Ejemplo n.º 1
0
def includeme(config):
    # import needs to be here, otherwise ImportError happens during setup.py install (modules not yet installed)
    # pylint: disable=C0415
    from pyramid.events import NewRequest
    from pyramid.tweens import EXCVIEW

    from magpie.api import generic as ag
    from magpie.constants import get_constant
    from magpie.utils import fully_qualified_name, get_logger, log_exception_tween, log_request

    mod_dir = get_constant("MAGPIE_MODULE_DIR", config)
    logger = get_logger(__name__)
    logger.info("Adding MAGPIE_MODULE_DIR='%s' to path.", mod_dir)
    sys.path.insert(0, mod_dir)

    config.add_exception_view(ag.internal_server_error)
    config.add_forbidden_view(ag.unauthorized_or_forbidden)
    config.add_notfound_view(RemoveSlashNotFoundViewFactory(
        ag.not_found_or_method_not_allowed),
                             append_slash=True)
    config.set_default_permission(
        get_constant("MAGPIE_ADMIN_PERMISSION", config))

    tween_position = fully_qualified_name(ag.apply_response_format_tween)
    config.add_tween(tween_position, over=EXCVIEW)
    if get_constant("MAGPIE_LOG_REQUEST", config):
        config.add_subscriber(log_request, NewRequest)
    if get_constant("MAGPIE_LOG_EXCEPTION", config):
        tween_name = fully_qualified_name(log_exception_tween)
        config.add_tween(tween_name, under=tween_position)
        tween_position = tween_name
    config.add_tween(fully_qualified_name(ag.validate_accept_header_tween),
                     under=tween_position)

    config.include("cornice")
    config.include("cornice_swagger")
    config.include("pyramid_chameleon")
    config.include("pyramid_beaker")
    config.include("pyramid_mako")
    config.include("magpie.api")
    config.include("magpie.db")
    if get_constant("MAGPIE_UI_ENABLED", config):
        config.include("magpie.ui")
    else:
        logger.warning("Magpie UI not enabled.")
Ejemplo n.º 2
0
    def __init__(self, *args, **kwargs):
        super(WSO2, self).__init__(*args, **kwargs)
        self.hostname = self._kwarg(kwargs, "hostname",
                                    "https://localhost:9443")
        self.url = self._kwarg(
            kwargs, "redirect_uri",
            "http://localhost:2001/magpie/providers/wso2/signin")
        self.access_token_url = "{}/oauth2/token".format(self.hostname)
        self.user_authorization_url = "{}/oauth2/authorize".format(
            self.hostname)
        self.user_info_url = "{}/oauth2/userinfo".format(self.hostname)
        self.user_info_scope = self._kwarg(kwargs, "user_info_scope",
                                           ["openid"])
        self.scope = self._kwarg(kwargs, "scope", ["openid"])
        self.cert = self._kwarg(kwargs, "certificate_file", None)
        self.verify = self._kwarg(kwargs, "ssl_verify", True)

        self._logger = get_logger(__name__, level=logging.DEBUG)

        if self.verify and self.cert and not path.isfile(self.cert):
            raise ValueError(
                "Specified WSO2 certificate file cannot be found. [path: {!r}]"
                .format(self.cert))
Ejemplo n.º 3
0
def includeme(config):
    # import needs to be here, otherwise ImportError happens during setup.py install (modules not yet installed)
    from magpie.api.generic import internal_server_error, unauthorized_or_forbidden, not_found_or_method_not_allowed
    from magpie.constants import get_constant
    from magpie.definitions.pyramid_definitions import NewRequest, EXCVIEW
    from magpie.utils import get_logger

    mod_dir = get_constant("MAGPIE_MODULE_DIR", config)
    logger = get_logger(__name__)
    logger.info("Adding MAGPIE_MODULE_DIR='{}' to path.".format(mod_dir))
    sys.path.insert(0, mod_dir)

    config.add_exception_view(internal_server_error)
    config.add_forbidden_view(unauthorized_or_forbidden)
    config.add_notfound_view(not_found_or_method_not_allowed)

    config.set_default_permission(get_constant("MAGPIE_ADMIN_PERMISSION", config))
    tween_position = EXCVIEW
    if get_constant("MAGPIE_LOG_REQUEST", config):
        config.add_subscriber("magpie.utils.log_request", NewRequest)
    if get_constant("MAGPIE_LOG_EXCEPTION", config):
        config.add_tween("magpie.utils.log_exception_tween", under=tween_position)
        tween_position = "magpie.utils.log_exception_tween"
    config.add_tween("magpie.api.generic.validate_accept_header_tween", under=tween_position)

    config.include("cornice")
    config.include("cornice_swagger")
    config.include("pyramid_chameleon")
    config.include("pyramid_beaker")
    config.include("pyramid_mako")
    config.include("magpie.definitions")
    config.include("magpie.api")
    config.include("magpie.db")
    if get_constant("MAGPIE_UI_ENABLED", config):
        config.include("magpie.ui")
    else:
        logger.warning("Magpie UI not enabled.")
Ejemplo n.º 4
0
from magpie.api import schemas as s
from magpie.utils import get_logger

