예제 #1
0
def create_user_token_from_globus_profile(profile, access_token):
    """
    Use this method on your Resource Provider (Like Atmosphere)
    to exchange a profile (that was retrieved via a tokeninfo endpoint)
    for a UserToken that can then be internally validated in an 'authorize' authBackend step..
    """

    logger.info(profile)
    expiry = profile['exp'] # This is an 'epoch-int'
    expiry = _extract_expiry_date(expiry)
    issued_at = profile['iat']
    raw_username = profile['username']  # username@login_auth.com
    raw_name = profile['name']
    email = profile['email']
    username = _extract_user_from_email(raw_username)
    first_name, last_name = _extract_first_last_name(raw_name)
    profile_dict = {
        'username':username,
        'firstName':first_name,
        'lastName':last_name,
        'email': email,
    }
    user = get_or_create_user(username, profile_dict)
    user_token = create_token(user.username, access_token, expiry)
    return user_token
예제 #2
0
    def get(self, request, username):
        """
        Create a new token in the database on behalf of 'username'
        Returns success 201 Created - Body is JSON and contains
        """
        params = request.data
        user = request.user
        if not username:
            return Response("Username was not provided",
                            status=status.HTTP_400_BAD_REQUEST)
        if user.username is not 'admin' and not user.is_superuser:
            logger.error("URGENT! User: %s is attempting to emulate a user!"
                         % user.username)
            return Response("Only admin and superusers can emulate accounts. "
                            "This offense has been reported",
                            status=status.HTTP_401_UNAUTHORIZED)
        if not AtmosphereUser.objects.filter(username=username):
            return Response("Username %s does not exist as an AtmosphereUser"
                            % username, status=status.HTTP_404_NOT_FOUND)

        # User is authenticated, username exists. Make a token for them.
        token = create_token(username, issuer="DRF-EmulatedUser")
        expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME
        auth_json = {
            # Extra data passed only on emulation..
            "emulator": request.user.username,
            # Normal token data..
            "token": token.key,
            "username": token.user.username,
            "expires": expireTime.strftime("%b %d, %Y %H:%M:%S")
        }
        return Response(auth_json, status=status.HTTP_201_CREATED)
예제 #3
0
    def get(self, request, username):
        """
        Create a new token in the database on behalf of 'username'
        Returns success 201 Created - Body is JSON and contains
        """
        params = request.data
        user = request.user
        if not username:
            return Response("Username was not provided",
                            status=status.HTTP_400_BAD_REQUEST)
        if user.username is not 'admin' and not user.is_superuser:
            logger.error("URGENT! User: %s is attempting to emulate a user!" %
                         user.username)
            return Response(
                "Only admin and superusers can emulate accounts. "
                "This offense has been reported",
                status=status.HTTP_401_UNAUTHORIZED)
        if not AtmosphereUser.objects.filter(username=username):
            return Response("Username %s does not exist as an AtmosphereUser" %
                            username,
                            status=status.HTTP_404_NOT_FOUND)

