def email_str(request): authenticator = Authenticator() try: authenticator.validate(request) except AuthenticationException: return authenticator.error_response() return HttpResponse(authenticator.user.email)
def write_key(request): '''write the password used to encrypt funf database files to your PDS''' response = None try: token = request.GET['bearer_token'] scope = "funf_write" scope = AccessRange.objects.get(key="funf_write") authenticator = Authenticator(scope=scope) try: # Validate the request. authenticator.validate(request) except AuthenticationException: # Return an error response. return authenticator.error_response( content="You didn't authenticate.") profile = authenticator.user.get_profile() profile.funf_password = json.loads(request.raw_post_data)['key'] profile.save() response_content = json.dumps({'status': 'success'}) response = HttpResponse(content=response_content) except Exception as ex: print "EXCEPTION:" print ex response = HttpResponseBadRequest('failed to write funf key') return response
def write_key(request): '''write the password used to encrypt funf database files to your PDS''' response = None try: token = request.GET['bearer_token'] scope = "funf_write" print "POST data" scope = AccessRange.objects.get(key="funf_write") authenticator = Authenticator(scope=scope) try: # Validate the request. authenticator.validate(request) except AuthenticationException: # Return an error response. return authenticator.error_response(content="You didn't authenticate.") username = authenticator.user.get_profile().funf_password profile = authenticator.user.get_profile() profile.funf_password = json.loads(request.raw_post_data)['key'] profile.save() response_content = json.dumps({'status':'success'}) response = HttpResponse(content=response_content) except Exception as ex: print "EXCEPTION:" print ex response = HttpResponseBadRequest('failed to write funf key') return response
def last_name_str(request): scope = AccessRange.objects.get(key="last_name") authenticator = Authenticator(scope=scope) try: authenticator.validate(request) except AuthenticationException: return authenticator.error_response() return HttpResponse(authenticator.user.last_name)
def first_and_last_name_str(request): scope = AccessRange.objects.filter(key__in=["first_name", "last_name"]) authenticator = Authenticator(scope=scope) try: authenticator.validate(request) except AuthenticationException: return authenticator.error_response() return HttpResponse(authenticator.user.first_name + " " + authenticator.user.last_name)
def process_request(self, request): authenticator = Authenticator() try: authenticator.validate(request) except AuthenticationException as e: if authenticator.bearer_token or authenticator.auth_type in ['bearer', 'mac']: return authenticator.error_response(content="You didn't authenticate.") else: request.user = OAuth2ProxyUser(authenticator.access_token)
def check(request): """"Page accessed by check script to verify router has token. """ authenticator = Authenticator() try: # Validate the request. authenticator.validate(request) except AuthenticationException: # Return an error response. return authenticator.error_response(content="You didn't authenticate.") username = authenticator.user.email return HttpResponse(content="good token %s" % username)
def storage(request, acct, path=""): # Fast-path for CORS preflight requests if ( request.method == "OPTIONS" and request.META.get("HTTP_ORIGIN") and request.META.get("HTTP_ACCESS_CONTROL_REQUEST_METHOD") ): # Mirror response headers response = HttpResponse("") response["Access-Control-Allow-Origin"] = request.META["HTTP_ORIGIN"] response["Access-Control-Allow-Methods"] = request.META["HTTP_ACCESS_CONTROL_REQUEST_METHOD"] response["Access-Control-Allow-Headers"] = request.META.get("HTTP_ACCESS_CONTROL_REQUEST_HEADERS", "*") return response authenticator = Authenticator() try: authenticator.validate(request) except AuthenticationException: auth_fail = authenticator.error_response( content="OAuth2 authentication failure," ' see "WWW-Authenticate" header for details.' ) else: auth_fail = None # It's also possible to check that acct==user here, # but I'm not sure about how and when it's actually useful # Normalize the path path = "/".join(it.ifilter(None, path.split("/"))) # Check if access to path is authorized for this token category = dirname(path) path_caps, auth_required = caps(request.method) path_caps = list("{}:{}".format(category, cap) for cap in path_caps) log.debug(("(acct: {}, path: {}) required" " cap (any): {}").format(acct, path, ", ".join(path_caps))) if auth_fail: # One special case - "public:r" access, otherwise 401 if auth_required or "public:r" not in path_caps: return auth_fail user = User.objects.get(username=acct) elif not authenticator.scope.filter(key__in=path_caps).exists(): # Authorized clients get 403 instead log.debug( ("(acct: {}, path: {}) access denied," " caps available: {}").format( acct, path, ", ".join(authenticator.scope.values_list("key", flat=True)) ) ) return HttpResponseForbidden( "Access (method: {})" ' to path "{}" is forbidden for this token.'.format(request.method, path) ) else: user = authenticator.user return storage_api(request, StoredObject.objects.user_path(user, path))
def setUp(self): self.authenticator = Authenticator(authentication_method='') class Request(object): pass self.request = Request()
def authenticate_token(request, scope=None, client_id=None): authenticator = Authenticator() try: authenticator.validate(request) except AuthenticationException: return {'error': authenticator.error.message} auth_client_id = AccessToken.objects.get(token=request.REQUEST.get('bearer_token')).client.key auth_scope = [x.scope for x in authenticator.scope] if type(scope) == str: scope = [scope] if not scope == None: if not set(scope).issubset(set(auth_scope)): return {'error':'token not authorized for this scope'} if not client_id == None: if not client_id == auth_client_id: return {'error':'token not authorized for this client_id'} return {'ok': 'success', 'user': authenticator.user, 'scope': auth_scope, 'client_id': auth_client_id}
def attributes(request): authenticator = Authenticator() requested_attributes = request.REQUEST.get('attributes', '').split(',') try: authenticator.validate(request) except AuthenticationException: return authenticator.error_response(content="You didn't authenticate.") scope = authenticator.scope user = authenticator.user response = {} for attribute in requested_attributes: try: a = Attribute.objects.get(attribute=attribute) except Attribute.DoesNotExist: continue if a.scope in scope: try: response[attribute] = eval('user.'+attribute) except: pass return HttpResponse(json.dumps(response))
def get_system_entity_connection(request): response_content = {} try: scope = AccessRange.objects.get(key="system_entity") authenticator = Authenticator(scope=scope) authenticator.validate(request) if scope not in authenticator.scope: raise Exception("Access token is insufficient to get a system entity connection") pdslocationlist = list() for user in User.objects.all(): pdslocationlist.append(user.get_profile().pds_location) response_content['pds_locations']=pdslocationlist response_content['status']="success" except Exception as e: response_content['status']="error" response_content['message']="failed to connect as system entity" logging.debug(e) return HttpResponse(json.dumps(response_content), mimetype="application/json")
def attributes(request): authenticator = Authenticator() requested_attributes = request.REQUEST.get('attributes', '').split(',') try: authenticator.validate(request) except AuthenticationException: return authenticator.error_response(content="You didn't authenticate.") scope = authenticator.scope user = authenticator.user response = {} for attribute in requested_attributes: try: a = Attribute.objects.get(attribute=attribute) except Attribute.DoesNotExist: continue if a.scope in scope: try: response[attribute] = eval('user.' + attribute) except: pass return HttpResponse(json.dumps(response))
def authenticate_token(request): authenticator = Authenticator() try: authenticator.validate(request) except AuthenticationException: return {'error':'authentication error'} return {'ok':'success', 'user':authenticator.user}
def automatic_error_str(request): authenticator = Authenticator() return authenticator.error_response()