Exemple #1
0
 def authorize(self):
     # Perform the initial API call and direct the user.
     
     api = API(config['api.endpoint'], config['api.identity'], config['api.private'], config['api.public'])
     
     success = str(url.complete('/authorized'))
     failure = str(url.complete('/nolove'))
     
     result = api.core.authorize(success=success, failure=failure)
     
     raise HTTPFound(location=result.location)
Exemple #2
0
    def authorize(self, success=None, failure=None):
        """Prepare a incoming session request.
        
        Error 'message' attributes are temporary; base your logic on the status and code attributes.
        
        success: web.core.url:URL (required)
        failure: web.core.url:URL (required)
        
        returns:
            location: web.core.url:URL
                the location to direct users to
        """

        # Ensure success and failure URLs are present.

        if success is None:
            response.status_int = 400
            return dict(
                status='error',
                code='argument.success.missing',
                message=
                "URL to return users to upon successful authentication is missing from your request."
            )

        if failure is None:
            response.status_int = 400
            return dict(
                status='error',
                code='argument.failure.missing',
                message=
                "URL to return users to upon authentication failure or dismissal is missing from your request."
            )

        # Also ensure they are valid URIs.

        try:
            success_ = success
            success = URL(success)
        except:
            response.status_int = 400
            return dict(status='error',
                        code='argument.success.malformed',
                        message="Successful authentication URL is malformed.")

        try:
            failure_ = failure
            failure = URL(failure)
        except:
            response.status_int = 400
            return dict(
                status='error',
                code='argument.response.malformed',
                message=
                "URL to return users to upon successful authentication is missing from your request."
            )

        # Deny localhost/127.0.0.1 loopbacks and 192.* and 10.* unless in development mode.

        if not boolean(config.get('debug', False)) and (success.host in ('localhost', '127.0.0.1') or \
                success.host.startswith('192.168.') or \
                success.host.startswith('10.')):
            response.status_int = 400
            return dict(
                status='error',
                code='development-only',
                message=
                "Loopback and local area-network URLs disallowd in production."
            )

        # Check blacklist and bail early.

        if AuthenticationBlacklist.objects(
                reduce(__or__, [
                    Q(scheme=success.scheme),
                    Q(scheme=failure.scheme),
                    Q(protocol=success.port or success.scheme),
                    Q(protocol=failure.port or failure.scheme),
                ] + ([] if not success.host else [Q(domain=success.host)]) +
                       ([] if not failure.host else [Q(
                           domain=failure.host)]))).count():
            response.status_int = 400
            return dict(
                status='error',
                code='blacklist',
                message="You have been blacklisted.  To dispute, contact {0}".
                format(config['mail.blackmail.author']))

        # TODO: Check DNS.  Yes, really.

        # Generate authentication token.

        log.info("Creating request for {0} with callbacks {1} and {2}.".format(
            request.service, success_, failure_))
        ar = AuthenticationRequest(
            request.
            service,  # We have an authenticated request, so we know the service ID is valid.
            success=success_,
            failure=failure_)
        ar.save()

        return dict(location=url.complete('/authorize/{0}'.format(ar.id)))
Exemple #3
0
 def authorize(self, success=None, failure=None):
     """Prepare a incoming session request.
     
     Error 'message' attributes are temporary; base your logic on the status and code attributes.
     
     success: web.core.url:URL (required)
     failure: web.core.url:URL (required)
     
     returns:
         location: web.core.url:URL
             the location to direct users to
     """
     
     # Ensure success and failure URLs are present.
     
     if success is None:
         response.status_int = 400
         return dict(
                 status = 'error',
                 code = 'argument.success.missing',
                 message = "URL to return users to upon successful authentication is missing from your request."
             )
     
     if failure is None:
         response.status_int = 400
         return dict(
                 status = 'error',
                 code = 'argument.failure.missing',
                 message = "URL to return users to upon authentication failure or dismissal is missing from your request."
             )
     
     # Also ensure they are valid URIs.
     
     try:
         success_ = success
         success = URL(success)
     except:
         response.status_int = 400
         return dict(
                 status = 'error',
                 code = 'argument.success.malformed',
                 message = "Successful authentication URL is malformed."
             )
     
     try:
         failure_ = failure
         failure = URL(failure)
     except:
         response.status_int = 400
         return dict(
                 status = 'error',
                 code = 'argument.response.malformed',
                 message = "URL to return users to upon successful authentication is missing from your request."
             )
     
     # Deny localhost/127.0.0.1 loopbacks and 192.* and 10.* unless in development mode.
     
     if not boolean(config.get('debug', False)) and (success.host in ('localhost', '127.0.0.1') or \
             success.host.startswith('192.168.') or \
             success.host.startswith('10.')):
         response.status_int = 400
         return dict(
                 status = 'error',
                 code = 'development-only',
                 message = "Loopback and local area-network URLs disallowd in production."
             )
     
     # Check blacklist and bail early.
     
     if AuthenticationBlacklist.objects(reduce(__or__, [
                 Q(scheme=success.scheme), Q(scheme=failure.scheme),
                 Q(protocol=success.port or success.scheme), Q(protocol=failure.port or failure.scheme),
             ] + ([] if not success.host else [
                 Q(domain=success.host)
             ]) + ([] if not failure.host else [
                 Q(domain=failure.host)
             ]))).count():
         response.status_int = 400
         return dict(
                 status = 'error',
                 code = 'blacklist',
                 message = "You have been blacklisted.  To dispute, contact {0}".format(config['mail.blackmail.author'])
             )
     
     # TODO: Check DNS.  Yes, really.
     
     # Generate authentication token.
     
     log.info("Creating request for {0} with callbacks {1} and {2}.".format(request.service, success_, failure_))
     ar = AuthenticationRequest(
             request.service,  # We have an authenticated request, so we know the service ID is valid.
             success = success_,
             failure = failure_
         )
     ar.save()
     
     return dict(
             location = url.complete('/authorize/{0}'.format(ar.id))
         )