def configurator_factory(self, container): # noqa: N805, R0201
# type: (AnySettingsContainer) -> Configurator
settings = get_settings(container)
set_cache_regions_from_settings(settings)
# disable rpcinterface which is conflicting with postgres db
settings["twitcher.rpcinterface"] = False
LOGGER.info("Loading MagpieAdapter config")
config = get_auth_config(container)
config.include("pyramid_beaker")
# use pyramid_tm to hook the transaction lifecycle to the request
# make request.db available for use in Pyramid
config.include("pyramid_tm")
session_factory = get_session_factory(get_engine(settings))
config.registry["dbsession_factory"] = session_factory
config.add_request_method(
# r.tm is the transaction manager used by pyramid_tm
lambda r: get_tm_session(session_factory, r.tm),
"db",
reify=True)
# use same 'get_user' method as ziggurat to access 'request.user' from
# request with auth token with exactly the same behaviour in Twitcher
config.add_request_method(get_user, "user", reify=True)
# add route to verify user token matching between Magpie/Twitcher
config.add_route("verify-user", "/verify")
config.add_view(verify_user, route_name="verify-user")
return config
def __init__(self, request):
super(MagpieOWSSecurity, self).__init__()
self.magpie_url = get_magpie_url(request)
self.settings = get_settings(request)
self.twitcher_ssl_verify = asbool(
self.settings.get("twitcher.ows_proxy_ssl_verify", True))
self.twitcher_protected_path = self.settings.get(
"twitcher.ows_proxy_protected_path", "/ows")
def get_engine(container=None, prefix="sqlalchemy.", **kwargs):
# type: (Optional[AnySettingsContainer], Str, Any) -> Engine
settings = get_settings(container or {})
settings[prefix + "url"] = get_db_url()
settings.setdefault(prefix + "pool_pre_ping", True)
kwargs = kwargs or {}
kwargs["convert_unicode"] = True
return engine_from_config(settings, prefix, **kwargs)
def __init__(self, request):
# type: (Request) -> None
super(MagpieServiceStore, self).__init__(request)
self.settings = get_settings(request)
self.session_factory = request.registry["dbsession_factory"]
self.magpie_url = get_magpie_url(request)
self.twitcher_ssl_verify = asbool(
self.settings.get("twitcher.ows_proxy_ssl_verify", True))
self.magpie_admin_token = get_admin_cookies(self.settings,
self.twitcher_ssl_verify)
def get_auth_config(container):
# type: (AnySettingsContainer) -> Configurator
"""
Generates Magpie application configuration with all utilities required for security and access control.
"""
settings = get_settings(container)
magpie_secret = get_constant("MAGPIE_SECRET",
settings,
settings_name="magpie.secret")
magpie_cookie_expire = get_constant("MAGPIE_COOKIE_EXPIRE",
settings,
settings_name="magpie.cookie_expire",
default_value=None,
raise_missing=False,
raise_not_set=False,
print_missing=True)
magpie_cookie_name = get_constant("MAGPIE_COOKIE_NAME",
settings,
settings_name="magpie.cookie_name",
default_value="auth_tkt",
raise_missing=False,
raise_not_set=False,
print_missing=True)
LOGGER.debug(
"************************************************************")
LOGGER.debug("Secret: %s, Cookie name: %s, Timeout: %s", magpie_secret,
magpie_cookie_name, magpie_cookie_expire)
LOGGER.debug(
"************************************************************")
authn_policy = AuthTktAuthenticationPolicy(
magpie_secret,
cookie_name=magpie_cookie_name,
callback=groupfinder,
# Protect against JavaScript CSRF attacks attempting cookies retrieval
http_only=True,
# Automatically refresh the cookie unless inactivity reached 'timeout'
timeout=magpie_cookie_expire,
reissue_time=int(magpie_cookie_expire) /
10 if magpie_cookie_expire else None,
)
authz_policy = ACLAuthorizationPolicy()
