Esempio n. 1
0
    def wrapper(self, *args, **kwargs):
        if 'Authorization' not in self.request.headers:
            logger.warning("Authentication: Header is missing",
                           extra={'location': self.request.full_url()})
            raise tornado.web.HTTPError(401)
        header = self.request.headers['Authorization']

        try:
            match = re.match('^Basic[ ]+([A-Za-z0-9+/]+[=]{0,2})$', header)
            if match is None:
                raise Exception("Invalid header")
            if len(match.group(1)) % 4 != 0:  # base64 tokens are 4k chars long
                raise Exception("Invalid header")
            token = base64.b64decode(match.group(1))
            assert ':' in token, "Invalid header"
            username = token.split(':')[0]
            password = '******'.join(token.split(':')[1:])
            assert username == config.username, "Wrong username"
            assert password == config.password, "Wrong password"
        except Exception as exc:
            logger.warning("Authentication: %s" % exc, exc_info=False,
                           extra={'location': self.request.full_url(),
                                  'details': header})
            raise tornado.web.HTTPError(401)

        return method(self, *args, **kwargs)
Esempio n. 2
0
    def wrapper(self, *args, **kwargs):
        if 'Authorization' not in self.request.headers:
            logger.warning("Authentication: Header is missing",
                           extra={'location': self.request.full_url()})
            raise tornado.web.HTTPError(401)
        header = self.request.headers['Authorization']

        try:
            match = re.match('^Basic[ ]+([A-Za-z0-9+/]+[=]{0,2})$', header)
            if match is None:
                raise Exception("Invalid header")
            if len(match.group(1)) % 4 != 0:  # base64 tokens are 4k chars long
                raise Exception("Invalid header")
            token = base64.b64decode(match.group(1))
            assert ':' in token, "Invalid header"
            username = token.split(':')[0]
            password = '******'.join(token.split(':')[1:])
            assert username == config.username, "Wrong username"
            assert password == config.password, "Wrong password"
        except Exception as exc:
            logger.warning("Authentication: %s" % exc,
                           exc_info=False,
                           extra={
                               'location': self.request.full_url(),
                               'details': header
                           })
            raise tornado.web.HTTPError(401)

        return method(self, *args, **kwargs)
Esempio n. 3
0
    def put(self, request, response, key):
        # Limit charset of keys.
        if re.match("^[A-Za-z0-9_]+$", key) is None:
            return Forbidden()
        if not self.authorized(request):
            logger.warning("Unauthorized request.",
                           extra={'location': request.url,
                                  'details': repr(request.authorization)})
            raise CustomUnauthorized()
        if request.mimetype != "application/json":
            logger.warning("Unsupported MIME type.",
                           extra={'location': request.url,
                                  'details': request.mimetype})
            raise UnsupportedMediaType()

        try:
            data = json.load(request.stream)
        except (TypeError, ValueError):
            logger.warning("Wrong JSON.",
                           extra={'location': request.url})
            raise BadRequest()

        try:
            if key not in self.store:
                self.store.create(key, data)
            else:
                self.store.update(key, data)
        except InvalidData:
            logger.warning("Invalid data.", exc_info=True,
                           extra={'location': request.url,
                                  'details': data})
            raise BadRequest()

        response.status_code = 204
Esempio n. 4
0
    def put_list(self, request, response):
        if not self.authorized(request):
            logger.info("Unauthorized request.",
                        extra={'location': request.url,
                               'details': repr(request.authorization)})
            raise CustomUnauthorized()
        if request.mimetype != "application/json":
            logger.warning("Unsupported MIME type.",
                           extra={'location': request.url,
                                  'details': request.mimetype})
            raise UnsupportedMediaType()

        try:
            data = json.load(request.stream)
        except (TypeError, ValueError):
            logger.warning("Wrong JSON.",
                           extra={'location': request.url})
            raise BadRequest()

        try:
            self.store.merge_list(data)
        except InvalidData:
            logger.warning("Invalid data.", exc_info=True,
                           extra={'location': request.url,
                                  'details': data})
            raise BadRequest()

        response.status_code = 204