def wrapper(self, *args, **kwargs): if 'Authorization' not in self.request.headers: logger.warning("Authentication: Header is missing", extra={'location': self.request.full_url()}) raise tornado.web.HTTPError(401) header = self.request.headers['Authorization'] try: match = re.match('^Basic[ ]+([A-Za-z0-9+/]+[=]{0,2})$', header) if match is None: raise Exception("Invalid header") if len(match.group(1)) % 4 != 0: # base64 tokens are 4k chars long raise Exception("Invalid header") token = base64.b64decode(match.group(1)) assert ':' in token, "Invalid header" username = token.split(':')[0] password = '******'.join(token.split(':')[1:]) assert username == config.username, "Wrong username" assert password == config.password, "Wrong password" except Exception as exc: logger.warning("Authentication: %s" % exc, exc_info=False, extra={'location': self.request.full_url(), 'details': header}) raise tornado.web.HTTPError(401) return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs): if 'Authorization' not in self.request.headers: logger.warning("Authentication: Header is missing", extra={'location': self.request.full_url()}) raise tornado.web.HTTPError(401) header = self.request.headers['Authorization'] try: match = re.match('^Basic[ ]+([A-Za-z0-9+/]+[=]{0,2})$', header) if match is None: raise Exception("Invalid header") if len(match.group(1)) % 4 != 0: # base64 tokens are 4k chars long raise Exception("Invalid header") token = base64.b64decode(match.group(1)) assert ':' in token, "Invalid header" username = token.split(':')[0] password = '******'.join(token.split(':')[1:]) assert username == config.username, "Wrong username" assert password == config.password, "Wrong password" except Exception as exc: logger.warning("Authentication: %s" % exc, exc_info=False, extra={ 'location': self.request.full_url(), 'details': header }) raise tornado.web.HTTPError(401) return method(self, *args, **kwargs)
def put(self, request, response, key): # Limit charset of keys. if re.match("^[A-Za-z0-9_]+$", key) is None: return Forbidden() if not self.authorized(request): logger.warning("Unauthorized request.", extra={'location': request.url, 'details': repr(request.authorization)}) raise CustomUnauthorized() if request.mimetype != "application/json": logger.warning("Unsupported MIME type.", extra={'location': request.url, 'details': request.mimetype}) raise UnsupportedMediaType() try: data = json.load(request.stream) except (TypeError, ValueError): logger.warning("Wrong JSON.", extra={'location': request.url}) raise BadRequest() try: if key not in self.store: self.store.create(key, data) else: self.store.update(key, data) except InvalidData: logger.warning("Invalid data.", exc_info=True, extra={'location': request.url, 'details': data}) raise BadRequest() response.status_code = 204
def put_list(self, request, response): if not self.authorized(request): logger.info("Unauthorized request.", extra={'location': request.url, 'details': repr(request.authorization)}) raise CustomUnauthorized() if request.mimetype != "application/json": logger.warning("Unsupported MIME type.", extra={'location': request.url, 'details': request.mimetype}) raise UnsupportedMediaType() try: data = json.load(request.stream) except (TypeError, ValueError): logger.warning("Wrong JSON.", extra={'location': request.url}) raise BadRequest() try: self.store.merge_list(data) except InvalidData: logger.warning("Invalid data.", exc_info=True, extra={'location': request.url, 'details': data}) raise BadRequest() response.status_code = 204