def oauth_authentication():
if not config.getboolean('oauth', 'enabled'):
return None, False
username = http.request_info('HTTP_PULP_USER')
auth = http.http_authorization()
cert_pem = http.ssl_client_cert()
if username is None or auth is None:
if cert_pem is not None:
raise PulpCodedAuthenticationException(error_code=error_codes.PLP0027, user=username)
return None, False
meth = http.request_info('REQUEST_METHOD')
url = http.request_url()
query = http.request_info('QUERY_STRING')
userid, is_consumer = factory.authentication_manager().check_oauth(username, meth, url, auth, query)
if userid is None:
raise PulpCodedAuthenticationException(error_code=error_codes.PLP0028, user=username)
_LOG.debug("User authenticated with Oauth: %s" % userid)
return userid, is_consumer
def oauth_authentication():
if not config.getboolean('oauth', 'enabled'):
return None, False
username = http.request_info('HTTP_PULP_USER')
auth = http.http_authorization()
cert_pem = http.ssl_client_cert()
if username is None or auth is None:
if cert_pem is not None:
raise AuthenticationFailed(auth_utils.CODE_INVALID_SSL_CERT)
return None, False
meth = http.request_info('REQUEST_METHOD')
url = http.request_url()
query = http.request_info('QUERY_STRING')
userid, is_consumer = factory.authentication_manager().check_oauth(username, meth, url, auth, query)
if userid is None:
raise AuthenticationFailed(auth_utils.CODE_OAUTH)
_LOG.debug("User authenticated with Oauth: %s" % userid)
return userid, is_consumer
def oauth_authentication():
if not config.getboolean('oauth', 'enabled'):
return None, False
username = http.request_info('HTTP_PULP_USER')
auth = http.http_authorization()
cert_pem = http.ssl_client_cert()
if username is None or auth is None:
if cert_pem is not None:
raise AuthenticationFailed(auth_utils.CODE_INVALID_SSL_CERT)
return None, False
meth = http.request_info('REQUEST_METHOD')
url = http.request_url()
query = http.request_info('QUERY_STRING')
userid, is_consumer = factory.authentication_manager().check_oauth(
username, meth, url, auth, query)
if userid is None:
raise AuthenticationFailed(auth_utils.CODE_OAUTH)
_LOG.debug("User authenticated with Oauth: %s" % userid)
return userid, is_consumer
def oauth_authentication():
if not config.getboolean('oauth', 'enabled'):
return None, False
username = http.request_info('HTTP_PULP_USER')
auth = http.http_authorization()
cert_pem = http.ssl_client_cert()
if username is None or auth is None:
if cert_pem is not None:
raise PulpCodedAuthenticationException(
error_code=error_codes.PLP0027, user=username)
return None, False
meth = http.request_info('REQUEST_METHOD')
url = http.request_url()
query = http.request_info('QUERY_STRING')
userid, is_consumer = factory.authentication_manager().check_oauth(
username, meth, url, auth, query)
if userid is None:
raise PulpCodedAuthenticationException(error_code=error_codes.PLP0028,
user=username)
_logger.debug("User authenticated with Oauth: %s" % userid)
return userid, is_consumer
def _auth_decorator(self, *args, **kwargs):
# XXX jesus h christ: is this some god awful shit
# please, please refactor this into ... something ... anything!
user = None
is_consumer = False
permissions = {'/v2/consumers/' : [0, 1]}
# first, try username:password authentication
username, password = http.username_password()
if username is not None:
user = check_username_password(username, password)
if user is None:
return self.unauthorized(user_pass_fail_msg)
# second, try certificate authentication
if user is None:
cert_pem = http.ssl_client_cert()
if cert_pem is not None:
# first, check user certificate
user = check_user_cert(cert_pem)
if user is None:
# second, check consumer certificate
# This is temporary solution to solve authorization failure for consumers
# because of no associated users. We would likely be going with a similar approach
# for v2 with static permissions for consumers instead of associates users. Once we
# have users and permissions flushed out for v2, this code will look much better.
# user = check_consumer_cert(cert_pem)
user = check_consumer_cert_no_user(cert_pem)
if user:
is_consumer = True
consumer_base_url = '/v2/consumers/%s' % user + '/'
permissions[consumer_base_url] = [0, 1, 2, 3, 4]
# third, check oauth credentials
if user is None:
auth = http.http_authorization()
username = http.request_info('HTTP_PULP_USER')
if None in (auth, username):
if cert_pem is not None:
return self.unauthorized(cert_fail_msg)
else:
meth = http.request_info('REQUEST_METHOD')
url = http.request_url()
query = http.request_info('QUERY_STRING')
user = check_oauth(username, meth, url, auth, query)
if user is None:
return self.unauthorized(oauth_fail_msg)
# authentication has failed
if user is None:
return self.unauthorized(authen_fail_msg)
# procedure to check consumer permissions - part of the temporary solution described above
def is_consumer_authorized(resource, consumer, operation):
if consumer_base_url in resource and operation in permissions[consumer_base_url]:
return True
else:
return False
# forth, check authorization
user_query_manager = factory.user_query_manager()
if super_user_only and not user_query_manager.is_superuser(user['login']):
return self.unauthorized(author_fail_msg)
# if the operation is None, don't check authorization
elif operation is not None:
if is_consumer and is_consumer_authorized(http.resource_path(), user, operation):
value = method(self, *args, **kwargs)
clear_principal()
return value
elif user_query_manager.is_authorized(http.resource_path(), user['login'], operation):
pass
else:
return self.unauthorized(author_fail_msg)
# everything ok, manage the principal and call the method
set_principal(user)
value = method(self, *args, **kwargs)
clear_principal()
return value