def registration(self, method, owner, body=None, rsid=''):
"""
:param method: HTTP method
:param owner: The owner of the resource set
:param body: description of the resource set
:param rsid: resource set id
:return: tuple (http response code, http message, http response args)
"""
if method == "POST": # create
args = {"oid": owner, "data": body}
func = self.create
elif method == "PUT": # update
args = {
"oid": owner,
"data": body,
"rsid": rsid,
# "if_match": if_match
}
func = self.update
elif method == "GET":
args = {"oid": owner}
if not rsid: # List
func = self.list
else: # Read
func = self.read
args["rsid"] = rsid
elif method == "DELETE":
args = {"rsid": rsid, "oid": owner}
func = self.delete
else:
return 400, {'message': "Message error"}
logger.debug("operation: %s" % func)
logger.debug("operation args: %s" % (args, ))
try:
comres = func(**args)
except MessageException as err:
response = (400,
ErrorResponse(error="invalid_request",
error_description=str(err)).to_json(), {
'content': "application/json"
})
except UnknownObject:
response = (404, ErrorResponse(error="not_found").to_json(), {
'content': "application/json"
})
else:
response = None
if isinstance(comres, ErrorResponse):
pass
else:
if func == self.delete:
# As a side effect all permissions assigned that references
# this resource set should be deleted
self.delete_rsid(owner, rsid)
response = (204, [], {})
elif func == self.create:
_etag = self.etag[comres["_id"]]
response = (201, comres.to_json(), {
'content':
"application/json",
'headers':
[("ETag", _etag),
("Location", "/{}/{}".format(self.rsr_path,
comres["_id"]))]
})
elif func == self.update:
_etag = self.etag[comres["_id"]]
response = (200, comres.to_json(), {
'headers': [("ETag", _etag)]
})
elif func == self.list:
response = (200, json.dumps(comres), {
'content': "application/json"
})
if not response:
response = (200, comres.to_json(), {
'content': "application/json"
})
return response
def rpt_endpoint_(self, entity, client_id, **kwargs):
"""
Registers an Authorization Description
:param entity: Who's on the other side
:param client_id: The UMA client
:return: A Response instance
"""
adr = AuthorizationDataRequest().from_json(kwargs["request"])
# Get request permission that the resource server has registered
try:
prr_list = self.permission_requests.get_request(adr["ticket"])
except KeyError:
errmsg = ErrorResponse(error="invalid_ticket")
return BadRequest(errmsg.to_json(), content="application/json")
self.permission_requests.del_request(adr["ticket"])
try:
_rpt = adr["rpt"]
except KeyError:
_rpt = rndstr(32)
for prr in prr_list:
_rsid = prr["resource_set_id"]
# Verify that the scopes are defined for the resource set
owner = self.resource_set.rsid2oid[_rsid]
rsd = self.resource_set.read(owner, _rsid)
for scope in prr["scopes"]:
try:
assert scope in rsd["scopes"]
except AssertionError:
errmsg = ErrorResponse(error="not_authorized", error_description="Undefined scopes")
return BadRequest(errmsg.to_json(), content="application/json")
# Is there any permissions registered by the owner, if so verify
# that it allows what is requested. Return what is allowed !
try:
allow_scopes, timestamp = self.permit.get_permit(owner, entity, _rsid)
except KeyError: #
errmsg = ErrorResponse(error="not_authorized", error_description="No permission given")
return BadRequest(errmsg.to_json(), content="application/json")
else:
_scopes = []
for scope in prr["scopes"]:
try:
assert scope in allow_scopes
except AssertionError:
pass
else:
_scopes.append(scope)
# bind _requester to specific RPT for this user
try:
self.eid2rpt[owner][entity] = _rpt
except KeyError:
self.eid2rpt[owner] = {entity: _rpt}
self.register_permission(owner, _rpt, _rsid, _scopes)
rsp = AuthorizationDataResponse(rpt=_rpt)
return Response(rsp.to_json())
def rpt_endpoint_(self, entity, client_id, **kwargs):
"""
Registers an Authorization Description
:param entity: Who's on the other side
:param client_id: The UMA client
:return: A Response instance
"""
adr = AuthorizationDataRequest().from_json(kwargs["request"])
# Get request permission that the resource server has registered
try:
prr_list = self.permission_requests.get_request(adr["ticket"])
except KeyError:
errmsg = ErrorResponse(error="invalid_ticket")
return BadRequest(errmsg.to_json(), content="application/json")
self.permission_requests.del_request(adr["ticket"])
try:
_rpt = adr["rpt"]
except KeyError:
_rpt = rndstr(32)
for prr in prr_list:
_rsid = prr["resource_set_id"]
# Verify that the scopes are defined for the resource set
owner = self.resource_set.rsid2oid[_rsid]
rsd = self.resource_set.read(owner, _rsid)
for scope in prr["scopes"]:
try:
assert scope in rsd["scopes"]
except AssertionError:
errmsg = ErrorResponse(
error="not_authorized",
error_description="Undefined scopes")
return BadRequest(errmsg.to_json(),
content="application/json")
# Is there any permissions registered by the owner, if so verify
# that it allows what is requested. Return what is allowed !
try:
allow_scopes, timestamp = self.permit.get_permit(
owner, entity, _rsid)
except KeyError: #
errmsg = ErrorResponse(error="not_authorized",
error_description="No permission given")
return BadRequest(errmsg.to_json(), content="application/json")
else:
_scopes = []
for scope in prr["scopes"]:
try:
assert scope in allow_scopes
except AssertionError:
pass
else:
_scopes.append(scope)
# bind _requester to specific RPT for this user
try:
self.eid2rpt[owner][entity] = _rpt
except KeyError:
self.eid2rpt[owner] = {entity: _rpt}
self.register_permission(owner, _rpt, _rsid, _scopes)
rsp = AuthorizationDataResponse(rpt=_rpt)
return Response(rsp.to_json())
def resource_set_registration_endpoint_(self, entity, path, method, client_id, body="", if_match="", **kwargs):
"""
The endpoint at which the resource server handles resource sets
descriptions.
