def InspectParams(params_dict, forbidden_params, rename_dict): """Inspects a dictionary of params, looking for forbidden values. @type params_dict: dict of string to anything @param params_dict: A dictionary of supplied parameters @type forbidden_params: dict of string to string or list of any @param forbidden_params: The forbidden parameters, with a list of forbidden values or the constant ALL_VALUES_FORBIDDEN signifying that all values are forbidden @type rename_dict: None or dict of string to string @param rename_dict: The list of parameter renamings used by the method @raise http.HttpForbidden: If a forbidden param has been set """ for param in params_dict: # Check for possible renames to ensure nothing slips through if rename_dict is not None and param in rename_dict: param = rename_dict[param] # Now see if there are restrictions on this parameter if param in forbidden_params: forbidden_values = forbidden_params[param] if forbidden_values == ALL_VALUES_FORBIDDEN: raise http.HttpForbidden( "The parameter %s cannot be set via RAPI" % param) param_value = params_dict[param] if param_value in forbidden_values: raise http.HttpForbidden( "The parameter %s cannot be set to the value" " %s via RAPI" % (param, param_value))
def ValidateRequest(self, req, handler_access): """Checks whether a user can access a resource. """ username, password = HttpServerRequestAuthentication \ .ExtractUserPassword(req) if username is None: raise http.HttpUnauthorized() if password is None: raise http.HttpBadRequest(message=("Basic authentication requires" " password")) user = self.user_fn(username) if self.user_fn else self.users.Get( username) _, expected_password = HttpServerRequestAuthentication \ .ExtractSchemePassword(password) if not (user and expected_password == user.password): # Unknown user or password wrong return None if (not handler_access or set(user.options).intersection(handler_access)): # Allow access return username # Access forbidden raise http.HttpForbidden()
def ValidateRequest(self, req, handler_access, realm): """Checks whether a user can access a resource. """ request_username, request_password = HttpServerRequestAuthentication \ .ExtractUserPassword(req) if request_username is None: raise http.HttpUnauthorized() if request_password is None: raise http.HttpBadRequest(message=("Basic authentication requires" " password")) user = self.user_fn(request_username) if not (user and HttpServerRequestAuthentication.VerifyBasicAuthPassword( request_username, request_password, user.password, realm)): # Unknown user or password wrong return None if (not handler_access or set(user.options).intersection(handler_access)): # Allow access return request_username # Access forbidden raise http.HttpForbidden()
def Authenticate(self, req, username, password): """Checks whether a user can access a resource. """ ctx = self._GetRequestContext(req) user = self._user_fn(username) if not (user and self.VerifyBasicAuthPassword(req, username, password, user.password)): # Unknown user or password wrong return False if (not ctx.handler_access or set(user.options).intersection(ctx.handler_access)): # Allow access return True # Access forbidden raise http.HttpForbidden()