def callback(self, **kwargs): auth_context = kwargs auth_context['response'] = kwargs auth_context['calling_back'] = True try: # Verify the state previously put in the db state = auth_context.get('state', None) back, provider = db.get_url(state) if not back: err = 'OAuth callback with forged state, discarding' logger.debug(err) raise base.UnauthenticatedError(err) auth_plugin = self.auth_plugins.get(provider) if not auth_plugin: msg = 'Unknown OAuth provider: %s' % provider logger.error(msg) raise base.UnauthenticatedError(msg) logger.debug('Callback called by OAuth provider %s' % provider) auth_context['back'] = back valid_user = auth_plugin.authenticate(**auth_context) except base.UnauthenticatedError as e: response.status = 401 auth_methods = [k for k, v in conf.get('auth', {})] return render('login.html', dict(back=back, message='Authorization failure: %s' % e, auth_methods=auth_methods)) logger.info( '%s (%s) successfully authenticated with OAuth2.' % (valid_user['login'], valid_user['email'])) common.setup_response(valid_user, back)
def post(self, **kwargs): logger.info('Client requests authentication.') back = kwargs.get('back') if not back: logger.error('Client requests authentication without back url.') abort(422) username = kwargs.get('username') password = kwargs.get('password') if username and password: valid_user = self.check_valid_user(username, password) if not valid_user: logger.error('Client requests authentication with wrong' ' credentials.') response.status = 401 return render('login.html', dict(back=back, message='Authorization failed.')) email, lastname, sshkey = valid_user logger.info('Client requests authentication success %s' % username) common.setup_response(username, back, email, lastname, sshkey) else: logger.error('Client requests authentication without credentials.') response.status = 401 return render('login.html', dict(back=back, message='Authorization failed.'))
def index(self, **kwargs): if 'back' not in kwargs: logger.error('Client requests authentication without back url.') abort(422) back = kwargs['back'] if 'token' not in kwargs: logger.error('Client requests authentication without token.') abort(422) token = kwargs['token'] resp = requests.get("https://api.github.com/user", auth=requests.auth.HTTPBasicAuth(token, 'x-oauth-basic')) data = resp.json() login = data.get('login') email = data.get('email') name = data.get('name') resp = requests.get("https://api.github.com/user/keys", auth=requests.auth.HTTPBasicAuth(token, 'x-oauth-basic')) ssh_keys = resp.json() if not self.organization_allowed(token): abort(401) msg = 'Client %s (%s) auth with Github Personal Access token success.' logger.info(msg % (login, email)) common.setup_response(login, back, email, name, ssh_keys)
def _json_login(self, auth_info): auth_context = {} auth_context['response'] = response auth_context['back'] = auth_info.get('back', None) if not auth_context['back']: logger.error('Client requests authentication without back url.') abort(422) auth_context.update(auth_info.get('args', {})) auth_method = auth_info.get('method', 'NO_METHOD') try: auth_plugin = driver.DriverManager( namespace='cauth.authentication', name=auth_method, invoke_on_load=True, invoke_args=(conf,)).driver except (RuntimeError, base.AuthProtocolNotAvailableError) as e: response.status = 401 msg = '"%s" is not a valid authentication method' % auth_method logger.error(msg + ': %s' % e) response.body = render('login.html', dict(back=auth_context['back'], message=msg)) return response.body try: logger.info('%s plugin loaded' % auth_method) valid_user = auth_plugin.authenticate(**auth_context) except base.UnauthenticatedError: response.status = 401 response.body = render('login.html', dict(back=auth_context['back'], message='Authentication failed.')) return response.body if valid_user: logger.info('%s successfully authenticated' % valid_user['login']) common.setup_response(valid_user, auth_context['back'])