        # User is authenticated, username exists. Make a token for them.
        token = create_token(username, issuer="DRF-EmulatedUser")
        expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME
        auth_json = {
            # Extra data passed only on emulation..
            "emulator": request.user.username,
            # Normal token data..
            "token": token.key,
            "username": token.user.username,
            "expires": expireTime.strftime("%b %d, %Y %H:%M:%S")
        }
        return Response(auth_json, status=status.HTTP_201_CREATED)
예제 #4
0
 def create_token_from_jwt(self, jwt_assertion):
     """
     This method point represents the 'entry point'
     """
     decoded_assertion = self.decode_assertion(jwt_assertion)
     user, expiration = self.validate_assertion(decoded_assertion)
     auth_token = create_token(user.username, expiration)
     return auth_token
예제 #5
0
 def _token_for_username(self, username):
     token = create_token(username, issuer="DRF")
     expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME
     auth_json = {
         "token": token.key,
         "username": token.user.username,
         "expires": expireTime.strftime("%b %d, %Y %H:%M:%S"),
     }
     return Response(auth_json, status=status.HTTP_201_CREATED)
예제 #6
0
파일: auth.py 프로젝트: nfaction/atmosphere
 def _token_for_username(self, username):
     token = create_token(username, issuer="DRF")
     expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME
     auth_json = {
         'token': token.key,
         'username': token.user.username,
         'expires': expireTime.strftime("%b %d, %Y %H:%M:%S")
     }
     return Response(auth_json, status=status.HTTP_201_CREATED)
예제 #7
0
 def get(self, request):
     user = request.user
     if not user.is_authenticated():
         return Response(
             "Logged-in User or POST required " "to retrieve AuthToken", status=status.HTTP_403_FORBIDDEN
         )
     token = lookupSessionToken(request)
     if not token:
         token = create_token(user.username)
     serialized_data = TokenSerializer(token).data
     return Response(serialized_data, status=status.HTTP_200_OK)
예제 #8
0
파일: auth.py 프로젝트: nfaction/atmosphere
 def get(self, request):
     user = request.user
     if not user.is_authenticated():
         return Response("Logged-in User or POST required "
                         "to retrieve AuthToken",
                         status=status.HTTP_403_FORBIDDEN)
     token = lookupSessionToken(request)
     if not token:
         token = create_token(user.username)
     serialized_data = TokenSerializer(token).data
     return Response(serialized_data, status=status.HTTP_200_OK)
예제 #9
0
 def retrieve(self, *args, **kwargs):
     user = self.request.user
     # data = self.request.data
     username = kwargs.get('username')
     expireDate = timezone.now() + secrets.TOKEN_EXPIRY_TIME
     new_token = create_token(
             username,
             token_key='EMULATED-'+str(uuid4()),
             remote_ip=request.META['REMOTE_ADDR'],
             token_expire=expireDate,
             issuer="DRF-EmulatedToken-%s" % user.username)
     serialized_data = TokenSerializer(new_token, context={'request':self.request}).data
     return Response(serialized_data, status=status.HTTP_201_CREATED)
예제 #10
0
 def retrieve(self, *args, **kwargs):
     user = self.request.user
     # data = self.request.data
     username = kwargs.get('username')
     expireDate = timezone.now() + secrets.TOKEN_EXPIRY_TIME
     new_token = create_token(username,
                              token_key='EMULATED-' + str(uuid4()),
                              remote_ip=request.META['REMOTE_ADDR'],
                              token_expire=expireDate,
                              issuer="DRF-EmulatedToken-%s" % user.username)
     serialized_data = TokenSerializer(new_token,
                                       context={
                                           'request': self.request
                                       }).data
     return Response(serialized_data, status=status.HTTP_201_CREATED)
예제 #11
0
def emulate_session(request, username=None):
    try:
        logger.info("Emulate attempt: %s wants to be %s"
                    % (request.user, username))
        logger.info(request.session.__dict__)
        if not username and 'emulated_by' in request.session:
            logger.info("Clearing emulation attributes from user")
            request.session['username'] = request.session['emulated_by']
            del request.session['emulated_by']
            # Allow user to fall through on line below

        try:
            user = AtmosphereUser.objects.get(username=username)
        except AtmosphereUser.DoesNotExist:
            logger.info("Emulate attempt failed. User <%s> does not exist"
                        % username)
            return HttpResponseRedirect(
                settings.REDIRECT_URL +
                "/api/v2")

