def not_found(self): """Called if no URL matches.""" resp = NotFound() return resp(self.environ, self.start_response)
def application(self, environ, start_response): """ :param environ: The HTTP application environment :param start_response: The application to run when the handling of the request is done :return: The response as a list of lines """ path = environ.get('PATH_INFO', '').lstrip('/') response_encoder = ResponseEncoder(environ=environ, start_response=start_response) parameters = parse_qs(environ["QUERY_STRING"]) session_info = { "addr": get_client_address(environ), 'cookie': environ.get("HTTP_COOKIE", ''), 'path': path, 'parameters': parameters } jlog = JLog(LOGGER, session_info['addr']) jlog.info(session_info) if path == "robots.txt": return static(environ, start_response, "static/robots.txt") if path.startswith("static/"): return static(environ, start_response, path) elif path.startswith("tar/"): return static(environ, start_response, path) elif path.startswith("log"): return display_log(path, environ, start_response, lookup=LOOKUP) elif path.startswith('clear/'): return clear_log(path, environ, start_response, lookup=LOOKUP) elif path.startswith('mktar/'): return make_tar(path, environ, start_response, lookup=LOOKUP) elif path.startswith("_static/"): return static(environ, start_response, path) elif path.startswith("jwks.json"): try: mode, endpoint = extract_mode(self.op_args["baseurl"]) events = Events() events.store('Init', '===========================================') op, path, jlog.id = self.op_setup(environ, mode, events, self.test_conf, endpoint) jwks = op.generate_jwks(mode) resp = Response(jwks, headers=[('Content-Type', 'application/json')]) return resp(environ, start_response) except KeyError: # Try to load from static file return static(environ, start_response, "static/jwks.json") events = Events() events.store('Init', '===========================================') if path == "test_list": return rp_test_list(environ, start_response) elif path == "": return registration(environ, start_response) elif path == "generate_client_credentials": client_id, client_secret = generate_static_client_credentials( parameters) return response_encoder.return_json( json.dumps({"client_id": client_id, "client_secret": client_secret})) elif path == "3rd_party_init_login": return rp_support_3rd_party_init_login(environ, start_response) # path should be <oper_id>/<test_id>/<endpoint> try: mode = parse_path(path) except ValueError: resp = BadRequest('Illegal path') return resp(environ, start_response) try: endpoint = mode['endpoint'] except KeyError: _info = {'error': 'No endpoint', 'mode': mode} events.store(EV_FAULT, _info) jlog.error(_info) resp = BadRequest('Illegal path') return resp(environ, start_response) if endpoint == ".well-known/webfinger": session_info['endpoint'] = endpoint try: _p = urlparse(parameters["resource"][0]) except KeyError: events.store(EV_FAULT, FailedOperation('webfinger', 'No resource defined')) jlog.error({'reason': 'No resource defined'}) resp = ServiceError("No resource defined") return resp(environ, start_response) if _p.scheme in ["http", "https"]: events.store(EV_REQUEST, Operation(name='webfinger', type='url', path=_p.path)) mode = parse_path(_p.path) elif _p.scheme == "acct": _l, _ = _p.path.split('@') _a = _l.split('.') if len(_a) == 2: _oper_id = _a[0] _test_id = _a[1] elif len(_a) > 2: _oper_id = ".".join(_a[:-1]) _test_id = _a[-1] else: _oper_id = _a[0] _test_id = 'default' mode.update({'oper_id': _oper_id, 'test_id': _test_id}) events.store(EV_REQUEST, Operation(name='webfinger', type='acct', oper_id=_oper_id, test_id=_test_id)) else: _msg = "Unknown scheme: {}".format(_p.scheme) events.events(EV_FAULT, FailedOperation('webfinger', _msg)) jlog.error({'reason': _msg}) resp = ServiceError(_msg) return resp(environ, start_response) elif endpoint == "claim": authz = environ["HTTP_AUTHORIZATION"] _ev = Operation('claim') try: assert authz.startswith("Bearer") except AssertionError: resp = BadRequest() else: _ev.authz = authz events.store(EV_REQUEST, _ev) tok = authz[7:] # mode, endpoint = extract_mode(self.op_args["baseurl"]) _op, _, sid = self.op_setup(environ, mode, events, self.test_conf, endpoint) try: _claims = _op.claim_access_token[tok] except KeyError: resp = BadRequest() else: del _op.claim_access_token[tok] _info = Message(**_claims) jwt_key = _op.keyjar.get_signing_key() resp = Response(_info.to_jwt(key=jwt_key, algorithm="RS256"), content='application/jwt') return resp(environ, start_response) if mode: session_info.update(mode) jlog.id = mode['oper_id'] try: _op, path, jlog.id = self.op_setup(environ, mode, events, self.test_conf, endpoint) except UnknownTestID as err: resp = BadRequest('Unknown test ID: {}'.format(err.args[0])) return resp(environ, start_response) session_info["op"] = _op session_info["path"] = path session_info['test_conf'] = self.test_conf[session_info['test_id']] for regex, callback in URLS: match = re.search(regex, endpoint) if match is not None: _op = HTTPRequest(endpoint=endpoint, method=environ["REQUEST_METHOD"]) try: _op.authz = environ["HTTP_AUTHORIZATION"] except KeyError: pass events.store(EV_HTTP_REQUEST, _op) try: environ['oic.url_args'] = match.groups()[0] except IndexError: environ['oic.url_args'] = endpoint jlog.info({'callback': callback.__name__}) try: return callback(environ, start_response, session_info, events, op_arg=self.op_args, jlog=jlog) except Exception as err: print("%s" % err) message = traceback.format_exception(*sys.exc_info()) print(message) events.store(EV_EXCEPTION, err) LOGGER.exception("%s" % err) resp = ServiceError("%s" % err) return resp(environ, start_response) LOGGER.debug("unknown page: '{}'".format(endpoint)) events.store(EV_FAULT, 'No such page: {}'.format(endpoint)) resp = NotFound("Couldn't find the side you asked for!") return resp(environ, start_response)
def resource_set_registration_endpoint_(self, entity, path, method, client_id, body="", if_match="", **kwargs): """ The endpoint at which the resource server handles resource sets descriptions. :param entity: The entity that controls the resource set :param path: :param method: HTTP method :param body: The resource set registration message :paran client_id: Which client I'm talking to :param if_match: The HTTP If-Match header if any :param kwargs: possible other arguments :returns: A Response instance """ # path should be /resource_set/{rsid} or /resource_set # Path may or may not start with '/' if path.startswith("/"): assert path[1:].startswith(RSR_PATH) rsid = path[PLEN + 1:] else: assert path.startswith(RSR_PATH) rsid = path[PLEN:] if rsid.startswith("/"): rsid = rsid[1:] _user = safe_name(entity, client_id) logger.debug("handling resource set belonging to '%s'" % _user) # self.resource_set.set_collection(_user) if method == "POST": # create args = {"oid": _user, "data": body} func = self.resource_set.create elif method == "PUT": # update args = { "oid": _user, "data": body, "rsid": rsid, # "if_match": if_match } func = self.resource_set.update elif method == "GET": args = {"oid": _user} if not rsid: # List func = self.resource_set.list else: # Read func = self.resource_set.read args["rsid"] = rsid elif method == "DELETE": args = {"rsid": rsid, "oid": _user} func = self.resource_set.delete else: return BadRequest("Message error") logger.debug("operation: %s" % func) logger.debug("operation args: %s" % (args, )) try: body = func(**args) except MessageException as err: _err = ErrorResponse(error="invalid_request", error_description=str(err)) response = BadRequest(_err.to_json(), content="application/json") except UnknownObject: _err = ErrorResponse(error="not_found") response = NotFound(_err.to_json(), content="application/json") else: response = None if isinstance(body, ErrorResponse): pass else: if func == self.resource_set.delete: # As a side effect all permissions assigned that references # this resource set should be deleted self.permit.delete_permit_by_resource_id(entity, rsid) response = NoContent() elif func == self.resource_set.create: _etag = self.resource_set.etag[body["_id"]] response = Created(body.to_json(), content="application/json", headers=[("ETag", _etag), ("Location", "/{}/{}".format( RSR_PATH, body["_id"]))]) elif func == self.resource_set.update: _etag = self.resource_set.etag[body["_id"]] response = NoContent(content="application/json", headers=[("ETag", _etag)]) elif func == self.resource_set.list: response = Response(json.dumps(body)) if not response: response = Response(body.to_json(), content="application/json") return response
