Exemple #1
0
    def is_authenticated(self, request, **kwargs):
        if not settings.SITE_URL:
            raise ValueError('SITE_URL is not specified')

        auth_header_value = request.META.get('HTTP_AUTHORIZATION')
        if (not auth_header_value
                and 'oauth_token' not in request.META['QUERY_STRING']):
            self.user = AnonymousUser()
            log.error('No header')
            return self._error('headers')

        auth_header = {'Authorization': auth_header_value}
        method = getattr(request, 'signed_method', request.method)
        oauth = OAuthServer()
        if ('oauth_token' in request.META['QUERY_STRING']
                or 'oauth_token' in auth_header_value):
            # This is 3-legged OAuth.
            log.info('Trying 3 legged OAuth')
            try:
                valid, oauth_request = oauth.verify_request(
                    request.build_absolute_uri(),
                    method,
                    headers=auth_header,
                    require_resource_owner=True)
            except ValueError:
                log.error('ValueError on verifying_request', exc_info=True)
                return False
            if not valid:
                log.error(u'Cannot find APIAccess token with that key: %s' %
                          oauth.attempted_key)
                return self._error('headers')
            uid = Token.objects.filter(
                token_type=ACCESS_TOKEN,
                key=oauth_request.resource_owner_key).values_list('user_id',
                                                                  flat=True)[0]
            request.amo_user = UserProfile.objects.select_related('user').get(
                pk=uid)
            request.user = request.amo_user.user
        else:
            # This is 2-legged OAuth.
            log.info('Trying 2 legged OAuth')
            try:
                valid, oauth_request = oauth.verify_request(
                    request.build_absolute_uri(),
                    method,
                    headers=auth_header,
                    require_resource_owner=False)
            except ValueError:
                log.error('ValueError on verifying_request', exc_info=True)
                return False
            if not valid:
                log.error(u'Cannot find APIAccess token with that key: %s' %
                          oauth.attempted_key)
                return self._error('headers')
            uid = Access.objects.filter(
                key=oauth_request.client_key).values_list('user_id',
                                                          flat=True)[0]
            request.amo_user = UserProfile.objects.select_related('user').get(
                pk=uid)
            request.user = request.amo_user.user
        ACLMiddleware().process_request(request)
        # We've just become authenticated, time to run the pinning middleware
        # again.
        #
        # TODO: I'd like to see the OAuth authentication move to middleware.
        request.API = True  # We can be pretty sure we are in the API.
        APIPinningMiddleware().process_request(request)

        # Persist the user's language.
        if (getattr(request, 'amo_user', None)
                and getattr(request, 'LANG', None)
                and request.amo_user.lang != request.LANG):
            request.amo_user.lang = request.LANG
            request.amo_user.save()

        # But you cannot have one of these roles.
        denied_groups = set(['Admins'])
        roles = set(request.amo_user.groups.values_list('name', flat=True))
        if roles and roles.intersection(denied_groups):
            log.info(u'Attempt to use API with denied role, user: %s' %
                     request.amo_user.pk)
            return self._error('roles')

        log.info('Successful OAuth with user: %s' % request.user)
        return True
Exemple #2
0
    def is_authenticated(self, request, **kwargs):
        if not settings.SITE_URL:
            raise ValueError("SITE_URL is not specified")

        auth_header_value = request.META.get("HTTP_AUTHORIZATION")
        if not auth_header_value and "oauth_token" not in request.META["QUERY_STRING"]:
            self.user = AnonymousUser()
            log.error("No header")
            return self._error("headers")

        auth_header = {"Authorization": auth_header_value}
        method = getattr(request, "signed_method", request.method)
        oauth = OAuthServer()
        if "oauth_token" in request.META["QUERY_STRING"] or "oauth_token" in auth_header_value:
            # This is 3-legged OAuth.
            log.info("Trying 3 legged OAuth")
            try:
                valid, oauth_request = oauth.verify_request(
                    request.build_absolute_uri(), method, headers=auth_header, require_resource_owner=True
                )
            except ValueError:
                log.error("ValueError on verifying_request", exc_info=True)
                return False
            if not valid:
                log.error(u"Cannot find APIAccess token with that key: %s" % oauth.attempted_key)
                return self._error("headers")
            uid = Token.objects.filter(token_type=ACCESS_TOKEN, key=oauth_request.resource_owner_key).values_list(
                "user_id", flat=True
            )[0]
            request.amo_user = UserProfile.objects.select_related("user").get(pk=uid)
            request.user = request.amo_user.user
        else:
            # This is 2-legged OAuth.
            log.info("Trying 2 legged OAuth")
            try:
                valid, oauth_request = oauth.verify_request(
                    request.build_absolute_uri(), method, headers=auth_header, require_resource_owner=False
                )
            except ValueError:
                log.error("ValueError on verifying_request", exc_info=True)
                return False
            if not valid:
                log.error(u"Cannot find APIAccess token with that key: %s" % oauth.attempted_key)
                return self._error("headers")
            uid = Access.objects.filter(key=oauth_request.client_key).values_list("user_id", flat=True)[0]
            request.amo_user = UserProfile.objects.select_related("user").get(pk=uid)
            request.user = request.amo_user.user
        ACLMiddleware().process_request(request)
        # We've just become authenticated, time to run the pinning middleware
        # again.
        #
        # TODO: I'd like to see the OAuth authentication move to middleware.
        request.API = True  # We can be pretty sure we are in the API.
        APIPinningMiddleware().process_request(request)

