Example #1
0
 def __init__(self, memcached_client, interaction_pool):
     self._log = logging.getLogger("InteractionPoolAuthenticator")
     self._interaction_pool = interaction_pool
     self._collection_lookup = CollectionLookup(memcached_client,
                                                interaction_pool)
     self._customer_lookup = CustomerIdLookup(memcached_client,
                                              interaction_pool)
     self._customer_key_lookup = CustomerKeyLookup(memcached_client,
                                                   interaction_pool)
class InteractionPoolAuthenticator(object):
    def __init__(self, memcached_client, interaction_pool):
        self._log = logging.getLogger("InteractionPoolAuthenticator")
        self._interaction_pool = interaction_pool
        self._collection_lookup = CollectionLookup(memcached_client, interaction_pool)
        self._customer_lookup = CustomerIdLookup(memcached_client, interaction_pool)
        self._customer_key_lookup = CustomerKeyLookup(memcached_client, interaction_pool)

    def authenticate(self, collection_name, access_type, req):
        """
        establish that this is a valid user and a valid collection
        return collection_entry if valid
        raise AccessUnauthorized(error_message) if invalid
        """
        collection_row = self._collection_lookup.get(collection_name.lower())
        if collection_row is None:
            error_message = "unknown collection {0}".format(collection_name)
            self._log.error(error_message)
            raise AccessUnauthorized(error_message)

        if access_type is not None:
            access_result = check_access_control(access_type, req, collection_row["access_control"])
            if access_result == access_allowed:
                return collection_row
            if access_result == access_forbidden:
                raise AccessForbidden()
            assert access_result == access_requires_password_authentication

        customer_row = self._customer_lookup.get(collection_row["customer_id"])
        if customer_row is None:
            error_message = "unknown customer {0}".format(collection_name)
            self._log.error(error_message)
            raise AccessUnauthorized(error_message)

        try:
            auth_type, auth_string = req.authorization
        except Exception, instance:
            error_message = "invalid req.authorization {0} {1}".format(instance, req.authorization)
            self._log.error(error_message)
            raise AccessUnauthorized(error_message)

        if auth_type != "NIMBUS.IO":
            error_message = "unknown auth_type %r" % (auth_type,)
            self._log.error(error_message)
            raise AccessUnauthorized(error_message)

        try:
            key_id, signature = auth_string.split(":", 1)
        except Exception, instance:
            error_message = "invalid auth_string {0} {1}".format(instance, auth_string)
            self._log.error(error_message)
            raise AccessUnauthorized(error_message)
 def __init__(self, memcached_client, interaction_pool):
     self._log = logging.getLogger("InteractionPoolAuthenticator")
     self._interaction_pool = interaction_pool
     self._collection_lookup = CollectionLookup(memcached_client, interaction_pool)
     self._customer_lookup = CustomerIdLookup(memcached_client, interaction_pool)
     self._customer_key_lookup = CustomerKeyLookup(memcached_client, interaction_pool)
Example #4
0
class InteractionPoolAuthenticator(object):
    def __init__(self, memcached_client, interaction_pool):
        self._log = logging.getLogger("InteractionPoolAuthenticator")
        self._interaction_pool = interaction_pool
        self._collection_lookup = CollectionLookup(memcached_client,
                                                   interaction_pool)
        self._customer_lookup = CustomerIdLookup(memcached_client,
                                                 interaction_pool)
        self._customer_key_lookup = CustomerKeyLookup(memcached_client,
                                                      interaction_pool)

    def authenticate(self, collection_name, access_type, req):
        """
        establish that this is a valid user and a valid collection
        return collection_entry if valid
        raise AccessUnauthorized(error_message) if invalid
        """
        collection_row = self._collection_lookup.get(collection_name.lower()) 
        if collection_row is None:
            error_message = "unknown collection {0}".format(collection_name)
            self._log.error(error_message)
            raise AccessUnauthorized(error_message)

        if access_type is not None:
            access_result = \
                check_access_control(access_type, 
                                     req, 
                                     collection_row["access_control"])
            if access_result == access_allowed:
                return collection_row
            if access_result == access_forbidden:
                raise AccessForbidden()
            assert access_result == access_requires_password_authentication

        customer_row = self._customer_lookup.get(collection_row["customer_id"]) 
        if customer_row is None:
            error_message = "unknown customer {0}".format(collection_name)
            self._log.error(error_message)
            raise AccessUnauthorized(error_message)

        try:
            auth_type, auth_string = req.authorization
        except Exception, instance:
            error_message = "invalid req.authorization {0} {1}".format(
                instance, 
                req.authorization)
            self._log.error(error_message)
            raise AccessUnauthorized(error_message)

        if auth_type != 'NIMBUS.IO':
            error_message = "unknown auth_type %r" % (auth_type, )
            self._log.error(error_message)
            raise AccessUnauthorized(error_message)

        try:
            key_id, signature = auth_string.split(':', 1)
        except Exception, instance:
            error_message = "invalid auth_string {0} {1}".format(
                instance, auth_string)
            self._log.error(error_message)
            raise AccessUnauthorized(error_message)