def PUT(self, account): """ Create a new identity and map it to an account. HTTP Success: 201 Created HTTP Error: 400 Bad Request 401 Unauthorized 500 Internal Error :param Rucio-Auth-Token: as an 32 character hex string. :param Rucio-Username: the desired username. :param Rucio-Password: the desired password. :param account: the affected account via URL. """ username = ctx.env.get('HTTP_X_RUCIO_USERNAME') password = ctx.env.get('HTTP_X_RUCIO_PASSWORD') if username is None or password is None: raise BadRequest('Username and Password must be set.') try: add_identity(username, 'userpass', password) except Exception, error: raise InternalError(error)
def GET(self): """ HTTP Success: 200 OK HTTP Error: 401 Unauthorized :param Rucio-VO: VO name as a string (Multi-VO only). :param Rucio-Account: Account identifier as a string. :param Rucio-AppID: Application identifier as a string. :param SavedCredentials: Apache mod_auth_kerb SavedCredentials. :returns: "Rucio-Auth-Token" as a variable-length string header. """ header('Access-Control-Allow-Origin', ctx.env.get('HTTP_ORIGIN')) header('Access-Control-Allow-Headers', ctx.env.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')) header('Access-Control-Allow-Methods', '*') header('Access-Control-Allow-Credentials', 'true') header('Access-Control-Expose-Headers', 'X-Rucio-Auth-Token') header('Content-Type', 'application/octet-stream') header('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate') header('Cache-Control', 'post-check=0, pre-check=0', False) header('Pragma', 'no-cache') vo = ctx.env.get('HTTP_X_RUCIO_VO', '') account = ctx.env.get('HTTP_X_RUCIO_ACCOUNT') gsscred = ctx.env.get('REMOTE_USER') appid = ctx.env.get('HTTP_X_RUCIO_APPID') if appid is None: appid = 'unknown' ip = ctx.env.get('HTTP_X_FORWARDED_FOR') if ip is None: ip = ctx.ip try: result = get_auth_token_gss(account, gsscred, appid, ip, vo=vo) except AccessDenied: raise generate_http_error( 401, 'CannotAuthenticate', 'Cannot authenticate to account %(account)s with given credentials' % locals()) if result is None: raise generate_http_error( 401, 'CannotAuthenticate', 'Cannot authenticate to account %(account)s with given credentials' % locals()) else: header('X-Rucio-Auth-Token', result.token) header('X-Rucio-Auth-Token-Expires', date_to_str(result.expired_at)) return str() raise BadRequest()
def GET(self): """ HTTP Success: 200 OK HTTP Error: 401 Unauthorized :param QUERY_STRING: the URL query string itself :returns: "Rucio-Auth-Token" as a variable-length string header. """ header('Access-Control-Allow-Origin', ctx.env.get('HTTP_ORIGIN')) header('Access-Control-Allow-Headers', ctx.env.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')) header('Access-Control-Allow-Methods', '*') header('Access-Control-Allow-Credentials', 'true') header('Content-Type', 'application/octet-stream') header('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate') header('Cache-Control', 'post-check=0, pre-check=0', False) header('Pragma', 'no-cache') query_string = ctx.env.get('QUERY_STRING') ip = ctx.env.get('HTTP_X_FORWARDED_FOR') if ip is None: ip = ctx.ip try: result = get_token_oidc(query_string, ip) except AccessDenied: raise generate_http_error(401, 'CannotAuthorize', 'Cannot authorize token request.') except RucioException as error: raise generate_http_error(500, error.__class__.__name__, error.args[0]) except Exception as error: print(format_exc()) raise InternalError(error) if not result: raise generate_http_error(401, 'CannotAuthorize', 'Cannot authorize token request.') if 'token' in result and 'webhome' not in result: header('X-Rucio-Auth-Token', result['token'].token) # pylint: disable=no-member header('X-Rucio-Auth-Token-Expires', date_to_str(result['token'].expired_at)) # pylint: disable=no-member return str() elif 'webhome' in result: webhome = result['webhome'] if webhome is None: header('Content-Type', 'text/html') render = template.render(join(dirname(__file__), '../auth_templates/')) return render.auth_crash('unknown_identity') # domain setting is necessary so that the token gets distributed also to the webui server domain = '.'.join(urlparse.urlparse(webhome).netloc.split('.')[1:]) setcookie('x-rucio-auth-token', value=result['token'].token, domain=domain, path='/') setcookie('rucio-auth-token-created-at', value=int(time.time()), domain=domain, path='/') return seeother(webhome) else: raise BadRequest()
def GET(self): """ HTTP Success: 200 OK HTTP Error: 401 Unauthorized :param QUERY_STRING: the URL query string itself :returns: "Rucio-Auth-Token" as a variable-length string header. """ header('Access-Control-Allow-Origin', ctx.env.get('HTTP_ORIGIN')) header('Access-Control-Allow-Headers', ctx.env.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')) header('Access-Control-Allow-Methods', '*') header('Access-Control-Allow-Credentials', 'true') header('Content-Type', 'text/html') header('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate') header('Cache-Control', 'post-check=0, pre-check=0', False) header('Pragma', 'no-cache') query_string = ctx.env.get('QUERY_STRING') ip = ctx.env.get('HTTP_X_FORWARDED_FOR') if ip is None: ip = ctx.ip try: result = get_token_oidc(query_string, ip) except AccessDenied: render = template.render(join(dirname(__file__), '../auth_templates/')) return render.auth_crash('contact') raise generate_http_error(401, 'CannotAuthorize', 'Cannot authorize token request.') except RucioException as error: render = template.render(join(dirname(__file__), '../auth_templates/')) return render.auth_crash('internal_error') raise generate_http_error(500, error.__class__.__name__, error.args[0]) except Exception as error: print(format_exc()) render = template.render(join(dirname(__file__), '../auth_templates/')) return render.auth_crash('internal_error') raise InternalError(error) render = template.render(join(dirname(__file__), '../auth_templates/')) if not result: return render.auth_crash('no_result') raise generate_http_error(401, 'CannotAuthorize', 'Cannot authorize token request.') if 'fetchcode' in result: authcode = result['fetchcode'] return render.auth_granted(authcode) elif 'polling' in result and result['polling'] is True: authcode = "allok" return render.auth_granted(authcode) else: return render.auth_crash('bad_request') raise BadRequest()
def build_args(args, *keys): """check and build args""" description = None if not all(k in args for k in keys): description = 'missing parameters!' elif not all(args.get(k).strip() for k in keys): description = "parameters can't be space!" if description: raise BadRequest(description=description) return {k: args.get(k).strip() for k in keys}
def POST(self): raise BadRequest()
def DELETE(self): raise BadRequest()
def PUT(self): raise BadRequest()
def POST(self, name): raise BadRequest()
def DELETE(self): """ Not supported. """ raise BadRequest()
def PUT(self): """ Not supported. """ raise BadRequest()
def PUT(self): """ update the limits for an account """ raise BadRequest()
def POST(self): """ set the limits for an account """ raise BadRequest()
def POST(self, rse): """ Not supported. """ raise BadRequest()
def signup(): args = build_args(request.form, 'email', 'passwd') if not re.match(r'^[A-Za-z0-9\.\+_-]+@[A-Za-z0-9\._-]+\.[a-zA-Z]*$', args.get("email")): raise BadRequest(description='Invalid email format!') args['ctime'] = ctime() args['passwd'] = md5(args.get('passwd'))