def wrapper(self, *args, **kwargs):
auth = self.application.auth
authorizer = self.application.authorizer
authenticated = auth.is_authenticated(self)
access_allowed = authenticated and authorizer.is_allowed_in_app(
_identify_user(self))
if authenticated and (not access_allowed):
user = _identify_user(self)
LOGGER.warning('User ' + user + ' is not allowed')
code = 403
message = 'Access denied. Please contact system administrator'
if isinstance(self, tornado.websocket.WebSocketHandler):
self.close(code=code, reason=message)
else:
raise tornado.web.HTTPError(code, message)
login_url = self.get_login_url()
request_path = self.request.path
login_resource = is_allowed_during_login(request_path, login_url, self)
if (authenticated and access_allowed) or login_resource:
return func(self, *args, **kwargs)
if not isinstance(self, tornado.web.StaticFileHandler):
raise tornado.web.HTTPError(401, 'Not authenticated')
login_url += "?" + urlencode(dict(next=request_path))
redirect_relative(login_url, self)
return
def wrapper(self, *args, **kwargs):
auth = self.application.auth
authorizer = self.application.authorizer
authenticated = auth.is_authenticated(self)
access_allowed = authenticated and authorizer.is_allowed_in_app(_identify_user(self))
if authenticated and (not access_allowed):
user = _identify_user(self)
LOGGER.warning('User ' + user + ' is not allowed')
code = 403
message = 'Access denied. Please contact system administrator'
if isinstance(self, tornado.websocket.WebSocketHandler):
self.close(code=code, reason=message)
else:
raise tornado.web.HTTPError(code, message)
login_url = self.get_login_url()
request_path = self.request.path
login_resource = is_allowed_during_login(request_path, login_url, self)
if (authenticated and access_allowed) or login_resource:
return func(self, *args, **kwargs)
if not isinstance(self, tornado.web.StaticFileHandler):
raise tornado.web.HTTPError(401, 'Not authenticated')
login_url += "?" + urlencode(dict(next=request_path))
redirect_relative(login_url, self)
return
def authenticate(self, request_handler):
if not self.is_enabled():
return
LOGGER.info('Trying to authenticate user')
login_generic_error = 'Something went wrong. Please contact the administrator or try later'
try:
username = self.authenticator.authenticate(request_handler)
if isinstance(username, tornado.concurrent.Future):
username = yield username
except auth_base.AuthRejectedError as e:
respond_error(request_handler, 401, e.get_message())
return
except auth_base.AuthFailureError:
respond_error(request_handler, 500, login_generic_error)
return
except auth_base.AuthBadRequestException as e:
respond_error(request_handler, 400, e.get_message())
return
except:
LOGGER.exception('Failed to call authenticate')
respond_error(request_handler, 500, login_generic_error)
return
LOGGER.info('Authenticated user ' + username)
if not self.authorizer.is_allowed_in_app(username):
LOGGER.info('User ' + username + ' have no access')
respond_error(
request_handler, 403,
'Access is prohibited. Please contact system administrator')
return
request_handler.set_secure_cookie('username', username)
path = tornado.escape.url_unescape(
request_handler.get_argument('next', '/'))
# redirect only to internal URLs
if path.startswith('http'):
path = '/'
redirect_relative(path, request_handler)
def wrapper(self, *args, **kwargs):
auth = self.application.auth
request_path = self.request.path
login_url = self.get_login_url()
if (auth.is_authenticated(self) and (auth.is_authorized(self))) \
or is_allowed_during_login(request_path, login_url, self):
return func(self, *args, **kwargs)
if not isinstance(self, tornado.web.StaticFileHandler):
if not auth.is_authenticated(self):
raise tornado.web.HTTPError(401, 'Not authenticated')
else:
raise tornado.web.HTTPError(403, 'Access denied')
login_url += "?" + urlencode(dict(next=request_path))
redirect_relative(login_url, self)
return
def authenticate(self, request_handler):
if not self.is_enabled():
return
LOGGER.info('Trying to authenticate user')
login_generic_error = 'Something went wrong. Please contact the administrator or try later'
try:
username = self.authenticator.authenticate(request_handler)
if asyncio.iscoroutine(username):
username = yield username
except auth_base.AuthRejectedError as e:
respond_error(request_handler, 401, e.get_message())
return
except auth_base.AuthFailureError:
respond_error(request_handler, 500, login_generic_error)
return
except auth_base.AuthBadRequestException as e:
respond_error(request_handler, 400, e.get_message())
return
except:
LOGGER.exception('Failed to call authenticate')
respond_error(request_handler, 500, login_generic_error)
return
LOGGER.info('Authenticated user ' + username)
request_handler.set_secure_cookie('username', username, expires_days=self.authenticator.auth_expiration_days)
path = tornado.escape.url_unescape(request_handler.get_argument('next', '/'))
# redirect only to internal URLs
if path.startswith('http'):
path = '/'
redirect_relative(path, request_handler)
def authenticate(self, request_handler):
if not self.is_enabled():
return
LOGGER.info('Trying to authenticate user')
login_generic_error = 'Something went wrong. Please contact the administrator or try later'
try:
username = self.authenticator.authenticate(request_handler)
if isinstance(username, tornado.concurrent.Future):
username = yield username
except auth_base.AuthRejectedError as e:
respond_error(request_handler, 401, e.get_message())
return
except auth_base.AuthFailureError:
respond_error(request_handler, 500, login_generic_error)
return
except auth_base.AuthBadRequestException as e:
respond_error(request_handler, 400, e.get_message())
return
except:
LOGGER.exception('Failed to call authenticate')
respond_error(request_handler, 500, login_generic_error)
return
LOGGER.info('Authenticated user ' + username)
request_handler.set_secure_cookie('username', username)
path = tornado.escape.url_unescape(request_handler.get_argument('next', '/'))
# redirect only to internal URLs
if path.startswith('http'):
path = '/'
redirect_relative(path, request_handler)
def get(self, *args):
redirect_relative(self._url.format(*args), self, *args)
def get(self, *args):
redirect_relative(self._url.format(*args), self, *args)
