def set_serviceplan(self, req, account_id):
groups = req.remote_user
if not groups:
return None
user_email = None
for group in groups.split(','):
if ':' in group:
user_email, user_id = group.split(':')
break
if not user_email:
return None
# We do not want to accidentally set service plan
# of one user on another user account
if groups.split(',')[-1] != account_id:
return None
whitelist_data = get_data_from_url(self.whitelist_url,
self.app,
user_email,
self.logger,
req.environ)
if not whitelist_data:
return None
try:
service = json.loads(whitelist_data).get('service', None)
except Exception:
return HTTPInternalServerError(request=req)
service_plan_data = {}
for service_type, service_name in service.iteritems():
if not self.services_url:
self.logger.warning('No services url found in config, '
'and user requests service: %s'
% service_name)
return None
req = make_pre_authed_request(req.environ,
method='GET',
path='%s/%s'
% (self.services_url, service_name),
swift_source='litequota')
resp = req.get_response(self.app)
if not is_success(resp.status_int):
self.logger.error('Error getting service object: %s %s %s'
% (req.path, resp.status, resp.body))
return None
try:
service_data = json.loads(resp.body)
except Exception:
self.logger.error('Error loading service object: %s %s %s'
% (req.path, resp.status, resp.body))
return None
service_plan_data[service_type] = service_data
print service_plan_data
req = make_pre_authed_request(req.environ,
method='POST',
path='/%s/%s' % (self.version, account_id),
swift_source='litequota')
config = json.dumps(service_plan_data)
i = 0
while config:
req.headers['x-account-meta-%s%d' % (self.metadata_key, i)] = \
config[:MAX_META_VALUE_LENGTH]
config = config[MAX_META_VALUE_LENGTH:]
i += 1
resp = req.get_response(self.app)
if not is_success(resp.status_int):
self.logger.error('Error storing service object in account: %s %s %s'
% (req.path, resp.status, resp.body))
return None
return json.dumps(service_plan_data)
def do_google_login(self, req, code, state=None):
if 'logout' in code:
resp = Response(request=req, status=302,
headers={
'x-auth-token': 'logout',
'x-auth-token-expires': 0,
'x-storage-url': self.auth_endpoint,
'location': '%s%s?account=logout'
% (self.service_domain, state)})
req.response = resp
return resp
(stored_state, invite_code) = self.storage_driver.get_id(state)
if not stored_state:
req.response = HTTPUnauthorized(request=req,
body='Login time expired')
return req.response
oauth_client = self.provider.create_for_token(self.conf,
self.auth_endpoint,
code)
token = oauth_client.access_token
if not token:
req.response = HTTPUnauthorized()
return req.response
user_info = oauth_client.userinfo
if not user_info:
req.response = HTTPForbidden()
return req.response
account_id = self.provider.PREFIX + user_info.get('id')
self.storage_driver.store_id(oauth_client.access_token,
account_id,
oauth_client.expires_in)
if self.whitelist_url:
email = user_info.get('email', None)
if not email:
return HTTPForbidden()
whitelist_data = get_data_from_url(self.whitelist_url,
self.app,
email,
self.logger,
req.environ)
self.logger.info('Whitelist is %s for user: %s' % (whitelist_data, email))
if invite_code:
invite_data = get_data_from_url(self.invite_url,
self.app,
invite_code,
self.logger,
req.environ)
if not invite_data:
return HTTPFound(location='%s%s?error=invite'
% (self.service_domain, stored_state))
try:
invite_data = json.loads(invite_data)
except Exception:
return HTTPInternalServerError(request=req)
if not invite_data.get('service', None):
return HTTPInternalServerError(request=req)
if not invite_data.get('email', None):
invite_data['email'] = email
invite_data['user_id'] = account_id
if not store_data_in_url(self.invite_url,
self.app,
invite_code,
json.dumps(invite_data),
req.environ):
return HTTPInternalServerError(request=req)
if not store_data_in_url(self.whitelist_url,
self.app,
email,
json.dumps(invite_data),
req.environ):
return HTTPInternalServerError(request=req)
elif not whitelist_data and invite_data['email'] == email:
if not store_data_in_url(self.whitelist_url,
self.app,
email,
json.dumps(invite_data),
req.environ):
return HTTPInternalServerError(request=req)
else:
if whitelist_data:
try:
whitelist_data = json.loads(whitelist_data)
except Exception:
return HTTPInternalServerError(request=req)
if not whitelist_data or not isinstance(whitelist_data, dict):
return HTTPFound(location='%s%s?error=whitelist'
% (self.service_domain, stored_state))
if not whitelist_data.get('service', None):
return HTTPInternalServerError(request=req)
current_user = whitelist_data.get('user_id', None)
if not current_user:
whitelist_data['email'] = email
whitelist_data['user_id'] = account_id
if not store_data_in_url(self.whitelist_url,
self.app,
email,
json.dumps(whitelist_data),
req.environ):
return HTTPInternalServerError(request=req)
stored_info = retrieve_metadata(self.app,
self.version,
account_id,
self.metadata_key,
req.environ)
if not stored_info:
rtoken = oauth_client.refresh_token
if not rtoken:
return self.do_google_oauth(state=stored_state,
invite=invite_code,
approval_prompt='force')
user_info['rtoken'] = rtoken
user_info['hash__'] = md5(json.dumps(sorted(user_info.items()))).hexdigest()
if not store_metadata(self.app,
self.version,
account_id,
self.metadata_key,
user_info,
req.environ):
req.response = HTTPInternalServerError()
return req.response
else:
rtoken = stored_info.pop('rtoken')
stored_hash = stored_info.pop('hash__', None)
user_hash = md5(json.dumps(sorted(user_info.items()))).hexdigest()
if user_hash != stored_hash:
# user changed profile data
# we need to update our stored userinfo
user_info['rtoken'] = rtoken
user_info['hash__'] = user_hash
if not store_metadata(self.app,
self.version,
account_id,
self.metadata_key,
user_info,
req.environ):
req.response = HTTPInternalServerError()
return req.response
resp = Response(request=req, status=302,
headers={
'x-auth-token': token,
'x-storage-token': token,
'x-storage-url': '%s/%s/%s'
% (self.service_domain,
self.version,
account_id),
'location': '%s%s?account=%s'
% (self.service_domain,
stored_state or '/',
account_id)})
req.response = resp
return resp