def post(self, request):
data = {'status': 'ok'}
try:
req = json.loads(request.body.decode('utf-8'))
except:
bad_request = json.dumps({"error": "bad_request"})
return HttpResponseBadRequest(bad_request,
content_type='application/json')
if 'permission' not in req or 'object_type' not in req:
jsondata = json.dumps(data)
return HttpResponse(jsondata,
status=400,
content_type='application/json')
object_type = req['object_type']
perm = req['permission']
obj_id = req.get('object_id', 0)
if not request.user.is_superuser and\
not request.user.userdata.has_perms(object_type, perm, obj_id):
jsondata = json.dumps(data)
return HttpResponse(jsondata,
status=400,
content_type='application/json')
msg = ':'.join((request.user.username, object_type, str(obj_id), perm))
data['permission-token'] = genhmac(settings.SHARED_SECRET, msg)
jsondata = json.dumps(data)
return HttpResponse(jsondata, content_type='application/json')
def post(self, request):
data = {'status': 'ok'}
try:
req = parse_json_request(request)
except:
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
if 'permission' not in req or 'object_type' not in req:
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
object_type = req['object_type']
perm = req['permission']
obj_id = req.get('object_id', 0)
if not request.user.is_superuser and\
not request.user.userdata.has_perms(object_type, perm, obj_id):
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
msg = ':'.join((request.user.username, object_type, str(obj_id), perm))
data['permission-token'] = genhmac(settings.SHARED_SECRET, msg)
return json_response(data)
def authenticate(self, ae, request):
d = {'status': 'ok'}
req = json.loads(request.body.decode('utf-8'))
email = req.get('email', '')
pwd = req.get('password', '')
try:
u = User.objects.get(email=email, userdata__event=ae, is_active=True)
except:
return self.authenticate_error()
if not u.check_password(pwd):
return self.authenticate_error()
if (ae.num_successful_logins_allowed > 0 and
u.userdata.successful_logins.filter(is_active=True).count() >= ae.num_successful_logins_allowed):
return self.authenticate_error()
d['username'] = u.username
d['auth-token'] = genhmac(settings.SHARED_SECRET, u.username)
# add redirection
auth_action = ae.auth_method_config['config']['authentication-action']
if auth_action['mode'] == 'go-to-url':
data['redirect-to-url'] = auth_action['mode-config']['url']
return d
def authenticate(self, ae, request):
req = json.loads(request.body.decode('utf-8'))
msg = ''
if req.get('tlf'):
req['tlf'] = get_cannonical_tlf(req.get('tlf'))
tlf = req.get('tlf')
if isinstance(tlf, str):
tlf = tlf.strip()
msg += check_field_type(self.tlf_definition, tlf, 'authenticate')
msg += check_field_value(self.tlf_definition, tlf, 'authenticate')
msg += check_field_type(self.code_definition, req.get('code'),
'authenticate')
msg += check_field_value(self.code_definition, req.get('code'),
'authenticate')
msg += check_fields_in_request(req, ae, 'authenticate')
if msg:
return self.error("Incorrect data",
error_codename="invalid_credentials")
try:
u = User.objects.get(userdata__tlf=tlf,
userdata__event=ae,
is_active=True)
except:
return self.error("Incorrect data",
error_codename="invalid_credentials")
code = Code.objects.filter(
user=u.userdata,
code=req.get('code').upper()).order_by('-created').first()
if not code:
return self.error("Incorrect data",
error_codename="invalid_credentials")
msg = check_pipeline(request, ae, 'authenticate')
if msg:
return self.error("Incorrect data",
error_codename="invalid_credentials")
msg = check_metadata(req, u)
if msg:
return self.error("Incorrect data",
error_codename="invalid_credentials")
u.save()
data = {'status': 'ok'}
data['username'] = u.username
data['auth-token'] = genhmac(settings.SHARED_SECRET, u.username)
# add redirection
auth_action = ae.auth_method_config['config']['authentication-action']
if auth_action['mode'] == 'go-to-url':
data['redirect-to-url'] = auth_action['mode-config']['url']
return data
def get(self, request, pk):
u = get_login_user(request)
data = {'status': 'ok', 'logged': False}
