Exemplo n.º 1
0
def InspectParams(params_dict, forbidden_params, rename_dict):
    """Inspects a dictionary of params, looking for forbidden values.

  @type params_dict: dict of string to anything
  @param params_dict: A dictionary of supplied parameters
  @type forbidden_params: dict of string to string or list of any
  @param forbidden_params: The forbidden parameters, with a list of forbidden
                           values or the constant ALL_VALUES_FORBIDDEN
                           signifying that all values are forbidden
  @type rename_dict: None or dict of string to string
  @param rename_dict: The list of parameter renamings used by the method

  @raise http.HttpForbidden: If a forbidden param has been set

  """
    for param in params_dict:
        # Check for possible renames to ensure nothing slips through
        if rename_dict is not None and param in rename_dict:
            param = rename_dict[param]

        # Now see if there are restrictions on this parameter
        if param in forbidden_params:
            forbidden_values = forbidden_params[param]
            if forbidden_values == ALL_VALUES_FORBIDDEN:
                raise http.HttpForbidden(
                    "The parameter %s cannot be set via RAPI" % param)

            param_value = params_dict[param]
            if param_value in forbidden_values:
                raise http.HttpForbidden(
                    "The parameter %s cannot be set to the value"
                    " %s via RAPI" % (param, param_value))
Exemplo n.º 2
0
    def ValidateRequest(self, req, handler_access):
        """Checks whether a user can access a resource.

    """
        username, password = HttpServerRequestAuthentication \
                               .ExtractUserPassword(req)
        if username is None:
            raise http.HttpUnauthorized()
        if password is None:
            raise http.HttpBadRequest(message=("Basic authentication requires"
                                               " password"))

        user = self.user_fn(username) if self.user_fn else self.users.Get(
            username)
        _, expected_password = HttpServerRequestAuthentication \
                                 .ExtractSchemePassword(password)
        if not (user and expected_password == user.password):
            # Unknown user or password wrong
            return None

        if (not handler_access
                or set(user.options).intersection(handler_access)):
            # Allow access
            return username

        # Access forbidden
        raise http.HttpForbidden()
Exemplo n.º 3
0
    def ValidateRequest(self, req, handler_access, realm):
        """Checks whether a user can access a resource.

    """
        request_username, request_password = HttpServerRequestAuthentication \
                                               .ExtractUserPassword(req)
        if request_username is None:
            raise http.HttpUnauthorized()
        if request_password is None:
            raise http.HttpBadRequest(message=("Basic authentication requires"
                                               " password"))

        user = self.user_fn(request_username)
        if not (user
                and HttpServerRequestAuthentication.VerifyBasicAuthPassword(
                    request_username, request_password, user.password, realm)):
            # Unknown user or password wrong
            return None

        if (not handler_access
                or set(user.options).intersection(handler_access)):
            # Allow access
            return request_username

        # Access forbidden
        raise http.HttpForbidden()
Exemplo n.º 4
0
    def Authenticate(self, req, username, password):
        """Checks whether a user can access a resource.

    """
        ctx = self._GetRequestContext(req)

        user = self._user_fn(username)
        if not (user and self.VerifyBasicAuthPassword(req, username, password,
                                                      user.password)):
            # Unknown user or password wrong
            return False

        if (not ctx.handler_access
                or set(user.options).intersection(ctx.handler_access)):
            # Allow access
            return True

        # Access forbidden
        raise http.HttpForbidden()