# create configurator or use one defined as input to preserve previous setup/include/etc.
config = Configurator() if not isinstance(container,
Configurator) else container
config.setup_registry(settings=settings,
root_factory=RootFactory,
authentication_policy=authn_policy,
authorization_policy=authz_policy)
return config
def get_auth_config(container):
settings = get_settings(container)
magpie_secret = get_constant('MAGPIE_SECRET',
settings,
settings_name='magpie.secret')
magpie_cookie_expire = get_constant('MAGPIE_COOKIE_EXPIRE',
settings,
settings_name='magpie.cookie_expire',
default_value=None,
raise_missing=False,
raise_not_set=False,
print_missing=True)
magpie_cookie_name = get_constant('MAGPIE_COOKIE_NAME',
settings,
settings_name='magpie.cookie_name',
default_value='auth_tkt',
raise_missing=False,
raise_not_set=False,
print_missing=True)
LOGGER.debug(
'************************************************************')
LOGGER.debug('Secret : {0}, Cookie name : {1}, Timeout : {2}'.format(
magpie_secret, magpie_cookie_name, magpie_cookie_expire))
LOGGER.debug(
'************************************************************')
authn_policy = AuthTktAuthenticationPolicy(
magpie_secret,
cookie_name=magpie_cookie_name,
callback=groupfinder,
# Protect against JavaScript CSRF attacks attempting cookies retrieval
http_only=True,
# Automatically refresh the cookie unless inactivity reached 'timeout'
timeout=magpie_cookie_expire,
reissue_time=int(magpie_cookie_expire) /
10 if magpie_cookie_expire else None,
)
authz_policy = ACLAuthorizationPolicy()
# create configurator or use one defined as input to preserve previous setup/include/etc.
config = Configurator() if not isinstance(container,
Configurator) else container
from magpie import models
config.setup_registry(settings=settings,
root_factory=models.RootFactory,
authentication_policy=authn_policy,
authorization_policy=authz_policy)
return config
def get_constant(constant_name, # type: Str
settings_container=None, # type: Optional[AnySettingsContainer]
settings_name=None, # type: Optional[Str]
default_value=None, # type: Optional[SettingValue]
raise_missing=True, # type: bool
print_missing=False, # type: bool
raise_not_set=True # type: bool
): # type: (...) -> SettingValue
"""
Search in order for matched value of :paramref:`constant_name`:
1. search in :py:data:`MAGPIE_CONSTANTS`
2. search in settings if specified
3. search alternative setting names (see below)
4. search in :mod:`magpie.constants` definitions
5. search in environment variables
Parameter :paramref:`constant_name` is expected to have the format ``MAGPIE_[VARIABLE_NAME]`` although any value can
be passed to retrieve generic settings from all above mentioned search locations.
If :paramref:`settings_name` is provided as alternative name, it is used as is to search for results if
:paramref:`constant_name` was not found. Otherwise, ``magpie.[variable_name]`` is used for additional search when
the format ``MAGPIE_[VARIABLE_NAME]`` was used for :paramref:`constant_name`
(i.e.: ``MAGPIE_ADMIN_USER`` will also search for ``magpie.admin_user`` and so on for corresponding constants).
:param constant_name: key to search for a value
:param settings_container: WSGI application settings container (if not provided, uses found one in current thread)
:param settings_name: alternative name for `settings` if specified
:param default_value: default value to be returned if not found anywhere, and exception raises are disabled.
:param raise_missing: raise exception if key is not found anywhere
:param print_missing: print message if key is not found anywhere, return ``None``
:param raise_not_set: raise an exception if the found key is ``None``, search until last case if others are ``None``
:returns: found value or `default_value`
:raises ValueError: if resulting value is invalid based on options (by default raise missing/``None`` value)
:raises LookupError: if no appropriate value could be found from all search locations (according to options)
"""
from magpie.utils import get_settings, print_log, raise_log # pylint: disable=C0415 # avoid circular import error
if constant_name in MAGPIE_CONSTANTS:
return globals()[constant_name]
missing = True
magpie_value = None
if settings_container:
settings = get_settings(settings_container)
else:
# note: this will work only after include of magpie will have triggered configurator setup
print_log("Using settings from local thread.", level=logging.DEBUG)
settings = get_settings(get_current_registry())
if settings and constant_name in settings: # pylint: disable=E1135
missing = False
magpie_value = settings.get(constant_name)
if magpie_value is not None:
print_log("Constant found in settings with: {}".format(constant_name), level=logging.DEBUG)
return magpie_value
if not settings_name:
settings_name = get_constant_setting_name(constant_name)
print_log("Constant alternate search: {}".format(settings_name), level=logging.DEBUG)
