def authenticate(self, request): """ Returns a `User` if a correct username and password have been supplied using HTTP Basic authentication. Otherwise returns `None`. """ auth = get_authorization_header(request).split() if not auth or auth[0].lower() != b'basic': return None if len(auth) == 1: msg = 'Invalid basic header. No credentials provided.' raise exceptions.AuthenticationFailed(msg) elif len(auth) > 2: msg = 'Invalid basic header. Credentials string should not contain spaces.' raise exceptions.AuthenticationFailed(msg) try: auth_parts = base64.b64decode(auth[1]).decode(HTTP_HEADER_ENCODING).partition(':') except (TypeError, UnicodeDecodeError): msg = 'Invalid basic header. Credentials not correctly base64 encoded' raise exceptions.AuthenticationFailed(msg) userid, password = auth_parts[0], auth_parts[2] return self.authenticate_credentials(userid, password)
def authenticate(self, request): """ Returns two-tuple of (user, token) if authentication succeeds, or None otherwise. """ auth = get_authorization_header(request).split() if len(auth) == 1: msg = 'Invalid bearer header. No credentials provided.' raise exceptions.AuthenticationFailed(msg) elif len(auth) > 2: msg = 'Invalid bearer header. Token string should not contain spaces.' raise exceptions.AuthenticationFailed(msg) if auth and auth[0].lower() == b'bearer': access_token = auth[1] elif 'access_token' in request.POST: access_token = request.POST['access_token'] elif 'access_token' in request.GET and self.allow_query_params_token: access_token = request.GET['access_token'] else: return None return self.authenticate_credentials(request, access_token)
def authenticate_credentials(self, key): try: token = self.model.objects.select_related('user').get(key=key) except self.model.DoesNotExist: raise exceptions.AuthenticationFailed('Invalid token') if not token.user.is_active: raise exceptions.AuthenticationFailed('User inactive or deleted') return (token.user, token)
def authenticate(self, request): auth = get_authorization_header(request).split() if not auth or auth[0].lower() != b'token': return None if len(auth) == 1: msg = 'Invalid token header. No credentials provided.' raise exceptions.AuthenticationFailed(msg) elif len(auth) > 2: msg = 'Invalid token header. Token string should not contain spaces.' raise exceptions.AuthenticationFailed(msg) return self.authenticate_credentials(auth[1])
def authenticate_credentials(self, userid, password): """ Authenticate the userid and password against username and password. """ user = authenticate(username=userid, password=password) if user is None or not user.is_active: raise exceptions.AuthenticationFailed('Invalid username/password') return (user, None)
def authenticate_credentials(self, request, access_token): """ Authenticate the request, given the access token. """ try: token = oauth2_provider.oauth2.models.AccessToken.objects.select_related('user') # provider_now switches to timezone aware datetime when # the oauth2_provider version supports to it. token = token.get(token=access_token, expires__gt=provider_now()) except oauth2_provider.oauth2.models.AccessToken.DoesNotExist: raise exceptions.AuthenticationFailed('Invalid token') user = token.user if not user.is_active: msg = 'User inactive or deleted: %s' % user.get_username() raise exceptions.AuthenticationFailed(msg) return (user, token)
def authenticate(self, request): """ Returns two-tuple of (user, token) if authentication succeeds, or None otherwise. """ try: oauth_request = oauth_provider.utils.get_oauth_request(request) except oauth.Error as err: raise exceptions.AuthenticationFailed(err.message) if not oauth_request: return None oauth_params = oauth_provider.consts.OAUTH_PARAMETERS_NAMES found = any(param for param in oauth_params if param in oauth_request) missing = list(param for param in oauth_params if param not in oauth_request) if not found: # OAuth authentication was not attempted. return None if missing: # OAuth was attempted but missing parameters. msg = 'Missing parameters: %s' % (', '.join(missing)) raise exceptions.AuthenticationFailed(msg) if not self.check_nonce(request, oauth_request): msg = 'Nonce check failed' raise exceptions.AuthenticationFailed(msg) try: consumer_key = oauth_request.get_parameter('oauth_consumer_key') consumer = oauth_provider_store.get_consumer(request, oauth_request, consumer_key) except oauth_provider.store.InvalidConsumerError: msg = 'Invalid consumer token: %s' % oauth_request.get_parameter('oauth_consumer_key') raise exceptions.AuthenticationFailed(msg) if consumer.status != oauth_provider.consts.ACCEPTED: msg = 'Invalid consumer key status: %s' % consumer.get_status_display() raise exceptions.AuthenticationFailed(msg) try: token_param = oauth_request.get_parameter('oauth_token') token = oauth_provider_store.get_access_token(request, oauth_request, consumer, token_param) except oauth_provider.store.InvalidTokenError: msg = 'Invalid access token: %s' % oauth_request.get_parameter('oauth_token') raise exceptions.AuthenticationFailed(msg) try: self.validate_token(request, consumer, token) except oauth.Error as err: raise exceptions.AuthenticationFailed(err.message) user = token.user if not user.is_active: msg = 'User inactive or deleted: %s' % user.username raise exceptions.AuthenticationFailed(msg) return (token.user, token)