def validate_user(request):
# check if we are api user or session user
if not request.user.is_authenticated:
try:
ta = TokenAuthentication()
ta.authenticate(request)
except AuthenticationFailed:
raise PermissionDenied()
def registerDetail(request):
tokenAuthentication = TokenAuthentication()
try:
user = tokenAuthentication.authenticate(request)
except exceptions.AuthenticationFailed:
response = HttpResponse(json.dumps({
'error':'fail'
}))
response.status_code='400'
else:
decodejson = json.loads(request.body)
babyname = decodejson['babyname']
birthday = None;
if 'birthday' in decodejson.keys():
birthday = decodejson['birthday']
if birthday :
birthday = birthday[0:10]
babyGender = int(decodejson['babyGender'])
parentGender = int(decodejson['parentGender'])
borned = int(decodejson['borned'])
userprofile = UserProfile.objects.get_or_create(user = user[0])
UserProfile.objects.filter(user = user[0]).update(babyName=babyname,babyGender=babyGender,parentGender=parentGender,borned=borned,birthday=birthday)
response = HttpResponse(json.dumps({
'msg':'success'
}))
response.status_code='200'
return response
def create(self, request, *args, **kwargs):
try:
aa = TokenAuthentication()
user_name, token = aa.authenticate(request)
print(user_name, token)
except Exception as e:
print(e)
result = {'return': 'fail', 'message': "auth fail."}
return Response(result, status=403)
if user_name != request.user:
result = {'return': 'fail', 'message': "others token."}
return Response(result, status=403)
validated_data = dict()
validated_data['name'] = request.data['name']
validated_data['jenkins_job'] = request.data['jenkins_job']
validated_data['git_url'] = request.data['git_url']
validated_data['script_url'] = request.data['script_url']
validated_data['manage_user'] = request.user
try:
App.objects.create(**validated_data)
response_data = {
'result': 'success',
'message': u'新App服务应用插入数据库成功!'
}
return Response(response_data, status=status.HTTP_201_CREATED)
except Exception as e:
print(e, "$$$$$$$$$$$$$$$$$$")
response_data = {
'result': 'failed',
'message': u'App服务应用不能正确插入数据库'
}
return Response(response_data, status=status.HTTP_400_BAD_REQUEST)
def authenticate(self, request):
"""
Authenticate the request for anyone or if a valid token is provided, a user.
"""
try:
return TokenAuthentication.authenticate(TokenAuthentication(), request)
except:
return AnonymousUser(), None
def _func(root, info, *args, **kwargs):
authenticator = TokenAuthentication()
user_auth_tuple = authenticator.authenticate(info.context)
if user_auth_tuple is None:
return None
else:
info.context.user = user_auth_tuple[0]
return func(root, info, *args, **kwargs)
def get_or_create_person(request):
user = request.user
if user is None or user.is_anonymous:
try:
token_auth = TokenAuthentication()
user, token = token_auth.authenticate(request)
except:
pass
if user.is_anonymous:
# Check if a session cookie exists
uuid = request.get_signed_cookie('uuid', None)
if uuid is not None:
# get person from uuid
person, created = Person.objects.get_or_create(uuid=uuid)
if created:
logger.info("Created new person, {0}".format(person))
else:
# Create person and set uuid
person = Person.objects.create()
request.session['uuid'] = person.uuid
else:
try:
person = Person.objects.get(user=user)
except ObjectDoesNotExist:
uuid = request.get_signed_cookie('uuid', None)
if uuid is not None:
person = Person.objects.get(uuid=uuid)
if person.user is not None:
if person.user is not user:
# Another user has signed in
# and this user needs a person!
person = Person.objects.create(user=user)
else:
person.user = user
else:
person = Person.objects.create(user=user)
first = '' if not user.first_name else user.first_name
last = '' if not user.last_name else user.last_name
if first == '' and last == '':
full_name = user.username
else:
full_name = '{0} {1}'.format(first, last)
if not person.full_name:
person.full_name = full_name
person.save()
request.session['uuid'] = person.uuid
if person:
try:
person.last_user_agent = request.META['HTTP_USER_AGENT']
person.save()
except:
pass
return person
def tokenAuthentication(self, request):
# default to session authentication
if not request.user or not request.user.is_authenticated():
try:
auth = TokenAuthentication()
user, token = auth.authenticate(request)
request.user = user
except Exception, e:
pass # ignore the attempt at authentication
def authenticate(self, request):
"""
Authenticate the request for anyone or if a valid token is provided, a user.
