def post(self, request): data = {'status': 'ok'} try: req = json.loads(request.body.decode('utf-8')) except: bad_request = json.dumps({"error": "bad_request"}) return HttpResponseBadRequest(bad_request, content_type='application/json') if 'permission' not in req or 'object_type' not in req: jsondata = json.dumps(data) return HttpResponse(jsondata, status=400, content_type='application/json') object_type = req['object_type'] perm = req['permission'] obj_id = req.get('object_id', 0) if not request.user.is_superuser and\ not request.user.userdata.has_perms(object_type, perm, obj_id): jsondata = json.dumps(data) return HttpResponse(jsondata, status=400, content_type='application/json') msg = ':'.join((request.user.username, object_type, str(obj_id), perm)) data['permission-token'] = genhmac(settings.SHARED_SECRET, msg) jsondata = json.dumps(data) return HttpResponse(jsondata, content_type='application/json')
def post(self, request): data = {'status': 'ok'} try: req = parse_json_request(request) except: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) if 'permission' not in req or 'object_type' not in req: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) object_type = req['object_type'] perm = req['permission'] obj_id = req.get('object_id', 0) if not request.user.is_superuser and\ not request.user.userdata.has_perms(object_type, perm, obj_id): return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) msg = ':'.join((request.user.username, object_type, str(obj_id), perm)) data['permission-token'] = genhmac(settings.SHARED_SECRET, msg) return json_response(data)
def authenticate(self, ae, request): d = {'status': 'ok'} req = json.loads(request.body.decode('utf-8')) email = req.get('email', '') pwd = req.get('password', '') try: u = User.objects.get(email=email, userdata__event=ae, is_active=True) except: return self.authenticate_error() if not u.check_password(pwd): return self.authenticate_error() if (ae.num_successful_logins_allowed > 0 and u.userdata.successful_logins.filter(is_active=True).count() >= ae.num_successful_logins_allowed): return self.authenticate_error() d['username'] = u.username d['auth-token'] = genhmac(settings.SHARED_SECRET, u.username) # add redirection auth_action = ae.auth_method_config['config']['authentication-action'] if auth_action['mode'] == 'go-to-url': data['redirect-to-url'] = auth_action['mode-config']['url'] return d
def authenticate(self, ae, request): req = json.loads(request.body.decode('utf-8')) msg = '' if req.get('tlf'): req['tlf'] = get_cannonical_tlf(req.get('tlf')) tlf = req.get('tlf') if isinstance(tlf, str): tlf = tlf.strip() msg += check_field_type(self.tlf_definition, tlf, 'authenticate') msg += check_field_value(self.tlf_definition, tlf, 'authenticate') msg += check_field_type(self.code_definition, req.get('code'), 'authenticate') msg += check_field_value(self.code_definition, req.get('code'), 'authenticate') msg += check_fields_in_request(req, ae, 'authenticate') if msg: return self.error("Incorrect data", error_codename="invalid_credentials") try: u = User.objects.get(userdata__tlf=tlf, userdata__event=ae, is_active=True) except: return self.error("Incorrect data", error_codename="invalid_credentials") code = Code.objects.filter( user=u.userdata, code=req.get('code').upper()).order_by('-created').first() if not code: return self.error("Incorrect data", error_codename="invalid_credentials") msg = check_pipeline(request, ae, 'authenticate') if msg: return self.error("Incorrect data", error_codename="invalid_credentials") msg = check_metadata(req, u) if msg: return self.error("Incorrect data", error_codename="invalid_credentials") u.save() data = {'status': 'ok'} data['username'] = u.username data['auth-token'] = genhmac(settings.SHARED_SECRET, u.username) # add redirection auth_action = ae.auth_method_config['config']['authentication-action'] if auth_action['mode'] == 'go-to-url': data['redirect-to-url'] = auth_action['mode-config']['url'] return data
