Add task authentication

a2fbcd94 · Erwan Rouchet · Bastien Abadie · 4095908d · a2fbcd94 · a2fbcd94
Commit a2fbcd94 authored 2 years ago by Erwan Rouchet Committed by Bastien Abadie 2 years ago
--- a/arkindex/ponos/authentication.py
+++ b/arkindex/ponos/authentication.py
+from drf_spectacular.authentication import TokenScheme
 from drf_spectacular.contrib.rest_framework_simplejwt import SimpleJWTScheme
+from rest_framework.authentication import TokenAuthentication
 from rest_framework.exceptions import AuthenticationFailed

-from arkindex.ponos.models import Agent
+from arkindex.ponos.models import Agent, Task
 from rest_framework_simplejwt.authentication import JWTAuthentication
 from rest_framework_simplejwt.exceptions import InvalidToken
 from rest_framework_simplejwt.settings import api_settings
@@ -68,3 +70,35 @@ class AgentAuthenticationExtension(SimpleJWTScheme):

    target_class = "arkindex.ponos.authentication.AgentAuthentication"
    name = "agentAuth"
+
+
+class TaskAuthentication(TokenAuthentication):
+    keyword = 'Ponos'
+    model = Task
+
+    def authenticate_credentials(self, key):
+        try:
+            task = Task.objects.select_related('workflow__process__creator').get(token=key)
+        except Task.DoesNotExist:
+            # Same error message as the standard TokenAuthentication
+            raise AuthenticationFailed('Invalid token.')
+
+        if not task.workflow.process:
+            raise AuthenticationFailed('Task has no process.')
+
+        user = task.workflow.process.creator
+        if not user or not user.is_active:
+            # Same error message as the standard TokenAuthentication
+            raise AuthenticationFailed('User inactive or deleted.')
+
+        return (user, task)
+
+
+class TaskAuthenticationExtension(TokenScheme):
+    target_class = "arkindex.ponos.authentication.TaskAuthentication"
+    name = "taskAuth"
+    # The TokenScheme has a priority of -1 and matches both TokenAuthentication and its subclasses;
+    # we set the priority to a higher number to make this extension match first, and disable
+    # subclass matching so that this only applies to the TaskAuthentication.
+    priority = 0
+    match_subclasses = False
--- a/arkindex/project/settings.py
+++ b/arkindex/project/settings.py
@@ -202,6 +202,7 @@ REST_FRAMEWORK = {
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
        'arkindex.ponos.authentication.AgentAuthentication',
+        'arkindex.ponos.authentication.TaskAuthentication',
    ),
    'DEFAULT_PAGINATION_CLASS': 'arkindex.project.pagination.PageNumberPagination',
    'DEFAULT_SCHEMA_CLASS': 'arkindex.project.openapi.AutoSchema',

--- a/arkindex/project/tests/openapi/test_schema.py
+++ b/arkindex/project/tests/openapi/test_schema.py
@@ -56,6 +56,7 @@ class TestAutoSchema(TestCase):
                    {'cookieAuth': []},
                    {'tokenAuth': []},
                    {'agentAuth': []},
+                    {'taskAuth': []},
                    # Allows no authentication too
                    {},
                ],