def formplayer_as_user_auth(view): """Auth decorator for requests coming from Formplayer that are authenticated using the shared key. All requests with this decorator require the `as` param in order to simulate auth by that user. This is used by SMS forms. """ @wraps(view) def _inner(request, *args, **kwargs): with mutable_querydict(request.GET): as_user = request.GET.pop('as', None) if not as_user: return HttpResponse('User required', status=401) couch_user = CouchUser.get_by_username(as_user[-1]) if not couch_user: return HttpResponse('Unknown user', status=401) request.user = couch_user.get_django_user() request.couch_user = couch_user return view(request, *args, **kwargs) return validate_request_hmac('FORMPLAYER_INTERNAL_AUTH_KEY', ignore_if_debug=True)(_inner)
def formplayer_as_user_auth(view): """Auth decorator for requests coming from Formplayer that are authenticated using the shared key. All requests with this decorator require the `as` param in order to simulate auth by that user. This is used by SMS forms. """ @wraps(view) def _inner(request, *args, **kwargs): with mutable_querydict(request.GET): as_user = request.GET.pop('as', None) if not as_user: return HttpResponse('User required', status=401) couch_user = CouchUser.get_by_username(as_user[-1]) if not couch_user: return HttpResponse('Unknown user', status=401) request.user = couch_user.get_django_user() request.couch_user = couch_user return view(request, *args, **kwargs) return validate_request_hmac('FORMPLAYER_INTERNAL_AUTH_KEY', ignore_if_debug=True)(_inner)
def formplayer_auth(view): return validate_request_hmac('FORMPLAYER_INTERNAL_AUTH_KEY', ignore_if_debug=True)(view)
urlname = 'web_user_data' @method_decorator(check_lockout) @method_decorator(basicauth()) def get(self, request, *args, **kwargs): couch_user = CouchUser.from_django_user(request.user) if couch_user.is_web_user(): data = {'domains': couch_user.domains} return JsonResponse(data) else: return HttpResponse('Only web users can access this endpoint', status=400) @method_decorator(csrf_exempt, name='dispatch') @method_decorator(validate_request_hmac('FORMPLAYER_INTERNAL_AUTH_KEY', ignore_if_debug=True), name='dispatch') class SessionDetailsView(View): """ Internal API to allow formplayer to get the Django user ID from the session key. Authentication is done by HMAC signing of the request body: secret = settings.FORMPLAYER_INTERNAL_AUTH_KEY data = '{"session_id": "123"}' digest = base64.b64encode(hmac.new(secret, data, hashlib.sha256).digest()) requests.post(url, data=data, headers={'X-MAC-DIGEST': digest}) """ urlname = 'session_details' http_method_names = ['post']
def formplayer_auth(view): return validate_request_hmac('FORMPLAYER_INTERNAL_AUTH_KEY', ignore_if_debug=True)(view)
def formplayer_auth(view): return validate_request_hmac('FORMPLAYER_INTERNAL_AUTH_KEY')(view)