Beispiel #1
0
    def get(self, request, *args, **kwargs):
        """
        Fetches metadata
        """
        _ = args, kwargs
        data = {'authenticated': False,
                'authentication_state': None,
                'username': None,
                'userguid': None,
                'roles': [],
                'storagerouter_ips': [sr.ip for sr in StorageRouterList.get_storagerouters()],
                'versions': list(settings.VERSION),
                'plugins': {}}
        try:
            # Gather plugin metadata
            plugins = {}
            # - Backends. BackendType plugins must set the has_plugin flag on True
            for backend_type in BackendTypeList.get_backend_types():
                if backend_type.has_plugin is True:
                    if backend_type.code not in plugins:
                        plugins[backend_type.code] = []
                    plugins[backend_type.code] += ['backend', 'gui']
            data['plugins'] = plugins

            # Gather authorization metadata
            if 'HTTP_AUTHORIZATION' not in request.META:
                return HttpResponse, dict(data.items() + {'authentication_state': 'unauthenticated'}.items())
            authorization_type, access_token = request.META['HTTP_AUTHORIZATION'].split(' ')
            if authorization_type != 'Bearer':
                return HttpResponse, dict(data.items() + {'authentication_state': 'invalid_authorization_type'}.items())
            tokens = BearerTokenList.get_by_access_token(access_token)
            if len(tokens) != 1:
                return HttpResponse, dict(data.items() + {'authentication_state': 'invalid_token'}.items())
            token = tokens[0]
            if token.expiration < time.time():
                for junction in token.roles.itersafe():
                    junction.delete()
                token.delete()
                return HttpResponse, dict(data.items() + {'authentication_state': 'token_expired'}.items())

            # Gather user metadata
            user = token.client.user
            if not user.is_active:
                return HttpResponse, dict(data.items() + {'authentication_state': 'inactive_user'}.items())
            roles = [j.role.code for j in token.roles]

            return HttpResponse, dict(data.items() + {'authenticated': True,
                                                      'authentication_state': 'authenticated',
                                                      'username': user.username,
                                                      'userguid': user.guid,
                                                      'roles': roles,
                                                      'plugins': plugins}.items())
        except Exception as ex:
            logger.exception('Unexpected exception: {0}'.format(ex))
            return HttpResponse, dict(data.items() + {'authentication_state': 'unexpected_exception'}.items())
Beispiel #2
0
    def authenticate(self, request, **kwargs):
        """
        Authenticate method
        """
        _ = self
        if 'HTTP_AUTHORIZATION' not in request.META:
            return None
        authorization_type, access_token = request.META[
            'HTTP_AUTHORIZATION'].split(' ')
        if authorization_type != 'Bearer':
            raise HttpUnauthorizedException(
                error='invalid_authorization_type',
                error_description='Invalid authorization type specified')

        tokens = BearerTokenList.get_by_access_token(access_token)
        if len(tokens) != 1:
            raise HttpUnauthorizedException(
                error='invalid_token',
                error_description='Invalid token passed')
        token = tokens[0]
        if token.expiration < time.time():
            for junction in token.roles.itersafe():
                junction.delete()
            token.delete()
            raise HttpUnauthorizedException(
                error='token_expired',
                error_description='The token passed is expired')

        user = token.client.user
        if not user.is_active:
            raise HttpUnauthorizedException(error='inactive_user',
                                            error_description='Inactive user')
        request.client = token.client
        request.token = token

        try:
            duser = DUser.objects.get(username=user.username)
        except DUser.DoesNotExist:
            duser = DUser.objects.create_user(user.username,
                                              '*****@*****.**')
            duser.is_active = user.is_active
            duser.is_staff = False
            duser.is_superuser = False
            duser.save()

        if 'native_django' in kwargs and kwargs['native_django'] is True:
            return duser
        return duser, None
Beispiel #3
0
    def authenticate(self, request, **kwargs):
        """
        Authenticate method
        """
        _ = self
        if 'HTTP_AUTHORIZATION' not in request.META:
            return None
        authorization_type, access_token = request.META['HTTP_AUTHORIZATION'].split(' ')
        if authorization_type != 'Bearer':
            raise HttpUnauthorizedException(error='invalid_authorization_type',
                                            error_description='Invalid authorization type specified')