if u:
data['logged'] = True
data['auth-token'] = genhmac(settings.SHARED_SECRET, u.username)
status = 200 if data['status'] == 'ok' else 400
jsondata = json.dumps(data)
return HttpResponse(jsondata,
status=status,
content_type='application/json')
def get(self, request, pk):
u, error = get_login_user(request)
status = None
data = {}
if u and error is None:
data = {'auth-token': genhmac(settings.SHARED_SECRET, u.username)}
status = 200
else:
data = error
status = 403
return json_response(data, status=status)
def authenticate(self, ae, request):
req = json.loads(request.body.decode('utf-8'))
msg = ''
if req.get('tlf'):
req['tlf'] = get_cannonical_tlf(req.get('tlf'))
tlf = req.get('tlf')
if isinstance(tlf, str):
tlf = tlf.strip()
msg += check_field_type(self.tlf_definition, tlf, 'authenticate')
msg += check_field_value(self.tlf_definition, tlf, 'authenticate')
msg += check_field_type(self.code_definition, req.get('code'), 'authenticate')
msg += check_field_value(self.code_definition, req.get('code'), 'authenticate')
msg += check_fields_in_request(req, ae, 'authenticate')
if msg:
return self.error("Incorrect data", error_codename="invalid_credentials")
try:
u = User.objects.get(userdata__tlf=tlf, userdata__event=ae, is_active=True)
except:
return self.error("Incorrect data", error_codename="invalid_credentials")
if (ae.num_successful_logins_allowed > 0 and
u.userdata.successful_logins.filter(is_active=True).count() >= ae.num_successful_logins_allowed):
return self.error("Incorrect data", error_codename="invalid_credentials")
code = Code.objects.filter(user=u.userdata,
code=req.get('code').upper()).order_by('-created').first()
if not code:
return self.error("Incorrect data", error_codename="invalid_credentials")
msg = check_pipeline(request, ae, 'authenticate')
if msg:
return self.error("Incorrect data", error_codename="invalid_credentials")
msg = check_metadata(req, u)
if msg:
return self.error("Incorrect data", error_codename="invalid_credentials")
u.save()
data = {'status': 'ok'}
data['username'] = u.username
data['auth-token'] = genhmac(settings.SHARED_SECRET, u.username)
# add redirection
auth_action = ae.auth_method_config['config']['authentication-action']
if auth_action['mode'] == 'go-to-url':
data['redirect-to-url'] = auth_action['mode-config']['url']
return data
def get(self, request, pk):
u, error, _ = get_login_user(request)
status = None
data = {}
if u and error is None:
data = {
'auth-token': genhmac(settings.SHARED_SECRET, u.username)
}
status = 200
else:
data = error
status = 403
return json_response(data, status=status)
def authenticate(self, ae, request):
req = json.loads(request.body.decode('utf-8'))
msg = ''
if req.get('tlf'):
req['tlf'] = get_cannonical_tlf(req.get('tlf'))
tlf = req.get('tlf')
if isinstance(tlf, str):
tlf = tlf.strip()
msg += check_field_type(self.tlf_definition, tlf, 'authenticate')
msg += check_field_value(self.tlf_definition, tlf, 'authenticate')
msg += check_field_type(self.code_definition, req.get('code'),
'authenticate')
msg += check_field_value(self.code_definition, req.get('code'),
'authenticate')
msg += check_fields_in_request(req, ae, 'authenticate')
if msg:
data = {'status': 'nok', 'msg': msg}
return data
try:
u = User.objects.get(userdata__tlf=tlf, userdata__event=ae)
except:
return {'status': 'nok', 'msg': 'User not exist.'}
code = Code.objects.filter(
user=u.userdata, code=req.get('code')).order_by('created').first()
if not code:
return {'status': 'nok', 'msg': 'Invalid code.'}
msg = check_pipeline(request, ae, 'authenticate')
if msg:
return msg
msg = check_metadata(req, u)
if msg:
data = {'status': 'nok', 'msg': msg}
return data
u.is_active = True
u.save()
data = {'status': 'ok'}
data['auth-token'] = genhmac(settings.SHARED_SECRET, u.username)
return data
def authenticate(self, ae, request):
req = json.loads(request.body.decode('utf-8'))
msg = ''
email = req.get('email')
if isinstance(email, str):
email = email.strip()
msg += check_field_type(self.email_definition, email, 'authenticate')
msg += check_field_value(self.email_definition, email, 'authenticate')
