13. Code Documentation¶
The code roughly has three levels.
13.1. API level¶
The API level is used to access the system.
For some calls you need to be authenticated as administrator,
for some calls you can be authenticated as normal user.
These are the token
and the audit
endpoint.
For calls to the validate
API you do not need to be authenticated at all.
At this level Authentication
is performed. In the lower levels there is no
authentication anymore.
The object g.logged_in_user
is used to pass the authenticated user.
The client gets a JSON Web Token to authenticate every request.
API functions are decorated with the decorators admin_required
and
user_required
to define access rules.
- 13.1.1. REST API
- 13.1.1.1. Audit endpoint
- 13.1.1.2. Authentication endpoints
- 13.1.1.3. Validate endpoints
- 13.1.1.4. System endpoints
- 13.1.1.5. Resolver endpoints
- 13.1.1.6. Realm endpoints
- 13.1.1.7. Default Realm endpoints
- 13.1.1.8. Token endpoints
- 13.1.1.9. User endpoints
- 13.1.1.10. Policy endpoints
- 13.1.1.11. Machine Resolver endpoints
- 13.1.1.12. Machine endpoints
- 13.1.1.13. Application endpoints
13.2. LIB level¶
At the LIB level all library functions are defined. There is no authentication on this level. Also there is no flask/Web/request code on this level.
Request information and the logged_in_user
need to be passed to the
functions as parameters, if they are needed.
If possible, policies are checked with policy decorators.
- 13.2.1. library functions
- 13.2.1.1. Users
- 13.2.1.2. Token Class
- 13.2.1.2.1. Certificate Token
- 13.2.1.2.2. Daplug Token
- 13.2.1.2.3. Email Token
- 13.2.1.2.4. HOTP Token
- 13.2.1.2.5. mOTP Token
- 13.2.1.2.6. PasswordToken
- 13.2.1.2.7. RADIUS Token
- 13.2.1.2.8. Registration Code Token
- 13.2.1.2.9. Remote Token
- 13.2.1.2.10. SMS Token
- 13.2.1.2.11. SPass Token
- 13.2.1.2.12. SSHKey Token
- 13.2.1.2.13. TOTP Token
- 13.2.1.2.14. Yubico Token
- 13.2.1.2.15. Yubikey Token
- 13.2.1.3. Token Functions
- 13.2.1.4. Application Class
- 13.2.1.5. Policy Module
- 13.2.1.6. API Policies
- 13.2.1.7. Policy Decorators
- 13.2.2. UserIdResolvers
- 13.2.3. Audit log
- 13.2.4. Machine Resolvers