def includeme(config):
# import needs to be here, otherwise ImportError happens during setup.py install (modules not yet installed)
# pylint: disable=C0415
from pyramid.events import NewRequest
from pyramid.tweens import EXCVIEW
from magpie.api import generic as ag
from magpie.constants import get_constant
from magpie.utils import fully_qualified_name, get_logger, log_exception_tween, log_request
mod_dir = get_constant("MAGPIE_MODULE_DIR", config)
logger = get_logger(__name__)
logger.info("Adding MAGPIE_MODULE_DIR='%s' to path.", mod_dir)
sys.path.insert(0, mod_dir)
config.add_exception_view(ag.internal_server_error)
config.add_forbidden_view(ag.unauthorized_or_forbidden)
config.add_notfound_view(RemoveSlashNotFoundViewFactory(
ag.not_found_or_method_not_allowed),
append_slash=True)
config.set_default_permission(
get_constant("MAGPIE_ADMIN_PERMISSION", config))
tween_position = fully_qualified_name(ag.apply_response_format_tween)
config.add_tween(tween_position, over=EXCVIEW)
if get_constant("MAGPIE_LOG_REQUEST", config):
config.add_subscriber(log_request, NewRequest)
if get_constant("MAGPIE_LOG_EXCEPTION", config):
tween_name = fully_qualified_name(log_exception_tween)
config.add_tween(tween_name, under=tween_position)
tween_position = tween_name
config.add_tween(fully_qualified_name(ag.validate_accept_header_tween),
under=tween_position)
config.include("cornice")
config.include("cornice_swagger")
config.include("pyramid_chameleon")
config.include("pyramid_beaker")
config.include("pyramid_mako")
config.include("magpie.api")
config.include("magpie.db")
if get_constant("MAGPIE_UI_ENABLED", config):
config.include("magpie.ui")
else:
logger.warning("Magpie UI not enabled.")
def __init__(self, *args, **kwargs):
super(WSO2, self).__init__(*args, **kwargs)
self.hostname = self._kwarg(kwargs, "hostname",
"https://localhost:9443")
self.url = self._kwarg(
kwargs, "redirect_uri",
"http://localhost:2001/magpie/providers/wso2/signin")
self.access_token_url = "{}/oauth2/token".format(self.hostname)
self.user_authorization_url = "{}/oauth2/authorize".format(
self.hostname)
self.user_info_url = "{}/oauth2/userinfo".format(self.hostname)
self.user_info_scope = self._kwarg(kwargs, "user_info_scope",
["openid"])
self.scope = self._kwarg(kwargs, "scope", ["openid"])
self.cert = self._kwarg(kwargs, "certificate_file", None)
self.verify = self._kwarg(kwargs, "ssl_verify", True)
self._logger = get_logger(__name__, level=logging.DEBUG)
if self.verify and self.cert and not path.isfile(self.cert):
raise ValueError(
"Specified WSO2 certificate file cannot be found. [path: {!r}]"
.format(self.cert))
def includeme(config):
# import needs to be here, otherwise ImportError happens during setup.py install (modules not yet installed)
from magpie.api.generic import internal_server_error, unauthorized_or_forbidden, not_found_or_method_not_allowed
from magpie.constants import get_constant
from magpie.definitions.pyramid_definitions import NewRequest, EXCVIEW
from magpie.utils import get_logger
mod_dir = get_constant("MAGPIE_MODULE_DIR", config)
logger = get_logger(__name__)
logger.info("Adding MAGPIE_MODULE_DIR='{}' to path.".format(mod_dir))
sys.path.insert(0, mod_dir)
config.add_exception_view(internal_server_error)
config.add_forbidden_view(unauthorized_or_forbidden)
config.add_notfound_view(not_found_or_method_not_allowed)
config.set_default_permission(get_constant("MAGPIE_ADMIN_PERMISSION", config))
tween_position = EXCVIEW
if get_constant("MAGPIE_LOG_REQUEST", config):
config.add_subscriber("magpie.utils.log_request", NewRequest)
if get_constant("MAGPIE_LOG_EXCEPTION", config):
config.add_tween("magpie.utils.log_exception_tween", under=tween_position)
tween_position = "magpie.utils.log_exception_tween"
config.add_tween("magpie.api.generic.validate_accept_header_tween", under=tween_position)
config.include("cornice")
config.include("cornice_swagger")
config.include("pyramid_chameleon")
config.include("pyramid_beaker")
config.include("pyramid_mako")
config.include("magpie.definitions")
config.include("magpie.api")
config.include("magpie.db")
if get_constant("MAGPIE_UI_ENABLED", config):
config.include("magpie.ui")
else:
logger.warning("Magpie UI not enabled.")
from magpie.api import schemas as s
from magpie.utils import get_logger
LOGGER = get_logger(__name__)
def includeme(config):
LOGGER.info("Adding API resource...")
