def validate_user(user): # Check if the user is active. if not user.is_active: raise faults.Unauthorized('User inactive') # Check if the token has expired. if user.token_expired(): raise faults.Unauthorized('Authentication expired') # Check if the user has accepted the terms. if not user.signed_terms: raise faults.Unauthorized('Pending approval terms')
def wrapper(request, *args, **kwargs): try: token = request.x_auth_token except AttributeError: raise faults.Unauthorized("No authentication token") if not token: raise faults.Unauthorized("Invalid X-Auth-Token") try: user = AstakosUser.objects.get(auth_token=token) except AstakosUser.DoesNotExist: raise faults.Unauthorized('Invalid X-Auth-Token') validate_user(user) request.user = user return func(request, *args, **kwargs)
def wrapper(request, *args, **kwargs): try: token = request.x_auth_token except AttributeError: raise faults.Unauthorized("No authentication token") if not token: raise faults.Unauthorized("Invalid X-Auth-Token") try: component = Component.objects.get(auth_token=token) except Component.DoesNotExist: raise faults.Unauthorized("Invalid X-Auth-Token") # Check if the token has expired expiration_date = component.auth_token_expires if expiration_date: expires_at = mktime(expiration_date.timetuple()) if time() > expires_at: raise faults.Unauthorized("Authentication expired") request.component_instance = component return func(request, *args, **kwargs)
def wrapper(request, *args, **kwargs): try: # Get the requested serialization format serialization = get_serialization( request, format_allowed, serializations[0]) # If guessed serialization is not supported, fallback to # the default serialization or return an API error in case # strict serialization flag is set. if not serialization in serializations: if strict_serlization: raise faults.BadRequest(("%s serialization not " "supported") % serialization) serialization = serializations[0] request.serialization = serialization # Check HTTP method if http_method and request.method != http_method: raise faults.BadRequest("Method not allowed") # Get authentication token request.x_auth_token = None if token_required or user_required: token = get_token(request) if not token: msg = "Access denied. No authentication token" raise faults.Unauthorized(msg) request.x_auth_token = token # Authenticate if user_required: assert(token_required), "Can not get user without token" astakos = astakos_url or settings.ASTAKOS_BASE_URL astakos = AstakosClient(astakos, use_pool=True, retry=2, logger=logger) user_info = astakos.get_user_info(token) request.user_uniq = user_info["uuid"] request.user = user_info # Get the response object response = func(request, *args, **kwargs) # Fill in response variables update_response_headers(request, response) return response except faults.Fault, fault: if fault.code >= 500: logger.exception("API ERROR") return render_fault(request, fault)
def wrapper(request, *args, **kwargs): try: # Explicitly set request encoding to UTF-8 instead of relying # to the DEFAULT_CHARSET setting. See: # https://docs.djangoproject.com/en/1.4/ref/unicode/#form-submission # flake8: noqa request.encoding = 'utf-8' # Get the requested serialization format serialization = get_serialization(request, format_allowed, serializations[0]) # If guessed serialization is not supported, fallback to # the default serialization or return an API error in case # strict serialization flag is set. if not serialization in serializations: if strict_serlization: raise faults.BadRequest(("%s serialization not " "supported") % serialization) serialization = serializations[0] request.serialization = serialization # Check HTTP method if http_method and request.method != http_method: raise faults.NotAllowed("Method not allowed", allowed_methods=[http_method]) # Get authentication token request.x_auth_token = None if token_required or user_required: token = get_token(request) if not token: msg = "Access denied. No authentication token" raise faults.Unauthorized(msg) request.x_auth_token = token # Authenticate if user_required: assert (token_required), "Can not get user without token" client_ip = get_client_ip(request) user_info = retrieve_user(token, astakos_auth_url, logger=logger, client_ip=client_ip) _user_access = user_info["access"]["user"] request.user_uniq = _user_access["id"] request.user_projects = _user_access.get("projects", None) request.user = user_info # Get the response object response = func(request, *args, **kwargs) # Fill in response variables update_response_headers(request, response) return response except faults.Fault as fault: if fault.code >= 500: django_logger.error("Unexpected API Error: %s", request.path, exc_info=sys.exc_info(), extra={ "status_code": fault.code, "request": request }) return render_fault(request, fault) except AstakosClientException as err: fault = faults.Fault(message=err.message, details=err.details, code=err.status) if fault.code >= 500: django_logger.error("Unexpected AstakosClient Error: %s", request.path, exc_info=sys.exc_info(), extra={ "status_code": fault.code, "request": request }) return render_fault(request, fault) except: django_logger.error("Internal Server Error: %s", request.path, exc_info=sys.exc_info(), extra={ "status_code": '500', "request": request }) fault = faults.InternalServerError("Unexpected error") return render_fault(request, fault)
def authenticate(request): try: content_length = get_content_length(request) except faults.LengthRequired: content_length = None public_mode = True if not content_length else False d = defaultdict(dict) if not public_mode: req = utils.get_json_body(request) uuid = None try: token_id = req['auth']['token']['id'] except KeyError: try: token_id = req['auth']['passwordCredentials']['password'] uuid = req['auth']['passwordCredentials']['username'] except KeyError: raise faults.BadRequest( 'Malformed request: missing credentials') tenant = req['auth'].get('tenantName') if token_id is None: raise faults.BadRequest('Malformed request: missing token') try: user = AstakosUser.objects.get(auth_token=token_id) except AstakosUser.DoesNotExist: raise faults.Unauthorized('Invalid token') validate_user(user) if uuid is not None: if user.uuid != uuid: raise faults.Unauthorized('Invalid credentials') if tenant: if user.uuid != tenant: raise faults.BadRequest('Not conforming tenantName') user_projects = user.project_set.filter(projectmembership__state__in=\ ProjectMembership.ACCEPTED_STATES).values_list("uuid", flat=True) d["access"]["token"] = { "id": user.auth_token, "expires": utils.isoformat(user.auth_token_expires), "tenant": { "id": user.uuid, "name": user.realname } } d["access"]["user"] = { "id": user.uuid, 'name': user.realname, "roles": [ dict(id=str(g['id']), name=g['name']) for g in user.groups.values('id', 'name') ], "roles_links": [], "projects": list(user_projects), } d["access"]["serviceCatalog"] = get_endpoints() if request.serialization == 'xml': return xml_response({'d': d}, 'api/access.xml') else: return json_response(d)