def authenticate(self, req: Request) -> Deferred:
user = req.loggedInUser()
if user is None:
return succeed(SuperUser())
else:
# Use logged-in user.
return succeed(user)
async def renderAsync(page: FabResource, request: TwistedRequest) -> None:
req: Request = Request(request)
authenticator = page.authenticator
response = Response(request,
authenticator.project.frameAncestors,
req.userAgent)
try:
try:
user: User = await authenticator.authenticate(req)
except LoginFailed as ex:
if req.getSubPath() is None:
responder = authenticator.askForAuthentication(
req, ex.args[0] if ex.args else None
)
else:
# Widget requests should just fail immediately instead of
# asking for authentication.
responder = _unauthorizedResponder(ex)
except Unauthorized as ex:
responder = _unauthorizedResponder(ex)
else:
responder = await _parseAndProcess(page, req, user)
except Redirect as ex:
responder = Redirector(ex.url)
except InternalError as ex:
logging.error(
'Internal error processing %s: %s', page.name, str(ex)
)
responder = UIResponder(
InternalErrorPage[PageProcessor](str(ex)),
PageProcessor(page, req, FabResource.Arguments(), UnknownUser())
)
await _present(responder, response)
def authenticate(self, req: Request) -> Deferred:
user = req.loggedInUser()
if user is not None:
# User has already authenticated.
return succeed(user)
elif self.project.anonguest:
return succeed(AnonGuestUser())
else:
# User must log in.
return fail(LoginFailed())
def _authorizedResource(self, request: TwistedRequest) -> IResource:
req: Request = Request(request)
user = None
# There is currently no CC page that supports adding or removing
# artifacts, so only use logins for read access.
if req.method in ('GET', 'HEAD'):
# Use an active login session if available.
# This also resets the session timeout, so it's worth doing even
# when anonymous guest access is enabled.
user = req.loggedInUser()
if user is None:
# Perform anonymous read access, if allowed.
if self.anonOperator:
user = SuperUser()
elif self.project.anonguest:
user = AnonGuestUser()
if user is None:
# Authenticate via token.
# TODO: There is a lot of overlap with TokenAuthPage.
try:
credentials = req.getCredentials()
except UnicodeDecodeError:
return AccessDeniedResource('Credentials are not valid UTF-8')
tokenId = credentials.name
if tokenId:
try:
token = authenticateToken(self.tokenDB, credentials)
except KeyError:
return AccessDeniedResource(
f'Token "{tokenId}" does not exist')
except UnauthorizedLogin as ex:
return AccessDeniedResource(
f'Token authentication failed: {ex.args[0]}')
if token.role is not TokenRole.RESOURCE:
return AccessDeniedResource(
f'Token "{tokenId}" is of the wrong type '
f'for this operation')
user = TokenUser(token)
if user is None:
return UnauthorizedResource('artifacts',
'Please provide an access token')
return ArtifactRoot(self.jobDB, self.resourceDB, self.path, user)
def authenticate(self, req: Request) -> Deferred:
# To avoid cross-site request forgery, we must authenticate every API
# call and not use session cookies. Since API calls are not made using
# web browsers, most likely the client is not using session cookies
# anyway.
# http://en.wikipedia.org/wiki/Cross-site_request_forgery
try:
credentials = req.getCredentials()
except UnicodeDecodeError as ex:
return fail(LoginFailed(ex))
if credentials.name:
return ensureDeferred(authenticateUser(self.userDB, credentials))
elif self.project.anonguest:
return succeed(AnonGuestUser())
else:
return fail(LoginFailed())
def authenticate(self, req: Request) -> Deferred:
try:
credentials = req.getCredentials()
except UnicodeDecodeError as ex:
return fail(LoginFailed(ex))
tokenId = credentials.name
if tokenId:
try:
token = authenticateToken(self.tokenDB, credentials)
except KeyError:
return fail(LoginFailed(f'Token {tokenId} does not exist'))
if token.role is not self.__role:
return fail(
Unauthorized(
f'Token {tokenId} is of the wrong type for this operation'
))
if token.expired:
return fail(Unauthorized(f'Token {tokenId} has expired'))
return succeed(TokenUser(token))
elif self.project.anonguest:
return succeed(AnonGuestUser())
else:
return fail(LoginFailed())
def logPageException(req: Request, message: str) -> None:
"""Logs an exception that occurred while handling a page request.
"""
logging.exception(
'%s:\n%s %s\n%s', message, req.method, req.getURL(),
getattr(req, 'args', '(before or during argument parsing)'))
def logoutURL(req: Request) -> str:
"""Returns a URL of the Logout page, so that it returns to the request's
URL after the user has logged out.
"""
return pageURL('Logout', URLArgs(url=req.getURL()))