def handle_login():
session = bottle.request.environ.get('beaker.session')
conf_man.update_creds_from_metadata_server(request.app)
access_token = request.params.get("access_token")
expires_in = request.params.get("expires_in")
aws_client_id = request.app.config["server.aws_client_id"]
user_id, name, email = identity.get_identity_from_token(access_token, aws_client_id);
user_info = identity.find_user_role(request.app, user_id)
if not user_info :
return template("./views/login_reject.tpl",
title="Turing - Login Rejected!",
username = name,
user_id = user_id,
email = email,
session = session)
session["logged_in"] = True
session["user_id"] = user_id
session["username"] = name
session["email"] = user_info["email"] #email
session["user_role"] = user_info["role"]
print session
return template("./views/login_confirm.tpl",
title="Turing - Login Success!",
session=session)
def get_temp_keys():
session = bottle.request.environ.get('beaker.session')
require_login(session)
username = session["username"]
try:
user_info = identity.find_user_role(request.app, session["user_id"])
# This is a vulnerability. We need to check everytime if the access_tokens
# are valid and alive with the api.amazon.com
print user_info
role = "klab_public"
creds = sts.get_temp_creds(role)
return template('./views/tempkeys.tpl',
username = username,
session = session,
AccessKeyId = creds["AccessKeyId"],
SecretAccessKey = creds["SecretAccessKey"],
Token = creds["SessionToken"],
Expiration = creds["Expiration"],
title="Temporary keys",
alert=False)
except Exception as e:
return template('./views/logout.tpl',
username=username,
session=session,
title="Failed to get temporary keys",
alert=False)
def handle_login():
session = bottle.request.environ.get('beaker.session')
conf_man.update_creds_from_metadata_server(request.app)
access_token = request.params.get("access_token")
expires_in = request.params.get("expires_in")
aws_client_id = request.app.config["server.aws_client_id"]
user_id, name, email = identity.get_identity_from_token(
access_token, aws_client_id)
user_info = identity.find_user_role(request.app, user_id)
if not user_info:
return template("./views/login_reject.tpl",
title="Turing - Login Rejected!",
username=name,
user_id=user_id,
email=email,
session=session)
session["logged_in"] = True
session["user_id"] = user_id
session["username"] = name
session["email"] = user_info["email"] #email
session["user_role"] = user_info["role"]
print session
return template("./views/login_confirm.tpl",
title="Turing - Login Success!",
session=session)
def get_temp_keys():
session = bottle.request.environ.get('beaker.session')
require_login(session)
username = session["username"]
try:
user_info = identity.find_user_role(request.app, session["user_id"])
# This is a vulnerability. We need to check everytime if the access_tokens
# are valid and alive with the api.amazon.com
print user_info
role = "klab_public"
creds = sts.get_temp_creds(role)
return template('./views/tempkeys.tpl',
username=username,
session=session,
AccessKeyId=creds["AccessKeyId"],
SecretAccessKey=creds["SecretAccessKey"],
Token=creds["SessionToken"],
Expiration=creds["Expiration"],
title="Temporary keys",
alert=False)
except Exception as e:
return template('./views/logout.tpl',
username=username,
session=session,
title="Failed to get temporary keys",
alert=False)
def validate_session(app, access_token):
if not access_token:
return None
aws_client_id = request.app.config["server.aws_client_id"]
user_id, name, email = identity.get_identity_from_token(
access_token, aws_client_id)
if not user_id or not name:
return None
print "User_id : ", user_id
print "Name : ", name
print "Email : ", email
user_info = identity.find_user_role(request.app, user_id)
info = {
"user_id": user_id,
"name": name,
"username": name,
"email": user_info["email"], #email
"user_role": user_info["role"]
}
return info
def validate_session(app ,access_token):
if not access_token:
return None
aws_client_id = request.app.config["server.aws_client_id"]
user_id, name, email = identity.get_identity_from_token(access_token, aws_client_id);
if not user_id or not name:
return None
print "User_id : ", user_id
print "Name : ", name
print "Email : ", email
user_info = identity.find_user_role(request.app, user_id)
info = {"user_id" : user_id,
"name" : name,
"username" : name,
"email" : user_info["email"], #email
"user_role" : user_info["role"] }
return info