def get(self, request, pk): u = get_login_user(request) data = {'status': 'ok', 'logged': False} if u: data['logged'] = True data['auth-token'] = genhmac(settings.SHARED_SECRET, u.username) status = 200 if data['status'] == 'ok' else 400 jsondata = json.dumps(data) return HttpResponse(jsondata, status=status, content_type='application/json')
def get(self, request, pk): u, error = get_login_user(request) status = None data = {} if u and error is None: data = {'auth-token': genhmac(settings.SHARED_SECRET, u.username)} status = 200 else: data = error status = 403 return json_response(data, status=status)
def authenticate(self, ae, request): req = json.loads(request.body.decode('utf-8')) msg = '' if req.get('tlf'): req['tlf'] = get_cannonical_tlf(req.get('tlf')) tlf = req.get('tlf') if isinstance(tlf, str): tlf = tlf.strip() msg += check_field_type(self.tlf_definition, tlf, 'authenticate') msg += check_field_value(self.tlf_definition, tlf, 'authenticate') msg += check_field_type(self.code_definition, req.get('code'), 'authenticate') msg += check_field_value(self.code_definition, req.get('code'), 'authenticate') msg += check_fields_in_request(req, ae, 'authenticate') if msg: return self.error("Incorrect data", error_codename="invalid_credentials") try: u = User.objects.get(userdata__tlf=tlf, userdata__event=ae, is_active=True) except: return self.error("Incorrect data", error_codename="invalid_credentials") if (ae.num_successful_logins_allowed > 0 and u.userdata.successful_logins.filter(is_active=True).count() >= ae.num_successful_logins_allowed): return self.error("Incorrect data", error_codename="invalid_credentials") code = Code.objects.filter(user=u.userdata, code=req.get('code').upper()).order_by('-created').first() if not code: return self.error("Incorrect data", error_codename="invalid_credentials") msg = check_pipeline(request, ae, 'authenticate') if msg: return self.error("Incorrect data", error_codename="invalid_credentials") msg = check_metadata(req, u) if msg: return self.error("Incorrect data", error_codename="invalid_credentials") u.save() data = {'status': 'ok'} data['username'] = u.username data['auth-token'] = genhmac(settings.SHARED_SECRET, u.username) # add redirection auth_action = ae.auth_method_config['config']['authentication-action'] if auth_action['mode'] == 'go-to-url': data['redirect-to-url'] = auth_action['mode-config']['url'] return data
def get(self, request, pk): u, error, _ = get_login_user(request) status = None data = {} if u and error is None: data = { 'auth-token': genhmac(settings.SHARED_SECRET, u.username) } status = 200 else: data = error status = 403 return json_response(data, status=status)
def authenticate(self, ae, request): req = json.loads(request.body.decode('utf-8')) msg = '' if req.get('tlf'): req['tlf'] = get_cannonical_tlf(req.get('tlf')) tlf = req.get('tlf') if isinstance(tlf, str): tlf = tlf.strip() msg += check_field_type(self.tlf_definition, tlf, 'authenticate') msg += check_field_value(self.tlf_definition, tlf, 'authenticate') msg += check_field_type(self.code_definition, req.get('code'), 'authenticate') msg += check_field_value(self.code_definition, req.get('code'), 'authenticate') msg += check_fields_in_request(req, ae, 'authenticate') if msg: data = {'status': 'nok', 'msg': msg} return data try: u = User.objects.get(userdata__tlf=tlf, userdata__event=ae) except: return {'status': 'nok', 'msg': 'User not exist.'} code = Code.objects.filter( user=u.userdata, code=req.get('code')).order_by('created').first() if not code: return {'status': 'nok', 'msg': 'Invalid code.'} msg = check_pipeline(request, ae, 'authenticate') if msg: return msg msg = check_metadata(req, u) if msg: data = {'status': 'nok', 'msg': msg} return data u.is_active = True u.save() data = {'status': 'ok'} data['auth-token'] = genhmac(settings.SHARED_SECRET, u.username) return data