msg += check_field_type(self.code_definition, req.get('code'), 'authenticate')
msg += check_field_value(self.code_definition, req.get('code'), 'authenticate')
msg += check_fields_in_request(req, ae, 'authenticate')
if msg:
return self.error("Incorrect data", error_codename="invalid_credentials")
msg = check_pipeline(request, ae, 'authenticate')
if msg:
return self.error("Incorrect data", error_codename="invalid_credentials")
try:
u = User.objects.get(email=email, userdata__event=ae, is_active=True)
except:
return self.error("Incorrect data", error_codename="invalid_credentials")
code = Code.objects.filter(user=u.userdata,
code=req.get('code').upper()).order_by('-created').first()
if not code:
return self.error("Incorrect data", error_codename="invalid_credentials")
msg = check_metadata(req, u)
if msg:
data = {'status': 'nok', 'msg': msg}
return self.error("Incorrect data", error_codename="invalid_credentials")
u.save()
data = {'status': 'ok'}
data['auth-token'] = genhmac(settings.SHARED_SECRET, u.username)
# add redirection
auth_action = ae.auth_method_config['config']['authentication-action']
if auth_action['mode'] == 'go-to-url':
data['redirect-to-url'] = auth_action['mode-config']['url']
return data
def authenticate(self, ae, request):
d = {'status': 'ok'}
req = json.loads(request.body.decode('utf-8'))
email = req.get('email', '')
pwd = req.get('password', '')
try:
u = User.objects.get(email=email, userdata__event=ae, is_active=True)
except:
return self.authenticate_error()
if not u.check_password(pwd):
return self.authenticate_error()
d['username'] = u.username
d['auth-token'] = genhmac(settings.SHARED_SECRET, u.username)
# add redirection
auth_action = ae.auth_method_config['config']['authentication-action']
if auth_action['mode'] == 'go-to-url':
data['redirect-to-url'] = auth_action['mode-config']['url']
return d
def authenticate(self, ae, request):
d = {'status': 'ok'}
req = json.loads(request.body.decode('utf-8'))
msg = req.get('username', '')
if not msg:
msg = req.get('email', '')
pwd = req['password']
try:
u = User.objects.get(Q(username=msg) | Q(email=msg))
except:
return self.authenticate_error()
if ae != 0 and u.userdata.event != ae:
return self.authenticate_error()
if not u.check_password(pwd):
return self.authenticate_error()
d['username'] = u.username
d['auth-token'] = genhmac(settings.SHARED_SECRET, u.username)
return d
def post(self, request):
data = {'status': 'ok'}
try:
req = json.loads(request.body.decode('utf-8'))
except:
return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST)
if 'permission' not in req or 'object_type' not in req:
return json_response(status=400, message="")
object_type = req['object_type']
perm = req['permission']
obj_id = req.get('object_id', 0)
if not request.user.is_superuser and\
not request.user.userdata.has_perms(object_type, perm, obj_id):
return json_response(status=400, message="")
msg = ':'.join((request.user.username, object_type, str(obj_id), perm))
data['permission-token'] = genhmac(settings.SHARED_SECRET, msg)
return json_response(data)
def post(self, request):
data = {'status': 'ok'}
try:
req = parse_json_request(request)
except:
return json_response(
status=400,
error_codename=ErrorCodes.BAD_REQUEST)
if 'permission' not in req or 'object_type' not in req:
return json_response(
status=400,
error_codename=ErrorCodes.BAD_REQUEST)
object_type = req['object_type']
perms = req['permission'].split("|")
obj_id = req.get('object_id', 0)
filtered_perms = "|".join([
perm
for perm in perms
if (
request.user.is_superuser or
request.user.userdata.has_perms(object_type, perm, obj_id)
)
])
if len(filtered_perms) == 0:
return json_response(
status=400,
error_codename=ErrorCodes.BAD_REQUEST)
msg = ':'.join((request.user.username, object_type, str(obj_id), filtered_perms))
data['permission-token'] = genhmac(settings.SHARED_SECRET, msg)
return json_response(data)
def get_hmac(self):
msg = ':'.join((self.user.user.username, self.object_type, str(self.object_id), self.perm))
khmac = genhmac(settings.SHARED_SECRET, msg)
return khmac
