Authentication and Session Management

Authentication

A user is authenticated by providing a username and password. The currently configured mechanisms (that is, local, RADIUS) are used to verify the user. If authenticated successfully, an instance of ExosUser is returned. From there, the user’s permission level can be obtained.

exos.api.authenticate_user(username, password, src_addr)[source]

Authenticate a user, given a username and password. An ExosUser is returned if successful or None if not.

exos.api.authenticate_user_async(callback, username, password, src_addr)[source]

Asynchronous version of authenticate_user(). Returns immediately and calls callback with the result. callback must accept one argument, which is an ExosUser if successful or None if failed.

class exos.api.ExosUser(username, src_addr=None)[source]

An authenticated EXOS user. Instances of this class should be obtained via authenticate_user(), authenticate_user_async(), or validate_session(). Do not create instances of this class directly.

start_session(src_addr)[source]

Start a session for this user. src_addr must be a string in IPv4 or IPv6 format. The new session’s cookie is returned. If this user already has a session, AaaSessionExistsError is raised.

end_session()[source]

End a session for this user. If this user does not have a session, AaaSessionDoesNotExistError is raised.

read_write = None

True if the user has read/write privileges

The user’s session cookie, if a session has been started.

session_start = None

The time, as returned by time.time(), the session was started.

username = None

The user’s name.

Session

A session can be created, given an instance of ExosUser. Each session will be assigned a random session cookie. Applications can return that cookie to their client and later use it to retrieve the ExosUser again.

Sessions have a few distinct advantages:

  1. They’re more efficient. The user does not have to be re-authenticated. If the auth server is remote (that is, RADIUS), authentication can be expensive.
  2. They provide a convenient place to cache data. The same ExosUser instance is returned on each session cookie lookup, making it a convenient place to store information specific to this user’s current interaction with the application.

Sessions are created using the ExosUser.start_session() method. Use validate_session() to retrieve the ExosUser instance again.

Applications are responsible for cleaning up sessions. ExosUser.end_session() must eventually be called, either because the user logged out or because the session has become stale.

Sessions are also visible from the CLI and can be cleared:

show session
clear session <sessId>
exos.api.validate_session(session_cookie)[source]

Given a session_cookie, find the session and return the associated ExosUser or None if the session cannot be found.

exos.api.get_sessions()[source]

Return the list of active sessions.

Exceptions

class exos.api.AaaSessionExistsError[source]

The session already exists when it shouldn’t.

class exos.api.AaaSessionDoesNotExistError[source]

The session does not exist when it should.