def initial(self, request, *args, **kwargs):
token = request.headers.get("Authorization")
# require auth for all requests
self.backend = get_backend_from_token(token)
return super().initial(request, *args, **kwargs)
def validate_upload_access(request, workspace):
"""Validate the request can upload releases for this workspace.
This validation uses backend authentication to authenticate the user, but
then checks that user has the correct permissons."""
# authenticate and get backend
backend = get_backend_from_token(request.headers.get("Authorization"))
# The request is from an authenticated backend so we trust it to supply
# arbitrary usernames
username = request.headers.get("OS-User", "").strip()
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
raise NotAuthenticated
# check the user has access to this backend
if user not in backend.members.all():
raise NotAuthenticated
# check the user has permission to upload release files
if not has_permission(
user, "release_file_upload", project=workspace.project):
raise NotAuthenticated
return backend, user
def test_token_backend_unknown_backend():
with pytest.raises(NotAuthenticated):
get_backend_from_token("test")
def test_token_backend_success():
backend = BackendFactory(slug="tpp")
assert get_backend_from_token(backend.auth_token) == backend
def test_token_backend_no_token():
with pytest.raises(NotAuthenticated):
get_backend_from_token("")
def test_token_backend_empty_token():
with pytest.raises(NotAuthenticated):
get_backend_from_token(None)