def test_oauth_crypto(self):
phrase = 'MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE'
token = {
'access_token':
'MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE',
'expires_in': oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS,
'token_type': 'Password',
'refresh_token': 'abc',
'scope': 'read write'
}
data = encrypt_access_token(token)
if not data:
self.fail()
result = decrypt_access_token(data)
if not result:
self.fail()
if phrase != result['access_token']:
self.fail('Decrypted value does not match phrase.')
def has_permission(self, request, view):
"""
During Node registration, we won't have the machine_id in data, so security is handled
by the oauth2 rest framework authentication provider. Otherwise the node needs to
provide a node authentication header value.
"""
if 'token' in request.COOKIES:
# Get the encrypted access token data, fix any equal sign encoding.
enc_token = request.COOKIES['token'].replace('%3D', '=').encode('UTF-8')
token = decrypt_access_token(enc_token)
# Add the HTTP_Authorization header based off the encrypted token.
# We can only add something to the META property if we make a copy and store back the copy.
meta = request.META.copy()
meta['HTTP_Authorization'] = 'bearer {0}'.format(token['access_token'])
request.META = meta
# Retrieve the AccessToken record from the DB.
request.auth = AccessToken.objects.get(token=token['access_token'])
result = TokenHasReadWriteScope().has_permission(request, view)
return result
# Note: Not sure if we need to do any further permission checks on the Node here.
return True
def test_token_encryption(self):
""" Test the encryption and decryption of the access token """
enc_token = encrypt_access_token(self.token)
self.assertTrue(enc_token)
token = decrypt_access_token(enc_token)
self.assertTrue(is_access_token_valid(token))
self.assertTrue(token)
def test_token_encryption(self):
""" Test the encryption and decryption of the access token """
enc_token = encrypt_access_token(self.token)
self.assertTrue(enc_token)
token = decrypt_access_token(enc_token)
self.assertTrue(is_access_token_valid(token))
self.assertTrue(token)
def process_request(self, request):
# Check to see if this is the login/logout page, if so just return.
if '/accounts/login/' in request.path or '/accounts/logout/' in request.path:
return
# TODO: Only do oauth token stuff when the url is an API url
if 'token' in request.COOKIES:
# Get the encrypted access token data, fix any equal sign encoding.
enc = request.COOKIES['token'].replace('%3D', '=').encode('UTF-8')
# Decrypt the access token data
token = decrypt_access_token(enc)
# Check for a valid oauth token.
if token is not None and 'access_token' in token:
# Check to see if access token is not valid.
if not is_access_token_valid(token):
# TODO: Figure out when we should *not* just refresh the token.
# Try to refresh the token.
token = refresh_access_token(token)
# If we have a good refreshed token, update the cookies.
if 'access_token' in token:
# Encrypt the new token
enc = encrypt_access_token(token)
# Set the token into the request object
cookies = request.COOKIES.copy()
cookies['token'] = enc.decode('UTF-8')
cookies['token-update'] = "1"
request.COOKIES = cookies.copy()
else:
# Refresh token failed
return HttpResponseRedirect('/accounts/logout/')
# Create the Authorization header with the access token.
request.META['Authorization'] = 'bearer {0}'.format(token['access_token'])
else:
pass
def authenticate(self, request):
"""
security is handled by the Oauth2 rest framework authentication provider.
Otherwise an API authentication header needs to be provided.
"""
# TODO: Remove this later after all auth headers have been coded for.
# return None
# Try Oauth2 authentication first
if 'token' in request.COOKIES:
# Get the encrypted access token data, fix any equal sign encoding.
enc_token = request.COOKIES['token'].replace('%3D',
'=').encode('UTF-8')
token = decrypt_access_token(enc_token)
# Add the HTTP_Authorization header based off the encrypted token.
# We can only add something to the META property if we make a copy and store back the copy.
meta = request.META.copy()
meta['HTTP_Authorization'] = 'bearer {0}'.format(
token['access_token'])
request.META = meta
# Retrieve the AccessToken record from the DB.
request.auth = AccessToken.objects.get(token=token['access_token'])
result = OAuth2Authentication().authenticate(request)
return result
# Try API_KEY authentication
if "HTTP_API_KEY" in request.META:
m_key = request.META.get('HTTP_API_KEY')
# Look up API key in UserProfile table.
try:
profile = UserProfile.objects.get(api_code=m_key)
if profile.user.is_active is True and profile.api_access is True:
return (profile.user, m_key)
except ObjectDoesNotExist:
pass
raise exceptions.AuthenticationFailed(
'Valid API credentials were not provided.')
def authenticate(self, request):
"""
During Node registration, we won't have the machine_id in data, so security is handled
by the oauth2 rest framework authentication provider. Otherwise the node needs to
provide a node authentication header value.
"""
if 'token' in request.COOKIES:
# Get the encrypted access token data, fix any equal sign encoding.
enc_token = request.COOKIES['token'].replace('%3D', '=').encode('UTF-8')
token = decrypt_access_token(enc_token)
# Add the HTTP_Authorization header based off the encrypted token.
# We can only add something to the META property if we make a copy and store back the copy.
meta = request.META.copy()
meta['HTTP_Authorization'] = 'bearer {0}'.format(token['access_token'])
request.META = meta
# Retrieve the AccessToken record from the DB.
request.auth = AccessToken.objects.get(token=token['access_token'])
result = OAuth2Authentication().authenticate(request)
return result
m_id = request.META.get('HTTP_NODE')
if not m_id:
raise exceptions.AuthenticationFailed('Node credentials were not provided.')
try:
node = Node.objects.get(machine_id=m_id)
node.last_connection = datetime.datetime.now()
node.save()
except:
raise exceptions.AuthenticationFailed('Valid Node credentials were not provided.')
return None
def test_oauth_crypto(self):
phrase = 'MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE'
token = {
'access_token': 'MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE',
'expires_in': oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS,
'token_type': 'Password',
'refresh_token': 'abc',
'scope': 'read write'
}
data = encrypt_access_token(token)
if not data:
self.fail()
result = decrypt_access_token(data)
if not result:
self.fail()
if phrase != result['access_token']:
self.fail('Decrypted value does not match phrase.')
