def email_str(request):
authenticator = Authenticator()
try:
authenticator.validate(request)
except AuthenticationException:
return authenticator.error_response()
return HttpResponse(authenticator.user.email)
def write_key(request):
'''write the password used to encrypt funf database files to your PDS'''
response = None
try:
token = request.GET['bearer_token']
scope = "funf_write"
scope = AccessRange.objects.get(key="funf_write")
authenticator = Authenticator(scope=scope)
try:
# Validate the request.
authenticator.validate(request)
except AuthenticationException:
# Return an error response.
return authenticator.error_response(
content="You didn't authenticate.")
profile = authenticator.user.get_profile()
profile.funf_password = json.loads(request.raw_post_data)['key']
profile.save()
response_content = json.dumps({'status': 'success'})
response = HttpResponse(content=response_content)
except Exception as ex:
print "EXCEPTION:"
print ex
response = HttpResponseBadRequest('failed to write funf key')
return response
def email_str(request):
authenticator = Authenticator()
try:
authenticator.validate(request)
except AuthenticationException:
return authenticator.error_response()
return HttpResponse(authenticator.user.email)
def write_key(request):
'''write the password used to encrypt funf database files to your PDS'''
response = None
try:
token = request.GET['bearer_token']
scope = "funf_write"
print "POST data"
scope = AccessRange.objects.get(key="funf_write")
authenticator = Authenticator(scope=scope)
try:
# Validate the request.
authenticator.validate(request)
except AuthenticationException:
# Return an error response.
return authenticator.error_response(content="You didn't authenticate.")
username = authenticator.user.get_profile().funf_password
profile = authenticator.user.get_profile()
profile.funf_password = json.loads(request.raw_post_data)['key']
profile.save()
response_content = json.dumps({'status':'success'})
response = HttpResponse(content=response_content)
except Exception as ex:
print "EXCEPTION:"
print ex
response = HttpResponseBadRequest('failed to write funf key')
return response
def last_name_str(request):
scope = AccessRange.objects.get(key="last_name")
authenticator = Authenticator(scope=scope)
try:
authenticator.validate(request)
except AuthenticationException:
return authenticator.error_response()
return HttpResponse(authenticator.user.last_name)
def first_and_last_name_str(request):
scope = AccessRange.objects.filter(key__in=["first_name", "last_name"])
authenticator = Authenticator(scope=scope)
try:
authenticator.validate(request)
except AuthenticationException:
return authenticator.error_response()
return HttpResponse(authenticator.user.first_name + " " + authenticator.user.last_name)
def last_name_str(request):
scope = AccessRange.objects.get(key="last_name")
authenticator = Authenticator(scope=scope)
try:
authenticator.validate(request)
except AuthenticationException:
return authenticator.error_response()
return HttpResponse(authenticator.user.last_name)
def first_and_last_name_str(request):
scope = AccessRange.objects.filter(key__in=["first_name", "last_name"])
authenticator = Authenticator(scope=scope)
try:
authenticator.validate(request)
except AuthenticationException:
return authenticator.error_response()
return HttpResponse(authenticator.user.first_name + " " +
authenticator.user.last_name)
def process_request(self, request):
authenticator = Authenticator()
try:
authenticator.validate(request)
except AuthenticationException as e:
if authenticator.bearer_token or authenticator.auth_type in ['bearer', 'mac']:
return authenticator.error_response(content="You didn't authenticate.")
else:
request.user = OAuth2ProxyUser(authenticator.access_token)
def check(request):
""""Page accessed by check script to verify router has token. """
authenticator = Authenticator()
try:
# Validate the request.
authenticator.validate(request)
except AuthenticationException:
# Return an error response.
return authenticator.error_response(content="You didn't authenticate.")
username = authenticator.user.email
return HttpResponse(content="good token %s" % username)
def check(request):
""""Page accessed by check script to verify router has token. """
authenticator = Authenticator()
try:
# Validate the request.
authenticator.validate(request)
except AuthenticationException:
# Return an error response.
return authenticator.error_response(content="You didn't authenticate.")
username = authenticator.user.email
return HttpResponse(content="good token %s" % username)
def storage(request, acct, path=""):
# Fast-path for CORS preflight requests
if (
request.method == "OPTIONS"
and request.META.get("HTTP_ORIGIN")
and request.META.get("HTTP_ACCESS_CONTROL_REQUEST_METHOD")
):
# Mirror response headers
response = HttpResponse("")
response["Access-Control-Allow-Origin"] = request.META["HTTP_ORIGIN"]
response["Access-Control-Allow-Methods"] = request.META["HTTP_ACCESS_CONTROL_REQUEST_METHOD"]
response["Access-Control-Allow-Headers"] = request.META.get("HTTP_ACCESS_CONTROL_REQUEST_HEADERS", "*")
return response
authenticator = Authenticator()
try:
authenticator.validate(request)
except AuthenticationException:
auth_fail = authenticator.error_response(
content="OAuth2 authentication failure," ' see "WWW-Authenticate" header for details.'
)
else:
auth_fail = None
# It's also possible to check that acct==user here,
# but I'm not sure about how and when it's actually useful
# Normalize the path
path = "/".join(it.ifilter(None, path.split("/")))
# Check if access to path is authorized for this token
category = dirname(path)
path_caps, auth_required = caps(request.method)
path_caps = list("{}:{}".format(category, cap) for cap in path_caps)
log.debug(("(acct: {}, path: {}) required" " cap (any): {}").format(acct, path, ", ".join(path_caps)))
if auth_fail:
# One special case - "public:r" access, otherwise 401
if auth_required or "public:r" not in path_caps:
return auth_fail
user = User.objects.get(username=acct)
elif not authenticator.scope.filter(key__in=path_caps).exists():
# Authorized clients get 403 instead
log.debug(
("(acct: {}, path: {}) access denied," " caps available: {}").format(
acct, path, ", ".join(authenticator.scope.values_list("key", flat=True))
)
)
return HttpResponseForbidden(
"Access (method: {})" ' to path "{}" is forbidden for this token.'.format(request.method, path)
)
else:
user = authenticator.user
return storage_api(request, StoredObject.objects.user_path(user, path))
def setUp(self):
self.authenticator = Authenticator(authentication_method='')
class Request(object):
pass
self.request = Request()
def authenticate_token(request, scope=None, client_id=None):
authenticator = Authenticator()
try: authenticator.validate(request)
except AuthenticationException: return {'error': authenticator.error.message}
auth_client_id = AccessToken.objects.get(token=request.REQUEST.get('bearer_token')).client.key
auth_scope = [x.scope for x in authenticator.scope]
if type(scope) == str: scope = [scope]
if not scope == None:
if not set(scope).issubset(set(auth_scope)):
return {'error':'token not authorized for this scope'}
if not client_id == None:
if not client_id == auth_client_id:
return {'error':'token not authorized for this client_id'}
return {'ok': 'success', 'user': authenticator.user, 'scope': auth_scope, 'client_id': auth_client_id}
def attributes(request):
authenticator = Authenticator()
requested_attributes = request.REQUEST.get('attributes', '').split(',')
try:
authenticator.validate(request)
except AuthenticationException:
return authenticator.error_response(content="You didn't authenticate.")
scope = authenticator.scope
user = authenticator.user
response = {}
for attribute in requested_attributes:
try: a = Attribute.objects.get(attribute=attribute)
except Attribute.DoesNotExist: continue
if a.scope in scope:
try: response[attribute] = eval('user.'+attribute)
except: pass
return HttpResponse(json.dumps(response))
def get_system_entity_connection(request):
response_content = {}
try:
scope = AccessRange.objects.get(key="system_entity")
authenticator = Authenticator(scope=scope)
authenticator.validate(request)
if scope not in authenticator.scope:
raise Exception("Access token is insufficient to get a system entity connection")
pdslocationlist = list()
for user in User.objects.all():
pdslocationlist.append(user.get_profile().pds_location)
response_content['pds_locations']=pdslocationlist
response_content['status']="success"
except Exception as e:
response_content['status']="error"
response_content['message']="failed to connect as system entity"
logging.debug(e)
return HttpResponse(json.dumps(response_content), mimetype="application/json")
def get_system_entity_connection(request):
response_content = {}
try:
scope = AccessRange.objects.get(key="system_entity")
authenticator = Authenticator(scope=scope)
authenticator.validate(request)
if scope not in authenticator.scope:
raise Exception("Access token is insufficient to get a system entity connection")
pdslocationlist = list()
for user in User.objects.all():
pdslocationlist.append(user.get_profile().pds_location)
response_content['pds_locations']=pdslocationlist
response_content['status']="success"
except Exception as e:
response_content['status']="error"
response_content['message']="failed to connect as system entity"
logging.debug(e)
return HttpResponse(json.dumps(response_content), mimetype="application/json")
def attributes(request):
authenticator = Authenticator()
requested_attributes = request.REQUEST.get('attributes', '').split(',')
try:
authenticator.validate(request)
except AuthenticationException:
return authenticator.error_response(content="You didn't authenticate.")
scope = authenticator.scope
user = authenticator.user
response = {}
for attribute in requested_attributes:
try:
a = Attribute.objects.get(attribute=attribute)
except Attribute.DoesNotExist:
continue
if a.scope in scope:
try:
response[attribute] = eval('user.' + attribute)
except:
pass
return HttpResponse(json.dumps(response))
def authenticate_token(request):
authenticator = Authenticator()
try: authenticator.validate(request)
except AuthenticationException: return {'error':'authentication error'}
return {'ok':'success', 'user':authenticator.user}
def automatic_error_str(request):
authenticator = Authenticator()
return authenticator.error_response()
def automatic_error_str(request):
authenticator = Authenticator()
return authenticator.error_response()
