def test_extract_oauth_key_returns_key(self):
token = factory.make_string(18)
self.assertEqual(
token,
extract_oauth_key(
make_fake_request(
factory.make_oauth_header(oauth_token=token))))
def get_node_for_request(request):
"""Return the `Node` that `request` queries metadata for.
For this form of access, a node can only query its own metadata. Thus
the oauth key used to authenticate the request must belong to the same
node that is being queried. Any request that is not made by an
authenticated node will be denied.
"""
key = extract_oauth_key(request)
try:
return NodeKey.objects.get_node_for_key(key)
except NodeKey.DoesNotExist:
raise PermissionDenied("Not authenticated as a known node.")
def check_rack_controller_access(request, rack_controller):
"""Validate API access by worker for `rack_controller`.
This supports a rack controller accessing the update_nodes API. If the
request is done by anyone but the rack controller for this
particular rack controller, the function raises :class:`PermissionDenied`.
"""
try:
key = extract_oauth_key(request)
except Unauthorized as e:
raise PermissionDenied(str(e))
tokens = list(get_auth_tokens(rack_controller.owner))
# Use the latest token if available
token = tokens[-1] if tokens else None
if token is None or key != token.key:
raise PermissionDenied("Only allowed for the %r rack controller." %
(rack_controller.hostname))
