def PUT(self, account):
"""
Create a new identity and map it to an account.
HTTP Success:
201 Created
HTTP Error:
400 Bad Request
401 Unauthorized
500 Internal Error
:param Rucio-Auth-Token: as an 32 character hex string.
:param Rucio-Username: the desired username.
:param Rucio-Password: the desired password.
:param account: the affected account via URL.
"""
username = ctx.env.get('HTTP_X_RUCIO_USERNAME')
password = ctx.env.get('HTTP_X_RUCIO_PASSWORD')
if username is None or password is None:
raise BadRequest('Username and Password must be set.')
try:
add_identity(username, 'userpass', password)
except Exception, error:
raise InternalError(error)
def GET(self):
"""
HTTP Success:
200 OK
HTTP Error:
401 Unauthorized
:param Rucio-VO: VO name as a string (Multi-VO only).
:param Rucio-Account: Account identifier as a string.
:param Rucio-AppID: Application identifier as a string.
:param SavedCredentials: Apache mod_auth_kerb SavedCredentials.
:returns: "Rucio-Auth-Token" as a variable-length string header.
"""
header('Access-Control-Allow-Origin', ctx.env.get('HTTP_ORIGIN'))
header('Access-Control-Allow-Headers',
ctx.env.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
header('Access-Control-Allow-Methods', '*')
header('Access-Control-Allow-Credentials', 'true')
header('Access-Control-Expose-Headers', 'X-Rucio-Auth-Token')
header('Content-Type', 'application/octet-stream')
header('Cache-Control',
'no-cache, no-store, max-age=0, must-revalidate')
header('Cache-Control', 'post-check=0, pre-check=0', False)
header('Pragma', 'no-cache')
vo = ctx.env.get('HTTP_X_RUCIO_VO', '')
account = ctx.env.get('HTTP_X_RUCIO_ACCOUNT')
gsscred = ctx.env.get('REMOTE_USER')
appid = ctx.env.get('HTTP_X_RUCIO_APPID')
if appid is None:
appid = 'unknown'
ip = ctx.env.get('HTTP_X_FORWARDED_FOR')
if ip is None:
ip = ctx.ip
try:
result = get_auth_token_gss(account, gsscred, appid, ip, vo=vo)
except AccessDenied:
raise generate_http_error(
401, 'CannotAuthenticate',
'Cannot authenticate to account %(account)s with given credentials'
% locals())
if result is None:
raise generate_http_error(
401, 'CannotAuthenticate',
'Cannot authenticate to account %(account)s with given credentials'
% locals())
else:
header('X-Rucio-Auth-Token', result.token)
header('X-Rucio-Auth-Token-Expires',
date_to_str(result.expired_at))
return str()
raise BadRequest()
def GET(self):
"""
HTTP Success:
200 OK
HTTP Error:
401 Unauthorized
:param QUERY_STRING: the URL query string itself
:returns: "Rucio-Auth-Token" as a variable-length string header.
"""
header('Access-Control-Allow-Origin', ctx.env.get('HTTP_ORIGIN'))
header('Access-Control-Allow-Headers', ctx.env.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
header('Access-Control-Allow-Methods', '*')
header('Access-Control-Allow-Credentials', 'true')
header('Content-Type', 'application/octet-stream')
header('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate')
header('Cache-Control', 'post-check=0, pre-check=0', False)
header('Pragma', 'no-cache')
query_string = ctx.env.get('QUERY_STRING')
ip = ctx.env.get('HTTP_X_FORWARDED_FOR')
if ip is None:
ip = ctx.ip
try:
result = get_token_oidc(query_string, ip)
except AccessDenied:
raise generate_http_error(401, 'CannotAuthorize', 'Cannot authorize token request.')
except RucioException as error:
raise generate_http_error(500, error.__class__.__name__, error.args[0])
except Exception as error:
print(format_exc())
raise InternalError(error)
if not result:
raise generate_http_error(401, 'CannotAuthorize', 'Cannot authorize token request.')
