Exemplo n.º 1
0
    def test01_create_cookie(self):
        secret = os.urandom(32)

        cookie = SecureCookie(secret, 'pjk', '127.0.0.1')
        cookie_val = cookie.cookie_value()

        log.info('Cookie value: %r', cookie_val)
Exemplo n.º 2
0
 def test01_create_cookie(self):
     secret = os.urandom(32)
     
     cookie = SecureCookie(secret, 'pjk', '127.0.0.1')
     cookie_val = cookie.cookie_value()
     
     log.info('Cookie value: %r', cookie_val)
Exemplo n.º 3
0
def thredds(request):
    encoded_secret_key = settings.ESGF_SECRET_KEY
    return_query_name = settings.ESGF_RETURN_QUERY_NAME
    session_cookie_name = settings.ESGF_SESSION_COOKIE_NAME

    if request.is_secure():
        scheme = 'https'
    else:
        scheme = 'http'
    authenticate_url = '{}://{}{}'.format(scheme, request.get_host(),
                                          reverse('home'))
    redirect = '{}://{}{}{}'.format(
        scheme, request.get_host(), reverse('thredds'),
        'fileServer/cmip5_css02_data/cmip5/output1/CMCC/CMCC-CM/historical/day/atmos/day/r1i1p1/clt/1/clt_day_CMCC-CM_historical_r1i1p1_20050101-20051231.nc'
    )

    session_cookie = request.COOKIES.get(session_cookie_name)
    cookie = None
    if session_cookie:
        secret_key = encoded_secret_key.decode('base64')
        cookie = SecureCookie.parse_ticket(secret_key, session_cookie, None,
                                           None)

    return render(
        request, 'auth/thredds.j2', {
            'authenticate_url': authenticate_url,
            'return_query_name': return_query_name,
            'encoded_secret_key': encoded_secret_key,
            'quoted_encoded_secret_key': quote(encoded_secret_key),
            'session_cookie_name': session_cookie_name,
            'redirect': redirect,
            'session_cookie': session_cookie,
            'decrypted_session_cookie': cookie
        })
Exemplo n.º 4
0
def check_cookie():
    key = 'yUGFos3E/MbDiN4q1YjjTE/gmO7SLxeetAxxAgPUaB0='
    key = key.decode('base64')
    cookie_value = 'c39193baf69307eb13967af1c6a3e9fdbbf4b468eefdb0a543ba2a28aaa74ae4f452e8482dd4b7bf465013369f92decd-8d98649db5e1ef67e287474442645cb6-25e8ec8bd024ae0dd56078403fe099e4d9e948bdf51661d848fee5e8cdb0afc1'

    cookie = SecureCookie.parse_ticket(key, cookie_value, None, None)
    print(cookie)
Exemplo n.º 5
0
    def test02_check_cookie(self):
        secret = os.urandom(32)

        cookie = SecureCookie(secret, 'pjk', '127.0.0.1')
        cookie_val = cookie.cookie_value()

        session = {
            'authkit.cookie.user': None,
            'authkit.cookie.user_data': None
        }

        ticket = SecureCookie.parse_ticket(secret, cookie_val, '127.0.0.1',
                                           session)

        self.assertEqual('pjk', ticket[1], 'Error parsing user id')

        log.info('ticket: %r', ticket)
Exemplo n.º 6
0
    def test02_check_cookie(self):
        secret = os.urandom(32)
        
        cookie = SecureCookie(secret, 'pjk', '127.0.0.1')
        cookie_val = cookie.cookie_value()

        session = {
            'authkit.cookie.user': None,
            'authkit.cookie.user_data': None
        }
        
        ticket = SecureCookie.parse_ticket(secret, cookie_val, '127.0.0.1', 
                                           session)
        
        self.assertEqual('pjk', ticket[1], 'Error parsing user id')
        
        log.info('ticket: %r', ticket)
Exemplo n.º 7
0
    def _parse_cookie_value(self, cookie_value):
        """ Parses user information from an encrypted cookie """

