def _set_auth_cookie(self, request, response): from seahub.api2.utils import get_token_v1, get_token_v2 # generate tokenv2 using information in request params keys = ( 'platform', 'device_id', 'device_name', 'client_version', 'platform_version', ) if all(['shib_' + key in request.GET for key in keys]): platform = request.GET['shib_platform'] device_id = request.GET['shib_device_id'] device_name = request.GET['shib_device_name'] client_version = request.GET['shib_client_version'] platform_version = request.GET['shib_platform_version'] token = get_token_v2(request, request.user.username, platform, device_id, device_name, client_version, platform_version) elif all(['shib_' + key not in request.GET for key in keys]): token = get_token_v1(request.user.username) else: return response.set_cookie('seahub_auth', request.user.username + '@' + token.key)
def _set_auth_cookie(self, request, response): from seahub.api2.utils import get_token_v1, get_token_v2 # generate tokenv2 using information in request params if 'from_desktop' not in str(request.GET): return keys = ( 'platform', 'device_id', 'device_name', 'client_version', 'platform_version', ) if all(['krb5_' + key in request.GET for key in keys]): platform = request.GET['krb5_platform'] device_id = request.GET['krb5_device_id'] device_name = request.GET['krb5_device_name'] client_version = request.GET['krb5_client_version'] platform_version = request.GET['krb5_platform_version'] token = get_token_v2(request, request.user.username, platform, device_id, device_name, client_version, platform_version) elif all(['krb5_' + key not in request.GET for key in keys]): token = get_token_v1(request.user.username) else: return response.set_cookie('seahub_auth', request.user.username + '@' + token.key, domain=settings.SESSION_COOKIE_DOMAIN)
def post(self, request): email = request.data.get('email') if not email: error_msg = 'email invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: user = User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not user.is_active: error_msg = 'User %s is not active.' % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: token = get_token_v1(email) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) result = {'token': token.key} return Response(result)
def auth_complete(request): from seahub.api2.utils import get_token_v1, get_token_v2 # generate tokenv2 using information in request params keys = ( 'platform', 'device_id', 'device_name', 'client_version', 'platform_version', ) if all(['shib_' + key in request.GET for key in keys]): platform = request.GET['shib_platform'] device_id = request.GET['shib_device_id'] device_name = request.GET['shib_device_name'] client_version = request.GET['shib_client_version'] platform_version = request.GET['shib_platform_version'] token = get_token_v2(request, request.user.username, platform, device_id, device_name, client_version, platform_version) elif all(['shib_' + key not in request.GET for key in keys]): token = get_token_v1(request.user.username) resp = HttpResponseRedirect(reverse('libraries')) resp.set_cookie('seahub_auth', request.user.username + '@' + token.key) # Added by Khorkin update sudo timestamp if request.user.is_authenticated: if request.user.is_staff: update_sudo_mode_ts(request) return resp
def get(self, request): if not ENABLE_GET_AUTH_TOKEN_BY_SESSION: error_msg = 'Feature is not enabled.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) token = get_token_v1(request.user.username) return Response({'token': token.key})
def validate(self, attrs): login_id = attrs.get('username') password = attrs.get('password') platform = attrs.get('platform', None) device_id = attrs.get('device_id', None) device_name = attrs.get('device_name', None) client_version = attrs.get('client_version', None) platform_version = attrs.get('platform_version', None) v2_fields = (platform, device_id, device_name) # Decide the version of token we need if all_none(v2_fields): v2 = False elif all_not_none(v2_fields): v2 = True else: raise serializers.ValidationError('invalid params') username = Profile.objects.get_username_by_login_id(login_id) if username is None: username = login_id if username and password: user = authenticate(username=username, password=password) if user: if not user.is_active: raise serializers.ValidationError('User account is disabled.') else: raise serializers.ValidationError('Unable to login with provided credentials.') else: raise serializers.ValidationError('Must include "username" and "password"') populate_user_permissions(user) if platform in DESKTOP_PLATFORMS: if not user.permissions.can_connect_with_desktop_clients(): raise serializers.ValidationError('Not allowed to connect to desktop client.') elif platform == 'android': if not user.permissions.can_connect_with_android_clients(): raise serializers.ValidationError('Not allowed to connect to android client.') elif platform == 'ios': if not user.permissions.can_connect_with_ios_clients(): raise serializers.ValidationError('Not allowed to connect to ios client.') else: logger.info('%s: unrecognized device' % login_id) self._two_factor_auth(self.context['request'], user) # Now user is authenticated if v2: token = get_token_v2(self.context['request'], username, platform, device_id, device_name, client_version, platform_version) else: token = get_token_v1(username) return token.key
