def parse_authorization_header(value):
if not value:
return
value = wsgi_to_bytes(value)
try:
auth_type, auth_info = value.split(None, 1)
auth_type = auth_type.lower()
except ValueError:
return
if auth_type == b'session':
try:
username, userid, session = base64.b64decode(auth_info).split(
b':', 3)
userid = int(userid)
except Exception:
return
return Authorization(
'session', {
'username': bytes_to_wsgi(username),
'userid': userid,
'session': bytes_to_wsgi(session),
})
# JMO: the initial implementation used 'token',
# but the IETF specifies 'Bearer'
# (cf https://datatracker.ietf.org/doc/html/rfc6750#section-2.1 ).
# So, we allow both to maintain compatibility with previous uses,
# and be compatible with standard HTTP clients.
elif auth_type in (b'token', b'bearer'):
return Authorization('token', {'token': bytes_to_wsgi(auth_info)})
def wrapper(request, *args, **kwargs):
pool = Pool()
UserApplication = pool.get('res.user.application')
authorization = wsgi_to_bytes(request.headers['Authorization'])
try:
auth_type, auth_info = authorization.split(None, 1)
auth_type = auth_type.lower()
except ValueError:
abort(HTTPStatus.UNAUTHORIZED)
if auth_type != b'bearer':
abort(HTTPStatus.FORBIDDEN)
application = UserApplication.check(bytes_to_wsgi(auth_info), name)
if not application:
abort(HTTPStatus.FORBIDDEN)
transaction = Transaction()
# TODO language
with transaction.set_user(application.user.id), \
transaction.set_context(_check_access=True):
try:
response = func(request, *args, **kwargs)
except Exception as e:
if isinstance(e, HTTPException):
raise
logger.error('%s', request, exc_info=True)
abort(HTTPStatus.INTERNAL_SERVER_ERROR, e)
if not isinstance(response, Response) and json:
response = Response(json_.dumps(response, cls=JSONEncoder),
content_type='application/json')
return response
def get_authorization(self):
"""
Get the username and password for Basic authentication header.
:return Authentication: The authentication data or None if it is not present or invalid.
"""
auth = get_authorization_header()
if not auth:
return None
auth_type, auth_info = auth
if auth_type != b'basic':
return None
try:
username, password = base64.b64decode(auth_info).split(b':', 1)
except Exception:
return None
return Authorization('basic', username=bytes_to_wsgi(username), password=bytes_to_wsgi(password))
def parse_authorization_header(value):
if not value:
return
value = wsgi_to_bytes(value)
try:
auth_type, auth_info = value.split(None, 1)
auth_type = auth_type.lower()
except ValueError:
return
if auth_type == b'session':
try:
username, userid, session = base64.b64decode(auth_info).split(
b':', 3)
userid = int(userid)
except Exception:
return
return Authorization('session', {
'username': bytes_to_wsgi(username),
'userid': userid,
'session': bytes_to_wsgi(session),
})
def get_authorization(self):
"""
Get the username and password for Basic authentication header.
:return Authentication: The authentication data or None if it is not present or invalid.
"""
auth = get_authorization_header()
if not auth:
return None
auth_type, auth_info = auth
if auth_type != b'basic':
return None
try:
username, password = base64.b64decode(auth_info).split(b':', 1)
except Exception:
return None
return Authorization('basic',
username=bytes_to_wsgi(username),
password=bytes_to_wsgi(password))
