def callback(self, **kwargs):
auth_context = kwargs
auth_context['response'] = kwargs
auth_context['calling_back'] = True
try:
# Verify the state previously put in the db
state = auth_context.get('state', None)
back, provider = db.get_url(state)
if not back:
err = 'OAuth callback with forged state, discarding'
logger.debug(err)
raise base.UnauthenticatedError(err)
auth_plugin = self.auth_plugins.get(provider)
if not auth_plugin:
msg = 'Unknown OAuth provider: %s' % provider
logger.error(msg)
raise base.UnauthenticatedError(msg)
logger.debug('Callback called by OAuth provider %s' % provider)
auth_context['back'] = back
valid_user = auth_plugin.authenticate(**auth_context)
except base.UnauthenticatedError as e:
response.status = 401
auth_methods = [k for k, v in conf.get('auth', {})]
return render('login.html',
dict(back=back,
message='Authorization failure: %s' % e,
auth_methods=auth_methods))
logger.info(
'%s (%s) successfully authenticated with OAuth2.'
% (valid_user['login'], valid_user['email']))
common.setup_response(valid_user,
back)
def post(self, **kwargs):
logger.info('Client requests authentication.')
back = kwargs.get('back')
if not back:
logger.error('Client requests authentication without back url.')
abort(422)
username = kwargs.get('username')
password = kwargs.get('password')
if username and password:
valid_user = self.check_valid_user(username, password)
if not valid_user:
logger.error('Client requests authentication with wrong'
' credentials.')
response.status = 401
return render('login.html',
dict(back=back, message='Authorization failed.'))
email, lastname, sshkey = valid_user
logger.info('Client requests authentication success %s' % username)
common.setup_response(username, back, email, lastname, sshkey)
else:
logger.error('Client requests authentication without credentials.')
response.status = 401
return render('login.html', dict(back=back,
message='Authorization failed.'))
def index(self, **kwargs):
if 'back' not in kwargs:
logger.error('Client requests authentication without back url.')
abort(422)
back = kwargs['back']
if 'token' not in kwargs:
logger.error('Client requests authentication without token.')
abort(422)
token = kwargs['token']
resp = requests.get("https://api.github.com/user",
auth=requests.auth.HTTPBasicAuth(token,
'x-oauth-basic'))
data = resp.json()
login = data.get('login')
email = data.get('email')
name = data.get('name')
resp = requests.get("https://api.github.com/user/keys",
auth=requests.auth.HTTPBasicAuth(token,
'x-oauth-basic'))
ssh_keys = resp.json()
if not self.organization_allowed(token):
abort(401)
msg = 'Client %s (%s) auth with Github Personal Access token success.'
logger.info(msg % (login, email))
common.setup_response(login, back, email, name, ssh_keys)
def _json_login(self, auth_info):
auth_context = {}
auth_context['response'] = response
auth_context['back'] = auth_info.get('back', None)
if not auth_context['back']:
logger.error('Client requests authentication without back url.')
abort(422)
auth_context.update(auth_info.get('args', {}))
auth_method = auth_info.get('method', 'NO_METHOD')
try:
auth_plugin = driver.DriverManager(
namespace='cauth.authentication',
name=auth_method,
invoke_on_load=True,
invoke_args=(conf,)).driver
except (RuntimeError, base.AuthProtocolNotAvailableError) as e:
response.status = 401
msg = '"%s" is not a valid authentication method' % auth_method
logger.error(msg + ': %s' % e)
response.body = render('login.html',
dict(back=auth_context['back'],
message=msg))
return response.body
try:
logger.info('%s plugin loaded' % auth_method)
valid_user = auth_plugin.authenticate(**auth_context)
except base.UnauthenticatedError:
response.status = 401
response.body = render('login.html',
dict(back=auth_context['back'],
message='Authentication failed.'))
return response.body
if valid_user:
logger.info('%s successfully authenticated' % valid_user['login'])
common.setup_response(valid_user, auth_context['back'])
def callback(self, **kwargs):
auth_context = kwargs
auth_context['response'] = kwargs
auth_context['calling_back'] = True
try:
# Verify the state previously put in the db
state = auth_context.get('state', None)
back, _ = db.get_url(state)
if not back:
err = 'GITHUB callback called with an unknown state.'
raise base.UnauthenticatedError(err)
auth_context['back'] = back
valid_user = self.auth_plugin.authenticate(**auth_context)
except base.UnauthenticatedError as e:
response.status = 401
auth_methods = [k for k, v in conf.get('auth', {})]
return render('login.html',
dict(back=back,
message='Authorization failure: %s' % e,
auth_methods=auth_methods))
logger.info(
'%s (%s) successfully authenticated with github.'