resp = None try: func = AUTHZSRV.service(prepath) except Exception, err: pass else: if func: try: resp = wrap(func, prepath, get_args(environ)) except Exception, err: resp = ServiceError("%s" % err) if isinstance(resp, Response): pass else: resp = NotFound(path) return resp(environ, start_response, **argv) # ----------------------------------------------------------------------------- AUTHZ = Implicit("PERMISSION") CDB = {} PASSWD = { "alice": "krall", "hans": "thetake", "user": "******", "https://sp.example.org/": "code" }
def application(environ, start_response): """ :param environ: The HTTP application environment :param start_response: The application to run when the handling of the request is done :return: The response as a list of lines """ global OAS session = environ['beaker.session'] path = environ.get('PATH_INFO', '').lstrip('/') response_encoder = ResponseEncoder(environ=environ, start_response=start_response) parameters = parse_qs(environ["QUERY_STRING"]) if path == "robots.txt": return static(environ, start_response, "static/robots.txt") if path.startswith("static/"): return static(environ, start_response, path) elif path.startswith("log"): return display_log(environ, start_response) elif path.startswith("_static/"): return static(environ, start_response, path) trace = Trace() if path == "test_list": return rp_test_list(environ, start_response) elif path == "": return registration(environ, start_response) elif path == "generate_client_credentials": client_id, client_secret = generate_static_client_credentials(parameters) return response_encoder.return_json( json.dumps({"client_id": client_id, "client_secret": client_secret})) elif path == "claim": _oas = session["op"] authz = environ["HTTP_AUTHORIZATION"] try: assert authz.startswith("Bearer") except AssertionError: resp = BadRequest() else: tok = authz[7:] try: _claims = _oas.claim_access_token[tok] except KeyError: resp = BadRequest() else: del _oas.claim_access_token[tok] resp = Response(json.dumps(_claims), content='application/json') return resp(environ, start_response) mode, endpoint = extract_mode(path) if endpoint == ".well-known/webfinger": _p = urlparse(parameters["resource"][0]) if _p.scheme in ["http", "https"]: mode = {"test_id": _p.path[1:]} elif _p.scheme == "acct": _l, _ = _p.path.split('@') mode = {"test_id": _l} else: resp = ServiceError("Unknown scheme: {}".format(_p.scheme)) return resp(environ, start_response) if mode: session["test_id"] = mode["test_id"] if "op" not in session: session["op"] = setup_op(mode, COM_ARGS, OP_ARG) session["mode_path"] = mode2path(mode) else: # may be a new mode _path = mode2path(mode) if session["mode_path"] != _path: session["op"] = setup_op(mode, COM_ARGS, OP_ARG) session["mode_path"] = _path for regex, callback in URLS: match = re.search(regex, endpoint) if match is not None: trace.request("PATH: %s" % endpoint) trace.request("METHOD: %s" % environ["REQUEST_METHOD"]) try: trace.request( "HTTP_AUTHORIZATION: %s" % environ["HTTP_AUTHORIZATION"]) except KeyError: pass try: environ['oic.url_args'] = match.groups()[0] except IndexError: environ['oic.url_args'] = endpoint LOGGER.info("callback: %s" % callback) try: return callback(environ, start_response, session, trace) except Exception as err: print >> sys.stderr, "%s" % err message = traceback.format_exception(*sys.exc_info()) print >> sys.stderr, message LOGGER.exception("%s" % err) resp = ServiceError("%s" % err) return resp(environ, start_response) LOGGER.debug("unknown side: %s" % endpoint) resp = NotFound("Couldn't find the side you asked for!") return resp(environ, start_response)