def get_chrome_user_session_info(request):
try:
oauth_request = SESSION_OAUTH_SERVER.extract_oauth_request(djangoutils.extract_request(request))
consumer, token, parameters = SESSION_OAUTH_SERVER.check_resource_access(oauth_request)
return consumer, token, parameters, oauth_request
except oauth.OAuthError:
return None, None, None, None
def get_chrome_user_session_info(request):
try:
oauth_request = SESSION_OAUTH_SERVER.extract_oauth_request(
djangoutils.extract_request(request))
consumer, token, parameters = SESSION_OAUTH_SERVER.check_resource_access(
oauth_request)
return consumer, token, parameters, oauth_request
except oauth.OAuthError:
return None, None, None, None
def session_create(request):
password = None
if request.POST.has_key("username"):
username = request.POST["username"]
if request.POST.has_key("password"):
password = request.POST["password"]
user = auth.authenticate(request, username, password)
if not password and request.POST.has_key("system"):
system = request.POST["system"]
try:
AuthSystem.objects.get(short_name=system)
user = auth.authenticate(request, username, None, system)
except AuthSystem.DoesNotExist:
raise PermissionDenied()
if not user:
raise PermissionDenied()
if user.is_active:
# auth worked, created a session based token
token = SESSION_OAUTH_SERVER.generate_and_preauthorize_access_token(request.principal, user=user)
else:
raise PermissionDenied()
return HttpResponse(str(token), mimetype="text/plain")
def session_create(request):
""" Authenticate a user and register a web session for them.
request.POST must contain:
* *username*: the username of the user to authenticate.
request.POST may contain **EITHER**:
* *password*: the password to use with *username* against the
internal password auth system.
* *system*: An external auth system to authenticate the user
Will return :http:statuscode:`200` with a valid session token
on success, :http:statuscode:`400` if no username was provided, :http:statuscode:`403` if the passed credentials were
invalid or it the passed *system* doesn't exist.
"""
from indivo.accesscontrol import auth
user = None
username = None
password = None
if request.POST.has_key('username'):
username = request.POST['username']
else:
return HttpResponseBadRequest('No username provided')
if request.POST.has_key('password'):
password = request.POST['password']
user = auth.authenticate(request, username, password)
if not password and request.POST.has_key('system'):
system = request.POST['system']
try:
AuthSystem.objects.get(short_name=system)
user = auth.authenticate(request, username, None, system)
except AuthSystem.DoesNotExist:
raise PermissionDenied()
if not password and request.POST.has_key('system'):
system = request.POST['system']
try:
AuthSystem.objects.get(short_name=system)
user = auth.authenticate(request, username, None, system)
except AuthSystem.DoesNotExist:
raise PermissionDenied()
if not user:
raise PermissionDenied()
if user.is_active:
# auth worked, created a session based token
from indivo.accesscontrol.oauth_servers import SESSION_OAUTH_SERVER
token = SESSION_OAUTH_SERVER.generate_and_preauthorize_access_token(request.principal, user=user)
else:
logging.debug('indivo.views.pha.session_create(): This user is not active')
raise PermissionDenied()
return HttpResponse(str(token), mimetype='text/plain')
def session_create(request):
""" Authenticate a user and register a web session for them.
request.POST must contain:
* *username*: the username of the user to authenticate.
request.POST may contain **EITHER**:
* *password*: the password to use with *username* against the
internal password auth system.
* *system*: An external auth system to authenticate the user
Will return :http:statuscode:`200` with a valid session token
on success, :http:statuscode:`400` if no username was provided, :http:statuscode:`403` if the passed credentials were
invalid or it the passed *system* doesn't exist.
"""
from indivo.accesscontrol import auth
user = None
username = None
password = None
if request.POST.has_key('username'):
username = request.POST['username']
else:
return HttpResponseBadRequest('No username provided')
if request.POST.has_key('password'):
password = request.POST['password']
user = auth.authenticate(request, username, password)
if not password and request.POST.has_key('system'):
system = request.POST['system']
try:
AuthSystem.objects.get(short_name=system)
user = auth.authenticate(request, username, None, system)
except AuthSystem.DoesNotExist:
raise PermissionDenied()
if not password and request.POST.has_key('system'):
system = request.POST['system']
try:
AuthSystem.objects.get(short_name=system)
user = auth.authenticate(request, username, None, system)
except AuthSystem.DoesNotExist:
raise PermissionDenied()
if not user:
raise PermissionDenied()
if user.is_active:
# auth worked, created a session based token
from indivo.accesscontrol.oauth_servers import SESSION_OAUTH_SERVER
token = SESSION_OAUTH_SERVER.generate_and_preauthorize_access_token(request.principal, user=user)
else:
logging.debug('indivo.views.pha.session_create(): This user is not active')
raise PermissionDenied()
return HttpResponse(str(token), mimetype='text/plain')
def session_create(request):
from indivo.accesscontrol import auth
password = None
if request.POST.has_key('username'):
username = request.POST['username']
if request.POST.has_key('password'):
password = request.POST['password']
user = auth.authenticate(request, username, password)
if not password and request.POST.has_key('system'):
system = request.POST['system']
try:
AuthSystem.objects.get(short_name=system)
user = auth.authenticate(request, username, None, system)
except AuthSystem.DoesNotExist:
raise PermissionDenied()
if not user:
raise PermissionDenied()
if user.is_active:
# auth worked, created a session based token
from indivo.accesscontrol.oauth_servers import SESSION_OAUTH_SERVER
token = SESSION_OAUTH_SERVER.generate_and_preauthorize_access_token(request.principal, user=user)
else:
raise PermissionDenied()
return HttpResponse(str(token), mimetype='text/plain')
