2 # Copyright 2013 The Swarming Authors. All rights reserved.
3 # Use of this source code is governed under the Apache License, Version 2.0 that
4 # can be found in the LICENSE file.
6 """Client tool to perform various authentication related tasks."""
14 from third_party import colorama
15 from third_party.depot_tools import fix_encoding
16 from third_party.depot_tools import subcommand
18 from utils import on_error
20 from utils import oauth
21 from utils import tools
24 class AuthServiceError(Exception):
25 """Unexpected response from authentication service."""
28 class AuthService(object):
29 """Represents remote Authentication service."""
31 def __init__(self, url):
32 self._service = net.get_http_service(url)
34 def login(self, allow_user_interaction):
35 """Refreshes cached access token or creates a new one."""
36 return self._service.login(allow_user_interaction)
39 """Purges cached access token."""
40 return self._service.logout()
42 def get_current_identity(self):
43 """Returns identity associated with currently used credentials.
46 user:<email> - if using OAuth or cookie based authentication.
47 bot:<id> - if using HMAC based authentication.
48 anonymous:anonymous - if not authenticated.
50 identity = self._service.json_request('/auth/api/v1/accounts/self')
52 raise AuthServiceError('Failed to fetch identity')
53 return identity['identity']
56 def add_auth_options(parser):
57 """Adds command line options related to authentication."""
58 parser.auth_group = optparse.OptionGroup(parser, 'Authentication')
59 parser.auth_group.add_option(
62 default=net.get_default_auth_config()[0],
63 help='Authentication method to use: %s. [default: %%default]' %
64 ', '.join(name for name, _ in net.AUTH_METHODS))
65 parser.add_option_group(parser.auth_group)
66 oauth.add_oauth_options(parser)
69 def process_auth_options(parser, options):
70 """Configures process-wide authentication parameters based on |options|."""
71 # Validate that authentication method is known.
72 if options.auth_method not in dict(net.AUTH_METHODS):
73 parser.error('Invalid --auth-method value: %s' % options.auth_method)
75 # Process the rest of the flags based on actual method used.
76 # Only oauth is configurable now.
78 if options.auth_method == 'oauth':
79 config = oauth.extract_oauth_config_from_options(options)
81 # Now configure 'net' globally to use this for every request.
82 net.configure_auth(options.auth_method, config)
85 def ensure_logged_in(server_url):
86 """Checks that user is logged in, asking to do it if not.
88 Aborts the process with exit code 1 if user is not logged it. Noop when used
91 if net.get_auth_method() not in ('cookie', 'oauth'):
93 server_url = server_url.lower().rstrip('/')
94 assert server_url.startswith(('https://', 'http://localhost:')), server_url
95 service = AuthService(server_url)
97 identity = service.get_current_identity()
98 if identity == 'anonymous:anonymous':
99 print >> sys.stderr, (
100 'Please login to %s: \n'
101 ' python auth.py login --service=%s' % (server_url, server_url))
103 email = identity.split(':')[1]
104 logging.info('Logged in to %s: %s', server_url, email)
108 @subcommand.usage('[options]')
109 def CMDlogin(parser, args):
110 """Runs interactive login flow and stores auth token/cookie on disk."""
111 (options, args) = parser.parse_args(args)
112 process_auth_options(parser, options)
113 service = AuthService(options.service)
114 if service.login(True):
115 print 'Logged in as \'%s\'.' % service.get_current_identity()
118 print 'Login failed or canceled.'
122 @subcommand.usage('[options]')
123 def CMDlogout(parser, args):
124 """Purges cached auth token/cookie."""
125 (options, args) = parser.parse_args(args)
126 process_auth_options(parser, options)
127 service = AuthService(options.service)
132 @subcommand.usage('[options]')
133 def CMDcheck(parser, args):
134 """Shows identity associated with currently cached auth token/cookie."""
135 (options, args) = parser.parse_args(args)
136 process_auth_options(parser, options)
137 service = AuthService(options.service)
139 print service.get_current_identity()
143 class OptionParserAuth(tools.OptionParserWithLogging):
144 def __init__(self, **kwargs):
145 tools.OptionParserWithLogging.__init__(self, prog='auth.py', **kwargs)
146 self.server_group = tools.optparse.OptionGroup(self, 'Server')
147 self.server_group.add_option(
149 metavar='URL', default='',
150 help='Service to use')
151 self.add_option_group(self.server_group)
152 add_auth_options(self)
154 def parse_args(self, *args, **kwargs):
155 options, args = tools.OptionParserWithLogging.parse_args(
156 self, *args, **kwargs)
157 options.service = options.service.rstrip('/')
158 if not options.service:
159 self.error('--service is required.')
160 on_error.report_on_exception_exit(options.service)
165 dispatcher = subcommand.CommandDispatcher(__name__)
166 return dispatcher.execute(OptionParserAuth(version=__version__), args)
169 if __name__ == '__main__':
170 fix_encoding.fix_encoding()
171 tools.disable_buffering()
173 sys.exit(main(sys.argv[1:]))