"""
try:
return TokenAuthentication.authenticate(TokenAuthentication(), request)
except Exception as e:
logger.debug(e)
return AnonymousUser(), None
def __call__(self, request):
mfa_required = getattr(settings, 'MFA_REQUIRED', False)
sso_mfa_required = getattr(settings, 'SSO_MFA_REQUIRED', False)
admin_mfa_required = getattr(settings, 'ADMIN_MFA_REQUIRED', True)
# Override MFA_REQUIRED setting for API Token authentication
if mfa_required and 'Authorization' in request.headers \
and TokenAuthentication.keyword in request.headers['Authorization']:
# Verify Token
try:
ta = TokenAuthentication()
ta.authenticate(request)
mfa_required = False
except AuthenticationFailed:
pass
# Override MFA_REQUIRED setting for users logged in with SSO
has_social_auth_attr = getattr(request.user, 'social_auth',
None) is not None
if mfa_required and not sso_mfa_required and has_social_auth_attr and request.user.social_auth.count(
) > 0:
mfa_required = False
# Override MFA_REQUIRED setting for staff users
if mfa_required and not admin_mfa_required and request.user.is_staff:
mfa_required = False
if mfa_required and not has_mfa(request, request.user.username):
if '/mfa' not in request.path \
and '/devices' not in request.path \
and '/oauth2' not in request.path \
and '/accounts' not in request.path \
and '/user' not in request.path \
and '/captcha' not in request.path \
and request.path != '/':
messages.error(
request,
'You must configure Multi Factor Authentication to continue.'
)
return redirect('mfa_home')
response = self.get_response(request)
return response
def info(self, request, pk=None):
auth = TokenAuthentication()
if not auth.authenticate(request):
raise exceptions.NotAuthenticated({'auth_token': "Auth error."})
current_customer = request.user
if not current_customer.is_authenticated:
raise exceptions.NotAuthenticated("Please provide auth token.")
return Response(CustomerSerializer(current_customer).data,
status=status.HTTP_200_OK)
def _get_user(self, request):
user = get_user(request)
if user.is_authenticated:
return user
token_authentication = TokenAuthentication()
try:
user, token = token_authentication.authenticate(request)
except:
pass
return user
def get_user(request):
token_authentication = TokenAuthentication()
try:
auth = token_authentication.authenticate(request)
except APIException:
return
if auth is None:
return
return auth[0]
def get_token_user(request):
user = get_user(request)
if user.is_authenticated:
return user
token_authentication = TokenAuthentication()
if get_authorization_header(request):
try:
user, _ = token_authentication.authenticate(request)
except Exception:
return user
return user
def set_password(self, request, *args, **kwargs):
password = request.data.get('password', None)
if not password:
raise exceptions.NotAcceptable(
"New password field 'password' required")
tAuth = TokenAuthentication()
try:
user, token = tAuth.authenticate(request)
except:
raise exceptions.NotAcceptable(detail="Unknown user or auth token")
self.perform_set_password(user, password)
return Response({})
def get_user(context):
"""Gets the user based on the Authorization header.
Takes the Authorization header and extracts the token.
Uses the token to identify which user is making the request.
