def test01_create_cookie(self): secret = os.urandom(32) cookie = SecureCookie(secret, 'pjk', '127.0.0.1') cookie_val = cookie.cookie_value() log.info('Cookie value: %r', cookie_val)
def thredds(request): encoded_secret_key = settings.ESGF_SECRET_KEY return_query_name = settings.ESGF_RETURN_QUERY_NAME session_cookie_name = settings.ESGF_SESSION_COOKIE_NAME if request.is_secure(): scheme = 'https' else: scheme = 'http' authenticate_url = '{}://{}{}'.format(scheme, request.get_host(), reverse('home')) redirect = '{}://{}{}{}'.format( scheme, request.get_host(), reverse('thredds'), 'fileServer/cmip5_css02_data/cmip5/output1/CMCC/CMCC-CM/historical/day/atmos/day/r1i1p1/clt/1/clt_day_CMCC-CM_historical_r1i1p1_20050101-20051231.nc' ) session_cookie = request.COOKIES.get(session_cookie_name) cookie = None if session_cookie: secret_key = encoded_secret_key.decode('base64') cookie = SecureCookie.parse_ticket(secret_key, session_cookie, None, None) return render( request, 'auth/thredds.j2', { 'authenticate_url': authenticate_url, 'return_query_name': return_query_name, 'encoded_secret_key': encoded_secret_key, 'quoted_encoded_secret_key': quote(encoded_secret_key), 'session_cookie_name': session_cookie_name, 'redirect': redirect, 'session_cookie': session_cookie, 'decrypted_session_cookie': cookie })
def check_cookie(): key = 'yUGFos3E/MbDiN4q1YjjTE/gmO7SLxeetAxxAgPUaB0=' key = key.decode('base64') cookie_value = 'c39193baf69307eb13967af1c6a3e9fdbbf4b468eefdb0a543ba2a28aaa74ae4f452e8482dd4b7bf465013369f92decd-8d98649db5e1ef67e287474442645cb6-25e8ec8bd024ae0dd56078403fe099e4d9e948bdf51661d848fee5e8cdb0afc1' cookie = SecureCookie.parse_ticket(key, cookie_value, None, None) print(cookie)
def test02_check_cookie(self): secret = os.urandom(32) cookie = SecureCookie(secret, 'pjk', '127.0.0.1') cookie_val = cookie.cookie_value() session = { 'authkit.cookie.user': None, 'authkit.cookie.user_data': None } ticket = SecureCookie.parse_ticket(secret, cookie_val, '127.0.0.1', session) self.assertEqual('pjk', ticket[1], 'Error parsing user id') log.info('ticket: %r', ticket)
def _parse_cookie_value(self, cookie_value): """ Parses user information from an encrypted cookie """ shared_secret = codecs.decode(settings.SECURITY_SHAREDSECRET.encode(), "base64") try: parsed_cookie_items = SecureCookie.parse_ticket( shared_secret, cookie_value, None, None) username = parsed_cookie_items[self.USERNAME_INDEX] return { "username": username, "groups": [], } except BadTicket as e: LOG.warning("Error decoding cookie.") raise CookieParsingError(e) except VerificationError as e: LOG.warning("Cookie signature verification error.") raise CookieParsingError(e) except IndexError as e: LOG.warning("Index not in cookie.") raise CookieParsingError(e)
def home(request): if request.method == 'GET': ''' requested directly or redirected from THREDDS/authentication filter or redirected from OpenID/OAuth2 server or ''' if request.user.is_authenticated(): social = None try: social = request.user.social_auth.get(provider='esgf') except Exception: pass try: social = request.user.social_auth.get(provider='esgf-openid') except Exception: pass log.info('User {} successfully authenticated'.format(social.uid)) redirect_url = request.GET.get('redirect', request.session.get('redirect')) if not redirect_url: ''' not redirected from THREDDS/authentication filter ''' return render(request, 'auth/home.j2', {'openid_identifier': social.uid}) ''' redirected from OpenID/OAuth2 server or redirected from THREDD/authentication filter ''' # create a session cookie encoded_secret_key = settings.ESGF_SECRET_KEY session_cookie_name = settings.ESGF_SESSION_COOKIE_NAME secret_key = encoded_secret_key.decode('base64') secure_cookie = SecureCookie(secret_key, social.uid, '127.0.0.1', (), '') # redirect back to THREDDS response = redirect(redirect_url) response.set_cookie(session_cookie_name, secure_cookie.cookie_value()) return response else: ''' requested directly or redirected from THREDDS/authentication filter ''' redirect_url = request.GET.get('redirect') ''' Save 'redirect' param passed in the redirection by the THREDDS authentication filter before starting the OAuth2 flow. After the OAuth2 flow is completed, the param will be needed to create a redirection back to THREDDS. ''' request.session['redirect'] = redirect_url return render(request, 'auth/home.j2', {'redirect': redirect_url}) # request.method == 'POST' openid_identifier = request.POST.get('openid_identifier') request.session['openid_identifier'] = openid_identifier protocol = discover(openid_identifier) if protocol: request.session['next'] = request.path credential = get_oauth2_cred(openid_identifier) if protocol == 'OAuth2' and credential: ''' It may create a race condition. When two users authenticate at the same moment through different OAuth2 servers, KEY and SECRET may be set for a wrong server. It will be better to set KEY and SECRET directly on a strategy object. ''' settings.SOCIAL_AUTH_ESGF_KEY = credential['key'] settings.SOCIAL_AUTH_ESGF_SECRET = credential['secret'] return redirect(reverse('social:begin', args=['esgf'])) elif protocol == 'OpenID': return redirect(reverse('social:begin', args=['esgf-openid'])) else: log.error('Could not discover authentication service for {}'.format( openid_identifier)) redirect_url = request.session.get('redirect') return render( request, 'auth/home.j2', { 'redirect': redirect_url, 'message': 'No OpenID/OAuth2/OIDC service discovered' })
def create_cookie(key, value, ip, tokens=(), user_data=''): return SecureCookie(key, value, ip, tokens, user_data)