def authenticate(self, ae, request): req = json.loads(request.body.decode('utf-8')) msg = '' email = req.get('email') if isinstance(email, str): email = email.strip() msg += check_field_type(self.email_definition, email, 'authenticate') msg += check_field_value(self.email_definition, email, 'authenticate') msg += check_field_type(self.code_definition, req.get('code'), 'authenticate') msg += check_field_value(self.code_definition, req.get('code'), 'authenticate') msg += check_fields_in_request(req, ae, 'authenticate') if msg: return self.error("Incorrect data", error_codename="invalid_credentials") msg = check_pipeline(request, ae, 'authenticate') if msg: return self.error("Incorrect data", error_codename="invalid_credentials") try: u = User.objects.get(email=email, userdata__event=ae, is_active=True) except: return self.error("Incorrect data", error_codename="invalid_credentials") code = Code.objects.filter(user=u.userdata, code=req.get('code').upper()).order_by('-created').first() if not code: return self.error("Incorrect data", error_codename="invalid_credentials") msg = check_metadata(req, u) if msg: data = {'status': 'nok', 'msg': msg} return self.error("Incorrect data", error_codename="invalid_credentials") u.save() data = {'status': 'ok'} data['auth-token'] = genhmac(settings.SHARED_SECRET, u.username) # add redirection auth_action = ae.auth_method_config['config']['authentication-action'] if auth_action['mode'] == 'go-to-url': data['redirect-to-url'] = auth_action['mode-config']['url'] return data
def authenticate(self, ae, request): d = {'status': 'ok'} req = json.loads(request.body.decode('utf-8')) email = req.get('email', '') pwd = req.get('password', '') try: u = User.objects.get(email=email, userdata__event=ae, is_active=True) except: return self.authenticate_error() if not u.check_password(pwd): return self.authenticate_error() d['username'] = u.username d['auth-token'] = genhmac(settings.SHARED_SECRET, u.username) # add redirection auth_action = ae.auth_method_config['config']['authentication-action'] if auth_action['mode'] == 'go-to-url': data['redirect-to-url'] = auth_action['mode-config']['url'] return d
def authenticate(self, ae, request): d = {'status': 'ok'} req = json.loads(request.body.decode('utf-8')) msg = req.get('username', '') if not msg: msg = req.get('email', '') pwd = req['password'] try: u = User.objects.get(Q(username=msg) | Q(email=msg)) except: return self.authenticate_error() if ae != 0 and u.userdata.event != ae: return self.authenticate_error() if not u.check_password(pwd): return self.authenticate_error() d['username'] = u.username d['auth-token'] = genhmac(settings.SHARED_SECRET, u.username) return d
def post(self, request): data = {'status': 'ok'} try: req = json.loads(request.body.decode('utf-8')) except: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) if 'permission' not in req or 'object_type' not in req: return json_response(status=400, message="") object_type = req['object_type'] perm = req['permission'] obj_id = req.get('object_id', 0) if not request.user.is_superuser and\ not request.user.userdata.has_perms(object_type, perm, obj_id): return json_response(status=400, message="") msg = ':'.join((request.user.username, object_type, str(obj_id), perm)) data['permission-token'] = genhmac(settings.SHARED_SECRET, msg) return json_response(data)
def post(self, request): data = {'status': 'ok'} try: req = parse_json_request(request) except: return json_response( status=400, error_codename=ErrorCodes.BAD_REQUEST) if 'permission' not in req or 'object_type' not in req: return json_response( status=400, error_codename=ErrorCodes.BAD_REQUEST) object_type = req['object_type'] perms = req['permission'].split("|") obj_id = req.get('object_id', 0) filtered_perms = "|".join([ perm for perm in perms if ( request.user.is_superuser or request.user.userdata.has_perms(object_type, perm, obj_id) ) ]) if len(filtered_perms) == 0: return json_response( status=400, error_codename=ErrorCodes.BAD_REQUEST) msg = ':'.join((request.user.username, object_type, str(obj_id), filtered_perms)) data['permission-token'] = genhmac(settings.SHARED_SECRET, msg) return json_response(data)
def get_hmac(self): msg = ':'.join((self.user.user.username, self.object_type, str(self.object_id), self.perm)) khmac = genhmac(settings.SHARED_SECRET, msg) return khmac