# Add all the rest api routes
config.add_route(**s.service_api_route_info(s.ResourcesAPI))
config.add_route(**s.service_api_route_info(s.ResourceAPI))
config.add_route(**s.service_api_route_info(s.ResourcePermissionsAPI))
config.scan()
IAuthorizationPolicy,
asbool,
)
from magpie.definitions.twitcher_definitions import (
OWSSecurityInterface,
OWSAccessForbidden,
parse_service_name,
)
from magpie.models import Service
from magpie.permissions import Permission
from magpie.services import service_factory
from magpie.utils import get_magpie_url, get_settings, get_logger, CONTENT_TYPE_JSON
from requests.cookies import RequestsCookieJar
from six.moves.urllib.parse import urlparse
import requests
LOGGER = get_logger("TWITCHER")
class MagpieOWSSecurity(OWSSecurityInterface):
def __init__(self, request):
super(MagpieOWSSecurity, self).__init__()
self.magpie_url = get_magpie_url(request)
self.settings = get_settings(request)
self.twitcher_ssl_verify = asbool(
self.settings.get("twitcher.ows_proxy_ssl_verify", True))
self.twitcher_protected_path = self.settings.get(
"twitcher.ows_proxy_protected_path", "/ows")
def check_request(self, request):
if request.path.startswith(self.twitcher_protected_path):
service_name = parse_service_name(request.path,
from pyramid.config import Configurator
from pyramid.settings import asbool
from ziggurat_foundations.models import groupfinder
from magpie.api.login import esgfopenid, wso2
from magpie.constants import get_constant
from magpie.models import RootFactory
from magpie.utils import get_logger, get_settings
if TYPE_CHECKING:
# pylint: disable=W0611,unused-import
from typing import List, Optional
from magpie.typedefs import AnySettingsContainer, JSON, Str
AUTHOMATIC_LOGGER = get_logger("magpie.authomatic", level=logging.DEBUG)
LOGGER = get_logger(__name__)
def mask_credentials(container, redact="[REDACTED]", flags=None, parent=None):
# type: (JSON, Str, Optional[List[Str]], Optional[Str]) -> JSON
"""
Masks away any credential matched against :paramref:`flags` recursively from JSON :paramref:`container`.
Matched credential entries are replaced by :paramref:`redact`. List items are all replaced by the same
:paramref:`redact` when their :paramref:`parent` field name is matched.
:param container: JSON container to mask.
If starting with a list on top-level, first level children will not be masked unless parent is provided.
:param redact: string by which to replace flagged fields.
:param flags: field names (partial matches) to flag for masking.
def includeme(config):
from magpie.utils import get_logger
logger = get_logger(__name__)
logger.info("Adding definitions...")
from magpie.api.login import esgfopenid, wso2
from magpie.constants import get_constant
from magpie.definitions.pyramid_definitions import (
AuthTktAuthenticationPolicy, ACLAuthorizationPolicy, Configurator, asbool)
from magpie.definitions.ziggurat_definitions import groupfinder
from magpie.utils import get_logger, get_settings
from authomatic import Authomatic, provider_id
from authomatic.providers import oauth2, openid
from typing import TYPE_CHECKING
import logging
if TYPE_CHECKING:
from magpie.definitions.typedefs import JSON # noqa: F401
AUTHOMATIC_LOGGER = get_logger('magpie.authomatic', level=logging.DEBUG)
LOGGER = get_logger('magpie.security')
def get_auth_config(container):
settings = get_settings(container)
magpie_secret = get_constant('MAGPIE_SECRET',
settings,
settings_name='magpie.secret')
magpie_cookie_expire = get_constant('MAGPIE_COOKIE_EXPIRE',
settings,
settings_name='magpie.cookie_expire',
default_value=None,
raise_missing=False,
raise_not_set=False,
print_missing=True)
magpie_cookie_name = get_constant('MAGPIE_COOKIE_NAME',
settings,
settings_name='magpie.cookie_name',
from typing import TYPE_CHECKING
import requests
from magpie.constants import get_constant
from magpie.register import get_all_configs, pseudo_random_string
from magpie.utils import get_json, get_logger
if TYPE_CHECKING:
from typing import Any, Dict, List, Optional, Sequence
from magpie.typedefs import Str
UserConfig = List[Dict[Str, Str]]
LOGGER = get_logger(__name__,
message_format="%(asctime)s - %(levelname)s - %(message)s",
datetime_format="%d-%b-%y %H:%M:%S",
force_stdout=False)
ERROR_PARAMS = 2
ERROR_EXEC = 1
def format_response(response):
response_json = get_json(response)
return str(response_json.get("code")) + " : " + str(
response_json.get("detail"))
def get_login_session(magpie_url, username, password, return_response=False):
session = requests.Session()
data = {"user_name": username, "password": password}