"""
try:
token_authentication = TokenAuthentication()
# Will return None and raise TypeError if no auth header present
user, token = token_authentication.authenticate(context)
except TypeError:
return None
return user
def home(request):
tokenAuthentication = TokenAuthentication()
try:
user = tokenAuthentication.authenticate(request)
except exceptions.AuthenticationFailed:
response = HttpResponse(json.dumps({
'error':'fail'
}))
response.status_code='401'
else:
response = HttpResponse(json.dumps({
'msg':user[0].username
}))
response.status_code='200'
return response
def logout(request):
tokenAuthentication = TokenAuthentication()
try:
user = tokenAuthentication.authenticate(request)
except exceptions.AuthenticationFailed:
response = HttpResponse(json.dumps({
'error':'fail'
}))
response.status_code='400'
else:
token =Token.objects.get(user = user[0])
token.delete()
response = HttpResponse(json.dumps({
'msg':'success'
}))
response.status_code='200'
return response
def __call__(self, request):
token_auth_checker = TokenAuthentication()
user = None
try:
auth = token_auth_checker.authenticate(request)
if auth is None:
token_key = request.COOKIES.get('authToken')
if token_key is not None:
auth = token_auth_checker.authenticate_credentials(
token_key)
if auth is not None:
user = auth[0]
except drf_exceptions.AuthenticationFailed:
pass
request.user = user or AnonymousUser()
return self.get_response(request)
def dispatch(self, request: HttpRequest, *args, **kwargs):
if request.user.is_authenticated:
return super().dispatch(request, *args, **kwargs)
authenticator = TokenAuthentication()
try:
auth_result = authenticator.authenticate(request)
if not auth_result:
return self.handle_no_permission()
except exceptions.AuthenticationFailed as e:
return HttpResponse(content=str(e), status=e.status_code)
except PermissionDenied as e:
return HttpResponseForbidden(content=str(e))
user, token = auth_result
request.user = user
request.auth = token
return super().dispatch(request, *args, **kwargs)
def get_person(request):
user = request.user
if user is None or user.is_anonymous:
try:
token_auth = TokenAuthentication()
user, token = token_auth.authenticate(request)
except:
pass
if user.is_anonymous:
# Check if a session cookie exists
uuid = request.get_signed_cookie('uuid', None)
if uuid is not None:
# get person from uuid
try:
person = Person.objects.get(uuid=uuid)
except ObjectDoesNotExist:
return None
else:
return None
else:
try:
person = Person.objects.get(user=user)
except ObjectDoesNotExist:
uuid = request.get_signed_cookie('uuid', None)
if uuid is not None:
person = Person.objects.get(uuid=uuid)
person.user = user
else:
return None
person.save()
if person:
try:
person.last_user_agent = request.META['HTTP_USER_AGENT']
person.save()
except:
pass
return person
def update(self, request, *args, **kwargs):
try:
aa = TokenAuthentication()
user_name, token = aa.authenticate(request)
print(user_name, token)
except Exception as e:
print(e)
result = {'return': 'fail', 'message': "auth fail."}
return Response(result, status=403)
if user_name != request.user:
result = {'return': 'fail', 'message': "others token."}
return Response(result, status=403)
validated_data = dict()
validated_data['name'] = request.data['name']
validated_data['ip_address'] = request.data['ip_address']
validated_data['port'] = request.data['port']
validated_data['salt_name'] = request.data['salt_name']
validated_data['app_name'] = App.objects.get(name=request.data['app_name'])
validated_data['env_name'] = Env.objects.get(name=request.data['env_name'])
validated_data['app_user'] = request.data['app_user']
validated_data['op_user'] = request.user
pk_id = kwargs["pk"]
try:
server_item = Server.objects.filter(pk=pk_id)
server_item.update(**validated_data)
mylog.debug("udpate server {} is {}. ".format(pk_id, validated_data))
response_data = {
'result': 'success',
'name': pk_id,
'create_user': request.user.username,
'message': u'更新服务器成功!'
}
return Response(response_data, status=status.HTTP_201_CREATED)
except:
response_data = {
'result': 'failed',
'message': u'更新服务器失败!'