LOGGER = get_logger(__name__)


def includeme(config):
    LOGGER.info("Adding API resource...")
    # Add all the rest api routes
    config.add_route(**s.service_api_route_info(s.ResourcesAPI))
    config.add_route(**s.service_api_route_info(s.ResourceAPI))
    config.add_route(**s.service_api_route_info(s.ResourcePermissionsAPI))

    config.scan()
Ejemplo n.º 5
0
    IAuthorizationPolicy,
    asbool,
)
from magpie.definitions.twitcher_definitions import (
    OWSSecurityInterface,
    OWSAccessForbidden,
    parse_service_name,
)
from magpie.models import Service
from magpie.permissions import Permission
from magpie.services import service_factory
from magpie.utils import get_magpie_url, get_settings, get_logger, CONTENT_TYPE_JSON
from requests.cookies import RequestsCookieJar
from six.moves.urllib.parse import urlparse
import requests
LOGGER = get_logger("TWITCHER")


class MagpieOWSSecurity(OWSSecurityInterface):
    def __init__(self, request):
        super(MagpieOWSSecurity, self).__init__()
        self.magpie_url = get_magpie_url(request)
        self.settings = get_settings(request)
        self.twitcher_ssl_verify = asbool(
            self.settings.get("twitcher.ows_proxy_ssl_verify", True))
        self.twitcher_protected_path = self.settings.get(
            "twitcher.ows_proxy_protected_path", "/ows")

    def check_request(self, request):
        if request.path.startswith(self.twitcher_protected_path):
            service_name = parse_service_name(request.path,
Ejemplo n.º 6
0
from pyramid.config import Configurator
from pyramid.settings import asbool
from ziggurat_foundations.models import groupfinder

from magpie.api.login import esgfopenid, wso2
from magpie.constants import get_constant
from magpie.models import RootFactory
from magpie.utils import get_logger, get_settings

if TYPE_CHECKING:
    # pylint: disable=W0611,unused-import
    from typing import List, Optional

    from magpie.typedefs import AnySettingsContainer, JSON, Str

AUTHOMATIC_LOGGER = get_logger("magpie.authomatic", level=logging.DEBUG)
LOGGER = get_logger(__name__)


def mask_credentials(container, redact="[REDACTED]", flags=None, parent=None):
    # type: (JSON, Str, Optional[List[Str]], Optional[Str]) -> JSON
    """
    Masks away any credential matched against :paramref:`flags` recursively from JSON :paramref:`container`.

    Matched credential entries are replaced by :paramref:`redact`. List items are all replaced by the same
    :paramref:`redact` when their :paramref:`parent` field name is matched.

    :param container: JSON container to mask.
        If starting with a list on top-level, first level children will not be masked unless parent is provided.
    :param redact: string by which to replace flagged fields.
    :param flags: field names (partial matches) to flag for masking.
Ejemplo n.º 7
0
def includeme(config):
    from magpie.utils import get_logger
    logger = get_logger(__name__)
    logger.info("Adding definitions...")
Ejemplo n.º 8
0
from magpie.api.login import esgfopenid, wso2
from magpie.constants import get_constant
from magpie.definitions.pyramid_definitions import (
    AuthTktAuthenticationPolicy, ACLAuthorizationPolicy, Configurator, asbool)
from magpie.definitions.ziggurat_definitions import groupfinder
from magpie.utils import get_logger, get_settings
from authomatic import Authomatic, provider_id
from authomatic.providers import oauth2, openid
from typing import TYPE_CHECKING
import logging
if TYPE_CHECKING:
    from magpie.definitions.typedefs import JSON  # noqa: F401
AUTHOMATIC_LOGGER = get_logger('magpie.authomatic', level=logging.DEBUG)
LOGGER = get_logger('magpie.security')


def get_auth_config(container):
    settings = get_settings(container)
    magpie_secret = get_constant('MAGPIE_SECRET',
                                 settings,
                                 settings_name='magpie.secret')
    magpie_cookie_expire = get_constant('MAGPIE_COOKIE_EXPIRE',
                                        settings,
                                        settings_name='magpie.cookie_expire',
                                        default_value=None,
                                        raise_missing=False,
                                        raise_not_set=False,
                                        print_missing=True)
    magpie_cookie_name = get_constant('MAGPIE_COOKIE_NAME',
                                      settings,
                                      settings_name='magpie.cookie_name',
Ejemplo n.º 9
0
from typing import TYPE_CHECKING

import requests

from magpie.constants import get_constant
from magpie.register import get_all_configs, pseudo_random_string
from magpie.utils import get_json, get_logger

if TYPE_CHECKING:
    from typing import Any, Dict, List, Optional, Sequence

    from magpie.typedefs import Str
    UserConfig = List[Dict[Str, Str]]

LOGGER = get_logger(__name__,
                    message_format="%(asctime)s - %(levelname)s - %(message)s",
                    datetime_format="%d-%b-%y %H:%M:%S",
                    force_stdout=False)

ERROR_PARAMS = 2
ERROR_EXEC = 1


def format_response(response):
    response_json = get_json(response)
    return str(response_json.get("code")) + " : " + str(
        response_json.get("detail"))


def get_login_session(magpie_url, username, password, return_response=False):
    session = requests.Session()
    data = {"user_name": username, "password": password}