        shared_secret = codecs.decode(settings.SECURITY_SHAREDSECRET.encode(),
                                      "base64")
        try:
            parsed_cookie_items = SecureCookie.parse_ticket(
                shared_secret, cookie_value, None, None)
            username = parsed_cookie_items[self.USERNAME_INDEX]

            return {
                "username": username,
                "groups": [],
            }

        except BadTicket as e:
            LOG.warning("Error decoding cookie.")
            raise CookieParsingError(e)
        except VerificationError as e:
            LOG.warning("Cookie signature verification error.")
            raise CookieParsingError(e)
        except IndexError as e:
            LOG.warning("Index not in cookie.")
            raise CookieParsingError(e)
Exemplo n.º 8
0
def home(request):
    if request.method == 'GET':
        '''
        requested directly or
        redirected from THREDDS/authentication filter or
        redirected from OpenID/OAuth2 server or
        '''
        if request.user.is_authenticated():
            social = None
            try:
                social = request.user.social_auth.get(provider='esgf')
            except Exception:
                pass

            try:
                social = request.user.social_auth.get(provider='esgf-openid')
            except Exception:
                pass

            log.info('User {} successfully authenticated'.format(social.uid))

            redirect_url = request.GET.get('redirect',
                                           request.session.get('redirect'))

            if not redirect_url:
                '''
                not redirected from THREDDS/authentication filter
                '''
                return render(request, 'auth/home.j2',
                              {'openid_identifier': social.uid})
            '''
            redirected from OpenID/OAuth2 server or
            redirected from THREDD/authentication filter
            '''
            # create a session cookie
            encoded_secret_key = settings.ESGF_SECRET_KEY
            session_cookie_name = settings.ESGF_SESSION_COOKIE_NAME
            secret_key = encoded_secret_key.decode('base64')
            secure_cookie = SecureCookie(secret_key, social.uid, '127.0.0.1',
                                         (), '')

            # redirect back to THREDDS
            response = redirect(redirect_url)
            response.set_cookie(session_cookie_name,
                                secure_cookie.cookie_value())
            return response

        else:
            '''
            requested directly or
            redirected from THREDDS/authentication filter
            '''
            redirect_url = request.GET.get('redirect')
            '''
            Save 'redirect' param passed in the redirection by the THREDDS 
            authentication filter before starting the OAuth2 flow. After the 
            OAuth2 flow is completed, the param will be needed to create a 
            redirection back to THREDDS.
            '''
            request.session['redirect'] = redirect_url

            return render(request, 'auth/home.j2', {'redirect': redirect_url})

    # request.method == 'POST'
    openid_identifier = request.POST.get('openid_identifier')
    request.session['openid_identifier'] = openid_identifier
    protocol = discover(openid_identifier)
    if protocol:
        request.session['next'] = request.path
        credential = get_oauth2_cred(openid_identifier)
        if protocol == 'OAuth2' and credential:
            '''
            It may create a race condition.  When two users authenticate at the
            same moment  through different OAuth2 servers, KEY and SECRET may
            be set for a wrong server. It will be better to set KEY and SECRET
            directly on a strategy object.
            '''
            settings.SOCIAL_AUTH_ESGF_KEY = credential['key']
            settings.SOCIAL_AUTH_ESGF_SECRET = credential['secret']
            return redirect(reverse('social:begin', args=['esgf']))
        elif protocol == 'OpenID':
            return redirect(reverse('social:begin', args=['esgf-openid']))
    else:
        log.error('Could not discover authentication service for {}'.format(
            openid_identifier))
        redirect_url = request.session.get('redirect')
        return render(
            request, 'auth/home.j2', {
                'redirect': redirect_url,
                'message': 'No OpenID/OAuth2/OIDC service discovered'
            })
Exemplo n.º 9
0
def create_cookie(key, value, ip, tokens=(), user_data=''):
    return SecureCookie(key, value, ip, tokens, user_data)