def list(self, request, userguid=None, ovs_type=None):
"""
Lists all available Clients where the logged in user has access to
:param request: Raw request
:type request: Request
:param userguid: User guid to filter the clients
:type userguid: str
:param ovs_type: Filter on the Client's ovs_type
:type ovs_type: str
"""
if Toolbox.is_client_in_roles(request.client, ['manage']):
client_list = ClientList.get_clients()
else:
if ovs_type is not None and ovs_type != 'INTERNAL':
client_list = [
client for client in request.client.user.clients
if client.ovs_type == ovs_type
]
else:
client_list = [
client for client in request.client.user.clients
if client.ovs_type != 'INTERNAL'
]
if userguid is not None:
return [
client for client in client_list
if client.user_guid == userguid
]
return client_list
def list(self, request, userguid=None, ovs_type=None):
"""
Lists all available Clients where the logged in user has access to
"""
if Toolbox.is_client_in_roles(request.client, ['manage']):
client_list = ClientList.get_clients()
else:
if ovs_type is not None and ovs_type != 'INTERNAL':
client_list = [client for client in request.client.user.clients if client.ovs_type == ovs_type]
else:
client_list = [client for client in request.client.user.clients if client.ovs_type != 'INTERNAL']
if userguid is not None:
return [client for client in client_list if client.user_guid == userguid]
return client_list
def list(self, request, userguid=None, ovs_type=None):
"""
Lists all available Clients where the logged in user has access to
"""
if Toolbox.is_client_in_roles(request.client, ['manage']):
client_list = ClientList.get_clients()
else:
if ovs_type is not None and ovs_type != 'INTERNAL':
client_list = [client for client in request.client.user.clients if client.ovs_type == ovs_type]
else:
client_list = [client for client in request.client.user.clients if client.ovs_type != 'INTERNAL']
if userguid is not None:
return [client for client in client_list if client.user_guid == userguid]
return client_list
def list(self, request, userguid=None, ovs_type=None):
"""
Lists all available Clients where the logged in user has access to
:param request: Raw request
:type request: Request
:param userguid: User guid to filter the clients
:type userguid: str
:param ovs_type: Filter on the Client's ovs_type
:type ovs_type: str
"""
if Toolbox.is_client_in_roles(request.client, ['manage']):
client_list = ClientList.get_clients()
else:
if ovs_type is not None and ovs_type != 'INTERNAL':
client_list = [client for client in request.client.user.clients if client.ovs_type == ovs_type]
else:
client_list = [client for client in request.client.user.clients if client.ovs_type != 'INTERNAL']
if userguid is not None:
return [client for client in client_list if client.user_guid == userguid]
return client_list
def get(self, request, *args, **kwargs):
"""
Handles token post
"""
_ = args, kwargs
html_endpoint = EtcdConfiguration.get('/ovs/framework/webapps|html_endpoint')
if 'code' not in request.GET:
OAuth2RedirectView._logger.error('Got OAuth2 redirection request without code')
return HttpResponseRedirect, html_endpoint
code = request.GET['code']
if 'state' not in request.GET:
OAuth2RedirectView._logger.error('Got OAuth2 redirection request without state')
return HttpResponseRedirect, html_endpoint
state = request.GET['state']
if 'error' in request.GET:
error = request.GET['error']
description = request.GET['error_description'] if 'error_description' in request.GET else ''
OAuth2RedirectView._logger.error('Error {0} during OAuth2 redirection request: {1}'.format(error, description))
return HttpResponseRedirect, html_endpoint
base_url = EtcdConfiguration.get('/ovs/framework/webapps|oauth2.token_uri')
client_id = EtcdConfiguration.get('/ovs/framework/webapps|oauth2.client_id')
client_secret = EtcdConfiguration.get('/ovs/framework/webapps|oauth2.client_secret')
parameters = {'grant_type': 'authorization_code',
'redirect_url': 'https://{0}/api/oauth2/redirect/'.format(System.get_my_storagerouter().ip),
'client_id': client_id,
'code': code}
url = '{0}?{1}'.format(base_url, urllib.urlencode(parameters))
headers = {'Accept': 'application/json',
'Authorization': 'Basic {0}'.format(base64.b64encode('{0}:{1}'.format(client_id, client_secret)).strip())}
raw_response = requests.post(url=url, headers=headers, verify=False)
response = raw_response.json()
if 'error' in response:
error = response['error']
description = response['error_description'] if 'error_description' in response else ''
OAuth2RedirectView._logger.error('Error {0} during OAuth2 redirection access token: {1}'.format(error, description))
return HttpResponseRedirect, html_endpoint
token = response['access_token']
expires_in = response['expires_in']
clients = ClientList.get_by_types('INTERNAL', 'CLIENT_CREDENTIALS')
client = None
for current_client in clients:
if current_client.user.group.name == 'administrators':
client = current_client
break
if client is None:
OAuth2RedirectView._logger.error('Could not find INTERNAL CLIENT_CREDENTIALS client in administrator group.')