        tokens = BearerTokenList.get_by_access_token(access_token)
        if len(tokens) != 1:
            raise HttpUnauthorizedException(error='invalid_token',
                                            error_description='Invalid token passed')
        token = tokens[0]
        if token.expiration < time.time():
            for junction in token.roles.itersafe():
                junction.delete()
            token.delete()
            raise HttpUnauthorizedException(error='token_expired',
                                            error_description='The token passed is expired')

        user = token.client.user
        if not user.is_active:
            raise HttpUnauthorizedException(error='inactive_user',
                                            error_description='Inactive user')
        request.client = token.client
        request.token = token

        try:
            duser = DUser.objects.get(username=user.username)
        except DUser.DoesNotExist:
            duser = DUser.objects.create_user(user.username, '*****@*****.**')
            duser.is_active = user.is_active
            duser.is_staff = False
            duser.is_superuser = False
            duser.save()

        if 'native_django' in kwargs and kwargs['native_django'] is True:
            return duser
        return duser, None
Beispiel #4
0
    def authenticate(self, request, **kwargs):
        """
        Authenticate method
        """
        _ = self
        if "HTTP_AUTHORIZATION" not in request.META:
            return None
        authorization_type, access_token = request.META["HTTP_AUTHORIZATION"].split(" ")
        if authorization_type != "Bearer":
            raise AuthenticationFailed("invalid_authorization_type")

        tokens = BearerTokenList.get_by_access_token(access_token)
        if len(tokens) != 1:
            raise AuthenticationFailed("invalid_token")
        token = tokens[0]
        if token.expiration < time.time():
            for junction in token.roles.itersafe():
                junction.delete()
            token.delete()
            raise AuthenticationFailed("token_expired")

        user = token.client.user
        if not user.is_active:
            raise AuthenticationFailed("inactive_user")
        request.client = token.client
        request.token = token

        try:
            duser = DUser.objects.get(username=user.username)
        except DUser.DoesNotExist:
            duser = DUser.objects.create_user(user.username, "*****@*****.**")
            duser.is_active = user.is_active
            duser.is_staff = False
            duser.is_superuser = False
            duser.save()

        if "native_django" in kwargs and kwargs["native_django"] is True:
            return duser
        return duser, None
Beispiel #5
0
    def authenticate(self, request):
        """
        Authenticate method
        """
        if 'HTTP_AUTHORIZATION' not in request.META:
            return None
        authorization_type, access_token = request.META[
            'HTTP_AUTHORIZATION'].split(' ')
        if authorization_type != 'Bearer':
            raise AuthenticationFailed('invalid_authorization_type')

        tokens = BearerTokenList.get_by_access_token(access_token)
        if len(tokens) != 1:
            raise AuthenticationFailed('invalid_token')
        token = tokens[0]
        if token.expiration < time.time():
            for junction in token.roles.itersafe():
                junction.delete()
            token.delete()
            raise AuthenticationFailed('token_expired')

        user = token.client.user
        if not user.is_active:
            raise AuthenticationFailed('inactive_user')
        request.client = token.client
        request.token = token

        try:
            duser = DUser.objects.get(username=user.username)
        except DUser.DoesNotExist:
            duser = DUser.objects.create_user(user.username,
                                              '*****@*****.**')
            duser.is_active = user.is_active
            duser.is_staff = False
            duser.is_superuser = False
            duser.save()

        return duser, None
Beispiel #6
0
    def authenticate(self, request):
        """
        Authenticate method
        """
        if 'HTTP_AUTHORIZATION' not in request.META:
            return None
        authorization_type, access_token = request.META['HTTP_AUTHORIZATION'].split(' ')
        if authorization_type != 'Bearer':
            raise AuthenticationFailed('invalid_authorization_type')

        tokens = BearerTokenList.get_by_access_token(access_token)
        if len(tokens) != 1:
            raise AuthenticationFailed('invalid_token')
        token = tokens[0]
        if token.expiration < time.time():
            for junction in token.roles.itersafe():
                junction.delete()
            token.delete()
            raise AuthenticationFailed('token_expired')

        user = token.client.user
        if not user.is_active:
            raise AuthenticationFailed('inactive_user')
        request.client = token.client
        request.token = token

        try:
            duser = DUser.objects.get(username=user.username)
        except DUser.DoesNotExist:
            duser = DUser.objects.create_user(user.username, '*****@*****.**')
            duser.is_active = user.is_active
            duser.is_staff = False
            duser.is_superuser = False
            duser.save()