% (valid_user['login'], valid_user['email']))
common.setup_response(valid_user,
back)
def index(self, **kwargs):
if 'back' not in kwargs:
logger.error('Client requests authentication without back url.')
abort(422)
auth_context = kwargs
auth_context['response'] = response
auth_plugin = driver.DriverManager(
namespace='cauth.authentication',
name='GithubPersonalAccessToken',
invoke_on_load=True,
invoke_args=(conf,)).driver
try:
valid_user = auth_plugin.authenticate(**auth_context)
except base.UnauthenticatedError as e:
response.status = 401
auth_methods = [k for k, v in conf.get('auth', {})]
return render('login.html',
dict(back=auth_context['back'],
message='Authorization failure: %s' % e,
auth_methods=auth_methods))
msg = '%s (%s) authenticated with Github Personal Access Token.'
logger.info(msg % (valid_user['login'],
valid_user['email']))
common.setup_response(valid_user,
auth_context['back'])
def callback(self, **kwargs):
auth_context = kwargs.copy()
auth_context['response'] = kwargs
auth_context['calling_back'] = True
try:
back = auth_context['back']
valid_user = self.auth_plugin.authenticate(**auth_context)
except base.UnauthenticatedError as e:
response.status = 401
auth_methods = [k for k, v in conf.get('auth', {})]
return render('login.html',
dict(back=back,
message='Authorization failure: %s' % e,
auth_methods=auth_methods))
logger.info(
'%s (%s) successfully authenticated with OpenID.'
% (valid_user['login'], valid_user['email']))
common.setup_response(valid_user,
back)
def callback(self, **kwargs):
if 'error' in kwargs:
logger.error('GITHUB callback called with an error (%s): %s' % (
kwargs.get('error', None),
kwargs.get('error_description', None)))
state = kwargs.get('state', None)
code = kwargs.get('code', None)
if not state or not code:
logger.error(
'GITHUB callback called without state or code as params.')
abort(400)
# Verify the state previously put in the db
back = db.get_url(state)
if not back:
logger.error('GITHUB callback called with an unknown state.')
abort(401)
token = self.get_access_token(code)
if not token:
logger.error('Unable to request a token on GITHUB.')
abort(401)
resp = requests.get("https://api.github.com/user",
headers={'Authorization': 'token ' + token})
data = resp.json()
login = data.get('login')
email = data.get('email')
name = data.get('name')
resp = requests.get("https://api.github.com/users/%s/keys" % login,
headers={'Authorization': 'token ' + token})
ssh_keys = resp.json()
if not self.organization_allowed(token):
abort(401)
logger.info(
'Client (username: %s, email: %s) auth on GITHUB success.'
% (login, email))
common.setup_response(login, back, email, name, ssh_keys)
def callback(self, **kwargs):
auth_context = kwargs
auth_context['response'] = kwargs
auth_context['calling_back'] = True
try:
state = auth_context.get('state', None)
back, provider = db.get_url(state)
if not back or provider != "openid_connect":
err = 'OpenID Connect callback with forged state, discarding'
logger.debug(err)
raise base.UnauthenticatedError(err)
auth_context['back'] = back
valid_user = self.auth_plugin.authenticate(**auth_context)
except base.UnauthenticatedError as e:
response.status = 401
auth_methods = [k for k, v in conf.get('auth', {})]
return render('login.html',
dict(back=back,
message='Authorization failure: %s' % e,
auth_methods=auth_methods))
logger.info(
'%s (%s) successfully authenticated with OpenIDConnect.'
% (valid_user['login'], valid_user['email']))
common.setup_response(valid_user, back)