        logger.info("Emulate success, creating tokens for %s" % username)
        expireDate = timezone.now() + secrets.TOKEN_EXPIRY_TIME
        token = create_token(
            username,
            token_key='EMULATED-'+str(uuid4()),
            token_expire=expireDate,
            remote_ip=request.META['REMOTE_ADDR'],
            issuer="DRF-EmulatedSession-%s" % user.username)
        token.save()
        # Keep original emulator if it exists, or use the last known username
        original_emulator = request.session.get(
            'emulated_by', request.session['username'])
        request.session['emulated_by'] = original_emulator
        # Set the username to the user to be emulated
        # to whom the token also belongs
        request.session['username'] = username
        request.session['token'] = token.key
        logger.info("Returning emulated user - %s - to api root "
                    % username)
        logger.info(request.session.__dict__)
        logger.info(request.user)
        serialized_data = TokenSerializer(token, context={'request': request}).data
        return Response(serialized_data, status=status.HTTP_201_CREATED)
    except Exception as e:
        logger.warn("Emulate request failed")
        logger.exception(e)
        return HttpResponseRedirect(settings.REDIRECT_URL + "/api/v2")
예제 #12
0
def emulate_session(request, username=None):
    try:
        logger.info("Emulate attempt: %s wants to be %s" %
                    (request.user, username))
        logger.info(request.session.__dict__)
        if not username and 'emulated_by' in request.session:
            logger.info("Clearing emulation attributes from user")
            request.session['username'] = request.session['emulated_by']
            del request.session['emulated_by']
            # Allow user to fall through on line below

        try:
            user = AtmosphereUser.objects.get(username=username)
        except AtmosphereUser.DoesNotExist:
            logger.info("Emulate attempt failed. User <%s> does not exist" %
                        username)
            return HttpResponseRedirect(settings.REDIRECT_URL + "/api/v2")

        logger.info("Emulate success, creating tokens for %s" % username)
        expireDate = timezone.now() + secrets.TOKEN_EXPIRY_TIME
        token = create_token(username,
                             token_key='EMULATED-' + str(uuid4()),
                             token_expire=expireDate,
                             remote_ip=request.META['REMOTE_ADDR'],
                             issuer="DRF-EmulatedSession-%s" % user.username)
        token.save()
        # Keep original emulator if it exists, or use the last known username
        original_emulator = request.session.get('emulated_by',
                                                request.session['username'])
        request.session['emulated_by'] = original_emulator
        # Set the username to the user to be emulated
        # to whom the token also belongs
        request.session['username'] = username
        request.session['token'] = token.key
        logger.info("Returning emulated user - %s - to api root " % username)
        logger.info(request.session.__dict__)
        logger.info(request.user)
        serialized_data = TokenSerializer(token, context={
            'request': request
        }).data
        return Response(serialized_data, status=status.HTTP_201_CREATED)
    except Exception as e:
        logger.warn("Emulate request failed")
        logger.exception(e)
        return HttpResponseRedirect(settings.REDIRECT_URL + "/api/v2")
예제 #13
0
def globus_validate_code(request):
    """
    This flow is used to create a new Token on behalf of a Service Client
    (Like Troposphere)
    Validates 'code' returned from the IdP
    If valid: Return new AuthToken to be passed to the Resource Provider.
        else: Return None
    """
    code = request.GET['code']
    if not code:
        #raise Exception("NO Code found!")
        return None
    if type(code) == list:
        code = code[0]
    flow = globus_initFlow()
    try:
        credentials = flow.step2_exchange(code)
        logger.info(credentials.__dict__)
    except OAuthError as err:
        logger.exception("Error exchanging code w/ globus")
        return None
    # Parsing
    token_profile = credentials.id_token
    user_access_token = credentials.access_token
    expiry_date = credentials.token_expiry
    raw_username = token_profile['preferred_username']
    email = token_profile['email']
    username = _extract_user_from_email(raw_username)
    if not username:
        logger.info("User %s is not part of the 'valid mapping' and will be skipped!" % raw_username)
        return None
    full_name = token_profile['name']
    issuer = token_profile['iss']
    # Creation
    first_name, last_name = _extract_first_last_name(full_name)
    user_profile = {
        'username':username,
        'firstName':first_name,
        'lastName':last_name,
        'email': email,
    }
    user = get_or_create_user(username, user_profile)
    auth_token = create_token(username, user_access_token, expiry_date, issuer)
    return auth_token