コード例 #1
0
def anonymous_token(request, job):
    querydict = request.GET
    user = querydict.get("user", default=None)
    token = querydict.get("token", default=None)
    # safe to call with (None, None) - returns None
    auth_user = AuthToken.get_user_for_secret(username=user, secret=token)
    return auth_user
コード例 #2
0
ファイル: views.py プロジェクト: cataglyphis/LAVA
def handler(request, mapper, help_view):
    """
    XML-RPC handler.

    If post data is defined, it assumes it's XML-RPC and tries to process as
    such. Empty POST request and GET requests assumes you're viewing from a
    browser and tells you about the service by redirecting you to a dedicated
    help page. For backwards compatibility the help view defaults to the
    'default_help' that shows what is registered in the global mapper. If you
    want to show help specific to your mapper you must specify help_view. It
    accepts whatever django.shortcuts.redirect() would.
    """
    if len(request.body):
        raw_data = request.body
        dispatcher = Dispatcher(mapper)

        auth_string = request.META.get('HTTP_AUTHORIZATION')

        if auth_string is not None:
            if ' ' not in auth_string:
                return HttpResponse("Invalid HTTP_AUTHORIZATION header",
                                    status=400)
            scheme, value = auth_string.split(" ", 1)
            if scheme != "Basic":
                return HttpResponse(
                    "Unsupported HTTP_AUTHORIZATION header, only Basic scheme is supported",
                    status=400)
            try:
                decoded_value = base64.standard_b64decode(value)
            except TypeError:
                return HttpResponse(
                    "Corrupted HTTP_AUTHORIZATION header, bad base64 encoding",
                    status=400)
            try:
                username, secret = decoded_value.split(":", 1)
            except ValueError:
                return HttpResponse(
                    "Corrupted HTTP_AUTHORIZATION header, no user:pass",
                    status=400)
            user = None
            try:
                user = AuthToken.get_user_for_secret(username, secret)
            except Exception:
                logging.exception("bug")
            if user is None:
                response = HttpResponse("Invalid token", status=401)
                response[
                    'WWW-Authenticate'] = 'Basic realm="XML-RPC Authentication token"'
                return response
        else:
            user = request.user
        result = dispatcher.marshalled_dispatch(raw_data, user, request)
        response = HttpResponse(content_type="application/xml")
        response.write(result)
        response['Content-length'] = str(len(response.content))
        return response
    else:
        return redirect(help_view)
コード例 #3
0
ファイル: utils.py プロジェクト: bwenstar/lava
def anonymous_token(request, job):
    querydict = request.GET
    user = querydict.get("user", default=None)
    token = querydict.get("token", default=None)
    # safe to call with (None, None) - returns None
    auth_user = AuthToken.get_user_for_secret(username=user, secret=token)
    if not user and not job.is_public:
        raise PermissionDenied()
    if not auth_user:
        raise PermissionDenied()
    return auth_user
コード例 #4
0
ファイル: utils.py プロジェクト: Linaro/lava-server
def anonymous_token(request, job):
    querydict = request.GET
    user = querydict.get('user', default=None)
    token = querydict.get('token', default=None)
    # safe to call with (None, None) - returns None
    auth_user = AuthToken.get_user_for_secret(username=user, secret=token)
    if not user and not job.is_public:
        raise PermissionDenied()
    if not auth_user:
        raise PermissionDenied()
    return auth_user
コード例 #5
0
ファイル: utils.py プロジェクト: dl9pf/lava-server
def anonymous_token(request, job):
    querydict = request.GET
    user = querydict.get('user', default=None)
    token = querydict.get('token', default=None)
    # safe to call with (None, None) - returns None
    auth_user = AuthToken.get_user_for_secret(username=user, secret=token)
    if not user and not job.is_public:
        raise Http404("Job %d requires authentication to view." % job.id)
    if not auth_user:
        raise Http404("User '%s' is not able to view job %d" % (user, job.id))
    return auth_user
コード例 #6
0
def anonymous_token(request, job):
    querydict = request.GET
    user = querydict.get('user', default=None)
    token = querydict.get('token', default=None)
    # safe to call with (None, None) - returns None
    auth_user = AuthToken.get_user_for_secret(username=user, secret=token)
    if not user and not job.is_public:
        raise Http404("Job %d requires authentication to view." % job.id)
    if not auth_user:
        raise Http404("User '%s' is not able to view job %d" % (user, job.id))
    return auth_user
コード例 #7
0
ファイル: views.py プロジェクト: pevik/lava-server
def handler(request, mapper, help_view):
    """
    XML-RPC handler.

