87 lines
4.5 KiB
Python
87 lines
4.5 KiB
Python
"""Security models: Token and AuthEvent."""
|
|
|
|
from typing import Optional
|
|
from pydantic import BaseModel, Field
|
|
from modules.shared.attributeUtils import register_model_labels, ModelMixin
|
|
from modules.shared.timezoneUtils import get_utc_timestamp
|
|
from .datamodelUam import AuthAuthority
|
|
from enum import Enum
|
|
import uuid
|
|
|
|
|
|
class TokenStatus(str, Enum):
|
|
ACTIVE = "active"
|
|
REVOKED = "revoked"
|
|
|
|
|
|
class Token(BaseModel, ModelMixin):
|
|
id: Optional[str] = None
|
|
userId: str
|
|
authority: AuthAuthority
|
|
connectionId: Optional[str] = Field(None, description="ID of the connection this token belongs to")
|
|
tokenAccess: str
|
|
tokenType: str = "bearer"
|
|
expiresAt: float = Field(description="When the token expires (UTC timestamp in seconds)")
|
|
tokenRefresh: Optional[str] = None
|
|
createdAt: Optional[float] = Field(None, description="When the token was created (UTC timestamp in seconds)")
|
|
status: TokenStatus = Field(default=TokenStatus.ACTIVE, description="Token status: active/revoked")
|
|
revokedAt: Optional[float] = Field(None, description="When the token was revoked (UTC timestamp in seconds)")
|
|
revokedBy: Optional[str] = Field(None, description="User ID who revoked the token (admin/self)")
|
|
reason: Optional[str] = Field(None, description="Optional revocation reason")
|
|
sessionId: Optional[str] = Field(None, description="Logical session grouping for logout revocation")
|
|
mandateId: Optional[str] = Field(None, description="Mandate ID for tenant scoping of the token")
|
|
|
|
class Config:
|
|
use_enum_values = True
|
|
|
|
|
|
register_model_labels(
|
|
"Token",
|
|
{"en": "Token", "fr": "Jeton"},
|
|
{
|
|
"id": {"en": "ID", "fr": "ID"},
|
|
"userId": {"en": "User ID", "fr": "ID utilisateur"},
|
|
"authority": {"en": "Authority", "fr": "Autorité"},
|
|
"connectionId": {"en": "Connection ID", "fr": "ID de connexion"},
|
|
"tokenAccess": {"en": "Access Token", "fr": "Jeton d'accès"},
|
|
"tokenType": {"en": "Token Type", "fr": "Type de jeton"},
|
|
"expiresAt": {"en": "Expires At", "fr": "Expire le"},
|
|
"tokenRefresh": {"en": "Refresh Token", "fr": "Jeton de rafraîchissement"},
|
|
"createdAt": {"en": "Created At", "fr": "Créé le"},
|
|
"status": {"en": "Status", "fr": "Statut"},
|
|
"revokedAt": {"en": "Revoked At", "fr": "Révoqué le"},
|
|
"revokedBy": {"en": "Revoked By", "fr": "Révoqué par"},
|
|
"reason": {"en": "Reason", "fr": "Raison"},
|
|
"sessionId": {"en": "Session ID", "fr": "ID de session"},
|
|
"mandateId": {"en": "Mandate ID", "fr": "ID de mandat"},
|
|
},
|
|
)
|
|
|
|
|
|
class AuthEvent(BaseModel, ModelMixin):
|
|
id: str = Field(default_factory=lambda: str(uuid.uuid4()), description="Unique ID of the auth event", frontend_type="text", frontend_readonly=True, frontend_required=False)
|
|
userId: str = Field(description="ID of the user this event belongs to", frontend_type="text", frontend_readonly=True, frontend_required=True)
|
|
eventType: str = Field(description="Type of authentication event (e.g., 'login', 'logout', 'token_refresh')", frontend_type="text", frontend_readonly=True, frontend_required=True)
|
|
timestamp: float = Field(default_factory=get_utc_timestamp, description="Unix timestamp when the event occurred", frontend_type="datetime", frontend_readonly=True, frontend_required=True)
|
|
ipAddress: Optional[str] = Field(default=None, description="IP address from which the event originated", frontend_type="text", frontend_readonly=True, frontend_required=False)
|
|
userAgent: Optional[str] = Field(default=None, description="User agent string from the request", frontend_type="text", frontend_readonly=True, frontend_required=False)
|
|
success: bool = Field(default=True, description="Whether the authentication event was successful", frontend_type="boolean", frontend_readonly=True, frontend_required=True)
|
|
details: Optional[str] = Field(default=None, description="Additional details about the event", frontend_type="text", frontend_readonly=True, frontend_required=False)
|
|
|
|
|
|
register_model_labels(
|
|
"AuthEvent",
|
|
{"en": "Authentication Event", "fr": "Événement d'authentification"},
|
|
{
|
|
"id": {"en": "ID", "fr": "ID"},
|
|
"userId": {"en": "User ID", "fr": "ID utilisateur"},
|
|
"eventType": {"en": "Event Type", "fr": "Type d'événement"},
|
|
"timestamp": {"en": "Timestamp", "fr": "Horodatage"},
|
|
"ipAddress": {"en": "IP Address", "fr": "Adresse IP"},
|
|
"userAgent": {"en": "User Agent", "fr": "Agent utilisateur"},
|
|
"success": {"en": "Success", "fr": "Succès"},
|
|
"details": {"en": "Details", "fr": "Détails"},
|
|
},
|
|
)
|
|
|
|
|