        # Persist the user's language.
        if (
            getattr(request, "amo_user", None)
            and getattr(request, "LANG", None)
            and request.amo_user.lang != request.LANG
        ):
            request.amo_user.lang = request.LANG
            request.amo_user.save()

        # But you cannot have one of these roles.
        denied_groups = set(["Admins"])
        roles = set(request.amo_user.groups.values_list("name", flat=True))
        if roles and roles.intersection(denied_groups):
            log.info(u"Attempt to use API with denied role, user: %s" % request.amo_user.pk)
            return self._error("roles")

        log.info("Successful OAuth with user: %s" % request.user)
        return True
Exemple #3
0
    def is_authenticated(self, request, **kwargs):
        if not settings.SITE_URL:
            raise ValueError('SITE_URL is not specified')

        auth_header_value = request.META.get('HTTP_AUTHORIZATION')
        if (not auth_header_value and
            'oauth_token' not in request.META['QUERY_STRING']):
            self.user = AnonymousUser()
            log.error('No header')
            return self._error('headers')

        auth_header = {'Authorization': auth_header_value}
        method = getattr(request, 'signed_method', request.method)
        oauth = OAuthServer()
        if ('oauth_token' in request.META['QUERY_STRING'] or
            'oauth_token' in auth_header_value):
            # This is 3-legged OAuth.
            log.info('Trying 3 legged OAuth')
            try:
                valid, oauth_request = oauth.verify_request(
                    request.build_absolute_uri(),
                    method, headers=auth_header,
                    require_resource_owner=True)
            except ValueError:
                log.error('ValueError on verifying_request', exc_info=True)
                return False
            if not valid:
                log.error(u'Cannot find APIAccess token with that key: %s'
                          % oauth.attempted_key)
                return self._error('headers')
            request.user = Token.objects.get(token_type=ACCESS_TOKEN,
                key=oauth_request.resource_owner_key).user

        else:
            # This is 2-legged OAuth.
            log.info('Trying 2 legged OAuth')
            try:
                valid, oauth_request = oauth.verify_request(
                    request.build_absolute_uri(),
                    method, headers=auth_header,
                    require_resource_owner=False)
            except ValueError:
                log.error('ValueError on verifying_request', exc_info=True)
                return False
            if not valid:
                log.error(u'Cannot find APIAccess token with that key: %s'
                          % oauth.attempted_key)
                return self._error('headers')
            request.user = Access.objects.get(
                key=oauth_request.client_key).user

        ACLMiddleware().process_request(request)
        # We've just become authenticated, time to run the pinning middleware
        # again.
        #
        # TODO: I'd like to see the OAuth authentication move to middleware.
        request.API = True  # We can be pretty sure we are in the API.
        APIPinningMiddleware().process_request(request)

        # But you cannot have one of these roles.
        denied_groups = set(['Admins'])
        roles = set(request.amo_user.groups.values_list('name', flat=True))
        if roles and roles.intersection(denied_groups):
            log.info(u'Attempt to use API with denied role, user: %s'
                     % request.amo_user.pk)
            return self._error('roles')

        log.info('Successful OAuth with user: %s' % request.user)
        return True
Exemple #4
0
    def process_request(self, request):
        # For now we only want these to apply to the API.
        # This attribute is set in RedirectPrefixedURIMiddleware.
        if not getattr(request, 'API', False):
            return

        if not settings.SITE_URL:
            raise ValueError('SITE_URL is not specified')

        # Set up authed_from attribute.
        if not hasattr(request, 'authed_from'):
            request.authed_from = []

        auth_header_value = request.META.get('HTTP_AUTHORIZATION')
        if (not auth_header_value
                and 'oauth_token' not in request.META['QUERY_STRING']):
            self.user = AnonymousUser()
            log.info('No HTTP_AUTHORIZATION header')
            return

