def authenticate_credentials(request, access_key_id, request_signature): access_key = get_object_or_none(AccessKey, id=access_key_id) request_date = get_request_date_header(request) # 通过数据监测后 验证时间 等等 if access_key is None or not access_key.user: raise exceptions.AuthenticationFailed(_('Invalid signature.')) access_key_secret = access_key.secret try: request_unix_time = http_to_unixtime(request_date) except ValueError: raise exceptions.AuthenticationFailed( _('HTTP header: Date not provide ' 'or not %a, %d %b %Y %H:%M:%S GMT')) if int(time.time()) - request_unix_time > 15 * 60: raise exceptions.AuthenticationFailed( _('Expired, more than 15 minutes')) signature = make_signature(access_key_secret, request_date) # 生成签名 比对 验证不通过抛异常 if not signature == request_signature: raise exceptions.AuthenticationFailed(_('Invalid signature.')) if not access_key.user.is_active: raise exceptions.AuthenticationFailed(_('User disabled.')) return access_key.user, None
def authenticate_credentials(request, access_key_id, request_signature): access_key = get_object_or_none(AccessKey, id=access_key_id) request_date = get_request_date_header(request) if access_key is None or not access_key.user: raise exceptions.AuthenticationFailed(_('Invalid signature.')) access_key_secret = access_key.secret try: request_unix_time = http_to_unixtime(request_date) except ValueError: raise exceptions.AuthenticationFailed( _('HTTP header: Date not provide ' 'or not %a, %d %b %Y %H:%M:%S GMT')) if int(time.time()) - request_unix_time > 15 * 60: raise exceptions.AuthenticationFailed( _('Expired, more than 15 minutes')) signature = make_signature(access_key_secret, request_date) if not signature == request_signature: raise exceptions.AuthenticationFailed(_('Invalid signature.')) if not access_key.user.is_active: raise exceptions.AuthenticationFailed(_('User disabled.')) return access_key.user, None