class BasicAuthLogoutView(LogoutView): context(OmsRoot) name('basicauthlogout') require('oms.nothing') def render_GET(self, request): super(BasicAuthLogoutView, self).render_GET(request) raise Unauthorized()
class OncRootView(HttpRestView): """This view will never render, it's just used to attach the ONCViewFactory which will create a new OncView depending on the sub-path. """ context(OncPlugin) # html and js have to be open. # We'll be able to close some parts of javascripts # but core stuff has to be open otherwise we cannot render # the Onc login window require('oms.nothing')
class AuthView(HttpRestView): context(OmsRoot) name('auth') require('oms.nothing') realm = 'OMS' BASIC_AUTH_DEFAULT = 'false' # Should be render_GET but ONC (i.e. ExtJS) cannot attach a request body to GET requests def render(self, request): log.info('Incoming authentication request from %s' % request.getClientIP()) authentication_utility = getUtility(IHttpRestAuthenticationUtility) # enable basic auth only if explicitly requested basic_auth = request.args.get('basic_auth', [self.BASIC_AUTH_DEFAULT])[0] != 'false' body = request.content.getvalue() if request.args.get('username') and request.args.get('password'): credentials = UsernamePassword( request.args.get('username')[0], request.args.get('password')[0]) elif body: try: params = json.loads(body) except ValueError: raise BadRequest("The request body not JSON-parsable") # cannot be unicode username = str(params['username']) password = str(params['password']) credentials = UsernamePassword(username, password) else: credentials = authentication_utility.get_basic_auth_credentials( request) # if already authenticated, return success even if the request didn't provide auth credentials if not credentials and request.interaction.checkPermission( 'rest', object): return {'status': 'success'} # XXX: refactor HttpRestServer.handle_request so that it's not a db.transact # so that we can use a defer.inlineCallback here return blocking_yield( authentication_utility.authenticate(request, credentials, basic_auth))
class OncView(object): implements(IHttpRestView) require('oms.nothing') def __init__(self, resource): self.resource = resource def rw_transaction(self, request): return False def render(self, request): res = self.resource.render(request) # if twisted returns '' it means that there was some http error # status code like 304 in case of If-Modified-Since header the file hasn't been modified # Twisted File resource doesn't close the connection, so we have to close it. if not res: request.finish() return NOT_DONE_YET
class OncConfigView(object): implements(IHttpRestView) require('oms.nothing') def __init__(self, path): self.path = path def rw_transaction(self, request): return False def render(self, request): cfg = '' if os.path.exists(self.path): cfg = open(self.path, 'r').read() if not re.match('^BACKEND_PREFIX =', cfg, re.MULTILINE): cfg += "BACKEND_PREFIX='/'" request.write(cfg) request.finish() return NOT_DONE_YET
class HttpRestView(Adapter): implements(IHttpRestView) baseclass() require('rest') __builtin_attributes__ = ['id', 'children'] def filter_attributes(self, request, data): """Handle the filtering of attributes according to the 'attrs' parameter in the request""" attrs = request.args.get('attrs', [''])[0] if attrs: filtered_data = {} for a in attrs.decode('utf-8').split( ',') + self.__builtin_attributes__: if a in data: filtered_data[a] = data[a] return filtered_data return data def render_recursive(self, request, depth): for method in ('render_' + request.method, 'render'): if hasattr(self, method): return self.filter_attributes(request, getattr(self, method)(request)) raise NotImplemented("method %s not implemented\n" % request.method) def render_OPTIONS(self, request): all_methods = ['GET', 'POST', 'PUT', 'DELETE', 'HEAD'] has_methods = [ m for m in all_methods if hasattr(self, 'render_%s' % m) ] + ['OPTIONS'] request.setHeader('Allow', ', '.join(has_methods)) from opennode.oms.endpoint.httprest.root import EmptyResponse return EmptyResponse def rw_transaction(self, request): return request.method != 'GET'
class MultipleView(grok.Context): grok.require(One) grok.require(Two)
class BasicAuthView(AuthView): context(OmsRoot) name('basicauth') require('oms.nothing') BASIC_AUTH_DEFAULT = 'true'
class MissingPermission(grok.Context): grok.require('doesnt.exist')
class ProtectedObject(grok.Context): grok.require(ThePermission) protected = 'this is protected'