1/accounts/self')
70 raise AuthServiceError('Failed to fetch identity')
71 return identity['identity']
74 @subcommand.usage('[options]')
75 def CMDlogin(parser, args):
76 """Runs interactive login flow and stores auth token/cookie on disk."""
77 (options, args) = parser.parse_args(args)
78 process_auth_options(parser, options)
79 service = AuthService(options.service)
80 if service.login(True):
81 print 'Logged in as \'%s\'.' % service.get_current_identity()
84 print 'Login failed or canceled.'
88 @subcommand.usage('[options]')
89 def CMDlogout(parser, args):
90 """Purges cached auth token/cookie."""
91 (options, args) = parser.parse_args(args)
92 process_auth_options(parser, options)
93 service = AuthService(options.service)
98 @subcommand.usage('[options]')
99 def CMDcheck(parser, args):
100 """Shows identity associated with currently cached auth token/cookie."""
101 (options, args) = parser.parse_args(args)
102 process_auth_options(parser, options)
103 service = AuthService(options.service)
105 print service.get_current_identity()
109 class OptionParserAuth(tools.OptionParserWithLogging):
110 def __init__(self, **kwargs):
111 tools.OptionParserWithLogging.__init__(self, prog='auth.py', **kwargs)
112 self.server_group = tools.optparse.OptionGroup(self, 'Server')
113 self.server_group.add_option(
115 metavar='URL', default='',
116 help='Service to use')
117 self.add_option_group(self.server_group)
118 add_auth_options(self)
120 def parse_args(self, *args, **kwargs):
121 options, args = tools.OptionParserWithLogging.parse_args(
122 self, *args, **kwargs)
123 options.service = options.service.rstrip('/')
124 if not options.service:
125 self.error('--service is required.')
130 dispatcher = subcommand.CommandDispatcher(__name__)
132 return dispatcher.execute(OptionParserAuth(version=__version__), args)
133 except Exception as e:
134 tools.report_error(e)
138 if __name__ == '__main__':
139 fix_encoding.fix_encoding()
140 tools.disable_buffering()
142 sys.exit(main(sys.argv[1:]))