コード例 #1
0
async def post_token(request: web.Request) -> web.Response:
    """Post to IDP to create a jwt token"""
    # Proceed as a refresh token handler if query string refresh is available
    if "refresh" in request.rel_url.query:
        if not request.headers.get("Authorization"):
            raise web.HTTPBadRequest(
                reason="Missing Authorization header for refreshing access token"
            )
        claims = utils.enforce_authorization(request.headers, request.app["settings"])
        if not claims.get("refresh_token", False):
            raise Unauthorized("Token is not a refresh token")
    else:
        claims = await authenticate_with_identity_provider(request)

    response_content: Dict[str, Any] = {
        "identify_to_kisee": coreapi.Link(
            action="post",
            title="Login via login/password pair",
            description="""
                POSTing to this endpoint will identify you by login/password.
            """,
            fields=[
                coreapi.Field(name="login", required=True),
                coreapi.Field(name="password", required=True),
            ],
            url="/tokens/?idp=kisee",
        )
    }

    if "sub" in claims:
        storage_backend = request.app["storage_backend"]
        if not await storage_backend.user_exists(claims["sub"]):
            await storage_backend.create_user(claims["sub"])

        claims["groups"] = await storage_backend.get_authorizations_for_user(
            claims["sub"]
        )
        access_token, refresh_token = generate_access_token_and_refresh_token_pairs(
            claims,
            request.app["settings"]["private_key"],
            algorithm=request.app["settings"]["algorithm"],
        )
        response_content["access_token"] = access_token
        response_content["refresh_token"] = refresh_token
    else:
        response_content["authorize_url"] = claims["authorize_url"]

    return serialize(
        request,
        coreapi.Document(
            url="/tokens/",
            title="Create a token with Identify Provider",
            content=response_content,
        ),
        headers={"Cache-Control": "no-store", "Pragma": "no-cache"},
        status=201,
    )
コード例 #2
0
ファイル: views.py プロジェクト: meltygroup/pasee
async def get_user(request: web.Request) -> web.Response:
    """Handlers for GET /users/{username}
    List groups of {username}
    """
    hostname = request.app["settings"]["hostname"]
    username = request.match_info["username"]

    claims = utils.enforce_authorization(request.headers,
                                         request.app["settings"])
    if not is_root(
            claims["groups"]) and not claims["sub"] == username:  # is user
        raise web.HTTPForbidden(reason="Do not have rights to view user info")

    last_element = request.rel_url.query.get("last_element", "")

    user = await request.app["storage_backend"].get_user(username)
    if not user:
        raise web.HTTPNotFound(reason="User does not exist")

    groups = await request.app["storage_backend"].get_groups_of_user(
        username, last_element)

    content = user
    content["patch"] = coreapi.Link(
        action="patch",
        title="Patch fields of user",
        description="A method to patch fields of user",
        fields=[coreapi.Field(name="is_banned")],
    )

    if groups:
        content["next"] = coreapi.Link(
            url=f"{hostname}/users/{username}?last_element={groups[-1]}")
        content["groups"] = [
            coreapi.Document(url=f"{hostname}/groups/{group}/",
                             content={"group": group}) for group in groups
        ]

    return serialize(
        request,
        coreapi.Document(url=f"{hostname}/users/{username}",
                         title="User interface",
                         content=content),
        headers={"Vary": "Origin"},
    )
コード例 #3
0
ファイル: views.py プロジェクト: meltygroup/pasee
async def get_groups(request: web.Request) -> web.Response:
    """Handlers for GET /groups/"""
    hostname = request.app["settings"]["hostname"]
    errors, groups = await _get_groups(request)
    content = {
        "groups": [
            coreapi.Document(url=f"{hostname}/groups/{group}/",
                             content={"group": group}) for group in groups
        ],
        "create_group":
        coreapi.Link(
            action="post",
            title="Create a group",
            description="A method to create a group by a staff member",
            fields=[coreapi.Field(name="group", required=True)],
        ),
        "get_groups_of_user":
        coreapi.Link(
            action="get",
            title="Get groups of user",
            description="Get list of groups of a user",
            url=f"{hostname}/groups/{{?user}}",
        ),
        "errors":
        errors,
    }
    if groups:
        content["next"] = coreapi.Link(
            url=f"{hostname}/groups/?last_element={groups[-1]}")
    return serialize(
        request,
        coreapi.Document(
            url=f"{hostname}/groups/",
            title="Groups of Identity Manager",
            content=content,
        ),
        headers={"Vary": "Origin"},
    )
コード例 #4
0
async def get_tokens(request: web.Request) -> web.Response:
    """Handlers for GET /token/, just describes that a POST is possible."""
    hostname = request.app["settings"]["hostname"]
    access_token, refresh_token = None, None
    identity_provider_input = request.rel_url.query.get("idp", None)
    if identity_provider_input:
        access_token, refresh_token = await handle_oauth_callback(
            identity_provider_input, request
        )

    idps = {}
    for idp_name, idp_conf in request.app["settings"]["idps"].items():
        fields: List[coreapi.Field] = []
        if idp_conf.get("input_fields"):
            fields = [
                coreapi.Field(name=field.get("name"), required=field.get("required"))
                for field in idp_conf["input_fields"]
            ]
        idps[f"identify_via_{idp_name}"] = coreapi.Link(
            action="post",
            title=idp_conf.get("title"),
            description=idp_conf.get("description"),
            fields=fields,
            url=f"/tokens/?idp={idp_name}",
        )

    return serialize(
        request,
        coreapi.Document(
            url=f"{hostname}/token",
            title="Request Token From Identity Provider",
            content={
                "access_token": access_token,
                "refresh_token": refresh_token,
                **idps,
            },
        ),
    )
コード例 #5
0
ファイル: views.py プロジェクト: meltygroup/pasee
async def get_group(request: web.Request) -> web.Response:
    """Handler for GET /groups/{group_uid}"""
    hostname = request.app["settings"]["hostname"]
    claims = utils.enforce_authorization(request.headers,
                                         request.app["settings"])
    storage_backend = request.app["storage_backend"]
    group = request.match_info["group_uid"]

    if not is_authorized_for_group(claims["groups"], group):
        raise web.HTTPForbidden(reason="Not authorized to view group")

    if not await storage_backend.group_exists(group):
        raise web.HTTPNotFound(reason="Group does not exist")

    members = await storage_backend.get_members_of_group(group)
    return serialize(
        request,
        coreapi.Document(
            url=f"{hostname}/groups/{{group}}/",
            title=f"{group} group management interface",
            content={
                "members": [
                    coreapi.Document(url=f"{hostname}/users/{member}",
                                     content={"username": member})
                    for member in members
                ],
                "add_member":
                coreapi.Link(
                    action="post",
                    title="Add a member to group",
                    description="A method to add a member to group",
                    fields=[coreapi.Field(name="username", required=True)],
                ),
            },
        ),
        headers={"Vary": "Origin"},
    )