From b45f86e0cc87d13b8f7234d55792e826e157ffc9 Mon Sep 17 00:00:00 2001
From: Tanner Collin <git@tannercollin.com>
Date: Wed, 16 Sep 2020 22:52:17 +0000
Subject: [PATCH] Add Auth API connection to apiserver

---
 apiserver/apiserver/api/serializers.py | 19 ++++++++++++++++-
 apiserver/apiserver/api/utils_auth.py  | 28 ++++++++++++++++++++++++++
 apiserver/apiserver/secrets.py.example | 10 +++++++++
 3 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 apiserver/apiserver/api/utils_auth.py

diff --git a/apiserver/apiserver/api/serializers.py b/apiserver/apiserver/api/serializers.py
index fa93b4e..9a37a20 100644
--- a/apiserver/apiserver/api/serializers.py
+++ b/apiserver/apiserver/api/serializers.py
@@ -473,6 +473,13 @@ class MyPasswordChangeSerializer(PasswordChangeSerializer):
                 logger.info(msg)
                 raise ValidationError(dict(non_field_errors=msg))
 
+        if utils_auth.is_configured():
+            if utils_auth.set_password(data) != 200:
+                msg = 'Problem connecting to Auth server: set.'
+                utils.alert_tanner(msg)
+                logger.info(msg)
+                raise ValidationError(dict(non_field_errors=msg))
+
         super().save()
 
 class MyPasswordResetSerializer(PasswordResetSerializer):
@@ -490,7 +497,17 @@ class MyPasswordResetConfirmSerializer(PasswordResetConfirmSerializer):
 
         if utils_ldap.is_configured():
             if utils_ldap.set_password(data) != 200:
-                raise ValidationError(dict(non_field_errors='Problem connecting to LDAP server: set.'))
+                msg = 'Problem connecting to LDAP server: set.'
+                utils.alert_tanner(msg)
+                logger.info(msg)
+                raise ValidationError(dict(non_field_errors=msg))
+
+        if utils_auth.is_configured():
+            if utils_auth.set_password(data) != 200:
+                msg = 'Problem connecting to Auth server: set.'
+                utils.alert_tanner(msg)
+                logger.info(msg)
+                raise ValidationError(dict(non_field_errors=msg))
 
         super().save()
 
diff --git a/apiserver/apiserver/api/utils_auth.py b/apiserver/apiserver/api/utils_auth.py
new file mode 100644
index 0000000..cae62b0
--- /dev/null
+++ b/apiserver/apiserver/api/utils_auth.py
@@ -0,0 +1,28 @@
+import logging
+logger = logging.getLogger(__name__)
+
+import requests
+
+from apiserver import secrets
+from apiserver.api import utils
+
+def is_configured():
+    return bool(secrets.AUTH_API_URL and secrets.AUTH_API_KEY)
+
+
+def auth_api(route, data):
+    try:
+        headers = {'Authorization': 'Token ' + secrets.AUTH_API_KEY}
+        url = secrets.AUTH_API_URL + route
+        r = requests.post(url, data=data, headers=headers, timeout=3)
+        return r.status_code
+    except BaseException as e:
+        logger.error('Auth {} - {} - {}'.format(url, e.__class__.__name__, str(e)))
+        return None
+
+def set_password(data):
+    auth_data = dict(
+        username=data['username'],
+        password=data['password1'],
+    )
+    return auth_api('set-password', auth_data)
diff --git a/apiserver/apiserver/secrets.py.example b/apiserver/apiserver/secrets.py.example
index d6179e0..c4da972 100644
--- a/apiserver/apiserver/secrets.py.example
+++ b/apiserver/apiserver/secrets.py.example
@@ -40,6 +40,16 @@ LDAP_API_URL = ''
 # spaceport/ldapserver/secrets.py
 LDAP_API_KEY = ''
 
+# Auth API url
+# should contain the IP and port of the script and machine connected over VPN
+# with trailing slash
+AUTH_API_URL = ''
+
+# Auth API key
+# should be equal to the auth token value set in
+# spaceport/authserver/secrets.py
+AUTH_API_KEY = ''
+
 # Door cards API token
 # Set this to random characters
 # For example, use the output of this: