def is_authorized(self, request, object=None):
# pdb.set_trace()
authenticator = OAuth2Authentication(self.scope)
if "datastore_owner__uuid" in request.REQUEST:
authorized = True
token = (
request.REQUEST["bearer_token"]
if "bearer_token" in request.REQUEST
else request.META["HTTP_BEARER_TOKEN"]
)
# Result will be the uuid of the requesting party
# Note: the trustwrapper must be run regardless of if auditting is enabled on this call or not
datastore_owner_uuid = request.REQUEST["datastore_owner__uuid"]
datastore_owner, ds_owner_created = Profile.objects.get_or_create(uuid=datastore_owner_uuid)
self.requester_uuid = authenticator.get_userinfo_from_token(token, self.scope)
if self.requester_uuid is False or self.requester_uuid is None or len(self.requester_uuid) == 0:
self.requester_uuid = "not-specified"
authorized = False
self.trustWrapper(datastore_owner)
try:
if self.audit_enabled:
# pdb.set_trace()
audit_entry = AuditEntry(token=token)
audit_entry.method = request.method
audit_entry.scope = self.scope
audit_entry.purpose = request.REQUEST["purpose"] if "purpose" in request.REQUEST else ""
audit_entry.system_entity_toggle = (
request.REQUEST["system_entity"] if "system_entity" in request.REQUEST else False
)
# NOTE: datastore_owner and requester are required
# if they're not available, the KeyError exception should raise and terminate the request
audit_entry.datastore_owner = datastore_owner
audit_entry.requester, created = Profile.objects.get_or_create(uuid=self.requester_uuid)
audit_entry.script = request.path
audit_entry.save()
except Exception as e:
print e
authorized = False
return authorized
return False
def is_authorized(self, request, object=None):
print "is authorized?"
_authorized = True
# Note: the trustwrapper must be run regardless of if auditting is enabled on this call or not
if request.REQUEST.has_key("datastore_owner__uuid"):
print "has uuid"
else:
print "Missing ds uuid"
raise Exception("Missing datastore_owner__uuid. Please make sure it exists as a querystring parameter")
datastore_owner_uuid = request.REQUEST.get("datastore_owner__uuid")
datastore_owner, ds_owner_created = Profile.objects.get_or_create(uuid = datastore_owner_uuid)
token = request.REQUEST["bearer_token"] if "bearer_token" in request.REQUEST else request.META["HTTP_BEARER_TOKEN"]
userinfo = self.get_userinfo_from_token(token)
print userinfo
# authenticator = OAuth2Authentication(self.scope)
# self.requester_uuid = authenticator.get_userinfo_from_token(token, self.scope)
# self.trustWrapper(datastore_owner)
# Result will be the uuid of the requesting party
print self.requester_uuid
try:
if (self.audit_enabled):
#pdb.set_trace()
audit_entry = AuditEntry(token = token)
audit_entry.method = request.method
scope_string = ""
for s in self.scopes:
scope_string += str(s)+" "
audit_entry.scope = scope_string
audit_entry.purpose = request.REQUEST["purpose"] if "purpose" in request.REQUEST else ""
audit_entry.system_entity_toggle = request.REQUEST["system_entity"] if "system_entity" in request.REQUEST else False
# NOTE: datastore_owner and requester are required
# if they're not available, the KeyError exception should raise and terminate the request
audit_entry.datastore_owner = datastore_owner
audit_entry.requester, created = Profile.objects.get_or_create(uuid = self.requester_uuid)
audit_entry.script = request.path
audit_entry.save()
except Exception as e:
print e
print 'is authorized?'
print _authorized
return _authorized
def is_authorized(self, request, object=None):
print "is authorized?"
_authorized = True
# Note: the trustwrapper must be run regardless of whether or not auditting is enabled
if request.REQUEST.has_key("datastore_owner__uuid"):
print "has uuid"
else:
print "Missing ds uuid"
raise Exception("Missing datastore_owner__uuid. Please make sure it exists as a querystring parameter")
datastore_owner_uuid = request.REQUEST.get("datastore_owner__uuid")
datastore_owner, ds_owner_created = Profile.objects.get_or_create(uuid = datastore_owner_uuid)
#TODO: default values for pupose and group should be standardized and placed in a setting file.
self.purpose, purpose_created = Purpose.objects.get_or_create(name=self.purpose_name)
if purpose_created:
self.purpose.save()
self.scope, scope_created = Scope.objects.get_or_create(name=self.resource_scope_name)
if scope_created:
self.scope.save()
token = request.REQUEST["bearer_token"] if "bearer_token" in request.REQUEST else request.META["HTTP_BEARER_TOKEN"]
# userinfo (primarily a list of scopes the token is authorized for), client_re (the pds registry for grants of authorization...is used user control post-grant-of-authorization).
try:
userinfo, client_re = self.get_userinfo_from_token(token,datastore_owner_uuid, datastore_owner)
print "calling trust wrapper"
#_authorized = self.trustWrapper(datastore_owner, client_re)
_authorized = self.trustWrapper(datastore_owner_uuid, self.requester_uuid, client_re)
print "trust wrapper result: ", _authorized
except Exception as ex:
print "failed to get userinfo from token"
print ex
_authorized = False
# Result will be the uuid of the requesting party
print self.requester_uuid
try:
if (self.audit_enabled):
#pdb.set_trace()
print "auditing"
audit_entry = AuditEntry(token = token)
audit_entry.method = request.method
scope_string = ""
for s in self.scopes:
scope_string += str(s)+" "
audit_entry.scope = scope_string
audit_entry.purpose = request.REQUEST["purpose"] if "purpose" in request.REQUEST else ""
audit_entry.system_entity_toggle = request.REQUEST["system_entity"] if "system_entity" in request.REQUEST else False
# NOTE: datastore_owner and requester are required
# if they're not available, the KeyError exception should raise and terminate the request
audit_entry.datastore_owner = datastore_owner
audit_entry.requester, created = Profile.objects.get_or_create(uuid = self.requester_uuid)
audit_entry.script = request.path
audit_entry.save()
except Exception as e:
print e
print 'is authorized?'
print _authorized
return _authorized
