def logged_in_user():
"""Get the logged in user
Returns:
str: uid of authenticated user
"""
res = _get_user()
if not _is_logged_in():
util.raise_unauthorized('user not logged in uid={}', res)
assert res, 'no user in cookie: state={} method={}'.format(
cookie.unchecked_get_value(_COOKIE_STATE),
cookie.unchecked_get_value(_COOKIE_METHOD),
)
return res
def login_fail_redirect(sim_type=None, module=None, reason=None):
if sim_type:
return http_reply.gen_redirect_for_local_route(
sim_type,
'loginFail',
{
'method': module.AUTH_METHOD,
'reason': reason,
},
)
util.raise_unauthorized(
'login failed (no sym_type): reason={} method={}'.format(
reason,
module.AUTH_METHOD,
), )
def user_dir_not_found(uid):
"""Called by simulation_db when user_dir is not found
Deletes any user records
Args:
uid (str): user that does not exist
"""
with auth_db.thread_lock:
for m in _METHOD_MODULES.values():
u = _method_user_model(m, uid)
if u:
u.delete()
u = auth_db.UserRegistration.search_by(uid=uid)
if u:
u.delete()
reset_state()
util.raise_unauthorized('simulation_db dir not found, deleted uid={}', uid)
def assert_api_call(func):
p = getattr(func, api_perm.ATTR)
a = api_perm.APIPerm
if p == a.REQUIRE_USER:
if not cookie.has_sentinel():
util.raise_unauthorized(
'cookie does not have a sentinel: perm={} func={}',
p,
func.__name__,
)
elif p == a.ALLOW_VISITOR:
pass
elif p == a.ALLOW_COOKIELESS_USER:
cookie.set_sentinel()
if login_module:
login_module.allow_cookieless_user()
elif p == a.ALLOW_LOGIN:
#TODO(robnagler) need state so that set_user can happen
cookie.set_sentinel()
else:
raise AssertionError('unexpected api_perm={}'.format(p))
def assert_api_call(func):
p = getattr(func, api_perm.ATTR)
a = api_perm.APIPerm
if p == a.REQUIRE_USER:
if not cookie.has_sentinel():
util.raise_unauthorized(
'cookie does not have a sentinel: perm={} func={}',
p,
func.__name__,
)
elif p == a.ALLOW_VISITOR:
pass
elif p == a.ALLOW_COOKIELESS_USER:
cookie.set_sentinel()
if login_module:
login_module.allow_cookieless_user()
elif p == a.ALLOW_LOGIN:
#TODO(robnagler) need state so that set_user can happen
cookie.set_sentinel()
else:
raise AssertionError('unexpected api_perm={}'.format(p))
def auth_hash(req, verify=False):
now = int(time.time())
if not 'authNonce' in req:
if verify:
util.raise_unauthorized('authNonce: missing field in request')
req.authNonce = str(now) + _AUTH_NONCE_SEPARATOR + util.random_base62()
h = hashlib.sha256()
h.update(
_AUTH_HASH_SEPARATOR.join([
req.authNonce,
req.simulationType,
req.simulationId,
cfg.secret,
]),
)
res = 'v1:' + base64.urlsafe_b64encode(h.digest())
if not verify:
req.authHash = res
return
if res != req.authHash:
util.raise_unauthorized(
'{}: hash mismatch expected={} nonce={}',
req.authHash,
res,
req.authNonce,
)
t = req.authNonce.split(_AUTH_NONCE_SEPARATOR)[0]
try:
t = int(t)
except ValueError as e:
util.raise_unauthorized(
'{}: auth_nonce prefix not an int: nonce={}',
t,
req.authNonce,
)
delta = now - t
if abs(delta) > _AUTH_NONCE_REPLAY_SECS:
util.raise_unauthorized(
'{}: auth_nonce time outside replay window={} now={} nonce={}',
t,
_AUTH_NONCE_REPLAY_SECS,
now,
req.authNonce,
)
def get_user(self, checked=True):
if not self.get(_COOKIE_SENTINEL):
util.raise_unauthorized('Missing sentinel, cookies may be disabled')
return self[_COOKIE_USER] if checked else self.get(_COOKIE_USER)
def get_user(self, checked=True):
if not self.get(_COOKIE_SENTINEL):
util.raise_unauthorized(
'Missing sentinel, cookies may be disabled')
return self[_COOKIE_USER] if checked else self.get(_COOKIE_USER)