return HttpResponseRedirect, html_endpoint
roles = RoleList.get_roles_by_codes(['read', 'write', 'manage'])
access_token, _ = Toolbox.generate_tokens(client, generate_access=True, scopes=roles)
access_token.expiration = int(time.time() + expires_in)
access_token.access_token = token
access_token.save()
expires = datetime.datetime.now() + datetime.timedelta(minutes=2)
response = HttpResponseRedirect(html_endpoint)
response.set_cookie('state', state, expires=expires, secure=True)
response.set_cookie('accesstoken', token, expires=expires, secure=True)
return response
def get(self, request, *args, **kwargs):
"""
Handles token post
"""
_ = args, kwargs
html_endpoint = Configuration.get(
'/ovs/framework/webapps|html_endpoint')
if 'code' not in request.GET:
OAuth2RedirectView._logger.error(
'Got OAuth2 redirection request without code')
return HttpResponseRedirect(html_endpoint)
code = request.GET['code']
if 'state' not in request.GET:
OAuth2RedirectView._logger.error(
'Got OAuth2 redirection request without state')
return HttpResponseRedirect(html_endpoint)
state = request.GET['state']
if 'error' in request.GET:
error = request.GET['error']
description = request.GET[
'error_description'] if 'error_description' in request.GET else ''
OAuth2RedirectView._logger.error(
'Error {0} during OAuth2 redirection request: {1}'.format(
error, description))
return HttpResponseRedirect(html_endpoint)
base_url = Configuration.get('/ovs/framework/webapps|oauth2.token_uri')
client_id = Configuration.get(
'/ovs/framework/webapps|oauth2.client_id')
client_secret = Configuration.get(
'/ovs/framework/webapps|oauth2.client_secret')
parameters = {
'grant_type':
'authorization_code',
'redirect_url':
'https://{0}/api/oauth2/redirect/'.format(
System.get_my_storagerouter().ip),
'client_id':
client_id,
'code':
code
}
url = '{0}?{1}'.format(base_url, urllib.urlencode(parameters))
headers = {
'Accept':
'application/json',
'Authorization':
'Basic {0}'.format(
base64.b64encode('{0}:{1}'.format(client_id,
client_secret)).strip())
}
raw_response = requests.post(url=url, headers=headers, verify=False)
response = raw_response.json()
if 'error' in response:
error = response['error']
description = response[
'error_description'] if 'error_description' in response else ''
OAuth2RedirectView._logger.error(
'Error {0} during OAuth2 redirection access token: {1}'.format(
error, description))
return HttpResponseRedirect(html_endpoint)
token = response['access_token']
expires_in = response['expires_in']
clients = ClientList.get_by_types('INTERNAL', 'CLIENT_CREDENTIALS')
client = None
for current_client in clients:
if current_client.user.group.name == 'administrators':
client = current_client
break
if client is None:
OAuth2RedirectView._logger.error(
'Could not find INTERNAL CLIENT_CREDENTIALS client in administrator group.'
)
return HttpResponseRedirect(html_endpoint)
roles = RoleList.get_roles_by_codes(['read', 'write', 'manage'])
access_token, _ = Toolbox.generate_tokens(client,
generate_access=True,
scopes=roles)
access_token.expiration = int(time.time() + expires_in)
access_token.access_token = token
access_token.save()
expires = datetime.datetime.now() + datetime.timedelta(minutes=2)
response = HttpResponseRedirect(html_endpoint)
response.set_cookie('state', state, expires=expires, secure=True)
response.set_cookie('accesstoken', token, expires=expires, secure=True)
return response