def callback(self, **kwargs): auth_context = kwargs auth_context['response'] = kwargs auth_context['calling_back'] = True try: # Verify the state previously put in the db state = auth_context.get('state', None) back, _ = db.get_url(state) if not back: err = 'GITHUB callback called with an unknown state.' raise base.UnauthenticatedError(err) auth_context['back'] = back valid_user = self.auth_plugin.authenticate(**auth_context) except base.UnauthenticatedError as e: response.status = 401 auth_methods = [k for k, v in conf.get('auth', {})] return render('login.html', dict(back=back, message='Authorization failure: %s' % e, auth_methods=auth_methods)) logger.info( '%s (%s) successfully authenticated with github.' % (valid_user['login'], valid_user['email'])) common.setup_response(valid_user, back)
def index(self, **kwargs): if 'back' not in kwargs: logger.error('Client requests authentication without back url.') abort(422) auth_context = kwargs auth_context['response'] = response auth_plugin = driver.DriverManager( namespace='cauth.authentication', name='GithubPersonalAccessToken', invoke_on_load=True, invoke_args=(conf,)).driver try: valid_user = auth_plugin.authenticate(**auth_context) except base.UnauthenticatedError as e: response.status = 401 auth_methods = [k for k, v in conf.get('auth', {})] return render('login.html', dict(back=auth_context['back'], message='Authorization failure: %s' % e, auth_methods=auth_methods)) msg = '%s (%s) authenticated with Github Personal Access Token.' logger.info(msg % (valid_user['login'], valid_user['email'])) common.setup_response(valid_user, auth_context['back'])
def callback(self, **kwargs): auth_context = kwargs.copy() auth_context['response'] = kwargs auth_context['calling_back'] = True try: back = auth_context['back'] valid_user = self.auth_plugin.authenticate(**auth_context) except base.UnauthenticatedError as e: response.status = 401 auth_methods = [k for k, v in conf.get('auth', {})] return render('login.html', dict(back=back, message='Authorization failure: %s' % e, auth_methods=auth_methods)) logger.info( '%s (%s) successfully authenticated with OpenID.' % (valid_user['login'], valid_user['email'])) common.setup_response(valid_user, back)
def callback(self, **kwargs): if 'error' in kwargs: logger.error('GITHUB callback called with an error (%s): %s' % ( kwargs.get('error', None), kwargs.get('error_description', None))) state = kwargs.get('state', None) code = kwargs.get('code', None) if not state or not code: logger.error( 'GITHUB callback called without state or code as params.') abort(400) # Verify the state previously put in the db back = db.get_url(state) if not back: logger.error('GITHUB callback called with an unknown state.') abort(401) token = self.get_access_token(code) if not token: logger.error('Unable to request a token on GITHUB.') abort(401) resp = requests.get("https://api.github.com/user", headers={'Authorization': 'token ' + token}) data = resp.json() login = data.get('login') email = data.get('email') name = data.get('name') resp = requests.get("https://api.github.com/users/%s/keys" % login, headers={'Authorization': 'token ' + token}) ssh_keys = resp.json() if not self.organization_allowed(token): abort(401) logger.info( 'Client (username: %s, email: %s) auth on GITHUB success.' % (login, email)) common.setup_response(login, back, email, name, ssh_keys)
def callback(self, **kwargs): auth_context = kwargs auth_context['response'] = kwargs auth_context['calling_back'] = True try: state = auth_context.get('state', None) back, provider = db.get_url(state) if not back or provider != "openid_connect": err = 'OpenID Connect callback with forged state, discarding' logger.debug(err) raise base.UnauthenticatedError(err) auth_context['back'] = back valid_user = self.auth_plugin.authenticate(**auth_context) except base.UnauthenticatedError as e: response.status = 401 auth_methods = [k for k, v in conf.get('auth', {})] return render('login.html', dict(back=back, message='Authorization failure: %s' % e, auth_methods=auth_methods)) logger.info( '%s (%s) successfully authenticated with OpenIDConnect.' % (valid_user['login'], valid_user['email'])) common.setup_response(valid_user, back)