if settings and settings_name and settings_name in settings: # pylint: disable=E1135
missing = False
magpie_value = settings.get(settings_name)
if magpie_value is not None:
print_log("Constant found in settings with: {}".format(settings_name), level=logging.DEBUG)
return magpie_value
magpie_globals = globals()
if constant_name in magpie_globals:
missing = False
magpie_value = magpie_globals.get(constant_name)
if magpie_value is not None:
print_log("Constant found in definitions with: {}".format(constant_name), level=logging.DEBUG)
return magpie_value
if constant_name in os.environ:
missing = False
magpie_value = os.environ.get(constant_name)
if magpie_value is not None:
print_log("Constant found in environment with: {}".format(constant_name), level=logging.DEBUG)
return magpie_value
if not missing and raise_not_set:
raise_log("Constant was found but was not set: {}".format(constant_name),
level=logging.ERROR, exception=ValueError)
if missing and raise_missing:
raise_log("Constant could not be found: {}".format(constant_name),
level=logging.ERROR, exception=LookupError)
if missing and print_missing:
print_log("Constant could not be found: {} (using default: {})"
.format(constant_name, default_value), level=logging.WARN)
return magpie_value or default_value
def get_constant(constant_name, # type: Str
settings_container=None, # type: Optional[AnySettingsContainer]
settings_name=None, # type: Optional[Str]
default_value=None, # type: Optional[SettingValue]
raise_missing=True, # type: bool
print_missing=False, # type: bool
raise_not_set=True # type: bool
): # type: (...) -> SettingValue
"""
Search in order for matched value of ``constant_name``:
1. search in settings if specified
2. search alternative setting names
3. search in ``magpie.constants`` definitions
4. search in environment variables
Parameter ``constant_name`` is expected to have the format ``MAGPIE_[VARIABLE_NAME]`` although any value can
be passed to retrieve generic settings from all above mentioned search locations.
If ``settings_name`` is provided as alternative name, it is used as is to search for results if ``constant_name``
was not found. Otherwise, ``magpie.[variable_name]`` is used for additional search when the format
``MAGPIE_[VARIABLE_NAME]`` was used for ``constant_name``
(ie: ``MAGPIE_ADMIN_USER`` will also search for ``magpie.admin_user`` and so on for corresponding constants).
:param constant_name: key to search for a value
:param settings_container: wsgi app settings container
:param settings_name: alternative name for `settings` if specified
:param default_value: default value to be returned if not found anywhere, and exception raises are disabled.
:param raise_missing: raise exception if key is not found anywhere
:param print_missing: print message if key is not found anywhere, return `None`
:param raise_not_set: raise an exception if the found key is None, search until last case if previous are `None`
:returns: found value or `default_value`
:raises: according message based on options (by default raise missing/`None` value)
"""
from magpie.utils import get_settings, raise_log, print_log
missing = True
magpie_value = None
settings = get_settings(settings_container) if settings_container else None
if settings and constant_name in settings:
missing = False
magpie_value = settings.get(constant_name)
if magpie_value is not None:
print_log("Constant found in settings with: {}".format(constant_name), level=logging.DEBUG)
return magpie_value
if not settings_name and constant_name.startswith("MAGPIE_"):
settings_name = get_constant_setting_name(constant_name)
print_log("Constant alternate search: {}".format(settings_name), level=logging.DEBUG)
if settings and settings_name and settings_name in settings:
missing = False
magpie_value = settings.get(settings_name)
if magpie_value is not None:
print_log("Constant found in settings with: {}".format(settings_name), level=logging.DEBUG)
return magpie_value
magpie_globals = globals()
if constant_name in magpie_globals:
missing = False
magpie_value = magpie_globals.get(constant_name)
if magpie_value is not None:
print_log("Constant found in definitions with: {}".format(constant_name), level=logging.DEBUG)
return magpie_value
if constant_name in os.environ:
missing = False
magpie_value = os.environ.get(constant_name)
if magpie_value is not None:
print_log("Constant found in environment with: {}".format(constant_name), level=logging.DEBUG)
return magpie_value
if not missing and raise_not_set:
raise_log("Constant was found but was not set: {}".format(constant_name),
level=logging.ERROR, exception=ValueError)
if missing and raise_missing:
raise_log("Constant could not be found: {}".format(constant_name),
level=logging.ERROR, exception=LookupError)
if missing and print_missing:
print_log("Constant could not be found: {} (using default: {})"
.format(constant_name, default_value), level=logging.WARN)
return magpie_value or default_value