def validate(self, attrs): username = attrs.get('username') password = attrs.get('password') platform = attrs.get('platform', None) device_id = attrs.get('device_id', None) device_name = attrs.get('device_name', None) client_version = attrs.get('client_version', None) platform_version = attrs.get('platform_version', None) v2_fields = (platform, device_id, device_name, client_version, platform_version) # Decide the version of token we need if all_none(v2_fields): v2 = False elif all_not_none(v2_fields): v2 = True else: raise serializers.ValidationError('invalid params') # first check username and password if username: if not is_valid_username(username): raise serializers.ValidationError('username is not valid.') if username and password: user = authenticate(username=username, password=password) if user: if not user.is_active: raise serializers.ValidationError( 'User account is disabled.') else: raise serializers.ValidationError( 'Unable to login with provided credentials.') else: raise serializers.ValidationError( 'Must include "username" and "password"') # Now user is authenticated if v2: token = get_token_v2(self.context['request'], username, platform, device_id, device_name, client_version, platform_version) else: token = get_token_v1(username) return token.key
def validate(self, attrs): username = attrs.get("username") password = attrs.get("password") platform = attrs.get("platform", None) device_id = attrs.get("device_id", None) device_name = attrs.get("device_name", None) client_version = attrs.get("client_version", None) platform_version = attrs.get("platform_version", None) v2_fields = (platform, device_id, device_name, client_version, platform_version) # Decide the version of token we need if all_none(v2_fields): v2 = False elif all_not_none(v2_fields): v2 = True else: raise serializers.ValidationError("invalid params") # first check username and password if username: if not is_valid_username(username): raise serializers.ValidationError("username is not valid.") if username and password: user = authenticate(username=username, password=password) if user: if not user.is_active: raise serializers.ValidationError("User account is disabled.") else: raise serializers.ValidationError("Unable to login with provided credentials.") else: raise serializers.ValidationError('Must include "username" and "password"') # Now user is authenticated if v2: token = get_token_v2( self.context["request"], username, platform, device_id, device_name, client_version, platform_version ) else: token = get_token_v1(username) return token.key
def _set_auth_cookie(self, request, response): from seahub.api2.utils import get_token_v1, get_token_v2 # generate tokenv2 using information in request params keys = ("platform", "device_id", "device_name", "client_version", "platform_version") if all(["shib_" + key in request.GET for key in keys]): platform = request.GET["shib_platform"] device_id = request.GET["shib_device_id"] device_name = request.GET["shib_device_name"] client_version = request.GET["shib_client_version"] platform_version = request.GET["shib_platform_version"] token = get_token_v2( request, request.user.username, platform, device_id, device_name, client_version, platform_version ) elif all(["shib_" + key not in request.GET for key in keys]): token = get_token_v1(request.user.username) else: return response.set_cookie("seahub_auth", request.user.username + "@" + token.key)
def validate(self, attrs): login_id = attrs.get('username') password = attrs.get('password') platform = attrs.get('platform', None) device_id = attrs.get('device_id', None) device_name = attrs.get('device_name', None) client_version = attrs.get('client_version', None) platform_version = attrs.get('platform_version', None) v2_fields = (platform, device_id, device_name) # Decide the version of token we need if all_none(v2_fields): v2 = False elif all_not_none(v2_fields): v2 = True else: raise serializers.ValidationError('invalid params') username = Profile.objects.get_username_by_login_id(login_id) if username is None: username = login_id if username and password: user = authenticate(username=username, password=password) if user: if not user.is_active: raise serializers.ValidationError('User account is disabled.') else: raise serializers.ValidationError('Unable to login with provided credentials.') else: raise serializers.ValidationError('Must include "username" and "password"') self._two_factor_auth(self.context['request'], username) # Now user is authenticated if v2: token = get_token_v2(self.context['request'], username, platform, device_id, device_name, client_version, platform_version) else: token = get_token_v1(username) return token.key
def _set_auth_cookie(self, request, response): from seahub.api2.utils import get_token_v1, get_token_v2 # generate tokenv2 using information in request params keys = ( 'platform', 'device_id', 'device_name', 'client_version', 'platform_version', ) if all(['shib_' + key in request.GET for key in keys]): platform = request.GET['shib_platform'] device_id = request.GET['shib_device_id'] device_name = request.GET['shib_device_name'] client_version = request.GET['shib_client_version'] platform_version = request.GET['shib_platform_version'] token = get_token_v2( request, request.user.username, platform, device_id, device_name, client_version, platform_version) elif all(['shib_' + key not in request.GET for key in keys]): token = get_token_v1(request.user.username) else: return response.set_cookie('seahub_auth', request.user.username + '@' + token.key)
