def _loginSucceeded(self, avatar, request):
"""Authorizes an XCAP request after it has been authenticated."""
interface, avatar_id = avatar ## the avatar is the authenticated XCAP User
xcap_uri = request.xcap_uri
application = getApplicationForURI(xcap_uri)
if not application:
raise ResourceNotFound
if interface is IAuthUser and application.is_authorized(XCAPUser.parse(avatar_id), xcap_uri):
return HTTPAuthResource._loginSucceeded(self, avatar, request)
elif interface is ITrustedPeer or interface is IPublicGetApplication:
return HTTPAuthResource._loginSucceeded(self, avatar, request)
else:
return failure.Failure(http.HTTPError(UnauthorizedResponse(self.credentialFactories, request.remoteAddr)))
def _loginSucceeded(self, avatar, request):
"""Authorizes an XCAP request after it has been authenticated."""
interface, avatar_id = avatar ## the avatar is the authenticated XCAP User
xcap_uri = request.xcap_uri
application = getApplicationForURI(xcap_uri)
if not application:
raise ResourceNotFound
if interface is IAuthUser and application.is_authorized(
XCAPUser.parse(avatar_id), xcap_uri):
return HTTPAuthResource._loginSucceeded(self, avatar, request)
elif interface is ITrustedPeer or interface is IPublicGetApplication:
return HTTPAuthResource._loginSucceeded(self, avatar, request)
else:
return failure.Failure(
http.HTTPError(
UnauthorizedResponse(self.credentialFactories,
request.remoteAddr)))
def authenticate(self, request):
"""Authenticates an XCAP request."""
parsed_url = urlparse.urlparse(request.uri)
if request.port in (80, 443):
uri = request.scheme + "://" + request.host + parsed_url.path
else:
uri = request.scheme + "://" + request.host + ":" + str(
request.port) + parsed_url.path
if parsed_url.query:
uri += "?%s" % parsed_url.query
xcap_uri = parseNodeURI(uri, AuthenticationConfig.default_realm)
request.xcap_uri = xcap_uri
if xcap_uri.doc_selector.context == 'global':
return defer.succeed(self.wrappedResource)
## For each request the authentication realm must be
## dinamically deducted from the XCAP request URI
realm = xcap_uri.user.domain
if realm is None:
raise ResourceNotFound(
'Unknown domain (the domain part of "username@domain" is required because this server has no default domain)'
)
if not xcap_uri.user.username:
# for 'global' requests there's no username@domain in the URI,
# so we will use username and domain from Authorization header
xcap_uri.user.username, xcap_uri.user.domain = get_cred(
request, AuthenticationConfig.default_realm)
self._updateRealm(realm)
# If we receive a GET to a 'public GET application' we will not authenticate it
if request.method == "GET" and public_get_applications.has_key(
xcap_uri.application_id):
return self.portal.login(PublicGetApplicationCredentials(), None,
IPublicGetApplication).addCallbacks(
self._loginSucceeded,
self._publicGetApplicationLoginFailed,
(request, ), None, (request, ), None)
remote_addr = request.remoteAddr.host
if AuthenticationConfig.trusted_peers:
return self.portal.login(TrustedPeerCredentials(remote_addr), None,
ITrustedPeer).addCallbacks(
self._loginSucceeded,
self._trustedPeerLoginFailed,
(request, ), None, (request, ), None)
return HTTPAuthResource.authenticate(self, request)
def authenticate(self, request):
"""Authenticates an XCAP request."""
parsed_url = urlparse.urlparse(request.uri)
if request.port in (80, 443):
uri = request.scheme + "://" + request.host + parsed_url.path
else:
uri = request.scheme + "://" + request.host + ":" + str(request.port) + parsed_url.path
if parsed_url.query:
uri += "?%s" % parsed_url.query
xcap_uri = parseNodeURI(uri, AuthenticationConfig.default_realm)
request.xcap_uri = xcap_uri
if xcap_uri.doc_selector.context=='global':
return defer.succeed(self.wrappedResource)
## For each request the authentication realm must be
## dinamically deducted from the XCAP request URI
realm = xcap_uri.user.domain
if realm is None:
raise ResourceNotFound('Unknown domain (the domain part of "username@domain" is required because this server has no default domain)')
if not xcap_uri.user.username:
# for 'global' requests there's no username@domain in the URI,
# so we will use username and domain from Authorization header
xcap_uri.user.username, xcap_uri.user.domain = get_cred(request, AuthenticationConfig.default_realm)
self._updateRealm(realm)
# If we receive a GET to a 'public GET application' we will not authenticate it
if request.method == "GET" and public_get_applications.has_key(xcap_uri.application_id):
return self.portal.login(PublicGetApplicationCredentials(),
None,
IPublicGetApplication
).addCallbacks(self._loginSucceeded,
self._publicGetApplicationLoginFailed,
(request,), None,
(request,), None)
remote_addr = request.remoteAddr.host
if AuthenticationConfig.trusted_peers:
return self.portal.login(TrustedPeerCredentials(remote_addr),
None,
ITrustedPeer
).addCallbacks(self._loginSucceeded,
self._trustedPeerLoginFailed,
(request,), None,
(request,), None)
return HTTPAuthResource.authenticate(self, request)
def _publicGetApplicationLoginFailed(self, result, request):
return HTTPAuthResource.authenticate(self, request)
def _trustedPeerLoginFailed(self, result, request):
"""If the peer is not trusted, fallback to HTTP basic/digest authentication."""
return HTTPAuthResource.authenticate(self, request)
def _publicGetApplicationLoginFailed(self, result, request):
return HTTPAuthResource.authenticate(self, request)
def _trustedPeerLoginFailed(self, result, request):
"""If the peer is not trusted, fallback to HTTP basic/digest authentication."""
return HTTPAuthResource.authenticate(self, request)
