def to_representation(self):
return {
'username': self.username,
'endpoint': self.endpoint,
'ipAddress': client_ip_from_request(self.request)
}
def to_representation(self):
return {
'username': self.username,
'endpoint': self.endpoint,
'ipAddress': client_ip_from_request(self.request)
}
def to_representation(self):
return {
'ipAddress': client_ip_from_request(self.request),
'badgeInstance': self.badge_instance.json,
'referer': self.request.META.get('HTTP_REFERER')
}
def post(self, request, *args, **kwargs):
_backoff_period = getattr(settings, 'TOKEN_BACKOFF_PERIOD_SECONDS', 2)
_max_backoff = getattr(settings, 'TOKEN_BACKOFF_MAXIMUM_SECONDS', 3600) # max is 1 hour
grant_type = request.POST.get('grant_type', 'password')
username = request.POST.get('username')
client_ip = client_ip_from_request(request)
if grant_type == 'password' and _backoff_period is not None:
# check for existing backoff for password attempts
backoff = cache.get(backoff_cache_key(username, client_ip))
if backoff is not None:
backoff_until = backoff.get('until', None)
backoff_count = backoff.get('count', 1)
if backoff_until > timezone.now():
backoff_count += 1
backoff_seconds = min(_max_backoff, _backoff_period ** backoff_count)
backoff_until = timezone.now() + datetime.timedelta(seconds=backoff_seconds)
cache.set(backoff_cache_key(username, client_ip), dict(until=backoff_until, count=backoff_count), timeout=None)
# return the same error as a failed login attempt
return HttpResponse(json.dumps({
"error_description": "Too many login attempts. Please wait and try again.",
"error": "login attempts throttled",
"expires": backoff_seconds,
}), status=HTTP_401_UNAUTHORIZED)
# pre-validate scopes requested
client_id = request.POST.get('client_id', None)
requested_scopes = [s for s in scope_to_list(request.POST.get('scope', '')) if s]
if client_id:
try:
oauth_app = Application.objects.get(client_id=client_id)
except Application.DoesNotExist:
return HttpResponse(json.dumps({"error": "invalid client_id"}), status=HTTP_400_BAD_REQUEST)
try:
allowed_scopes = oauth_app.applicationinfo.scope_list
except ApplicationInfo.DoesNotExist:
allowed_scopes = ['r:profile']
# handle rw:issuer:* scopes
if 'rw:issuer:*' in allowed_scopes:
issuer_scopes = filter(lambda x: x.startswith(r'rw:issuer:'), requested_scopes)
allowed_scopes.extend(issuer_scopes)
filtered_scopes = set(allowed_scopes) & set(requested_scopes)
if len(filtered_scopes) < len(requested_scopes):
return HttpResponse(json.dumps({"error": "invalid scope requested"}), status=HTTP_400_BAD_REQUEST)
# let parent method do actual authentication
response = super(TokenView, self).post(request, *args, **kwargs)
if grant_type == "password" and response.status_code == 401:
# failed password login attempt
username = request.POST.get('username', None)
badgrlogger.event(badgrlog.FailedLoginAttempt(request, username, endpoint='/o/token'))
if _backoff_period is not None:
# update backoff for failed logins
backoff = cache.get(backoff_cache_key(username, client_ip))
if backoff is None:
backoff = {'count': 0}
backoff['count'] += 1
backoff['until'] = timezone.now() + datetime.timedelta(seconds=_backoff_period ** backoff['count'])
cache.set(backoff_cache_key(username, client_ip), backoff, timeout=None)
elif response.status_code == 200:
# successful login
cache.set(backoff_cache_key(username, client_ip), None) # clear any existing backoff
return response
def to_representation(self):
return {
'ipAddress': client_ip_from_request(self.request),
'pathwayElement': self.pathway_element
}
def to_representation(self):
return {
'ipAddress': client_ip_from_request(self.request),
'badgeInstance': self.badge_instance.json,
'referer': self.request.META.get('HTTP_REFERER')
}
def _request_identity(request):
username = request.POST.get('username', None)
if username:
return username
return client_ip_from_request(self.request)
def post(self, request, *args, **kwargs):
_backoff_period = getattr(settings, 'TOKEN_BACKOFF_PERIOD_SECONDS', 2)
_max_backoff = getattr(settings, 'TOKEN_BACKOFF_MAXIMUM_SECONDS',
3600) # max is 1 hour
grant_type = request.POST.get('grant_type', 'password')
username = request.POST.get('username')
client_ip = client_ip_from_request(request)
if grant_type == 'password' and _backoff_period is not None:
# check for existing backoff for password attempts
backoff = cache.get(backoff_cache_key(username, client_ip))
if backoff is not None:
backoff_until = backoff.get('until', None)
backoff_count = backoff.get('count', 1)
if backoff_until > timezone.now():
backoff_count += 1
backoff_seconds = min(_max_backoff,
_backoff_period**backoff_count)
backoff_until = timezone.now() + datetime.timedelta(
seconds=backoff_seconds)
cache.set(backoff_cache_key(username, client_ip),
dict(until=backoff_until, count=backoff_count),
timeout=None)
# return the same error as a failed login attempt
return HttpResponse(json.dumps({
"error_description":
"Too many login attempts. Please wait and try again.",
"error": "login attempts throttled",
"expires": backoff_seconds,
}),
status=HTTP_401_UNAUTHORIZED)
# pre-validate scopes requested
client_id = request.POST.get('client_id', None)
requested_scopes = [
s for s in scope_to_list(request.POST.get('scope', '')) if s
]
if client_id:
try:
oauth_app = Application.objects.get(client_id=client_id)
except Application.DoesNotExist:
return HttpResponse(json.dumps({"error": "invalid client_id"}),
status=HTTP_400_BAD_REQUEST)
try:
allowed_scopes = oauth_app.applicationinfo.scope_list
except ApplicationInfo.DoesNotExist:
allowed_scopes = ['r:profile']
# handle rw:issuer:* scopes
if 'rw:issuer:*' in allowed_scopes:
issuer_scopes = filter(lambda x: x.startswith(r'rw:issuer:'),
requested_scopes)
allowed_scopes.extend(issuer_scopes)
filtered_scopes = set(allowed_scopes) & set(requested_scopes)
if len(filtered_scopes) < len(requested_scopes):
return HttpResponse(json.dumps(
{"error": "invalid scope requested"}),
status=HTTP_400_BAD_REQUEST)
# let parent method do actual authentication
response = super(TokenView, self).post(request, *args, **kwargs)
if grant_type == "password" and response.status_code == 401:
# failed password login attempt
username = request.POST.get('username', None)
badgrlogger.event(
badgrlog.FailedLoginAttempt(request,
username,
endpoint='/o/token'))
if _backoff_period is not None:
# update backoff for failed logins
backoff = cache.get(backoff_cache_key(username, client_ip))
if backoff is None:
backoff = {'count': 0}
backoff['count'] += 1
backoff['until'] = timezone.now() + datetime.timedelta(
seconds=_backoff_period**backoff['count'])
cache.set(backoff_cache_key(username, client_ip),
backoff,
timeout=None)
elif response.status_code == 200:
# successful login
cache.set(backoff_cache_key(username, client_ip),
None) # clear any existing backoff
return response
def to_representation(self):
return {
'username': self.username,
'ipAddress': client_ip_from_request(self.request),
'newToken': self.is_new_token
}
def to_representation(self):
return {
'ipAddress': client_ip_from_request(self.request),
'badgeInstance': self.badge_instance.json,
}