Ejemplo n.º 1
0
 def set_serviceplan(self, req, account_id):
     groups = req.remote_user
     if not groups:
         return None
     user_email = None
     for group in groups.split(','):
         if ':' in group:
             user_email, user_id = group.split(':')
             break
     if not user_email:
         return None
     # We do not want to accidentally set service plan
     # of one user on another user account
     if groups.split(',')[-1] != account_id:
         return None
     whitelist_data = get_data_from_url(self.whitelist_url,
                                        self.app,
                                        user_email,
                                        self.logger,
                                        req.environ)
     if not whitelist_data:
         return None
     try:
         service = json.loads(whitelist_data).get('service', None)
     except Exception:
         return HTTPInternalServerError(request=req)
     service_plan_data = {}
     for service_type, service_name in service.iteritems():
         if not self.services_url:
             self.logger.warning('No services url found in config, '
                                 'and user requests service: %s'
                                 % service_name)
             return None
         req = make_pre_authed_request(req.environ,
                                       method='GET',
                                       path='%s/%s'
                                            % (self.services_url, service_name),
                                       swift_source='litequota')
         resp = req.get_response(self.app)
         if not is_success(resp.status_int):
             self.logger.error('Error getting service object: %s %s %s'
                               % (req.path, resp.status, resp.body))
             return None
         try:
             service_data = json.loads(resp.body)
         except Exception:
             self.logger.error('Error loading service object: %s %s %s'
                               % (req.path, resp.status, resp.body))
             return None
         service_plan_data[service_type] = service_data
     print service_plan_data
     req = make_pre_authed_request(req.environ,
                                   method='POST',
                                   path='/%s/%s' % (self.version, account_id),
                                   swift_source='litequota')
     config = json.dumps(service_plan_data)
     i = 0
     while config:
         req.headers['x-account-meta-%s%d' % (self.metadata_key, i)] = \
             config[:MAX_META_VALUE_LENGTH]
         config = config[MAX_META_VALUE_LENGTH:]
         i += 1
     resp = req.get_response(self.app)
     if not is_success(resp.status_int):
         self.logger.error('Error storing service object in account: %s %s %s'
                           % (req.path, resp.status, resp.body))
         return None
     return json.dumps(service_plan_data)
Ejemplo n.º 2
0
 def do_google_login(self, req, code, state=None):
     if 'logout' in code:
         resp = Response(request=req, status=302,
                         headers={
                             'x-auth-token': 'logout',
                             'x-auth-token-expires': 0,
                             'x-storage-url': self.auth_endpoint,
                             'location': '%s%s?account=logout'
                                         % (self.service_domain, state)})
         req.response = resp
         return resp
     (stored_state, invite_code) = self.storage_driver.get_id(state)
     if not stored_state:
         req.response = HTTPUnauthorized(request=req,
                                         body='Login time expired')
         return req.response
     oauth_client = self.provider.create_for_token(self.conf,
                                                   self.auth_endpoint,
                                                   code)
     token = oauth_client.access_token
     if not token:
         req.response = HTTPUnauthorized()
         return req.response
     user_info = oauth_client.userinfo
     if not user_info:
         req.response = HTTPForbidden()
         return req.response
     account_id = self.provider.PREFIX + user_info.get('id')
     self.storage_driver.store_id(oauth_client.access_token,
                                  account_id,
                                  oauth_client.expires_in)
     if self.whitelist_url:
         email = user_info.get('email', None)
         if not email:
             return HTTPForbidden()
         whitelist_data = get_data_from_url(self.whitelist_url,
                                            self.app,
                                            email,
                                            self.logger,
                                            req.environ)
         self.logger.info('Whitelist is %s for user: %s' % (whitelist_data, email))
         if invite_code:
             invite_data = get_data_from_url(self.invite_url,
                                             self.app,
                                             invite_code,
                                             self.logger,
                                             req.environ)
             if not invite_data:
                 return HTTPFound(location='%s%s?error=invite'
                                           % (self.service_domain, stored_state))
             try:
                 invite_data = json.loads(invite_data)
             except Exception:
                 return HTTPInternalServerError(request=req)
             if not invite_data.get('service', None):
                 return HTTPInternalServerError(request=req)
             if not invite_data.get('email', None):
                 invite_data['email'] = email
                 invite_data['user_id'] = account_id
                 if not store_data_in_url(self.invite_url,
                                          self.app,
                                          invite_code,
                                          json.dumps(invite_data),
                                          req.environ):
                     return HTTPInternalServerError(request=req)
                 if not store_data_in_url(self.whitelist_url,
                                          self.app,
                                          email,
                                          json.dumps(invite_data),
                                          req.environ):
                     return HTTPInternalServerError(request=req)
             elif not whitelist_data and invite_data['email'] == email:
                 if not store_data_in_url(self.whitelist_url,
                                          self.app,
                                          email,
                                          json.dumps(invite_data),
                                          req.environ):
                     return HTTPInternalServerError(request=req)
         else:
             if whitelist_data:
                 try:
                     whitelist_data = json.loads(whitelist_data)
                 except Exception:
                     return HTTPInternalServerError(request=req)
             if not whitelist_data or not isinstance(whitelist_data, dict):
                 return HTTPFound(location='%s%s?error=whitelist'
                                           % (self.service_domain, stored_state))
             if not whitelist_data.get('service', None):
                 return HTTPInternalServerError(request=req)
             current_user = whitelist_data.get('user_id', None)
             if not current_user:
                 whitelist_data['email'] = email
                 whitelist_data['user_id'] = account_id
                 if not store_data_in_url(self.whitelist_url,
                                          self.app,
                                          email,
                                          json.dumps(whitelist_data),
                                          req.environ):
                     return HTTPInternalServerError(request=req)
     stored_info = retrieve_metadata(self.app,
                                     self.version,
                                     account_id,
                                     self.metadata_key,
                                     req.environ)
     if not stored_info:
         rtoken = oauth_client.refresh_token
         if not rtoken:
             return self.do_google_oauth(state=stored_state,
                                         invite=invite_code,
                                         approval_prompt='force')
         user_info['rtoken'] = rtoken
         user_info['hash__'] = md5(json.dumps(sorted(user_info.items()))).hexdigest()
         if not store_metadata(self.app,
                               self.version,
                               account_id,
                               self.metadata_key,
                               user_info,
                               req.environ):
             req.response = HTTPInternalServerError()
             return req.response
     else:
         rtoken = stored_info.pop('rtoken')
         stored_hash = stored_info.pop('hash__', None)
         user_hash = md5(json.dumps(sorted(user_info.items()))).hexdigest()
         if user_hash != stored_hash:
             # user changed profile data
             # we need to update our stored userinfo
             user_info['rtoken'] = rtoken
             user_info['hash__'] = user_hash
             if not store_metadata(self.app,
                                   self.version,
                                   account_id,
                                   self.metadata_key,
                                   user_info,
                                   req.environ):
                 req.response = HTTPInternalServerError()
                 return req.response
     resp = Response(request=req, status=302,
                     headers={
                         'x-auth-token': token,
                         'x-storage-token': token,
                         'x-storage-url': '%s/%s/%s'
                                          % (self.service_domain,
                                             self.version,
                                             account_id),
                         'location': '%s%s?account=%s'
                                     % (self.service_domain,
                                        stored_state or '/',
                                        account_id)})
     req.response = resp
     return resp