def rpt_endpoint_(self, entity, client_id, **kwargs): """ Registers an Authorization Description :param entity: Who's on the other side :param client_id: The UMA client :return: A Response instance """ adr = AuthorizationDataRequest().from_json(kwargs["request"]) # Get request permission that the resource server has registered try: prr_list = self.permission_requests.get_request(adr["ticket"]) except KeyError: errmsg = ErrorResponse(error="invalid_ticket") return BadRequest(errmsg.to_json(), content="application/json") self.permission_requests.del_request(adr["ticket"]) try: _rpt = adr["rpt"] except KeyError: _rpt = rndstr(32) for prr in prr_list: _rsid = prr["resource_set_id"] # Verify that the scopes are defined for the resource set owner = self.resource_set.rsid2oid[_rsid] rsd = self.resource_set.read(owner, _rsid) for scope in prr["scopes"]: try: assert scope in rsd["scopes"] except AssertionError: errmsg = ErrorResponse(error="not_authorized", error_description="Undefined scopes") return BadRequest(errmsg.to_json(), content="application/json") # Is there any permissions registered by the owner, if so verify # that it allows what is requested. Return what is allowed ! try: allow_scopes, timestamp = self.permit.get_permit(owner, entity, _rsid) except KeyError: # errmsg = ErrorResponse(error="not_authorized", error_description="No permission given") return BadRequest(errmsg.to_json(), content="application/json") else: _scopes = [] for scope in prr["scopes"]: try: assert scope in allow_scopes except AssertionError: pass else: _scopes.append(scope) # bind _requester to specific RPT for this user try: self.eid2rpt[owner][entity] = _rpt except KeyError: self.eid2rpt[owner] = {entity: _rpt} self.register_permission(owner, _rpt, _rsid, _scopes) rsp = AuthorizationDataResponse(rpt=_rpt) return Response(rsp.to_json())
def rpt_endpoint_(self, entity, client_id, **kwargs): """ Registers an Authorization Description :param entity: Who's on the other side :param client_id: The UMA client :return: A Response instance """ adr = AuthorizationDataRequest().from_json(kwargs["request"]) # Get request permission that the resource server has registered try: prr_list = self.permission_requests.get_request(adr["ticket"]) except KeyError: errmsg = ErrorResponse(error="invalid_ticket") return BadRequest(errmsg.to_json(), content="application/json") self.permission_requests.del_request(adr["ticket"]) try: _rpt = adr["rpt"] except KeyError: _rpt = rndstr(32) for prr in prr_list: _rsid = prr["resource_set_id"] # Verify that the scopes are defined for the resource set owner = self.resource_set.rsid2oid[_rsid] rsd = self.resource_set.read(owner, _rsid) for scope in prr["scopes"]: try: assert scope in rsd["scopes"] except AssertionError: errmsg = ErrorResponse( error="not_authorized", error_description="Undefined scopes") return BadRequest(errmsg.to_json(), content="application/json") # Is there any permissions registered by the owner, if so verify # that it allows what is requested. Return what is allowed ! try: allow_scopes, timestamp = self.permit.get_permit( owner, entity, _rsid) except KeyError: # errmsg = ErrorResponse(error="not_authorized", error_description="No permission given") return BadRequest(errmsg.to_json(), content="application/json") else: _scopes = [] for scope in prr["scopes"]: try: assert scope in allow_scopes except AssertionError: pass else: _scopes.append(scope) # bind _requester to specific RPT for this user try: self.eid2rpt[owner][entity] = _rpt except KeyError: self.eid2rpt[owner] = {entity: _rpt} self.register_permission(owner, _rpt, _rsid, _scopes) rsp = AuthorizationDataResponse(rpt=_rpt) return Response(rsp.to_json())
def resource_set_registration_endpoint_(self, entity, path, method, client_id, body="", if_match="", **kwargs): """ The endpoint at which the resource server handles resource sets descriptions. :param entity: The entity that controls the resource set :param path: :param method: HTTP method :param body: The resource set registration message :paran client_id: Which client I'm talking to :param if_match: The HTTP If-Match header if any :param kwargs: possible other arguments :returns: A Response instance """ # path should be /resource_set/{rsid} or /resource_set # Path may or may not start with '/' if path.startswith("/"): assert path[1:].startswith(RSR_PATH) rsid = path[PLEN + 1 :] else: assert path.startswith(RSR_PATH) rsid = path[PLEN:] if rsid.startswith("/"): rsid = rsid[1:] _user = safe_name(entity, client_id) logger.debug("handling resource set