roman
/
sastools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Dev/refreshtoken (#123) 

* add token refresh

* json.dumps

* data

* savetoken

* fix folder id bug

* fix index

Co-authored-by: cloud-user <cloud-user@race.sas.com>
master
Gerry Nelson 3 years ago
committed by GitHub
parent
40c99f402f
commit
6a5e40d4c2
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 135 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      getfolderid.py
  2. 65
      savetoken.py
  3. 75
      sharedfunctions.py

4
getfolderid.py
View File

@ -58,5 +58,5 @@ if output_style=='simple':
print("Id = "+targets[0]) print("Id = "+targets[0])
print("URI = "+targets[1]) print("URI = "+targets[1])
print("Path = "+targets[2]) print("Path = "+targets[2])
print("CreatedBy = "+targets[3]) print("CreatedBy = "+targets[4])
else: printresult(targets[4],output_style) else: printresult(targets[3],output_style)

65
savetoken.py
View File

@ -0,0 +1,65 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Saves the access token from the CLI credentials file to a file in the format expected by the SAS Vscode extension
# The token is saved to a file ~/.sas/<profile>_token.txt
#
import sys
import json
import os
from sharedfunctions import file_accessible, getprofileinfo
#get authentication information for the header
credential_file=os.path.join(os.path.expanduser('~'),'.sas','credentials.json')
# check that credential file is available and can be read
access_file=file_accessible(credential_file,'r')
if access_file==False:
oaval=None
print("ERROR: Cannot read authentication credentials at: ", credential_file)
print("ERROR: Try refreshing your token with sas-admin auth login")
sys.exit()
with open(credential_file) as json_file:
data = json.load(json_file)
# profile
cur_profile=os.environ.get("SAS_CLI_PROFILE","NOTSET")
if cur_profile=="NOTSET":
print("SAS_CLI_PROFILE environment variable not set, using Default profile")
cur_profile='Default'
else:
print("SAS_CLI_PROFILE environment variable set to profile "+ cur_profile)
ssl_file=os.environ.get("SSL_CERT_FILE","NOTSET")
if ssl_file=="NOTSET":
print("SSL_CERT_FILE environment variable not set.")
else:
print("SSL_CERT_FILE environment variable set to profile "+ ssl_file)
r_ssl_file=os.environ.get("REQUESTS_CA_BUNDLE","NOTSET")
if r_ssl_file=="NOTSET":
print("REQUESTS_CA_BUNDLE environment variable not set.")
else:
print("REQUESTS_CA_BUNDLE environment variable set to profile "+ r_ssl_file)
if cur_profile in data:
oauthToken=data[cur_profile]['access-token']
token_file=os.path.join(os.path.expanduser('~'),'.sas',cur_profile+"_token.txt")
with open(token_file, "w") as tokenfile:
tokenfile.write(oauthToken)
print("NOTE: token saved to "+token_file)

