def authenticate(self, req: Request) -> Deferred:
# To avoid cross-site request forgery, we must authenticate every API
# call and not use session cookies. Since API calls are not made using
# web browsers, most likely the client is not using session cookies
# anyway.
# http://en.wikipedia.org/wiki/Cross-site_request_forgery
try:
credentials = req.getCredentials()
except UnicodeDecodeError as ex:
return fail(LoginFailed(ex))
if credentials.name:
return ensureDeferred(authenticateUser(self.userDB, credentials))
elif self.project.anonguest:
return succeed(AnonGuestUser())
else:
return fail(LoginFailed())
def authenticate(self, req: Request) -> Deferred:
try:
credentials = req.getCredentials()
except UnicodeDecodeError as ex:
return fail(LoginFailed(ex))
tokenId = credentials.name
if tokenId:
try:
token = authenticateToken(self.tokenDB, credentials)
except KeyError:
return fail(LoginFailed(f'Token {tokenId} does not exist'))
if token.role is not self.__role:
return fail(
Unauthorized(
f'Token {tokenId} is of the wrong type for this operation'
))
if token.expired:
return fail(Unauthorized(f'Token {tokenId} has expired'))
return succeed(TokenUser(token))
elif self.project.anonguest:
return succeed(AnonGuestUser())
else:
return fail(LoginFailed())