        return duser, None
Beispiel #7
0
    def get(self, request, *args, **kwargs):
        """
        Fetches metadata
        """
        _ = args, kwargs
        data = {
            'authenticated':
            False,
            'authentication_state':
            None,
            'authentication_metadata': {},
            'username':
            None,
            'userguid':
            None,
            'roles': [],
            'identification': {},
            'storagerouter_ips':
            [sr.ip for sr in StorageRouterList.get_storagerouters()],
            'versions':
            list(settings.VERSION),
            'plugins': {}
        }
        try:
            # Gather plugin metadata
            plugins = {}
            # - Backends. BackendType plugins must set the has_plugin flag on True
            for backend_type in BackendTypeList.get_backend_types():
                if backend_type.has_plugin is True:
                    if backend_type.code not in plugins:
                        plugins[backend_type.code] = []
                    plugins[backend_type.code] += ['backend', 'gui']
            # - Generic plugins, as added to the configuration file(s)
            generic_plugins = EtcdConfiguration.get(
                '/ovs/framework/plugins/installed|generic')
            for plugin_name in generic_plugins:
                if plugin_name not in plugins:
                    plugins[plugin_name] = []
                plugins[plugin_name] += ['gui']
            data['plugins'] = plugins

            # Fill identification
            data['identification'] = {
                'cluster_id':
                EtcdConfiguration.get('/ovs/framework/cluster_id')
            }

            # Get authentication metadata
            authentication_metadata = {'ip': System.get_my_storagerouter().ip}
            for key in ['mode', 'authorize_uri', 'client_id', 'scope']:
                if EtcdConfiguration.exists(
                        '/ovs/framework/webapps|oauth2.{0}'.format(key)):
                    authentication_metadata[key] = EtcdConfiguration.get(
                        '/ovs/framework/webapps|oauth2.{0}'.format(key))
            data['authentication_metadata'] = authentication_metadata

            # Gather authorization metadata
            if 'HTTP_AUTHORIZATION' not in request.META:
                return HttpResponse, dict(
                    data.items() +
                    {'authentication_state': 'unauthenticated'}.items())
            authorization_type, access_token = request.META[
                'HTTP_AUTHORIZATION'].split(' ')
            if authorization_type != 'Bearer':
                return HttpResponse, dict(
                    data.items() +
                    {'authentication_state': 'invalid_authorization_type'
                     }.items())
            tokens = BearerTokenList.get_by_access_token(access_token)
            if len(tokens) != 1:
                return HttpResponse, dict(
                    data.items() +
                    {'authentication_state': 'invalid_token'}.items())
            token = tokens[0]
            if token.expiration < time.time():
                for junction in token.roles.itersafe():
                    junction.delete()
                token.delete()
                return HttpResponse, dict(
                    data.items() +
                    {'authentication_state': 'token_expired'}.items())

            # Gather user metadata
            user = token.client.user
            if not user.is_active:
                return HttpResponse, dict(
                    data.items() +
                    {'authentication_state': 'inactive_user'}.items())
            roles = [j.role.code for j in token.roles]

            return HttpResponse, dict(
                data.items() + {
                    'authenticated': True,
                    'authentication_state': 'authenticated',
                    'username': user.username,
                    'userguid': user.guid,
                    'roles': roles,
                    'plugins': plugins
                }.items())
        except Exception as ex:
            MetadataView._logger.exception(
                'Unexpected exception: {0}'.format(ex))
            return HttpResponse, dict(
                data.items() +
                {'authentication_state': 'unexpected_exception'}.items())
Beispiel #8
0
    def get(self, request, *args, **kwargs):
        """
        Fetches metadata
        """
        _ = args, kwargs
        data = {'authenticated': False,
                'authentication_state': None,
                'authentication_metadata': {},
                'username': None,
                'userguid': None,
                'roles': [],
                'identification': {},
                'storagerouter_ips': [sr.ip for sr in StorageRouterList.get_storagerouters()],
                'versions': list(settings.VERSION),
                'plugins': {}}
        try:
            # Gather plugin metadata
            plugins = {}
            # - Backends. BackendType plugins must set the has_plugin flag on True
            for backend_type in BackendTypeList.get_backend_types():
                if backend_type.has_plugin is True:
                    if backend_type.code not in plugins:
                        plugins[backend_type.code] = []
                    plugins[backend_type.code] += ['backend', 'gui']
            # - Generic plugins, as added to the configuration file(s)
            generic_plugins = Configuration.get('/ovs/framework/plugins/installed|generic')
            for plugin_name in generic_plugins:
                if plugin_name not in plugins:
                    plugins[plugin_name] = []
                plugins[plugin_name] += ['gui']
            data['plugins'] = plugins

