Skip to content

Tenant-scoped user management operations #431

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Mar 26, 2020
Merged

Tenant-scoped user management operations #431

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b6a5037
Adding tenant_mgt.auth_for_tenant() API
hiranya911 Mar 23, 2020
d03276a
Added more tenant-aware user mgt tests
hiranya911 Mar 23, 2020
0c86174
Full test coverage for tenant-aware user mgt APIs
hiranya911 Mar 24, 2020
e902864
Updated docstring to fix lint error
hiranya911 Mar 25, 2020
68fc770
Removed unused var; Fixing lint error
hiranya911 Mar 25, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 15 additions & 5 deletions firebase_admin/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -523,12 +523,13 @@ def generate_sign_in_with_email_link(email, action_code_settings, app=None):
email, action_code_settings=action_code_settings)


# TODO: Rename to public type Client
class _AuthService:
"""Firebase Authentication service."""

ID_TOOLKIT_URL = 'https://identitytoolkit.googleapis.com/v1/projects/'

def __init__(self, app):
def __init__(self, app, tenant_id=None):
credential = app.credential.get_credential()
version_header = 'Python/Admin/{0}'.format(firebase_admin.__version__)

Expand All @@ -538,12 +539,21 @@ def __init__(self, app):
2. set the project ID explicitly via Firebase App options, or
3. set the project ID via the GOOGLE_CLOUD_PROJECT environment variable.""")

client = _http_client.JsonHttpClient(
credential=credential, base_url=self.ID_TOOLKIT_URL + app.project_id,
url_path = app.project_id
if tenant_id:
url_path += '/tenants/{0}'.format(tenant_id)

http_client = _http_client.JsonHttpClient(
credential=credential, base_url=self.ID_TOOLKIT_URL + url_path,
headers={'X-Client-Version': version_header})
self._token_generator = _token_gen.TokenGenerator(app, client)
self._tenant_id = tenant_id
self._token_generator = _token_gen.TokenGenerator(app, http_client)
self._token_verifier = _token_gen.TokenVerifier(app)
self._user_manager = _user_mgt.UserManager(client)
self._user_manager = _user_mgt.UserManager(http_client)

@property
def tenant_id(self):
return self._tenant_id

def create_custom_token(self, uid, developer_claims=None):
return self._token_generator.create_custom_token(uid, developer_claims)
Expand Down
38 changes: 38 additions & 0 deletions firebase_admin/tenant_mgt.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,12 @@
Google Cloud Identity Platform (GCIP) instance.
"""

import threading

import requests

import firebase_admin
from firebase_admin import auth
from firebase_admin import _auth_utils
from firebase_admin import _http_client
from firebase_admin import _utils
Expand All @@ -35,6 +38,7 @@
'Tenant',
'TenantNotFoundError',

'auth_for_tenant',
'create_tenant',
'delete_tenant',
'get_tenant',
Expand All @@ -45,6 +49,23 @@
TenantNotFoundError = _auth_utils.TenantNotFoundError


def auth_for_tenant(tenant_id, app=None):
"""Gets an Auth Client instance scoped to the given tenant ID.

Args:
tenant_id: A tenant ID string.
app: An App instance (optional).

Returns:
_AuthService: An _AuthService object.

Raises:
ValueError: If the tenant ID is None, empty or not a string.
"""
tenant_mgt_service = _get_tenant_mgt_service(app)
return tenant_mgt_service.auth_for_tenant(tenant_id)


def get_tenant(tenant_id, app=None):
"""Gets the tenant corresponding to the given ``tenant_id``.

Expand Down Expand Up @@ -211,8 +232,25 @@ def __init__(self, app):
credential = app.credential.get_credential()
version_header = 'Python/Admin/{0}'.format(firebase_admin.__version__)
base_url = '{0}/projects/{1}'.format(self.TENANT_MGT_URL, app.project_id)
self.app = app
self.client = _http_client.JsonHttpClient(
credential=credential, base_url=base_url, headers={'X-Client-Version': version_header})
self.tenant_clients = {}
self.lock = threading.RLock()

def auth_for_tenant(self, tenant_id):
"""Gets an Auth Client instance scoped to the given tenant ID."""
if not isinstance(tenant_id, str) or not tenant_id:
raise ValueError(
'Invalid tenant ID: {0}. Tenant ID must be a non-empty string.'.format(tenant_id))

with self.lock:
if tenant_id in self.tenant_clients:
return self.tenant_clients[tenant_id]

client = auth._AuthService(self.app, tenant_id=tenant_id) # pylint: disable=protected-access
self.tenant_clients[tenant_id] = client
return client

def get_tenant(self, tenant_id):
"""Gets the tenant corresponding to the given ``tenant_id``."""
Expand Down
Loading