コード例 #1
0
ファイル: clients.py プロジェクト: winglq/framework
 def list(self, request, userguid=None, ovs_type=None):
     """
     Lists all available Clients where the logged in user has access to
     :param request: Raw request
     :type request: Request
     :param userguid: User guid to filter the clients
     :type userguid: str
     :param ovs_type: Filter on the Client's ovs_type
     :type ovs_type: str
     """
     if Toolbox.is_client_in_roles(request.client, ['manage']):
         client_list = ClientList.get_clients()
     else:
         if ovs_type is not None and ovs_type != 'INTERNAL':
             client_list = [
                 client for client in request.client.user.clients
                 if client.ovs_type == ovs_type
             ]
         else:
             client_list = [
                 client for client in request.client.user.clients
                 if client.ovs_type != 'INTERNAL'
             ]
     if userguid is not None:
         return [
             client for client in client_list
             if client.user_guid == userguid
         ]
     return client_list
コード例 #2
0
ファイル: clients.py プロジェクト: th3architect/framework
 def list(self, request, userguid=None, ovs_type=None):
     """
     Lists all available Clients where the logged in user has access to
     """
     if Toolbox.is_client_in_roles(request.client, ['manage']):
         client_list = ClientList.get_clients()
     else:
         if ovs_type is not None and ovs_type != 'INTERNAL':
             client_list = [client for client in request.client.user.clients if client.ovs_type == ovs_type]
         else:
             client_list = [client for client in request.client.user.clients if client.ovs_type != 'INTERNAL']
     if userguid is not None:
         return [client for client in client_list if client.user_guid == userguid]
     return client_list
コード例 #3
0
ファイル: clients.py プロジェクト: dawnpower/framework
 def list(self, request, userguid=None, ovs_type=None):
     """
     Lists all available Clients where the logged in user has access to
     """
     if Toolbox.is_client_in_roles(request.client, ['manage']):
         client_list = ClientList.get_clients()
     else:
         if ovs_type is not None and ovs_type != 'INTERNAL':
             client_list = [client for client in request.client.user.clients if client.ovs_type == ovs_type]
         else:
             client_list = [client for client in request.client.user.clients if client.ovs_type != 'INTERNAL']
     if userguid is not None:
         return [client for client in client_list if client.user_guid == userguid]
     return client_list
コード例 #4
0
ファイル: clients.py プロジェクト: grimpy/openvstorage
 def list(self, request, userguid=None, ovs_type=None):
     """
     Lists all available Clients where the logged in user has access to
     :param request: Raw request
     :type request: Request
     :param userguid: User guid to filter the clients
     :type userguid: str
     :param ovs_type: Filter on the Client's ovs_type
     :type ovs_type: str
     """
     if Toolbox.is_client_in_roles(request.client, ['manage']):
         client_list = ClientList.get_clients()
     else:
         if ovs_type is not None and ovs_type != 'INTERNAL':
             client_list = [client for client in request.client.user.clients if client.ovs_type == ovs_type]
         else:
             client_list = [client for client in request.client.user.clients if client.ovs_type != 'INTERNAL']
     if userguid is not None:
         return [client for client in client_list if client.user_guid == userguid]
     return client_list
コード例 #5
0
ファイル: redirectview.py プロジェクト: DarumasLegs/framework
    def get(self, request, *args, **kwargs):
        """
        Handles token post
        """
        _ = args, kwargs
        html_endpoint = EtcdConfiguration.get('/ovs/framework/webapps|html_endpoint')
        if 'code' not in request.GET:
            OAuth2RedirectView._logger.error('Got OAuth2 redirection request without code')
            return HttpResponseRedirect, html_endpoint
        code = request.GET['code']
        if 'state' not in request.GET:
            OAuth2RedirectView._logger.error('Got OAuth2 redirection request without state')
            return HttpResponseRedirect, html_endpoint
        state = request.GET['state']
        if 'error' in request.GET:
            error = request.GET['error']
            description = request.GET['error_description'] if 'error_description' in request.GET else ''
            OAuth2RedirectView._logger.error('Error {0} during OAuth2 redirection request: {1}'.format(error, description))
            return HttpResponseRedirect, html_endpoint

        base_url = EtcdConfiguration.get('/ovs/framework/webapps|oauth2.token_uri')
        client_id = EtcdConfiguration.get('/ovs/framework/webapps|oauth2.client_id')
        client_secret = EtcdConfiguration.get('/ovs/framework/webapps|oauth2.client_secret')
        parameters = {'grant_type': 'authorization_code',
                      'redirect_url': 'https://{0}/api/oauth2/redirect/'.format(System.get_my_storagerouter().ip),
                      'client_id': client_id,
                      'code': code}
        url = '{0}?{1}'.format(base_url, urllib.urlencode(parameters))
        headers = {'Accept': 'application/json',
                   'Authorization': 'Basic {0}'.format(base64.b64encode('{0}:{1}'.format(client_id, client_secret)).strip())}
        raw_response = requests.post(url=url, headers=headers, verify=False)
        response = raw_response.json()
        if 'error' in response:
            error = response['error']
            description = response['error_description'] if 'error_description' in response else ''
            OAuth2RedirectView._logger.error('Error {0} during OAuth2 redirection access token: {1}'.format(error, description))
            return HttpResponseRedirect, html_endpoint

