def authenticate(self, req: Request) -> Deferred: user = req.loggedInUser() if user is None: return succeed(SuperUser()) else: # Use logged-in user. return succeed(user)
async def renderAsync(page: FabResource, request: TwistedRequest) -> None: req: Request = Request(request) authenticator = page.authenticator response = Response(request, authenticator.project.frameAncestors, req.userAgent) try: try: user: User = await authenticator.authenticate(req) except LoginFailed as ex: if req.getSubPath() is None: responder = authenticator.askForAuthentication( req, ex.args[0] if ex.args else None ) else: # Widget requests should just fail immediately instead of # asking for authentication. responder = _unauthorizedResponder(ex) except Unauthorized as ex: responder = _unauthorizedResponder(ex) else: responder = await _parseAndProcess(page, req, user) except Redirect as ex: responder = Redirector(ex.url) except InternalError as ex: logging.error( 'Internal error processing %s: %s', page.name, str(ex) ) responder = UIResponder( InternalErrorPage[PageProcessor](str(ex)), PageProcessor(page, req, FabResource.Arguments(), UnknownUser()) ) await _present(responder, response)
def authenticate(self, req: Request) -> Deferred: user = req.loggedInUser() if user is not None: # User has already authenticated. return succeed(user) elif self.project.anonguest: return succeed(AnonGuestUser()) else: # User must log in. return fail(LoginFailed())
def _authorizedResource(self, request: TwistedRequest) -> IResource: req: Request = Request(request) user = None # There is currently no CC page that supports adding or removing # artifacts, so only use logins for read access. if req.method in ('GET', 'HEAD'): # Use an active login session if available. # This also resets the session timeout, so it's worth doing even # when anonymous guest access is enabled. user = req.loggedInUser() if user is None: # Perform anonymous read access, if allowed. if self.anonOperator: user = SuperUser() elif self.project.anonguest: user = AnonGuestUser() if user is None: # Authenticate via token. # TODO: There is a lot of overlap with TokenAuthPage. try: credentials = req.getCredentials() except UnicodeDecodeError: return AccessDeniedResource('Credentials are not valid UTF-8') tokenId = credentials.name if tokenId: try: token = authenticateToken(self.tokenDB, credentials) except KeyError: return AccessDeniedResource( f'Token "{tokenId}" does not exist') except UnauthorizedLogin as ex: return AccessDeniedResource( f'Token authentication failed: {ex.args[0]}') if token.role is not TokenRole.RESOURCE: return AccessDeniedResource( f'Token "{tokenId}" is of the wrong type ' f'for this operation') user = TokenUser(token) if user is None: return UnauthorizedResource('artifacts', 'Please provide an access token') return ArtifactRoot(self.jobDB, self.resourceDB, self.path, user)
def authenticate(self, req: Request) -> Deferred: # To avoid cross-site request forgery, we must authenticate every API # call and not use session cookies. Since API calls are not made using # web browsers, most likely the client is not using session cookies # anyway. # http://en.wikipedia.org/wiki/Cross-site_request_forgery try: credentials = req.getCredentials() except UnicodeDecodeError as ex: return fail(LoginFailed(ex)) if credentials.name: return ensureDeferred(authenticateUser(self.userDB, credentials)) elif self.project.anonguest: return succeed(AnonGuestUser()) else: return fail(LoginFailed())
def authenticate(self, req: Request) -> Deferred: try: credentials = req.getCredentials() except UnicodeDecodeError as ex: return fail(LoginFailed(ex)) tokenId = credentials.name if tokenId: try: token = authenticateToken(self.tokenDB, credentials) except KeyError: return fail(LoginFailed(f'Token {tokenId} does not exist')) if token.role is not self.__role: return fail( Unauthorized( f'Token {tokenId} is of the wrong type for this operation' )) if token.expired: return fail(Unauthorized(f'Token {tokenId} has expired')) return succeed(TokenUser(token)) elif self.project.anonguest: return succeed(AnonGuestUser()) else: return fail(LoginFailed())
def logPageException(req: Request, message: str) -> None: """Logs an exception that occurred while handling a page request. """ logging.exception( '%s:\n%s %s\n%s', message, req.method, req.getURL(), getattr(req, 'args', '(before or during argument parsing)'))
def logoutURL(req: Request) -> str: """Returns a URL of the Logout page, so that it returns to the request's URL after the user has logged out. """ return pageURL('Logout', URLArgs(url=req.getURL()))