:param entity: The entity that controls the resource set
:param path:
:param method: HTTP method
:param body: The resource set registration message
:paran client_id: Which client I'm talking to
:param if_match: The HTTP If-Match header if any
:param kwargs: possible other arguments
:returns: A Response instance
"""
# path should be /resource_set/{rsid} or /resource_set
# Path may or may not start with '/'
if path.startswith("/"):
assert path[1:].startswith(RSR_PATH)
rsid = path[PLEN + 1 :]
else:
assert path.startswith(RSR_PATH)
rsid = path[PLEN:]
if rsid.startswith("/"):
rsid = rsid[1:]
_user = safe_name(entity, client_id)
logger.debug("handling resource set belonging to '%s'" % _user)
# self.resource_set.set_collection(_user)
if method == "POST": # create
args = {"oid": _user, "data": body}
func = self.resource_set.create
elif method == "PUT": # update
args = {
"oid": _user,
"data": body,
"rsid": rsid,
# "if_match": if_match
}
func = self.resource_set.update
elif method == "GET":
args = {"oid": _user}
if not rsid: # List
func = self.resource_set.list
else: # Read
func = self.resource_set.read
args["rsid"] = rsid
elif method == "DELETE":
args = {"rsid": rsid, "oid": _user}
func = self.resource_set.delete
else:
return BadRequest("Message error")
logger.debug("operation: %s" % func)
logger.debug("operation args: %s" % (args,))
try:
body = func(**args)
except MessageException as err:
_err = ErrorResponse(error="invalid_request", error_description=str(err))
response = BadRequest(_err.to_json(), content="application/json")
except UnknownObject:
_err = ErrorResponse(error="not_found")
response = NotFound(_err.to_json(), content="application/json")
else:
response = None
if isinstance(body, ErrorResponse):
pass
else:
if func == self.resource_set.delete:
# As a side effect all permissions assigned that references
# this resource set should be deleted
self.permit.delete_permit_by_resource_id(entity, rsid)
response = NoContent()
elif func == self.resource_set.create:
_etag = self.resource_set.etag[body["_id"]]
response = Created(
body.to_json(),
content="application/json",
headers=[("ETag", _etag), ("Location", "/{}/{}".format(RSR_PATH, body["_id"]))],
)
elif func == self.resource_set.update:
_etag = self.resource_set.etag[body["_id"]]
response = NoContent(content="application/json", headers=[("ETag", _etag)])
elif func == self.resource_set.list:
response = Response(json.dumps(body))
if not response:
response = Response(body.to_json(), content="application/json")
return response
def resource_set_registration_endpoint_(self,
entity,
path,
method,
client_id,
body="",
if_match="",
**kwargs):
"""
The endpoint at which the resource server handles resource sets
descriptions.
:param entity: The entity that controls the resource set
:param path:
:param method: HTTP method
:param body: The resource set registration message
:paran client_id: Which client I'm talking to
:param if_match: The HTTP If-Match header if any
:param kwargs: possible other arguments
:returns: A Response instance
"""
# path should be /resource_set/{rsid} or /resource_set
# Path may or may not start with '/'
if path.startswith("/"):
assert path[1:].startswith(RSR_PATH)
rsid = path[PLEN + 1:]
else:
assert path.startswith(RSR_PATH)
rsid = path[PLEN:]
if rsid.startswith("/"):
rsid = rsid[1:]
_user = safe_name(entity, client_id)
logger.debug("handling resource set belonging to '%s'" % _user)
# self.resource_set.set_collection(_user)
if method == "POST": # create
args = {"oid": _user, "data": body}
func = self.resource_set.create
elif method == "PUT": # update
args = {
"oid": _user,
"data": body,
"rsid": rsid,
# "if_match": if_match
}
func = self.resource_set.update
elif method == "GET":
args = {"oid": _user}
if not rsid: # List
func = self.resource_set.list
else: # Read
func = self.resource_set.read
args["rsid"] = rsid
elif method == "DELETE":
args = {"rsid": rsid, "oid": _user}
func = self.resource_set.delete
else:
return BadRequest("Message error")
logger.debug("operation: %s" % func)
logger.debug("operation args: %s" % (args, ))
try:
body = func(**args)
except MessageException as err:
_err = ErrorResponse(error="invalid_request",
error_description=str(err))
response = BadRequest(_err.to_json(), content="application/json")
except UnknownObject:
_err = ErrorResponse(error="not_found")
response = NotFound(_err.to_json(), content="application/json")
else:
response = None
if isinstance(body, ErrorResponse):
pass
else:
if func == self.resource_set.delete:
# As a side effect all permissions assigned that references
# this resource set should be deleted
self.permit.delete_permit_by_resource_id(entity, rsid)
response = NoContent()
elif func == self.resource_set.create:
_etag = self.resource_set.etag[body["_id"]]
response = Created(body.to_json(),
content="application/json",
headers=[("ETag", _etag),
("Location", "/{}/{}".format(
RSR_PATH, body["_id"]))])
elif func == self.resource_set.update:
_etag = self.resource_set.etag[body["_id"]]
response = NoContent(content="application/json",
headers=[("ETag", _etag)])
elif func == self.resource_set.list:
response = Response(json.dumps(body))
if not response:
response = Response(body.to_json(), content="application/json")
return response