}
return Response(response_data, status=status.HTTP_400_BAD_REQUEST)
def deposit(self, request, pk=None):
auth = TokenAuthentication()
if not auth.authenticate(request):
raise exceptions.NotAuthenticated({'auth_token': "Auth error."})
customer = request.user
amount = request.data.get('amount')
try:
amount = float(amount)
except ValueError:
raise exceptions.ValidationError(
{'amount': "This has to be a number."})
if float(amount) > 0.0:
customer.balance += amount
customer.save()
else:
raise exceptions.ValidationError(
{'amount': "This value must be greater than 0."})
return Response({'balance': customer.balance},
status=status.HTTP_200_OK)
def wrapper(request, *args, **kwargs):
AUTH_TYPE = getattr(settings, 'IOS_NOTIFICATIONS_AUTHENTICATION', None)
if AUTH_TYPE is None or AUTH_TYPE not in VALID_AUTH_TYPES:
raise InvalidAuthenticationType('IOS_NOTIFICATIONS_AUTHENTICATION must be specified in your settings.py file.\
Valid options are "AuthBasic", "AuthBasicIsStaff" or "AuthNone"')
# Basic Authorization
elif AUTH_TYPE == 'AuthBasic' or AUTH_TYPE == 'AuthBasicIsStaff':
if 'HTTP_AUTHORIZATION' in request.META:
auth_type, encoded_user_password = request.META['HTTP_AUTHORIZATION'].split(' ')
try:
userpass = encoded_user_password.decode('base64')
except binascii.Error:
return JSONResponse({'error': 'invalid base64 encoded header'}, status=401)
try:
username, password = userpass.split(':')
except ValueError:
return JSONResponse({'error': 'malformed Authorization header'}, status=401)
user = authenticate(username=username, password=password)
if user is not None:
if AUTH_TYPE == 'AuthBasic' or user.is_staff:
return func(request, *args, **kwargs)
return JSONResponse({'error': 'authentication error'}, status=401)
return JSONResponse({'error': 'Authorization header not set'}, status=401)
elif AUTH_TYPE == 'rest_framework.authentication.TokenAuthentication':
from rest_framework.authentication import TokenAuthentication
from rest_framework.exceptions import AuthenticationFailed
token = TokenAuthentication()
try:
auth = token.authenticate(request=request)
if auth is None:
return JSONResponse({'error': 'Authorization header not set'}, status=401)
except AuthenticationFailed as e:
return JSONResponse({'error': e.detail}, status=401)
# AuthNone: No authorization.
return func(request, *args, **kwargs)
def update(self, request, *args, **kwargs):
try:
aa = TokenAuthentication()
user_name, token = aa.authenticate(request)
print(user_name, token)
except Exception as e:
print(e)
result = {'return': 'fail', 'message': "auth fail."}
return Response(result, status=403)
if user_name != request.user:
result = {'return': 'fail', 'message': "others token."}
return Response(result, status=403)
validated_data = dict()
validated_data['name'] = request.data['name']
validated_data['jenkins_job'] = request.data['jenkins_job']
validated_data['git_url'] = request.data['git_url']
validated_data['script_url'] = request.data['script_url']
validated_data['create_user'] = request.user
pk_id = kwargs["pk"]
try:
app_item = App.objects.filter(pk=pk_id)
app_item.update(**validated_data)
response_data = {
'result': 'success',
'name': pk_id,
'create_user': request.user.username,
'message': u'更新App服务应用成功!'
}
return Response(response_data, status=status.HTTP_201_CREATED)
except:
response_data = {
'result': 'failed',
'message': u'更新App服务应用失败!'
}
return Response(response_data, status=status.HTTP_400_BAD_REQUEST)
def create(self, request, *args, **kwargs):
try:
aa = TokenAuthentication()
user_name, token = aa.authenticate(request)
print(user_name, token)
except Exception as e:
print(e)
result = {'return': 'fail', 'message': "auth fail."}
return Response(result, status=403)
if user_name != request.user:
result = {'return': 'fail', 'message': "others token."}
return Response(result, status=403)
validated_data = dict()
validated_data['name'] = request.data['name']
validated_data['ip_address'] = request.data['ip_address']
validated_data['port'] = request.data['port']
validated_data['salt_name'] = request.data['salt_name']
validated_data['app_name'] = App.objects.get(name=request.data['app_name'])
validated_data['env_name'] = Env.objects.get(name=request.data['env_name'])
validated_data['app_user'] = request.data['app_user']
validated_data['op_user'] = request.user
try:
Server.objects.create(**validated_data)
mylog.debug("create server is {}. ".format(validated_data))
response_data = {
'result': 'success',
'message': u'新服务器插入数据库成功!'