def validate(self, attrs): login_id = attrs.get('username') password = attrs.get('password') platform = attrs.get('platform', None) device_id = attrs.get('device_id', None) device_name = attrs.get('device_name', None) client_version = attrs.get('client_version', None) platform_version = attrs.get('platform_version', None) v2_fields = (platform, device_id, device_name) # Decide the version of token we need if all_none(v2_fields): v2 = False elif all_not_none(v2_fields): v2 = True else: raise serializers.ValidationError('invalid params') if login_id and password: user = authenticate(username=login_id, password=password) if user: if not user.is_active: raise serializers.ValidationError( 'User account is disabled.') else: """try login id/contact email/primary id""" # convert login id or contact email to username if any username = Profile.objects.convert_login_str_to_username( login_id) # convert username to primary id if any p_id = ccnet_api.get_primary_id(username) if p_id is not None: username = p_id user = authenticate(username=username, password=password) if user is None: raise serializers.ValidationError( 'Unable to login with provided credentials.') else: raise serializers.ValidationError( 'Must include "username" and "password"') self._two_factor_auth(self.context['request'], user) # Now user is authenticated if v2: if platform in DESKTOP_PLATFORMS: if not user.permissions.can_connect_with_desktop_clients(): raise serializers.ValidationError( 'Not allowed to connect to desktop client.') elif platform == 'android': if not user.permissions.can_connect_with_android_clients(): raise serializers.ValidationError( 'Not allowed to connect to android client.') elif platform == 'ios': if not user.permissions.can_connect_with_ios_clients(): raise serializers.ValidationError( 'Not allowed to connect to ios client.') else: logger.info('%s: unrecognized device' % login_id) token = get_token_v2(self.context['request'], user.username, platform, device_id, device_name, client_version, platform_version) else: token = get_token_v1(user.username) return token.key
def oauth_callback(request): """ Step 3: Retrieving an access token. The user has been redirected back from the provider to your registered callback URL. With this redirection comes an authorization code included in the redirect URL. We will use that to obtain an access token. """ session = OAuth2Session(client_id=CLIENT_ID, scope=SCOPE, state=request.session.get('oauth_state', None), redirect_uri=REDIRECT_URL) try: session.fetch_token(TOKEN_URL, client_secret=CLIENT_SECRET, authorization_response=request.get_full_path()) if session._client.__dict__['token'].has_key('user_id'): # used for sjtu.edu.cn # https://xjq12311.gitbooks.io/sjtu-engtc/content/ user_id = session._client.__dict__['token']['user_id'] user_info_resp = session.get(USER_INFO_URL + '?user_id=%s' % user_id) else: user_info_resp = session.get(USER_INFO_URL) except Exception as e: logger.error(e) return render(request, 'error.html', { 'error_msg': _('Error, please contact administrator.'), }) def format_user_info(user_info_resp): error = False user_info = {} user_info_json = user_info_resp.json() for item, attr in ATTRIBUTE_MAP.items(): required, user_attr = attr value = user_info_json.get(item, '') if value: # ccnet email if user_attr == 'email': user_info[user_attr] = value if is_valid_email(str(value)) else \ '%s@%s' % (str(value), PROVIDER_DOMAIN) else: user_info[user_attr] = value elif required: error = True return user_info, error user_info, error = format_user_info(user_info_resp) if error: logger.error('Required user info not found.') logger.error(user_info) return render(request, 'error.html', { 'error_msg': _('Error, please contact administrator.'), }) # seahub authenticate user email = user_info['email'] try: User.objects.get(email=email) except User.DoesNotExist: if not config.ENABLE_SIGNUP: logger.error('%s not found but user registration is disabled.' % email) return render( request, 'error.html', { 'error_msg': _('Error, please contact administrator.'), }) try: user = auth.authenticate(remote_user=email) except User.DoesNotExist: user = None if not user or not user.is_active: logger.error('User %s not found or inactive.' % email) # a page for authenticate user failed return render(request, 'error.html', {'error_msg': _(u'User %s not found.') % email}) # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user auth.login(request, user) user.set_unusable_password() user.save() # update user's profile name = user_info['name'] if user_info.has_key('name') else '' contact_email = user_info['contact_email'] if \ user_info.has_key('contact_email') else '' profile = Profile.objects.get_profile_by_user(email) if not profile: profile = Profile(user=email) if name: profile.nickname = name.strip() profile.save() if contact_email: profile.contact_email = contact_email.strip() profile.save() # generate auth token for Seafile client keys = ( 'platform', 'device_id', 'device_name', 'client_version', 'platform_version', ) if all([key in request.GET for key in keys]): platform = request.GET['platform'] device_id = request.GET['device_id'] device_name = request.GET['device_name'] client_version = request.GET['client_version'] platform_version = request.GET['platform_version'] token = get_token_v2(request, request.user.username, platform, device_id, device_name, client_version, platform_version) else: token = get_token_v1(request.user.username) # redirect user to home page response = HttpResponseRedirect(reverse('libraries')) response.set_cookie('seahub_auth', email + '@' + token.key) return response
def get(self, request): token = get_token_v1(request.user.username) return Response({'token': token.key})