def validate_oauth_token(token, request=None):
"""
Validates the token attached to the request (SessionStorage, GET/POST)
On every request, ask OAuth to authorize the token
"""
#Authorization test
user_profile = cas_profile_for_token(token)
if not user_profile:
return False
username = user_profile.get("id")
attrs = user_profile.get("attributes")
if not username or not attrs:
logger.info("Invalid Profile:%s does not have username/attributes"
% user_profile)
return False
#TEST 1 : Must be in the group 'atmo-user'
#NOTE: Test 1 will be IGNORED until we can verify it returns 'entitlement'
# EVERY TIME!
#if not cas_profile_contains(attrs, 'atmo-user'):
# raise Unauthorized("User %s is not a member of group 'atmo-user'"
# % username)
#TODO: TEST 2 : Must have an identity (?)
if not AtmosphereUser.objects.filter(username=username):
raise Unauthorized("User %s does not exist as an AtmosphereUser"
% username)
auth_token = obtainOAuthToken(username, token)
#logger.info("OAuthToken Obtained for %s:%s" % (username, auth_token))
if not auth_token:
return False
return True
def validate_oauth_token(token, request=None):
"""
Validates the token attached to the request (SessionStorage, GET/POST)
On every request, ask OAuth to authorize the token
"""
# Attempt to contact CAS
try:
user_profile = cas_profile_for_token(token)
except ConnectionError:
logger.exception("CAS could not be reached!")
user_profile = None
if not user_profile:
return False
username = user_profile.get("id")
attrs = user_profile.get("attributes")
if not username or not attrs:
# logger.info("Invalid Profile:%s does not have username/attributes"
# % user_profile)
return False
# NOTE: REMOVE this when it is no longer true!
# Force any username lookup to be in lowercase
if not username:
return None
username = username.lower()
# TEST 1 : Must be in the group 'atmo-user'
# NOTE: Test 1 will be IGNORED until we can verify it returns 'entitlement'
# EVERY TIME!
# raise Unauthorized("User %s is not a member of group 'atmo-user'"
# % username)
# TODO: TEST 2 : Must have an identity (?)
if not AtmosphereUser.objects.filter(username=username):
raise Unauthorized("User %s does not exist as an AtmosphereUser"
% username)
auth_token = obtainOAuthToken(username, token)
if not auth_token:
return False
return True
def validate_oauth_token(token, request=None):
"""
Validates the token attached to the request (SessionStorage, GET/POST)
On every request, ask OAuth to authorize the token
"""
#Authorization test
user_profile = cas_profile_for_token(token)
if not user_profile:
return False
username = user_profile["id"]
attrs = user_profile["attributes"]
#TEST 1 : Must be in the group 'atmo-user'
if not cas_profile_contains(attrs, 'atmo-user'):
raise Unauthorized("User %s is not a member of group 'atmo-user'" %
username)
#TODO: TEST 2 : Must have an identity (?)
#NOTE: Will reuse token if found.
auth_token = createOAuthToken(username, token)
logger.info("AuthToken for %s:%s" % (username, auth_token))
if not auth_token:
return False
return True
def validate_oauth_token(token, request=None):
"""
Validates the token attached to the request (SessionStorage, GET/POST)
On every request, ask OAuth to authorize the token
"""
#Authorization test
user_profile = cas_profile_for_token(token)
if not user_profile:
return False
username = user_profile["id"]
attrs = user_profile["attributes"]
#TEST 1 : Must be in the group 'atmo-user'
if not cas_profile_contains(attrs, 'atmo-user'):
raise Unauthorized("User %s is not a member of group 'atmo-user'"
% username)
#TODO: TEST 2 : Must have an identity (?)
#NOTE: Will reuse token if found.
auth_token = createOAuthToken(username, token)
logger.info("AuthToken for %s:%s" % (username, auth_token))
if not auth_token:
return False
return True
