def consumer_cert_authentication(): cert_pem = http.ssl_client_cert() if cert_pem is not None: consumerid = factory.authentication_manager().check_consumer_cert(cert_pem) if consumerid is not None: _LOG.debug("Consumer authenticated with ssl cert: %s" % consumerid) return consumerid
def user_cert_authentication(): cert_pem = http.ssl_client_cert() if cert_pem is not None: userid = factory.authentication_manager().check_user_cert(cert_pem) if userid: _logger.debug("User authenticated with ssl cert: %s" % userid) return userid return None
def user_cert_authentication(): cert_pem = http.ssl_client_cert() if cert_pem is not None: userid = factory.authentication_manager().check_user_cert(cert_pem) if userid: _LOG.debug("User authenticated with ssl cert: %s" % userid) return userid return None
def consumer_cert_authentication(): cert_pem = http.ssl_client_cert() if cert_pem is not None: consumerid = factory.authentication_manager().check_consumer_cert( cert_pem) if consumerid is not None: _LOG.debug("Consumer authenticated with ssl cert: %s" % consumerid) return consumerid
def oauth_authentication(): if not config.getboolean('oauth', 'enabled'): return None, False username = http.request_info('HTTP_PULP_USER') auth = http.http_authorization() cert_pem = http.ssl_client_cert() if username is None or auth is None: if cert_pem is not None: raise PulpCodedAuthenticationException(error_code=error_codes.PLP0027, user=username) return None, False meth = http.request_info('REQUEST_METHOD') url = http.request_url() query = http.request_info('QUERY_STRING') userid, is_consumer = factory.authentication_manager().check_oauth(username, meth, url, auth, query) if userid is None: raise PulpCodedAuthenticationException(error_code=error_codes.PLP0028, user=username) _LOG.debug("User authenticated with Oauth: %s" % userid) return userid, is_consumer
def oauth_authentication(): if not config.getboolean('oauth', 'enabled'): return None, False username = http.request_info('HTTP_PULP_USER') auth = http.http_authorization() cert_pem = http.ssl_client_cert() if username is None or auth is None: if cert_pem is not None: raise AuthenticationFailed(auth_utils.CODE_INVALID_SSL_CERT) return None, False meth = http.request_info('REQUEST_METHOD') url = http.request_url() query = http.request_info('QUERY_STRING') userid, is_consumer = factory.authentication_manager().check_oauth(username, meth, url, auth, query) if userid is None: raise AuthenticationFailed(auth_utils.CODE_OAUTH) _LOG.debug("User authenticated with Oauth: %s" % userid) return userid, is_consumer
def oauth_authentication(): if not config.getboolean('oauth', 'enabled'): return None, False username = http.request_info('HTTP_PULP_USER') auth = http.http_authorization() cert_pem = http.ssl_client_cert() if username is None or auth is None: if cert_pem is not None: raise AuthenticationFailed(auth_utils.CODE_INVALID_SSL_CERT) return None, False meth = http.request_info('REQUEST_METHOD') url = http.request_url() query = http.request_info('QUERY_STRING') userid, is_consumer = factory.authentication_manager().check_oauth( username, meth, url, auth, query) if userid is None: raise AuthenticationFailed(auth_utils.CODE_OAUTH) _LOG.debug("User authenticated with Oauth: %s" % userid) return userid, is_consumer
def oauth_authentication(): if not config.getboolean('oauth', 'enabled'): return None, False username = http.request_info('HTTP_PULP_USER') auth = http.http_authorization() cert_pem = http.ssl_client_cert() if username is None or auth is None: if cert_pem is not None: raise PulpCodedAuthenticationException( error_code=error_codes.PLP0027, user=username) return None, False meth = http.request_info('REQUEST_METHOD') url = http.request_url() query = http.request_info('QUERY_STRING') userid, is_consumer = factory.authentication_manager().check_oauth( username, meth, url, auth, query) if userid is None: raise PulpCodedAuthenticationException(error_code=error_codes.PLP0028, user=username) _logger.debug("User authenticated with Oauth: %s" % userid) return userid, is_consumer
def _auth_decorator(self, *args, **kwargs): # XXX jesus h christ: is this some god awful shit # please, please refactor this into ... something ... anything! user = None is_consumer = False permissions = {'/v2/consumers/' : [0, 1]} # first, try username:password authentication username, password = http.username_password() if username is not None: user = check_username_password(username, password) if user is None: return self.unauthorized(user_pass_fail_msg) # second, try certificate authentication if user is None: cert_pem = http.ssl_client_cert() if cert_pem is not None: # first, check user certificate user = check_user_cert(cert_pem) if user is None: # second, check consumer certificate # This is temporary solution to solve authorization failure for consumers # because of no associated users. We would likely be going with a similar approach # for v2 with static permissions for consumers instead of associates users. Once we # have users and permissions flushed out for v2, this code will look much better. # user = check_consumer_cert(cert_pem) user = check_consumer_cert_no_user(cert_pem) if user: is_consumer = True consumer_base_url = '/v2/consumers/%s' % user + '/' permissions[consumer_base_url] = [0, 1, 2, 3, 4] # third, check oauth credentials if user is None: auth = http.http_authorization() username = http.request_info('HTTP_PULP_USER') if None in (auth, username): if cert_pem is not None: return self.unauthorized(cert_fail_msg) else: meth = http.request_info('REQUEST_METHOD') url = http.request_url() query = http.request_info('QUERY_STRING') user = check_oauth(username, meth, url, auth, query) if user is None: return self.unauthorized(oauth_fail_msg) # authentication has failed if user is None: return self.unauthorized(authen_fail_msg) # procedure to check consumer permissions - part of the temporary solution described above def is_consumer_authorized(resource, consumer, operation): if consumer_base_url in resource and operation in permissions[consumer_base_url]: return True else: return False # forth, check authorization user_query_manager = factory.user_query_manager() if super_user_only and not user_query_manager.is_superuser(user['login']): return self.unauthorized(author_fail_msg) # if the operation is None, don't check authorization elif operation is not None: if is_consumer and is_consumer_authorized(http.resource_path(), user, operation): value = method(self, *args, **kwargs) clear_principal() return value elif user_query_manager.is_authorized(http.resource_path(), user['login'], operation): pass else: return self.unauthorized(author_fail_msg) # everything ok, manage the principal and call the method set_principal(user) value = method(self, *args, **kwargs) clear_principal() return value