def authorize_request(event):
req = event.request
try:
userid = req.headers['X-Ops-Userid']
creq = canonical_request(
req.method,
canonical_path(req.path_info),
req.headers['X-Ops-Content-Hash'],
req.headers['X-Ops-Timestamp'],
userid)
assert sha1_base64(req.body) == req.headers['X-Ops-Content-Hash'], (
'Bad body hash')
client = M.Client.query.get(name=userid)
if client is None:
return
sig_hdrs = [
(k,v) for k,v in req.headers.items()
if k.startswith('X-Ops-Authorization-') ]
sig_hdrs = [
(int(k.rsplit('-', 1)[-1]), v)
for k,v in sig_hdrs ]
sig_hdrs = sorted(sig_hdrs)
b64_sig = ''.join(v for k,v in sig_hdrs)
signature = binascii.a2b_base64(b64_sig)
if _signature_is_valid(client.key, signature, creq):
req.environ['REMOTE_USER'] = client.name
req.environ['REMOTE_ACCOUNT'] = client.account
req.environ['CLIENT'] = client
req.environ['REMOTE_USER'] = client
req.chef_client = client
req.chef_account = client.account
except KeyError:
pass
except:
log.exception('Error in authorize_request')
pass
def hash_body(request):
return sha1_base64(request.raw_post_data)