        # Set up authed_from attribute.
        auth_header = {'Authorization': auth_header_value}
        method = getattr(request, 'signed_method', request.method)
        oauth = OAuthServer()
        if ('oauth_token' in request.META['QUERY_STRING']
                or 'oauth_token' in auth_header_value):
            # This is 3-legged OAuth.
            log.info('Trying 3 legged OAuth')
            try:
                valid, oauth_request = oauth.verify_request(
                    request.build_absolute_uri(),
                    method,
                    headers=auth_header,
                    require_resource_owner=True)
            except ValueError:
                log.error('ValueError on verifying_request', exc_info=True)
                return
            if not valid:
                log.error(u'Cannot find APIAccess token with that key: %s' %
                          oauth.attempted_key)
                return
            uid = Token.objects.filter(
                token_type=ACCESS_TOKEN,
                key=oauth_request.resource_owner_key).values_list('user_id',
                                                                  flat=True)[0]
            request.amo_user = UserProfile.objects.select_related('user').get(
                pk=uid)
            request.user = request.amo_user.user
        else:
            # This is 2-legged OAuth.
            log.info('Trying 2 legged OAuth')
            try:
                valid, oauth_request = oauth.verify_request(
                    request.build_absolute_uri(),
                    method,
                    headers=auth_header,
                    require_resource_owner=False)
            except ValueError:
                log.error('ValueError on verifying_request', exc_info=True)
                return
            if not valid:
                log.error(u'Cannot find APIAccess token with that key: %s' %
                          oauth.attempted_key)
                return
            uid = Access.objects.filter(
                key=oauth_request.client_key).values_list('user_id',
                                                          flat=True)[0]
            request.amo_user = UserProfile.objects.select_related('user').get(
                pk=uid)
            request.user = request.amo_user.user

        # But you cannot have one of these roles.
        denied_groups = set(['Admins'])
        roles = set(request.amo_user.groups.values_list('name', flat=True))
        if roles and roles.intersection(denied_groups):
            log.info(u'Attempt to use API with denied role, user: %s' %
                     request.amo_user.pk)
            # Set request attributes back to None.
            request.user = request.amo_user = None
            return

        if request.user:
            request.authed_from.append('RestOAuth')

        log.info('Successful OAuth with user: %s' % request.user)
Exemple #5
0
    def process_request(self, request):
        # For now we only want these to apply to the API.
        # This attribute is set in RedirectPrefixedURIMiddleware.
        if not getattr(request, 'API', False):
            return

        if not settings.SITE_URL:
            raise ValueError('SITE_URL is not specified')

        # Set up authed_from attribute.
        if not hasattr(request, 'authed_from'):
            request.authed_from = []

        auth_header_value = request.META.get('HTTP_AUTHORIZATION')
        if (not auth_header_value and
            'oauth_token' not in request.META['QUERY_STRING']):
            self.user = AnonymousUser()
            log.info('No HTTP_AUTHORIZATION header')
            return

        # Set up authed_from attribute.
        auth_header = {'Authorization': auth_header_value}
        method = getattr(request, 'signed_method', request.method)
        oauth = OAuthServer()
        if ('oauth_token' in request.META['QUERY_STRING'] or
            'oauth_token' in auth_header_value):
            # This is 3-legged OAuth.
            log.info('Trying 3 legged OAuth')
            try:
                valid, oauth_request = oauth.verify_request(
                    request.build_absolute_uri(),
                    method, headers=auth_header,
                    require_resource_owner=True)
            except ValueError:
                log.error('ValueError on verifying_request', exc_info=True)
                return
            if not valid:
                log.error(u'Cannot find APIAccess token with that key: %s'
                          % oauth.attempted_key)
                return
            uid = Token.objects.filter(
                token_type=ACCESS_TOKEN,
                key=oauth_request.resource_owner_key).values_list(
                    'user_id', flat=True)[0]
            request.amo_user = UserProfile.objects.select_related(
                'user').get(pk=uid)
            request.user = request.amo_user.user
        else:
            # This is 2-legged OAuth.
            log.info('Trying 2 legged OAuth')
            try:
                valid, oauth_request = oauth.verify_request(
                    request.build_absolute_uri(),
                    method, headers=auth_header,
                    require_resource_owner=False)
            except ValueError:
                log.error('ValueError on verifying_request', exc_info=True)
                return
            if not valid:
                log.error(u'Cannot find APIAccess token with that key: %s'
                          % oauth.attempted_key)
                return
            uid = Access.objects.filter(
                key=oauth_request.client_key).values_list(
                    'user_id', flat=True)[0]
            request.amo_user = UserProfile.objects.select_related(
                'user').get(pk=uid)
            request.user = request.amo_user.user

        # But you cannot have one of these roles.
        denied_groups = set(['Admins'])
        roles = set(request.amo_user.groups.values_list('name', flat=True))
        if roles and roles.intersection(denied_groups):
            log.info(u'Attempt to use API with denied role, user: %s'
                     % request.amo_user.pk)
            # Set request attributes back to None.
            request.user = request.amo_user = None
            return

        if request.user:
            request.authed_from.append('RestOAuth')

        log.info('Successful OAuth with user: %s' % request.user)