def test01_create_cookie(self):
secret = os.urandom(32)
cookie = SecureCookie(secret, 'pjk', '127.0.0.1')
cookie_val = cookie.cookie_value()
log.info('Cookie value: %r', cookie_val)
def test02_check_cookie(self):
secret = os.urandom(32)
cookie = SecureCookie(secret, 'pjk', '127.0.0.1')
cookie_val = cookie.cookie_value()
session = {
'authkit.cookie.user': None,
'authkit.cookie.user_data': None
}
ticket = SecureCookie.parse_ticket(secret, cookie_val, '127.0.0.1',
session)
self.assertEqual('pjk', ticket[1], 'Error parsing user id')
log.info('ticket: %r', ticket)
def home(request):
if request.method == 'GET':
'''
requested directly or
redirected from THREDDS/authentication filter or
redirected from OpenID/OAuth2 server or
'''
if request.user.is_authenticated():
social = None
try:
social = request.user.social_auth.get(provider='esgf')
except Exception:
pass
try:
social = request.user.social_auth.get(provider='esgf-openid')
except Exception:
pass
log.info('User {} successfully authenticated'.format(social.uid))
redirect_url = request.GET.get('redirect',
request.session.get('redirect'))
if not redirect_url:
'''
not redirected from THREDDS/authentication filter
'''
return render(request, 'auth/home.j2',
{'openid_identifier': social.uid})
'''
redirected from OpenID/OAuth2 server or
redirected from THREDD/authentication filter
'''
# create a session cookie
encoded_secret_key = settings.ESGF_SECRET_KEY
session_cookie_name = settings.ESGF_SESSION_COOKIE_NAME
secret_key = encoded_secret_key.decode('base64')
secure_cookie = SecureCookie(secret_key, social.uid, '127.0.0.1',
(), '')
# redirect back to THREDDS
response = redirect(redirect_url)
response.set_cookie(session_cookie_name,
secure_cookie.cookie_value())
return response
else:
'''
requested directly or
redirected from THREDDS/authentication filter
'''
redirect_url = request.GET.get('redirect')
'''
Save 'redirect' param passed in the redirection by the THREDDS
authentication filter before starting the OAuth2 flow. After the
OAuth2 flow is completed, the param will be needed to create a
redirection back to THREDDS.
'''
request.session['redirect'] = redirect_url
return render(request, 'auth/home.j2', {'redirect': redirect_url})
# request.method == 'POST'
openid_identifier = request.POST.get('openid_identifier')
request.session['openid_identifier'] = openid_identifier
protocol = discover(openid_identifier)
if protocol:
request.session['next'] = request.path
credential = get_oauth2_cred(openid_identifier)
if protocol == 'OAuth2' and credential:
'''
It may create a race condition. When two users authenticate at the
same moment through different OAuth2 servers, KEY and SECRET may
be set for a wrong server. It will be better to set KEY and SECRET
directly on a strategy object.
'''
settings.SOCIAL_AUTH_ESGF_KEY = credential['key']
settings.SOCIAL_AUTH_ESGF_SECRET = credential['secret']
return redirect(reverse('social:begin', args=['esgf']))
elif protocol == 'OpenID':
return redirect(reverse('social:begin', args=['esgf-openid']))
else:
log.error('Could not discover authentication service for {}'.format(
openid_identifier))
redirect_url = request.session.get('redirect')
return render(
request, 'auth/home.j2', {
'redirect': redirect_url,
'message': 'No OpenID/OAuth2/OIDC service discovered'
})
def create_cookie(key, value, ip, tokens=(), user_data=''):
return SecureCookie(key, value, ip, tokens, user_data)