}
return Response(response_data, status=status.HTTP_201_CREATED)
except:
response_data = {
'result': 'failed',
'message': u'不能正确插入数据库'
}
return Response(response_data, status=status.HTTP_400_BAD_REQUEST)
class MessageDeliveryApp(web.Application):
def __init__(self, default_host="", transforms=None, **settings):
sockjs_path = settings.pop('sockjs_path', '/msg-listen')
self.router = SockJSRouter(MessageNotifier, sockjs_path)
self.router.__app__ = self
super(MessageDeliveryApp,
self).__init__(self.router.urls, default_host, transforms,
**settings)
self._registry = {}
self._redis_client = None
self.init_redis()
self._authenticator = TokenAuthentication()
self._log('initialized')
@gen.coroutine
def init_redis(self):
self._redis_client = tornadoredis.Client(
host=conf.MESSAGING_REDIS_HOST,
port=conf.MESSAGING_REDIS_PORT,
)
self._redis_client.connect()
channel = conf.MESSAGING_REDIS_CHANNEL
yield gen.Task(self._redis_client.subscribe, channel)
self._redis_client.listen(self.on_redis_event)
self._log('Redis client fully initialized')
def on_redis_event(self, message):
if message.kind != 'message':
return
info = json.loads(message.body)
if info['type'] == 'message':
self.deliver_message(info['data'])
elif info['type'] == 'notification':
self.deliver_notification(info['data'])
def deliver_message(self, data):
self._log('got message to deliver:', data)
info = MessageInfo.from_dict(data)
for conn in self.get_connections(info.receiver_ids, flat=True):
conn.deliver_message(info)
def deliver_notification(self, data):
notification = Notification.objects.get(id=data['id'])
notification_data = serialize_model(notification)
self._log('got notification to deliver:', notification_data)
# mapping "user -> delivery"
delivery_by_users = dict(
NotificationDelivery.objects.filter(
notification=notification).values_list('receiver_id', 'id'))
# select connections of all online users
connection_by_users = self.get_connections(delivery_by_users.keys())
# perform sending to receivers
for user_id, connections in connection_by_users.items():
for conn in connections:
conn.deliver_notification(notification_data)
def get_connections(self, user_ids, flat=False):
if flat:
return [
conn for user_id in user_ids
for conn in self._registry.get(user_id, [])
]
else:
user_ids = set(user_ids)
conns = {
user_id: connections
for user_id, connections in self._registry.items()
if user_id in user_ids
}
return conns
def register_connection(self, user, connection):
conn_lst = self._registry.setdefault(user.id, [])
if connection not in conn_lst:
conn_lst.append(connection)
self._log('registered connection for', user, '::', *map(id, conn_lst))
def unregister_connection(self, user, connection):
conn_lst = self._registry.get(user.id)
if conn_lst is not None:
if connection in conn_lst:
conn_lst.remove(connection)
if len(conn_lst) == 0:
del self._registry[user.id]
self._log('connection', id(connection), 'for', user,
'is unregistered ::', *map(id, conn_lst))
def perform_authentication(self, token):
django_request = _Dummy()
django_request.META = {'HTTP_AUTHORIZATION': token or ''}
try:
auth_tuple = self._authenticator.authenticate(django_request)
if auth_tuple is not None:
return auth_tuple[0]
except AuthenticationFailed:
return None
def _log(self, *message):
message = ' '.join(map(str, message))
log.debug('{}:\n{}'.format(type(self).__name__, message))
def authenticate(request):
authentication = TokenAuthentication()
result = authentication.authenticate(request)
if result is None:
raise AuthenticationFailed("No token header provided.")
request.user = result[0]
def get_user(request):
token_authentication = TokenAuthentication()
auth = token_authentication.authenticate(request)
if auth is not None:
return auth[0]
