def o_callback_authorize(request):
logger.info(request.__dict__)
if 'code' not in request.GET:
logger.info(request.__dict__)
#TODO - Maybe: Redirect into a login
return HttpResponse("")
oauth_client = get_cas_oauth_client()
oauth_code = request.GET['code']
#Exchange code for ticket
access_token, expiry_date = oauth_client.get_access_token(oauth_code)
if not access_token:
logger.info(
"The Code %s is invalid/expired. Attempting another login." %
oauth_code)
return o_login_redirect(request)
#Exchange token for profile
user_profile = oauth_client.get_profile(access_token)
if not user_profile or "id" not in user_profile:
logger.error("AccessToken is producing an INVALID profile!"
" Check the CAS server and caslib.py for more"
" information.")
#NOTE: Make sure this redirects the user OUT of the loop!
return login(request)
#ASSERT: A valid OAuth token gave us the Users Profile.
# Now create an AuthToken and return it
username = user_profile["id"]
auth_token = obtainOAuthToken(username, access_token, expiry_date)
#Set the username to the user to be emulated
#to whom the token also belongs
request.session['username'] = username
request.session['token'] = auth_token.key
logger.info("Returning user - %s - to application " % username)
logger.info(request.session.__dict__)
logger.info(request.user)
return HttpResponseRedirect(settings.REDIRECT_URL + "/application/")
def o_callback_authorize(request):
logger.info(request.__dict__)
if 'code' not in request.GET:
logger.info(request.__dict__)
#TODO - Maybe: Redirect into a login
return HttpResponse("")
oauth_client = get_cas_oauth_client()
oauth_code = request.GET['code']
#Exchange code for ticket
access_token, expiry_date = oauth_client.get_access_token(oauth_code)
if not access_token:
logger.info("The Code %s is invalid/expired. Attempting another login."
% oauth_code)
return o_login_redirect(request)
#Exchange token for profile
user_profile = oauth_client.get_profile(access_token)
if not user_profile or "id" not in user_profile:
logger.error("AccessToken is producing an INVALID profile!"
" Check the CAS server and caslib.py for more"
" information.")
#NOTE: Make sure this redirects the user OUT of the loop!
return login(request)
#ASSERT: A valid OAuth token gave us the Users Profile.
# Now create an AuthToken and return it
username = user_profile["id"]
auth_token = obtainOAuthToken(username, access_token, expiry_date)
#Set the username to the user to be emulated
#to whom the token also belongs
request.session['username'] = username
request.session['token'] = auth_token.key
logger.info("Returning user - %s - to application "
% username)
logger.info(request.session.__dict__)
logger.info(request.user)
return HttpResponseRedirect(settings.REDIRECT_URL+"/application/")
def validate_oauth_token(token, request=None):
"""
Validates the token attached to the request (SessionStorage, GET/POST)
On every request, ask OAuth to authorize the token
"""
#Authorization test
user_profile = cas_profile_for_token(token)
if not user_profile:
return False
username = user_profile.get("id")
attrs = user_profile.get("attributes")
if not username or not attrs:
logger.info("Invalid Profile:%s does not have username/attributes"
% user_profile)
return False
#TEST 1 : Must be in the group 'atmo-user'
#NOTE: Test 1 will be IGNORED until we can verify it returns 'entitlement'
# EVERY TIME!
#if not cas_profile_contains(attrs, 'atmo-user'):
# raise Unauthorized("User %s is not a member of group 'atmo-user'"
# % username)
#TODO: TEST 2 : Must have an identity (?)
if not AtmosphereUser.objects.filter(username=username):
raise Unauthorized("User %s does not exist as an AtmosphereUser"
% username)
auth_token = obtainOAuthToken(username, token)
#logger.info("OAuthToken Obtained for %s:%s" % (username, auth_token))
if not auth_token:
return False
return True
def validate_oauth_token(token, request=None):
"""
Validates the token attached to the request (SessionStorage, GET/POST)
On every request, ask OAuth to authorize the token
"""
# Attempt to contact CAS
try:
user_profile = cas_profile_for_token(token)
except ConnectionError:
logger.exception("CAS could not be reached!")
user_profile = None
if not user_profile:
return False
username = user_profile.get("id")
attrs = user_profile.get("attributes")
if not username or not attrs:
# logger.info("Invalid Profile:%s does not have username/attributes"
# % user_profile)
return False
# NOTE: REMOVE this when it is no longer true!
# Force any username lookup to be in lowercase
if not username:
return None
username = username.lower()
# TEST 1 : Must be in the group 'atmo-user'
# NOTE: Test 1 will be IGNORED until we can verify it returns 'entitlement'
# EVERY TIME!
# raise Unauthorized("User %s is not a member of group 'atmo-user'"
# % username)
# TODO: TEST 2 : Must have an identity (?)
if not AtmosphereUser.objects.filter(username=username):
raise Unauthorized("User %s does not exist as an AtmosphereUser"
% username)
auth_token = obtainOAuthToken(username, token)
if not auth_token:
return False
return True
