def InspectParams(params_dict, forbidden_params, rename_dict):
"""Inspects a dictionary of params, looking for forbidden values.
@type params_dict: dict of string to anything
@param params_dict: A dictionary of supplied parameters
@type forbidden_params: dict of string to string or list of any
@param forbidden_params: The forbidden parameters, with a list of forbidden
values or the constant ALL_VALUES_FORBIDDEN
signifying that all values are forbidden
@type rename_dict: None or dict of string to string
@param rename_dict: The list of parameter renamings used by the method
@raise http.HttpForbidden: If a forbidden param has been set
"""
for param in params_dict:
# Check for possible renames to ensure nothing slips through
if rename_dict is not None and param in rename_dict:
param = rename_dict[param]
# Now see if there are restrictions on this parameter
if param in forbidden_params:
forbidden_values = forbidden_params[param]
if forbidden_values == ALL_VALUES_FORBIDDEN:
raise http.HttpForbidden(
"The parameter %s cannot be set via RAPI" % param)
param_value = params_dict[param]
if param_value in forbidden_values:
raise http.HttpForbidden(
"The parameter %s cannot be set to the value"
" %s via RAPI" % (param, param_value))
def ValidateRequest(self, req, handler_access):
"""Checks whether a user can access a resource.
"""
username, password = HttpServerRequestAuthentication \
.ExtractUserPassword(req)
if username is None:
raise http.HttpUnauthorized()
if password is None:
raise http.HttpBadRequest(message=("Basic authentication requires"
" password"))
user = self.user_fn(username) if self.user_fn else self.users.Get(
username)
_, expected_password = HttpServerRequestAuthentication \
.ExtractSchemePassword(password)
if not (user and expected_password == user.password):
# Unknown user or password wrong
return None
if (not handler_access
or set(user.options).intersection(handler_access)):
# Allow access
return username
# Access forbidden
raise http.HttpForbidden()
def ValidateRequest(self, req, handler_access, realm):
"""Checks whether a user can access a resource.
"""
request_username, request_password = HttpServerRequestAuthentication \
.ExtractUserPassword(req)
if request_username is None:
raise http.HttpUnauthorized()
if request_password is None:
raise http.HttpBadRequest(message=("Basic authentication requires"
" password"))
user = self.user_fn(request_username)
if not (user
and HttpServerRequestAuthentication.VerifyBasicAuthPassword(
request_username, request_password, user.password, realm)):
# Unknown user or password wrong
return None
if (not handler_access
or set(user.options).intersection(handler_access)):
# Allow access
return request_username
# Access forbidden
raise http.HttpForbidden()
def Authenticate(self, req, username, password):
"""Checks whether a user can access a resource.
"""
ctx = self._GetRequestContext(req)
user = self._user_fn(username)
if not (user and self.VerifyBasicAuthPassword(req, username, password,
user.password)):
# Unknown user or password wrong
return False
if (not ctx.handler_access
or set(user.options).intersection(ctx.handler_access)):
# Allow access
return True
# Access forbidden
raise http.HttpForbidden()
