Пример #1
0
def authorize_request(event):
    req = event.request
    try:
        userid = req.headers['X-Ops-Userid']
        creq = canonical_request(
            req.method,
            canonical_path(req.path_info),
            req.headers['X-Ops-Content-Hash'],
            req.headers['X-Ops-Timestamp'],
            userid)
        assert sha1_base64(req.body) == req.headers['X-Ops-Content-Hash'], (
            'Bad body hash')
        client = M.Client.query.get(name=userid)
        if client is None:
            return
        sig_hdrs = [
            (k,v) for k,v in req.headers.items()
            if k.startswith('X-Ops-Authorization-') ]
        sig_hdrs = [
            (int(k.rsplit('-', 1)[-1]), v)
            for k,v in sig_hdrs ]
        sig_hdrs = sorted(sig_hdrs)
        b64_sig = ''.join(v for k,v in sig_hdrs)
        signature = binascii.a2b_base64(b64_sig)
        if _signature_is_valid(client.key, signature, creq):
            req.environ['REMOTE_USER'] = client.name
            req.environ['REMOTE_ACCOUNT'] = client.account
            req.environ['CLIENT'] = client
            req.environ['REMOTE_USER'] = client
            req.chef_client = client
            req.chef_account = client.account
    except KeyError:
        pass
    except:
        log.exception('Error in authorize_request')
        pass
Пример #2
0
def hash_body(request):
    return sha1_base64(request.raw_post_data)