def wrapper(self, *args, **kwargs): auth = self.application.auth authorizer = self.application.authorizer authenticated = auth.is_authenticated(self) access_allowed = authenticated and authorizer.is_allowed_in_app( _identify_user(self)) if authenticated and (not access_allowed): user = _identify_user(self) LOGGER.warning('User ' + user + ' is not allowed') code = 403 message = 'Access denied. Please contact system administrator' if isinstance(self, tornado.websocket.WebSocketHandler): self.close(code=code, reason=message) else: raise tornado.web.HTTPError(code, message) login_url = self.get_login_url() request_path = self.request.path login_resource = is_allowed_during_login(request_path, login_url, self) if (authenticated and access_allowed) or login_resource: return func(self, *args, **kwargs) if not isinstance(self, tornado.web.StaticFileHandler): raise tornado.web.HTTPError(401, 'Not authenticated') login_url += "?" + urlencode(dict(next=request_path)) redirect_relative(login_url, self) return
def wrapper(self, *args, **kwargs): auth = self.application.auth authorizer = self.application.authorizer authenticated = auth.is_authenticated(self) access_allowed = authenticated and authorizer.is_allowed_in_app(_identify_user(self)) if authenticated and (not access_allowed): user = _identify_user(self) LOGGER.warning('User ' + user + ' is not allowed') code = 403 message = 'Access denied. Please contact system administrator' if isinstance(self, tornado.websocket.WebSocketHandler): self.close(code=code, reason=message) else: raise tornado.web.HTTPError(code, message) login_url = self.get_login_url() request_path = self.request.path login_resource = is_allowed_during_login(request_path, login_url, self) if (authenticated and access_allowed) or login_resource: return func(self, *args, **kwargs) if not isinstance(self, tornado.web.StaticFileHandler): raise tornado.web.HTTPError(401, 'Not authenticated') login_url += "?" + urlencode(dict(next=request_path)) redirect_relative(login_url, self) return
def authenticate(self, request_handler): if not self.is_enabled(): return LOGGER.info('Trying to authenticate user') login_generic_error = 'Something went wrong. Please contact the administrator or try later' try: username = self.authenticator.authenticate(request_handler) if isinstance(username, tornado.concurrent.Future): username = yield username except auth_base.AuthRejectedError as e: respond_error(request_handler, 401, e.get_message()) return except auth_base.AuthFailureError: respond_error(request_handler, 500, login_generic_error) return except auth_base.AuthBadRequestException as e: respond_error(request_handler, 400, e.get_message()) return except: LOGGER.exception('Failed to call authenticate') respond_error(request_handler, 500, login_generic_error) return LOGGER.info('Authenticated user ' + username) if not self.authorizer.is_allowed_in_app(username): LOGGER.info('User ' + username + ' have no access') respond_error( request_handler, 403, 'Access is prohibited. Please contact system administrator') return request_handler.set_secure_cookie('username', username) path = tornado.escape.url_unescape( request_handler.get_argument('next', '/')) # redirect only to internal URLs if path.startswith('http'): path = '/' redirect_relative(path, request_handler)
def wrapper(self, *args, **kwargs): auth = self.application.auth request_path = self.request.path login_url = self.get_login_url() if (auth.is_authenticated(self) and (auth.is_authorized(self))) \ or is_allowed_during_login(request_path, login_url, self): return func(self, *args, **kwargs) if not isinstance(self, tornado.web.StaticFileHandler): if not auth.is_authenticated(self): raise tornado.web.HTTPError(401, 'Not authenticated') else: raise tornado.web.HTTPError(403, 'Access denied') login_url += "?" + urlencode(dict(next=request_path)) redirect_relative(login_url, self) return
def authenticate(self, request_handler): if not self.is_enabled(): return LOGGER.info('Trying to authenticate user') login_generic_error = 'Something went wrong. Please contact the administrator or try later' try: username = self.authenticator.authenticate(request_handler) if asyncio.iscoroutine(username): username = yield username except auth_base.AuthRejectedError as e: respond_error(request_handler, 401, e.get_message()) return except auth_base.AuthFailureError: respond_error(request_handler, 500, login_generic_error) return except auth_base.AuthBadRequestException as e: respond_error(request_handler, 400, e.get_message()) return except: LOGGER.exception('Failed to call authenticate') respond_error(request_handler, 500, login_generic_error) return LOGGER.info('Authenticated user ' + username) request_handler.set_secure_cookie('username', username, expires_days=self.authenticator.auth_expiration_days) path = tornado.escape.url_unescape(request_handler.get_argument('next', '/')) # redirect only to internal URLs if path.startswith('http'): path = '/' redirect_relative(path, request_handler)
def authenticate(self, request_handler): if not self.is_enabled(): return LOGGER.info('Trying to authenticate user') login_generic_error = 'Something went wrong. Please contact the administrator or try later' try: username = self.authenticator.authenticate(request_handler) if isinstance(username, tornado.concurrent.Future): username = yield username except auth_base.AuthRejectedError as e: respond_error(request_handler, 401, e.get_message()) return except auth_base.AuthFailureError: respond_error(request_handler, 500, login_generic_error) return except auth_base.AuthBadRequestException as e: respond_error(request_handler, 400, e.get_message()) return except: LOGGER.exception('Failed to call authenticate') respond_error(request_handler, 500, login_generic_error) return LOGGER.info('Authenticated user ' + username) request_handler.set_secure_cookie('username', username) path = tornado.escape.url_unescape(request_handler.get_argument('next', '/')) # redirect only to internal URLs if path.startswith('http'): path = '/' redirect_relative(path, request_handler)
def get(self, *args): redirect_relative(self._url.format(*args), self, *args)
def get(self, *args): redirect_relative(self._url.format(*args), self, *args)