Beispiel #1
0
        def _decorator(request, *args, **kwargs):
            need_auth = AuthApi.need_auth(AUTH_TYPES['SSO'])
            available_groups = []

            if need_auth:
                access_token = request.META.get('HTTP_ACCESS_TOKEN', 'unknown')
                valid, username, available_groups = AuthApi.verify_token(
                    access_token)
                if not valid:
                    return render_json_response(401, 'app', None,
                                                "unauthorized : don't have the access to the operation", reverse('api_docs'))
                else:
                    AuthApi.operater = username
                    request.META['LAIN_AUTH_TYPE'] = AUTH_TYPES['SSO']
                    request.META['SSO_GROUPS'] = available_groups
            else:
                AuthApi.operater = "unknown"
                request.META['LAIN_AUTH_TYPE'] = None

            if permission == permissions['MAINTAIN']:
                appname = args[0]
                if not AppApi.check_app_exist(appname):
                    return render_json_response(404, 'app', None,
                                                'app with appname %s not exist, has not been reposited yet' % appname, reverse('api_repos'))
                if need_auth and not AuthApi.verify_app_access(available_groups, appname):
                    return render_json_response(403, 'maintainer', None,
                                                "forbidden : don't have the access to app %s" % appname, reverse('api_docs'))

            return fun(request, *args, **kwargs)
Beispiel #2
0
        def _decorator(request, *args, **kwargs):
            need_auth = AuthApi.need_auth(AUTH_TYPES['SSO'])
            available_groups = []

            if need_auth:
                access_token = request.META.get('HTTP_ACCESS_TOKEN', 'unknown')
                valid, username, available_groups = AuthApi.verify_token(access_token)
                if not valid:
                    return render_json_response(401, 'app', None, 
                        "unauthorized : don't have the access to the operation", reverse('api_docs'))
                else:
                    AuthApi.operater = username
                    request.META['LAIN_AUTH_TYPE'] = AUTH_TYPES['SSO']
                    request.META['SSO_GROUPS'] = available_groups
            else:
                AuthApi.operater = "unknown"
                request.META['LAIN_AUTH_TYPE'] = None

            if permission == permissions['MAINTAIN']:
                appname = args[0]
                if not AppApi.check_app_exist(appname):
                    return render_json_response(404, 'app', None,
                        'app with appname %s not exist, has not been reposited yet' % appname, reverse('api_repos'))
                if need_auth and not AuthApi.verify_app_access(available_groups, appname):
                    return render_json_response(403, 'maintainer', None, 
                        "forbidden : don't have the access to app %s" % appname, reverse('api_docs'))

            return fun(request, *args, **kwargs)
Beispiel #3
0
def api_authorize(request):
    try:
        code = request.GET['code']
    except Exception:
        return render_json_response(400, 'auth', None, 'invalid request: should be json body with sso code(string)', reverse('api_docs'))
    else:
        success, token_json = AuthApi.get_sso_access_token(code)
        if not success:
            return render_json_response(401, 'auth', None, "unauthorized : don't have the access to console", reverse('api_docs'))
        else:
            return AuthApi.redirect_to_ui(token_json)
Beispiel #4
0
def api_authorize(request):
    try:
        code = request.GET['code']
    except Exception:
        return render_json_response(400, 'auth', None, 'invalid request: should be json body with sso code(string)', reverse('api_docs'))
    else:
        success, token_json = AuthApi.get_sso_access_token(code)
        if not success:
            return render_json_response(401, 'auth', None, "unauthorized : don't have the access to console", reverse('api_docs'))
        else:
            return AuthApi.redirect_to_ui(token_json)
Beispiel #5
0
def api_maintainer(request, appname, username):
    if not AuthApi.need_auth(AUTH_TYPES['SSO']):
        return render_json_response(
            403, 'maintainer', None,
            'maintainer service not provided, try to open console auth first',
            reverse('api_docs'))
    return api_maintainer_high_permit(request, appname, username)
Beispiel #6
0
def api_authorize_status(request):
    if request.method == 'GET':
        auth_status = AuthApi.get_auth_status(AUTH_TYPES['SSO'])
        return render_json_response(200, 'auth', auth_status,
                                    'get auth status success',
                                    reverse("api_authorize_status"))
    else:
        return _invalid_request_method('auth', request.method)
Beispiel #7
0
def api_authorize_registry(request):
    success, result = AuthApi.authorize_registry(request)
    if success:
        return JsonResponse({'token': result}, status=200)
    else:
        return HttpResponse(result, content_type="text/plain", status=401)
Beispiel #8
0
def api_authorize_status(request):
    if request.method == 'GET':
        auth_status = AuthApi.get_auth_status(AUTH_TYPES['SSO'])
        return render_json_response(200, 'auth', auth_status, 'get auth status success', reverse("api_authorize_status"))
    else:
        return _invalid_request_method('auth', request.method)
Beispiel #9
0
def api_maintainer(request, appname, username):
    if not AuthApi.need_auth(AUTH_TYPES['SSO']):
        return render_json_response(403, 'maintainer', None, 'maintainer service not provided, try to open console auth first', reverse('api_docs'))
    return api_maintainer_high_permit(request, appname, username)
Beispiel #10
0
def api_authorize_registry(request):
    success, result = AuthApi.authorize_registry(request)
    if success:
        return JsonResponse({'token': result}, status=200)
    else:
        return HttpResponse(result, content_type="text/plain", status=401)