        token = response['access_token']
        expires_in = response['expires_in']

        clients = ClientList.get_by_types('INTERNAL', 'CLIENT_CREDENTIALS')
        client = None
        for current_client in clients:
            if current_client.user.group.name == 'administrators':
                client = current_client
                break
        if client is None:
            OAuth2RedirectView._logger.error('Could not find INTERNAL CLIENT_CREDENTIALS client in administrator group.')
            return HttpResponseRedirect, html_endpoint

        roles = RoleList.get_roles_by_codes(['read', 'write', 'manage'])
        access_token, _ = Toolbox.generate_tokens(client, generate_access=True, scopes=roles)
        access_token.expiration = int(time.time() + expires_in)
        access_token.access_token = token
        access_token.save()

        expires = datetime.datetime.now() + datetime.timedelta(minutes=2)
        response = HttpResponseRedirect(html_endpoint)
        response.set_cookie('state', state, expires=expires, secure=True)
        response.set_cookie('accesstoken', token, expires=expires, secure=True)

        return response
コード例 #6
0
    def get(self, request, *args, **kwargs):
        """
        Handles token post
        """
        _ = args, kwargs
        html_endpoint = Configuration.get(
            '/ovs/framework/webapps|html_endpoint')
        if 'code' not in request.GET:
            OAuth2RedirectView._logger.error(
                'Got OAuth2 redirection request without code')
            return HttpResponseRedirect(html_endpoint)
        code = request.GET['code']
        if 'state' not in request.GET:
            OAuth2RedirectView._logger.error(
                'Got OAuth2 redirection request without state')
            return HttpResponseRedirect(html_endpoint)
        state = request.GET['state']
        if 'error' in request.GET:
            error = request.GET['error']
            description = request.GET[
                'error_description'] if 'error_description' in request.GET else ''
            OAuth2RedirectView._logger.error(
                'Error {0} during OAuth2 redirection request: {1}'.format(
                    error, description))
            return HttpResponseRedirect(html_endpoint)

        base_url = Configuration.get('/ovs/framework/webapps|oauth2.token_uri')
        client_id = Configuration.get(
            '/ovs/framework/webapps|oauth2.client_id')
        client_secret = Configuration.get(
            '/ovs/framework/webapps|oauth2.client_secret')
        parameters = {
            'grant_type':
            'authorization_code',
            'redirect_url':
            'https://{0}/api/oauth2/redirect/'.format(
                System.get_my_storagerouter().ip),
            'client_id':
            client_id,
            'code':
            code
        }
        url = '{0}?{1}'.format(base_url, urllib.urlencode(parameters))
        headers = {
            'Accept':
            'application/json',
            'Authorization':
            'Basic {0}'.format(
                base64.b64encode('{0}:{1}'.format(client_id,
                                                  client_secret)).strip())
        }
        raw_response = requests.post(url=url, headers=headers, verify=False)
        response = raw_response.json()
        if 'error' in response:
            error = response['error']
            description = response[
                'error_description'] if 'error_description' in response else ''
            OAuth2RedirectView._logger.error(
                'Error {0} during OAuth2 redirection access token: {1}'.format(
                    error, description))
            return HttpResponseRedirect(html_endpoint)

        token = response['access_token']
        expires_in = response['expires_in']

        clients = ClientList.get_by_types('INTERNAL', 'CLIENT_CREDENTIALS')
        client = None
        for current_client in clients:
            if current_client.user.group.name == 'administrators':
                client = current_client
                break
        if client is None:
            OAuth2RedirectView._logger.error(
                'Could not find INTERNAL CLIENT_CREDENTIALS client in administrator group.'
            )
            return HttpResponseRedirect(html_endpoint)

        roles = RoleList.get_roles_by_codes(['read', 'write', 'manage'])
        access_token, _ = Toolbox.generate_tokens(client,
                                                  generate_access=True,
                                                  scopes=roles)
        access_token.expiration = int(time.time() + expires_in)
        access_token.access_token = token
        access_token.save()

        expires = datetime.datetime.now() + datetime.timedelta(minutes=2)
        response = HttpResponseRedirect(html_endpoint)
        response.set_cookie('state', state, expires=expires, secure=True)
        response.set_cookie('accesstoken', token, expires=expires, secure=True)

        return response