def authenticate(self, request): """ Returns a `User` if a correct username and password have been supplied using HTTP Basic authentication. Otherwise returns `None`. """ auth = get_authorization_header(request).split() if not auth or auth[0].lower() != b'basic': return None if len(auth) == 1: msg = 'Invalid basic header. No credentials provided.' raise exceptions.AuthenticationFailed(msg) elif len(auth) > 2: msg = 'Invalid basic header. Credentials string should not contain spaces.' raise exceptions.AuthenticationFailed(msg) try: auth_parts = base64.b64decode(auth[1]).decode(HTTP_HEADER_ENCODING).partition(':') except (TypeError, UnicodeDecodeError): msg = 'Invalid basic header. Credentials not correctly base64 encoded' raise exceptions.AuthenticationFailed(msg) userid, password = auth_parts[0], auth_parts[2] return self.authenticate_credentials(userid, password)
def get(self, uri_path, query_params=None): headers = {'Accept': 'application/json'} if query_params is None: query_params = {} if uri_path[0] == '/': uri_path = uri_path[1:] url = 'https://api.trello.com/1/%s' % uri_path response = requests.get(url, params=query_params, headers=headers, auth=self.oauth) if response.status_code == 400: raise exc.WrongArguments( _("Invalid Request: %s at %s") % (response.text, url)) if response.status_code == 401: raise exc.AuthenticationFailed( _("Unauthorized: %s at %s") % (response.text, url)) if response.status_code == 403: raise exc.PermissionDenied( _("Unauthorized: %s at %s") % (response.text, url)) if response.status_code == 404: raise exc.NotFound( _("Resource Unavailable: %s at %s") % (response.text, url)) if response.status_code != 200: raise exc.WrongArguments( _("Resource Unavailable: %s at %s") % (response.text, url)) return response.json()
def enforce_csrf(self, request): """ Enforce CSRF validation for session based authentication. """ reason = CSRFCheck().process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise exceptions.AuthenticationFailed('CSRF Failed: %s' % reason)
def authenticate_credentials(self, userid, password): """ Authenticate the userid and password against username and password. """ user = authenticate(username=userid, password=password) if user is None or not user.is_active: raise exceptions.AuthenticationFailed('Invalid username/password') return (user, None)
def _validate_response(self, response): if response.status_code == 400: raise exc.WrongArguments( _("Invalid Request: %s at %s") % (response.text, response.url)) if response.status_code == 401: raise exc.AuthenticationFailed( _("Unauthorized: %s at %s") % (response.text, response.url)) if response.status_code == 403: raise exc.PermissionDenied( _("Unauthorized: %s at %s") % (response.text, response.url)) if response.status_code == 404: raise exc.NotFound( _("Resource Unavailable: %s at %s") % (response.text, response.url)) if response.status_code != 200: raise exc.WrongArguments( _("Resource Unavailable: %s at %s") % (response.text, response.url))