Esempio n. 1
0
def password_authorization(request, username, password, scope, expires_in):

    policy = request.registry.queryUtility(IAuthenticationPolicy)
    authapi = policy._getAPI(request)
    credentials = {'login': username, 'password': password}

    identity, headers = authapi.login(credentials)

    if not identity:
        return OAuth2ErrorHandler.error_unauthorized_client()
    else:
        # Create and store token
        storage = request.registry.osiris_store
        token = generate_token()
        stored = storage.store(token, username, scope, expires_in)

        # Issue token
        if stored:
            return dict(access_token=token,
                        token_type='bearer',
                        scope=scope,
                        expires_in=expires_in)
        else:
            # If operation error, return a generic server error
            return HTTPInternalServerError()
Esempio n. 2
0
def password_authorization(request, username, password, scope, expires_in):

    policy = request.registry.queryUtility(IAuthenticationPolicy)
    authapi = policy._getAPI(request)
    credentials = {'login': username, 'password': password}

    identity, headers = authapi.login(credentials)

    if not identity:
        return OAuth2ErrorHandler.error_unauthorized_client()
    else:
        # Create and store token
        storage = request.registry.osiris_store
        token = generate_token()
        stored = storage.store(token, username, scope, expires_in)

        # Issue token
        if stored:
            return dict(
                        access_token=token,
                        token_type='bearer',
                        scope=scope,
                        expires_in=expires_in
                        )
        else:
            # If operation error, return a generic server error
            return HTTPInternalServerError()
Esempio n. 3
0
def password_authorization(request, username, password, scope, expires_in):

    ldap_enabled = asbool(request.registry.settings.get('osiris.ldap_enabled'))
    ldap_scope_as_group = asbool(
        request.registry.settings.get('osiris.ldap_scope_as_group'))

    if ldap_enabled:
        from osiris import get_ldap_connector
        connector = get_ldap_connector(request)
        identity = connector.authenticate(username, password)
        scopes = scope.split(' ')
        if ldap_scope_as_group and scope:
            user_groups = connector.user_groups(username)
            user_groups = [group[0] for group in user_groups]
            user_groups = [
                group.split(",")[0].split("=")[1] for group in user_groups
            ]

            for req_scope in scopes:
                if req_scope not in user_groups:
                    return OAuth2ErrorHandler.error_invalid_scope(req_scope)

    else:
        policy = request.registry.queryUtility(IAuthenticationPolicy)
        authapi = policy._getAPI(request)
        credentials = {'login': username, 'password': password}

        identity, headers = authapi.login(credentials)
        user_groups = []

    if not identity:
        return OAuth2ErrorHandler.error_invalid_grant()
    else:
        storage = request.registry.osiris_store
        # Check if an existing token for the username and scope is already issued
        issued = storage.retrieve(username=username, scope=scope)
        if issued:
            # Return the already issued one
            return dict(
                access_token=issued.get('token'),
                token_type='bearer',
                scope=issued.get('scope'),
                expires_in=issued.get('expire_time'),
            )
        else:
            # Create and store token
            token = generate_token()
            stored = storage.store(token, username, scope, expires_in)

            # Issue token
            if stored:
                return dict(access_token=token,
                            token_type='bearer',
                            scope=scope,
                            expires_in=int(expires_in))
            else:
                # If operation error, return a generic server error
                return HTTPInternalServerError()
Esempio n. 4
0
def password_authorization(request, username, password, scope, expires_in):

    ldap_enabled = asbool(request.registry.settings.get('osiris.ldap_enabled'))
    ldap_scope_as_group = asbool(
        request.registry.settings.get('osiris.ldap_scope_as_group'))

    if ldap_enabled:
        from osiris import get_ldap_connector
        connector = get_ldap_connector(request)
        identity = connector.authenticate(username, password)
        scopes = scope.split(' ')
        if ldap_scope_as_group and scope:
            user_groups = connector.user_groups(username)
            user_groups = [group[0] for group in user_groups]
            user_groups = [group.split(",")[0].split("=")[1]
                           for group in user_groups]

            for req_scope in scopes:
                if req_scope not in user_groups:
                    return OAuth2ErrorHandler.error_invalid_scope(req_scope)

    else:
        policy = request.registry.queryUtility(IAuthenticationPolicy)
        authapi = policy._getAPI(request)
        credentials = {'login': username, 'password': password}

        identity, headers = authapi.login(credentials)
        user_groups = []

    if not identity:
        return OAuth2ErrorHandler.error_invalid_grant()
    else:
        storage = request.registry.osiris_store
        # Check if an existing token for the username and scope is already issued
        issued = storage.retrieve(username=username, scope=scope)
        if issued:
            # Return the already issued one
            return dict(access_token=issued.get('token'),
                        token_type='bearer',
                        scope=issued.get('scope'),
                        expires_in=issued.get('expire_time'),
                        )
        else:
            # Create and store token
            token = generate_token()
            stored = storage.store(token, username, scope, expires_in)

            # Issue token
            if stored:
                return dict(access_token=token,
                            token_type='bearer',
                            scope=scope,
                            expires_in=int(expires_in)
                            )
            else:
                # If operation error, return a generic server error
                return HTTPInternalServerError()