def _respond(_uid, _description):
token = crypt.generate_auth_token(_uid)
if target == 'dcos:authenticationresponse:html':
# Upon entering the SSO flow, the user-agent stored this target to
# indicate that it desires to retrieve a special, human-readable
# HTML authentication response.
generate_authtoken_html_response(token, resp)
else:
generate_authtoken_json_response(token,
req,
resp,
_uid,
_description,
is_remote=True)
# Perform the redirect.
if target is None:
# `target` was not defined by user-agent while entering the
# SSO flow. Redirect to root.
raise falcon.HTTPSeeOther('/')
else:
# `target` was defined by user-agent upon entering the flow.
# Redirect to it w/o further validation (although it may not
# even be a valid URL).
raise falcon.HTTPSeeOther(target)
def process_request(self, req, res):
path = req.path.strip('/')
length = len(path)
base = len(characterPool)
acc = 0
for index, digit in enumerate(path):
sup = length - 1 - index
num = characterPool[digit]
acc += num * (base**sup)
id = hex(acc)[2:]
url = db.urls.find_one({'_id': ObjectId(id)})
if url:
raise falcon.HTTPSeeOther(url['long'])
else:
raise falcon.HTTPSeeOther('https://nullorm.github.io')
def on_post(self, req: falcon.Request, resp: falcon.Response,
store_id: str):
validate_not_null(req.params, "project_id")
validate_not_null(req.params, "project_name")
project_id = req.params.get("project_id", None)
project_name = req.params.get("project_name", None)
resp.context = {
"store_id": store_id,
"project_id": project_id,
"project_name": project_name,
"assets": [],
"workers": {}
}
try:
access = getattr(resp, "auth_user", {})
self._controller.create_project(store_id=store_id,
project_id=project_id,
project_name=project_name,
groups=access.get(
"write_groups", []),
auth_token=auth_token(req))
report_success(resp=resp, description="Project created")
except:
raise
finally:
resp.context["projects"] = self._controller.list_projects(
store_id, auth_token=auth_token(req))
raise falcon.HTTPSeeOther('./%s/project/%s' % (store_id, project_id))
def on_post(self, req, resp):
with self._repo.open() as repo:
new_issue = req.media
new_id = repo.issues.create_issue(
new_issue['title'],
new_issue['description']
)
raise falcon.HTTPSeeOther('/issues/{}'.format(new_id))
def process_resource(self, req: falcon.Request, resp: falcon.Response,
_resource, _params):
if is_public(req.path, self.public_paths):
logging.debug(
"This is a public resource which does not need a valid token")
return
token = auth_token(req)
if not token:
raise falcon.HTTPSeeOther(self.login_path)
resp.auth_user = self._backend.user_info(auth_token=token)
def on_post(self, req: falcon.Request, resp: falcon.Response):
validate_not_null(req.params, 'user')
validate_not_null(req.params, 'password')
token = self._controller.login(user=req.params.get("user", None),
password=req.params.get(
"password", None))
if token:
resp.set_cookie(FIELD_AUTH_TOKEN, token)
raise falcon.HTTPSeeOther("/")
else:
raise ValidationError(title="Invalid login",
description="Invalid username or password")
def on_post(self, req: falcon.Request, resp: falcon.Response,
store_id: str, project_id: str):
self._controller.create_project_version(
store_id=store_id,
project_id=project_id,
version_name=req.params.get("version_name", ""),
version_description=req.params.get("version_description", ""))
resp.media = {'Status': 'OK'}
resp.status = falcon.HTTP_200
raise falcon.HTTPSeeOther(
location="/view/store/{}/project/{}".format(store_id, project_id))
def on_post(self, req, resp):
fields = req.media
with self._repo.open() as repo:
# Check this has valid user id and session id
if not repo.users.authenticateSessionId(fields.get('userId'),
fields.get('sessionId')):
resp.status_code = falcon.HTTP_401
return
new_id = repo.issues.create_issue(fields['title'],
fields['description'],
fields['userId'])
raise falcon.HTTPSeeOther('/issues/{}'.format(new_id))
def on_get(self, req, resp):
"""Start a single sign-on (SSO) flow.
As of now, the exclusive purpose of a GET request against this resource
is to initiate an SSO flow.
"""
oidc_provider = req.params.get('oidc-provider', None)
saml_provider = req.params.get('saml-provider', None)
target = req.params.get('target', None)
if oidc_provider is None and saml_provider is None:
d = 'Expected query parameter `oidc-provider` or `saml-provider`.'
raise falcon.HTTPBadRequest(description=d,
code='ERR_MISSING_QUERY_PARAMETERS')
requested_provider_id = oidc_provider or saml_provider
# Detect case where the requested provider is not known, and the request
# was sent from a browser (detected based on the Accept header value).
# In that case, redirect the user agent to the front page of the UI
# (relative redirect to / and add a query parameter containing an error
# message that the UI can display to the user).
browser_request = 'text/html' in req.accept.lower()
login_providers = get_all_login_providers()
if browser_request and requested_provider_id not in login_providers:
error_message = "The login provider with ID '%s' is not known" % (
requested_provider_id, )
error_message_url_encoded = falcon.uri.encode_value(error_message)
# Emit 303 redirect response.
raise falcon.HTTPSeeOther('/?iam-error=%s' %
(error_message_url_encoded))
# The `return` statement is not required, but explicit is better.
return
if oidc_provider:
return self.__class__.openidconnect_start_flow(
resp, oidc_provider, target)
if saml_provider:
return self.__class__.saml_start_flow(saml_provider, target)
def on_put(self, req, resp):
raise falcon.HTTPSeeOther('/see/other')
def on_put(self, req, resp):
raise falcon.HTTPSeeOther('/see/other', headers={'foo': 'bar'})
def on_get(self, _: falcon.Request, resp: falcon.Response):
resp.unset_cookie(FIELD_AUTH_TOKEN)
raise falcon.HTTPSeeOther("/")
