def _init_content_type_params(self):
""" Return the Content-Type request header parameters
Convert all of the semi-colon separated parameters into
a dict of key/vals. If for some stupid reason duplicate
& conflicting params are present then the last one
wins.
If a particular content-type param is non-compliant
by not being a simple key=val pair then it is skipped.
If no content-type header or params are present then
return an empty dict.
:return: dict
"""
ret = {}
if self.content_type:
params = self.content_type.split(';')[1:]
for param in params:
try:
key, val = param.split('=')
ret[naked(key)] = naked(val)
except ValueError:
continue
return ret
def _init_content_type(self):
""" Return the Content-Type request header excluding params
Remove any excess whitespace & lower case it for more
predictable compares.
"""
try:
return naked(self.content_type.split(';')[0]).lower()
except (AttributeError, IndexError):
return None
def auth_scheme(self):
""" If an Authorization header is present get the scheme
It is expected to be the first string in a space separated
list & will always be returned lowercase.
:return: str or None
"""
try:
auth = getattr(self, 'auth')
return naked(auth.split(' ')[0]).lower()
except (AttributeError, IndexError):
return None
def _get_creds(self, req):
""" Get the username & password from the Authorization header
If the header is actually malformed where Basic Auth was
indicated by the request then an InvalidAuthSyntax exception
is raised. Otherwise an AuthRequired exception since it's
unclear in this scenario if the requestor was even aware
Authentication was required & if so which "scheme".
Calls _validate_auth_scheme first & bubbles up it's
exceptions.
:return:
tuple (username, password)
:raise:
AuthRequired, InvalidAuthSyntax
"""
self._validate_auth_scheme(req)
try:
creds = naked(req.auth.split(' ')[1])
creds = b64decode(creds)
username, password = creds.split(':')
return username, password
except IndexError:
raise InvalidAuthSyntax(**{
'detail': 'You are using the Basic Authentication scheme as '
'required to login but your Authorization header is '
'completely missing the login credentials.',
'links': 'tools.ietf.org/html/rfc2617#section-2',
})
except TypeError:
raise InvalidAuthSyntax(**{
'detail': 'Our API failed to base64 decode your Basic '
'Authentication login credentials in the '
'Authorization header. They seem to be malformed.',
'links': 'tools.ietf.org/html/rfc2617#section-2',
})
except ValueError:
raise InvalidAuthSyntax(**{
'detail': 'Our API failed to identify a username & password '
'in your Basic Authentication Authorization header '
'after decoding them. The username or password is '
'either missing or not separated by a ":" per the '
'spec. Either way the credentials are malformed.',
'links': 'tools.ietf.org/html/rfc2617#section-2',
})