75
sharedfunctions.py
View File

@ -108,6 +108,8 @@ def callrestapi(reqval, reqtype, acceptType='application/json', contentType='app
# get the auth token # get the auth token
oaval=getauthtoken(baseurl) oaval=getauthtoken(baseurl)
#print(oaval)
# build the authorization header # build the authorization header
head= {'Content-type':contentType,'Accept':acceptType} head= {'Content-type':contentType,'Accept':acceptType}
head.update({"Authorization" : oaval}) head.update({"Authorization" : oaval})
@ -204,7 +206,7 @@ def getfolderid(path):
targeturi="/folders/folders/"+targetid targeturi="/folders/folders/"+targetid
targetcreatedBy=result['createdBy'] targetcreatedBy=result['createdBy']
return [targetid,targeturi,targetname,targetcreatedBy,result] return [targetid,targeturi,targetname,result,targetcreatedBy]
@ -281,8 +283,7 @@ def getauthtoken(baseurl):
with open(credential_file) as json_file: with open(credential_file) as json_file:
data = json.load(json_file) data = json.load(json_file)
type(data)
# the sas-admin profile init creates an empty credential file # the sas-admin profile init creates an empty credential file
# check that credential is in file, if it is add it to the header, if not exit # check that credential is in file, if it is add it to the header, if not exit
@ -296,7 +297,8 @@ def getauthtoken(baseurl):
if cur_profile in data: if cur_profile in data:
oauthToken=data[cur_profile]['access-token'] oauthToken=data[cur_profile]['access-token']
refreshToken=data[cur_profile]['refresh-token']
oauthTokenType="bearer" oauthTokenType="bearer"
oaval=oauthTokenType + ' ' + oauthToken oaval=oauthTokenType + ' ' + oauthToken
@ -304,21 +306,80 @@ def getauthtoken(baseurl):
head= {'Content-type':'application/json','Accept':'application/json' } head= {'Content-type':'application/json','Accept':'application/json' }
head.update({"Authorization" : oaval}) head.update({"Authorization" : oaval})
# test a connection to rest api if it fails exit # test a connection to rest api if it fails try using the refresh token to re-authenticate
r = requests.get(baseurl,headers=head) r = requests.get(baseurl,headers=head)
if (400 <= r.status_code <=599):
#do refresh token request
#curl -k "${INGRESS_URL}/SASLogon/oauth/token" -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -u "sas.cli:" \-d "grant_type=refresh_token&refresh_token=${REFRESH_TOKEN}"
#did it work
# set oauthToken again from the output of the request
# update oauthToken in credentials file from the output of the request
refresh_headers = {"Accept": "application/json","Content-Type": "application/x-www-form-urlencoded",}
client_id="sas.cli"
client_secret=""
refresh_data = {}
refresh_data["grant_type"] = "refresh_token"
refresh_data["refresh_token"] = refreshToken
response = requests.request("POST", url=baseurl+"/SASLogon/oauth/token", data=refresh_data, headers=refresh_headers,auth=(client_id, client_secret))
if (400 <= response.status_code <=599):
oaval=None
print(r.text)
print("ERROR: cannot connect to "+baseurl+" with refresh token is your refresh token expired?")
print("ERROR: Try refreshing your token with the CLI auth login")
sys.exit()
else:
# set new token and update credentials.json
result=response.json()
newtoken=result["access_token"]
expires_in=result["expires_in"]
# calculate new expiration
newexpiry=(dt.utcnow()+td(seconds=expires_in)).strftime('%Y-%m-%dT%H:%M:%SZ')
oaval=oauthTokenType + ' ' + newtoken
# write the new token to the credentials file
data[cur_profile]['access-token']=newtoken
data[cur_profile]['expiry']=newexpiry
filecontent=json.dumps(data,indent=2)
with open(credential_file, "w") as outfile:
outfile.write(filecontent)
head= {'Content-type':'application/json','Accept':'application/json' }
head.update({"Authorization" : oaval})
# test a connection to rest api again if it fails exit
# tell user to re-authenticate with the sas-viya CLI
r = requests.get(baseurl,headers=head)
if (400 <= r.status_code <=599): if (400 <= r.status_code <=599):
oaval=None oaval=None
print(r.text) print(r.text)
print("ERROR: cannot connect to "+baseurl+" is your token expired?") print("ERROR: cannot connect to "+baseurl+" is your token expired?")
print("ERROR: Try refreshing your token with sas-admin auth login") print("ERROR: Try refreshing your token with the Viya CLI auth login")
sys.exit() sys.exit()
else: else:
oaval=None oaval=None
print("ERROR: access token not in file: ", credential_file) print("ERROR: access token not in file: ", credential_file)
print("ERROR: Try refreshing your token with sas-admin auth login") print("ERROR: Try refreshing your token with Viya CLI auth login")
sys.exit() sys.exit()
return oaval return oaval

Write Preview
Loading…
Cancel
Save