            # Fill identification
            data['identification'] = {'cluster_id': Configuration.get('/ovs/framework/cluster_id')}

            # Get authentication metadata
            authentication_metadata = {'ip': System.get_my_storagerouter().ip}
            for key in ['mode', 'authorize_uri', 'client_id', 'scope']:
                if Configuration.exists('/ovs/framework/webapps|oauth2.{0}'.format(key)):
                    authentication_metadata[key] = Configuration.get('/ovs/framework/webapps|oauth2.{0}'.format(key))
            data['authentication_metadata'] = authentication_metadata

            # Gather authorization metadata
            if 'HTTP_AUTHORIZATION' not in request.META:
                return dict(data.items() + {'authentication_state': 'unauthenticated'}.items())
            authorization_type, access_token = request.META['HTTP_AUTHORIZATION'].split(' ')
            if authorization_type != 'Bearer':
                return dict(data.items() + {'authentication_state': 'invalid_authorization_type'}.items())
            tokens = BearerTokenList.get_by_access_token(access_token)
            if len(tokens) != 1:
                return dict(data.items() + {'authentication_state': 'invalid_token'}.items())
            token = tokens[0]
            if token.expiration < time.time():
                for junction in token.roles.itersafe():
                    junction.delete()
                token.delete()
                return dict(data.items() + {'authentication_state': 'token_expired'}.items())

            # Gather user metadata
            user = token.client.user
            if not user.is_active:
                return dict(data.items() + {'authentication_state': 'inactive_user'}.items())
            roles = [j.role.code for j in token.roles]

            return dict(data.items() + {'authenticated': True,
                                        'authentication_state': 'authenticated',
                                        'username': user.username,
                                        'userguid': user.guid,
                                        'roles': roles,
                                        'plugins': plugins}.items())
        except Exception as ex:
            MetadataView._logger.exception('Unexpected exception: {0}'.format(ex))
            return dict(data.items() + {'authentication_state': 'unexpected_exception'}.items())
Beispiel #9
0
    def get(self, request, *args, **kwargs):
        """
        Fetches metadata
        """
        _ = args, kwargs
        data = {'authenticated': False,
                'authentication_state': None,
                'authentication_metadata': {},
                'username': None,
                'userguid': None,
                'roles': [],
                'identification': {},
                'storagerouter_ips': [sr.ip for sr in StorageRouterList.get_storagerouters()],
                'versions': list(settings.VERSION),
                'plugins': {},
                'registration': {'registered': False,
                                 'remaining': None}}
        try:
            # Gather plugin metadata
            plugins = {}
            # - Backends. BackendType plugins must set the has_plugin flag on True
            for backend_type in BackendTypeList.get_backend_types():
                if backend_type.has_plugin is True:
                    if backend_type.code not in plugins:
                        plugins[backend_type.code] = []
                    plugins[backend_type.code] += ['backend', 'gui']
            # - Generic plugins, as added to the configuration file(s)
            generic_plugins = Configuration.get('ovs.plugins.generic')
            for plugin_name in generic_plugins:
                if plugin_name not in plugins:
                    plugins[plugin_name] = []
                plugins[plugin_name] += ['gui']
            data['plugins'] = plugins

            # Fill identification
            data['identification'] = {'cluster_id': Configuration.get('ovs.support.cid')}

            # Registration data
            registered = Configuration.get('ovs.core.registered')
            data['registration']['registered'] = registered
            if registered is False:
                cluster_install_time = None
                for storagerouter in StorageRouterList.get_storagerouters():
                    client = SSHClient(storagerouter)
                    install_time = client.config_read('ovs.core.install_time')
                    if cluster_install_time is None or (install_time is not None and install_time < cluster_install_time):
                        cluster_install_time = install_time
                if cluster_install_time is not None:
                    timeout_days = 30 * 24 * 60 * 60
                    data['registration']['remaining'] = (timeout_days - time.time() + cluster_install_time) / 24 / 60 / 60