belonging to '%s'" % _user) # self.resource_set.set_collection(_user) if method == "POST": # create args = {"oid": _user, "data": body} func = self.resource_set.create elif method == "PUT": # update args = { "oid": _user, "data": body, "rsid": rsid, # "if_match": if_match } func = self.resource_set.update elif method == "GET": args = {"oid": _user} if not rsid: # List func = self.resource_set.list else: # Read func = self.resource_set.read args["rsid"] = rsid elif method == "DELETE": args = {"rsid": rsid, "oid": _user} func = self.resource_set.delete else: return BadRequest("Message error") logger.debug("operation: %s" % func) logger.debug("operation args: %s" % (args,)) try: body = func(**args) except MessageException as err: _err = ErrorResponse(error="invalid_request", error_description=str(err)) response = BadRequest(_err.to_json(), content="application/json") except UnknownObject: _err = ErrorResponse(error="not_found") response = NotFound(_err.to_json(), content="application/json") else: response = None if isinstance(body, ErrorResponse): pass else: if func == self.resource_set.delete: # As a side effect all permissions assigned that references # this resource set should be deleted self.permit.delete_permit_by_resource_id(entity, rsid) response = NoContent() elif func == self.resource_set.create: _etag = self.resource_set.etag[body["_id"]] response = Created( body.to_json(), content="application/json", headers=[("ETag", _etag), ("Location", "/{}/{}".format(RSR_PATH, body["_id"]))], ) elif func == self.resource_set.update: _etag = self.resource_set.etag[body["_id"]] response = NoContent(content="application/json", headers=[("ETag", _etag)]) elif func == self.resource_set.list: response = Response(json.dumps(body)) if not response: response = Response(body.to_json(), content="application/json") return response
def resource_set_registration_endpoint_(self, entity, path, method, client_id, body="", if_match="", **kwargs): """ The endpoint at which the resource server handles resource sets descriptions. :param entity: The entity that controls the resource set :param path: :param method: HTTP method :param body: The resource set registration message :paran client_id: Which client I'm talking to :param if_match: The HTTP If-Match header if any :param kwargs: possible other arguments :returns: A Response instance """ # path should be /resource_set/{rsid} or /resource_set # Path may or may not start with '/' if path.startswith("/"): assert path[1:].startswith(RSR_PATH) rsid = path[PLEN + 1:] else: assert path.startswith(RSR_PATH) rsid = path[PLEN:] if rsid.startswith("/"): rsid = rsid[1:] _user = safe_name(entity, client_id) logger.debug("handling resource set belonging to '%s'" % _user) # self.resource_set.set_collection(_user) if method == "POST": # create args = {"oid": _user, "data": body} func = self.resource_set.create elif method == "PUT": # update args = { "oid": _user, "data": body, "rsid": rsid, # "if_match": if_match } func = self.resource_set.update elif method == "GET": args = {"oid": _user} if not rsid: # List func = self.resource_set.list else: # Read func = self.resource_set.read args["rsid"] = rsid elif method == "DELETE": args = {"rsid": rsid, "oid": _user} func = self.resource_set.delete else: return BadRequest("Message error") logger.debug("operation: %s" % func) logger.debug("operation args: %s" % (args, )) try: body = func(**args) except MessageException as err: _err = ErrorResponse(error="invalid_request", error_description=str(err)) response = BadRequest(_err.to_json(), content="application/json") except UnknownObject: _err = ErrorResponse(error="not_found") response = NotFound(_err.to_json(), content="application/json") else: response = None if isinstance(body, ErrorResponse): pass else: if func == self.resource_set.delete: # As a side effect all permissions assigned that references # this resource set should be deleted self.permit.delete_permit_by_resource_id(entity, rsid) response = NoContent() elif func == self.resource_set.create: _etag = self.resource_set.etag[body["_id"]] response = Created(body.to_json(), content="application/json", headers=[("ETag", _etag), ("Location", "/{}/{}".format( RSR_PATH, body["_id"]))]) elif func == self.resource_set.update: _etag = self.resource_set.etag[body["_id"]] response = NoContent(content="application/json", headers=[("ETag", _etag)]) elif func == self.resource_set.list: response = Response(json.dumps(body)) if not response: response = Response(body.to_json(), content="application/json") return response