Exemplo n.º 1
0
    def wrap_action(self, action_, *args, **kwargs):
        """
        Wrap the controller action ``action_``.

        :param action_: The controller action to be wrapped.

        ``args`` and ``kwargs`` are the positional and named arguments which
        will be passed to ``action_`` when called.

        """
        try:
            # get token
            # from header information
            request = RequestOAuth(args[0].R)
            with ResponseHTTP(response=request.response) as t:
                _in = u'Failed'
                # handle token
                token = request.access_token

                if token:
                    oauth_context = TokenManager.get_token_context(token.get('token'))
                    if oauth_context.valid:
                        args[0].__dict__.update(R=request)
                        kwargs.update(dict(oauth_context=oauth_context))
                        # not mandatory use of oauth, but valid token
                        if self.anon:
                            LOG.debug(oauth_context.valid)
                            return action_(*args, **kwargs)
                        # validate scope
                        elif TokenManager.has_valid_scope(oauth_context.scopes, self.allowed_scopes):
                            LOG.debug(oauth_context.scopes)
                            # kwargs.update(dict(oauth_context=oauth_context))
                            return action_(*args, **kwargs)
                else:
                    if self.anon:
                        return action_(*args, **kwargs)

                # api_key = request.matchdict.get(self.api_field, None)

                # otherwise, we're done, you're not allowed
                message = 'Not authorized for request.'
                code, status = ResponseHTTP.FORBIDDEN
            return t.to_json(_in,
                             message=message,
                             code=code, status=status)
        except ValueError as e:
            LOG.debug(e.message)
def get_token_context(token):
    return TokenManager.get_token_context(token)