def test_extract_oauth_key_returns_key(self): token = factory.make_string(18) self.assertEqual( token, extract_oauth_key( make_fake_request( factory.make_oauth_header(oauth_token=token))))
def get_node_for_request(request): """Return the `Node` that `request` queries metadata for. For this form of access, a node can only query its own metadata. Thus the oauth key used to authenticate the request must belong to the same node that is being queried. Any request that is not made by an authenticated node will be denied. """ key = extract_oauth_key(request) try: return NodeKey.objects.get_node_for_key(key) except NodeKey.DoesNotExist: raise PermissionDenied("Not authenticated as a known node.")
def check_rack_controller_access(request, rack_controller): """Validate API access by worker for `rack_controller`. This supports a rack controller accessing the update_nodes API. If the request is done by anyone but the rack controller for this particular rack controller, the function raises :class:`PermissionDenied`. """ try: key = extract_oauth_key(request) except Unauthorized as e: raise PermissionDenied(str(e)) tokens = list(get_auth_tokens(rack_controller.owner)) # Use the latest token if available token = tokens[-1] if tokens else None if token is None or key != token.key: raise PermissionDenied("Only allowed for the %r rack controller." % (rack_controller.hostname))