    If post data is defined, it assumes it's XML-RPC and tries to process as
    such. Empty POST request and GET requests assumes you're viewing from a
    browser and tells you about the service by redirecting you to a dedicated
    help page. For backwards compatibility the help view defaults to the
    'default_help' that shows what is registered in the global mapper. If you
    want to show help specific to your mapper you must specify help_view. It
    accepts whatever django.shortcuts.redirect() would.
    """
    if len(request.body):
        raw_data = request.body
        dispatcher = Dispatcher(mapper)

        auth_string = request.META.get('HTTP_AUTHORIZATION')

        if auth_string is not None:
            if ' ' not in auth_string:
                return HttpResponse("Invalid HTTP_AUTHORIZATION header", status=400)
            scheme, value = auth_string.split(" ", 1)
            if scheme != "Basic":
                return HttpResponse(
                    "Unsupported HTTP_AUTHORIZATION header, only Basic scheme is supported", status=400)
            try:
                decoded_value = base64.standard_b64decode(value)
            except TypeError:
                return HttpResponse("Corrupted HTTP_AUTHORIZATION header, bad base64 encoding", status=400)
            try:
                username, secret = decoded_value.split(":", 1)
            except ValueError:
                return HttpResponse("Corrupted HTTP_AUTHORIZATION header, no user:pass", status=400)
            user = None
            try:
                user = AuthToken.get_user_for_secret(username, secret)
            except Exception:
                logging.exception("bug")
            if user is None:
                response = HttpResponse("Invalid token", status=401)
                response['WWW-Authenticate'] = 'Basic realm="XML-RPC Authentication token"'
                return response
        else:
            user = request.user
        result = dispatcher.marshalled_dispatch(raw_data, user, request)
        response = HttpResponse(content_type="application/xml")
        response.write(result)
        response['Content-length'] = str(len(response.content))
        return response
    else:
        return redirect(help_view)
コード例 #8
0
 def test_get_user_for_secret_sets_last_used_on(self):
     token = AuthToken.objects.create(user=self.user)
     AuthToken.get_user_for_secret(self.user.username, token.secret)
     # Refresh token
     token = AuthToken.objects.get(id=token.id, user=self.user)
     self.assertNotEqual(token.last_used_on, None)
コード例 #9
0
 def test_get_user_for_secret_checks_if_the_user_matches(self):
     token = AuthToken.objects.create(user=self.user)
     user = AuthToken.get_user_for_secret(self._INEXISTING_USER,
                                          token.secret)
     self.assertEqual(user, None)
コード例 #10
0
 def test_get_user_for_secret_finds_valid_user(self):
     token = AuthToken.objects.create(user=self.user)
     user = AuthToken.get_user_for_secret(self.user.username, token.secret)
     self.assertEqual(user, self.user)
コード例 #11
0
 def test_lookup_user_for_secret_returns_none_on_failure(self):
     user = AuthToken.get_user_for_secret(self.user.username,
                                          self._INEXISTING_SECRET)
     self.assertTrue(user is None)
コード例 #12
0
ファイル: tests.py プロジェクト: Linaro/lava-server
 def test_get_user_for_secret_sets_last_used_on(self):
     token = AuthToken.objects.create(user=self.user)
     AuthToken.get_user_for_secret(self.user.username, token.secret)
     # Refresh token
     token = AuthToken.objects.get(id=token.id, user=self.user)
     self.assertNotEqual(token.last_used_on, None)
コード例 #13
0
ファイル: tests.py プロジェクト: Linaro/lava-server
 def test_get_user_for_secret_checks_if_the_user_matches(self):
     token = AuthToken.objects.create(user=self.user)
     user = AuthToken.get_user_for_secret(
         self._INEXISTING_USER, token.secret)
     self.assertEqual(user, None)
コード例 #14
0
ファイル: tests.py プロジェクト: Linaro/lava-server
 def test_get_user_for_secret_finds_valid_user(self):
     token = AuthToken.objects.create(user=self.user)
     user = AuthToken.get_user_for_secret(self.user.username, token.secret)
     self.assertEqual(user, self.user)
コード例 #15
0
ファイル: tests.py プロジェクト: Linaro/lava-server
 def test_lookup_user_for_secret_returns_none_on_failure(self):
     user = AuthToken.get_user_for_secret(
         self.user.username, self._INEXISTING_SECRET)
     self.assertTrue(user is None)