def validate_oauth_token(token, request=None): """ Validates the token attached to the request (SessionStorage, GET/POST) On every request, ask OAuth to authorize the token """ #Authorization test user_profile = cas_profile_for_token(token) if not user_profile: return False username = user_profile.get("id") attrs = user_profile.get("attributes") if not username or not attrs: logger.info("Invalid Profile:%s does not have username/attributes" % user_profile) return False #TEST 1 : Must be in the group 'atmo-user' #NOTE: Test 1 will be IGNORED until we can verify it returns 'entitlement' # EVERY TIME! #if not cas_profile_contains(attrs, 'atmo-user'): # raise Unauthorized("User %s is not a member of group 'atmo-user'" # % username) #TODO: TEST 2 : Must have an identity (?) if not AtmosphereUser.objects.filter(username=username): raise Unauthorized("User %s does not exist as an AtmosphereUser" % username) auth_token = obtainOAuthToken(username, token) #logger.info("OAuthToken Obtained for %s:%s" % (username, auth_token)) if not auth_token: return False return True
def validate_oauth_token(token, request=None): """ Validates the token attached to the request (SessionStorage, GET/POST) On every request, ask OAuth to authorize the token """ # Attempt to contact CAS try: user_profile = cas_profile_for_token(token) except ConnectionError: logger.exception("CAS could not be reached!") user_profile = None if not user_profile: return False username = user_profile.get("id") attrs = user_profile.get("attributes") if not username or not attrs: # logger.info("Invalid Profile:%s does not have username/attributes" # % user_profile) return False # NOTE: REMOVE this when it is no longer true! # Force any username lookup to be in lowercase if not username: return None username = username.lower() # TEST 1 : Must be in the group 'atmo-user' # NOTE: Test 1 will be IGNORED until we can verify it returns 'entitlement' # EVERY TIME! # raise Unauthorized("User %s is not a member of group 'atmo-user'" # % username) # TODO: TEST 2 : Must have an identity (?) if not AtmosphereUser.objects.filter(username=username): raise Unauthorized("User %s does not exist as an AtmosphereUser" % username) auth_token = obtainOAuthToken(username, token) if not auth_token: return False return True
def validate_oauth_token(token, request=None): """ Validates the token attached to the request (SessionStorage, GET/POST) On every request, ask OAuth to authorize the token """ #Authorization test user_profile = cas_profile_for_token(token) if not user_profile: return False username = user_profile["id"] attrs = user_profile["attributes"] #TEST 1 : Must be in the group 'atmo-user' if not cas_profile_contains(attrs, 'atmo-user'): raise Unauthorized("User %s is not a member of group 'atmo-user'" % username) #TODO: TEST 2 : Must have an identity (?) #NOTE: Will reuse token if found. auth_token = createOAuthToken(username, token) logger.info("AuthToken for %s:%s" % (username, auth_token)) if not auth_token: return False return True
def validate_oauth_token(token, request=None): """ Validates the token attached to the request (SessionStorage, GET/POST) On every request, ask OAuth to authorize the token """ #Authorization test user_profile = cas_profile_for_token(token) if not user_profile: return False username = user_profile["id"] attrs = user_profile["attributes"] #TEST 1 : Must be in the group 'atmo-user' if not cas_profile_contains(attrs, 'atmo-user'): raise Unauthorized("User %s is not a member of group 'atmo-user'" % username) #TODO: TEST 2 : Must have an identity (?) #NOTE: Will reuse token if found. auth_token = createOAuthToken(username, token) logger.info("AuthToken for %s:%s" % (username, auth_token)) if not auth_token: return False return True