Exemple #1
0
def validate_oauth_token(token, request=None):
    """
    Validates the token attached to the request (SessionStorage, GET/POST)
    On every request, ask OAuth to authorize the token
    """
    #Authorization test
    user_profile = cas_profile_for_token(token)
    if not user_profile:
        return False
    username = user_profile.get("id")
    attrs = user_profile.get("attributes")
    if not username or not attrs:
        logger.info("Invalid Profile:%s does not have username/attributes"
                    % user_profile)
        return False
    #TEST 1 : Must be in the group 'atmo-user'
    #NOTE: Test 1 will be IGNORED until we can verify it returns 'entitlement'
    # EVERY TIME!
    #if not cas_profile_contains(attrs, 'atmo-user'):
    #    raise Unauthorized("User %s is not a member of group 'atmo-user'"
    #                       % username)
    #TODO: TEST 2 : Must have an identity (?)
    if not AtmosphereUser.objects.filter(username=username):
        raise Unauthorized("User %s does not exist as an AtmosphereUser"
                           % username)
    auth_token = obtainOAuthToken(username, token)
    #logger.info("OAuthToken Obtained for %s:%s" % (username, auth_token))
    if not auth_token:
        return False
    return True
Exemple #2
0
def validate_oauth_token(token, request=None):
    """
    Validates the token attached to the request (SessionStorage, GET/POST)
    On every request, ask OAuth to authorize the token
    """
    # Attempt to contact CAS
    try:
        user_profile = cas_profile_for_token(token)
    except ConnectionError:
        logger.exception("CAS could not be reached!")
        user_profile = None

    if not user_profile:
        return False
    username = user_profile.get("id")
    attrs = user_profile.get("attributes")
    if not username or not attrs:
        # logger.info("Invalid Profile:%s does not have username/attributes"
        #            % user_profile)
        return False

    # NOTE: REMOVE this when it is no longer true!
    # Force any username lookup to be in lowercase
    if not username:
        return None
    username = username.lower()

    # TEST 1 : Must be in the group 'atmo-user'
    # NOTE: Test 1 will be IGNORED until we can verify it returns 'entitlement'
    # EVERY TIME!
    #    raise Unauthorized("User %s is not a member of group 'atmo-user'"
    #                       % username)
    # TODO: TEST 2 : Must have an identity (?)
    if not AtmosphereUser.objects.filter(username=username):
        raise Unauthorized("User %s does not exist as an AtmosphereUser"
                           % username)
    auth_token = obtainOAuthToken(username, token)
    if not auth_token:
        return False
    return True
Exemple #3
0
def validate_oauth_token(token, request=None):
    """
    Validates the token attached to the request (SessionStorage, GET/POST)
    On every request, ask OAuth to authorize the token
    """
    #Authorization test
    user_profile = cas_profile_for_token(token)
    if not user_profile:
        return False
    username = user_profile["id"]
    attrs = user_profile["attributes"]
    #TEST 1 : Must be in the group 'atmo-user'
    if not cas_profile_contains(attrs, 'atmo-user'):
        raise Unauthorized("User %s is not a member of group 'atmo-user'" %
                           username)
    #TODO: TEST 2 : Must have an identity (?)

    #NOTE: Will reuse token if found.
    auth_token = createOAuthToken(username, token)
    logger.info("AuthToken for %s:%s" % (username, auth_token))
    if not auth_token:
        return False
    return True
Exemple #4
0
def validate_oauth_token(token, request=None):
    """
    Validates the token attached to the request (SessionStorage, GET/POST)
    On every request, ask OAuth to authorize the token
    """
    #Authorization test
    user_profile = cas_profile_for_token(token)
    if not user_profile:
        return False
    username = user_profile["id"]
    attrs = user_profile["attributes"]
    #TEST 1 : Must be in the group 'atmo-user'
    if not cas_profile_contains(attrs, 'atmo-user'):
        raise Unauthorized("User %s is not a member of group 'atmo-user'"
                           % username)
    #TODO: TEST 2 : Must have an identity (?)

    #NOTE: Will reuse token if found.
    auth_token = createOAuthToken(username, token)
    logger.info("AuthToken for %s:%s" % (username, auth_token))
    if not auth_token:
        return False
    return True