if 'token' in result and 'webhome' not in result:
header('X-Rucio-Auth-Token', result['token'].token) # pylint: disable=no-member
header('X-Rucio-Auth-Token-Expires', date_to_str(result['token'].expired_at)) # pylint: disable=no-member
return str()
elif 'webhome' in result:
webhome = result['webhome']
if webhome is None:
header('Content-Type', 'text/html')
render = template.render(join(dirname(__file__), '../auth_templates/'))
return render.auth_crash('unknown_identity')
# domain setting is necessary so that the token gets distributed also to the webui server
domain = '.'.join(urlparse.urlparse(webhome).netloc.split('.')[1:])
setcookie('x-rucio-auth-token', value=result['token'].token, domain=domain, path='/')
setcookie('rucio-auth-token-created-at', value=int(time.time()), domain=domain, path='/')
return seeother(webhome)
else:
raise BadRequest()
def GET(self):
"""
HTTP Success:
200 OK
HTTP Error:
401 Unauthorized
:param QUERY_STRING: the URL query string itself
:returns: "Rucio-Auth-Token" as a variable-length string header.
"""
header('Access-Control-Allow-Origin', ctx.env.get('HTTP_ORIGIN'))
header('Access-Control-Allow-Headers', ctx.env.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
header('Access-Control-Allow-Methods', '*')
header('Access-Control-Allow-Credentials', 'true')
header('Content-Type', 'text/html')
header('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate')
header('Cache-Control', 'post-check=0, pre-check=0', False)
header('Pragma', 'no-cache')
query_string = ctx.env.get('QUERY_STRING')
ip = ctx.env.get('HTTP_X_FORWARDED_FOR')
if ip is None:
ip = ctx.ip
try:
result = get_token_oidc(query_string, ip)
except AccessDenied:
render = template.render(join(dirname(__file__), '../auth_templates/'))
return render.auth_crash('contact')
raise generate_http_error(401, 'CannotAuthorize', 'Cannot authorize token request.')
except RucioException as error:
render = template.render(join(dirname(__file__), '../auth_templates/'))
return render.auth_crash('internal_error')
raise generate_http_error(500, error.__class__.__name__, error.args[0])
except Exception as error:
print(format_exc())
render = template.render(join(dirname(__file__), '../auth_templates/'))
return render.auth_crash('internal_error')
raise InternalError(error)
render = template.render(join(dirname(__file__), '../auth_templates/'))
if not result:
return render.auth_crash('no_result')
raise generate_http_error(401, 'CannotAuthorize', 'Cannot authorize token request.')
if 'fetchcode' in result:
authcode = result['fetchcode']
return render.auth_granted(authcode)
elif 'polling' in result and result['polling'] is True:
authcode = "allok"
return render.auth_granted(authcode)
else:
return render.auth_crash('bad_request')
raise BadRequest()
def build_args(args, *keys):
"""check and build args"""
description = None
if not all(k in args for k in keys):
description = 'missing parameters!'
elif not all(args.get(k).strip() for k in keys):
description = "parameters can't be space!"
if description:
raise BadRequest(description=description)
return {k: args.get(k).strip() for k in keys}
def POST(self):
raise BadRequest()
def DELETE(self):
raise BadRequest()
def PUT(self):
raise BadRequest()
def POST(self, name):
raise BadRequest()
def DELETE(self):
""" Not supported. """
raise BadRequest()
def PUT(self):
""" Not supported. """
raise BadRequest()
def PUT(self):
""" update the limits for an account """
raise BadRequest()
def POST(self):
""" set the limits for an account """
raise BadRequest()
def POST(self, rse):
""" Not supported. """
raise BadRequest()
def signup():
args = build_args(request.form, 'email', 'passwd')
if not re.match(r'^[A-Za-z0-9\.\+_-]+@[A-Za-z0-9\._-]+\.[a-zA-Z]*$', args.get("email")):
raise BadRequest(description='Invalid email format!')
args['ctime'] = ctime()
args['passwd'] = md5(args.get('passwd'))