            # Get authentication metadata
            authentication_metadata = {'ip': System.get_my_storagerouter().ip}
            for key in ['mode', 'authorize_uri', 'client_id', 'scope']:
                if Configuration.exists('ovs.webapps.oauth2.{0}'.format(key)):
                    authentication_metadata[key] = Configuration.get('ovs.webapps.oauth2.{0}'.format(key))
            data['authentication_metadata'] = authentication_metadata

            # Gather authorization metadata
            if 'HTTP_AUTHORIZATION' not in request.META:
                return HttpResponse, dict(data.items() + {'authentication_state': 'unauthenticated'}.items())
            authorization_type, access_token = request.META['HTTP_AUTHORIZATION'].split(' ')
            if authorization_type != 'Bearer':
                return HttpResponse, dict(data.items() + {'authentication_state': 'invalid_authorization_type'}.items())
            tokens = BearerTokenList.get_by_access_token(access_token)
            if len(tokens) != 1:
                return HttpResponse, dict(data.items() + {'authentication_state': 'invalid_token'}.items())
            token = tokens[0]
            if token.expiration < time.time():
                for junction in token.roles.itersafe():
                    junction.delete()
                token.delete()
                return HttpResponse, dict(data.items() + {'authentication_state': 'token_expired'}.items())

            # Gather user metadata
            user = token.client.user
            if not user.is_active:
                return HttpResponse, dict(data.items() + {'authentication_state': 'inactive_user'}.items())
            roles = [j.role.code for j in token.roles]

            return HttpResponse, dict(data.items() + {'authenticated': True,
                                                      'authentication_state': 'authenticated',
                                                      'username': user.username,
                                                      'userguid': user.guid,
                                                      'roles': roles,
                                                      'plugins': plugins}.items())
        except Exception as ex:
            logger.exception('Unexpected exception: {0}'.format(ex))
            return HttpResponse, dict(data.items() + {'authentication_state': 'unexpected_exception'}.items())
Beispiel #10
0
    def get(self, request, *args, **kwargs):
        """
        Fetches metadata
        """
        _ = args, kwargs
        data = {
            'authenticated':
            False,
            'authentication_state':
            None,
            'username':
            None,
            'userguid':
            None,
            'roles': [],
            'storagerouter_ips':
            [sr.ip for sr in StorageRouterList.get_storagerouters()],
            'versions':
            list(settings.VERSION),
            'plugins': {}
        }
        try:
            # Gather plugin metadata
            plugins = {}
            # - Backends. BackendType plugins must set the has_plugin flag on True
            for backend_type in BackendTypeList.get_backend_types():
                if backend_type.has_plugin is True:
                    if backend_type.code not in plugins:
                        plugins[backend_type.code] = []
                    plugins[backend_type.code] += ['backend', 'gui']
            data['plugins'] = plugins

            # Gather authorization metadata
            if 'HTTP_AUTHORIZATION' not in request.META:
                return HttpResponse, dict(
                    data.items() +
                    {'authentication_state': 'unauthenticated'}.items())
            authorization_type, access_token = request.META[
                'HTTP_AUTHORIZATION'].split(' ')
            if authorization_type != 'Bearer':
                return HttpResponse, dict(
                    data.items() +
                    {'authentication_state': 'invalid_authorization_type'
                     }.items())
            tokens = BearerTokenList.get_by_access_token(access_token)
            if len(tokens) != 1:
                return HttpResponse, dict(
                    data.items() +
                    {'authentication_state': 'invalid_token'}.items())
            token = tokens[0]
            if token.expiration < time.time():
                for junction in token.roles.itersafe():
                    junction.delete()
                token.delete()
                return HttpResponse, dict(
                    data.items() +
                    {'authentication_state': 'token_expired'}.items())

            # Gather user metadata
            user = token.client.user
            if not user.is_active:
                return HttpResponse, dict(
                    data.items() +
                    {'authentication_state': 'inactive_user'}.items())
            roles = [j.role.code for j in token.roles]

            return HttpResponse, dict(
                data.items() + {
                    'authenticated': True,
                    'authentication_state': 'authenticated',
                    'username': user.username,
                    'userguid': user.guid,
                    'roles': roles,
                    'plugins': plugins
                }.items())
        except Exception as ex:
            logger.exception('Unexpected exception: {0}'.format(ex))
            return HttpResponse, dict(
                data.items() +
                {'authentication_state': 'unexpected_exception'}.items())