def GET(self): """ HTTP Success: 200 OK HTTP Error: 401 Unauthorized :param QUERY_STRING: the URL query string itself :returns: "Rucio-Auth-Token" as a variable-length string header. """ header('Access-Control-Allow-Origin', ctx.env.get('HTTP_ORIGIN')) header('Access-Control-Allow-Headers', ctx.env.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')) header('Access-Control-Allow-Methods', '*') header('Access-Control-Allow-Credentials', 'true') # interaction with web browser - display response in html format header('Content-Type', 'text/html') header('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate') header('Cache-Control', 'post-check=0, pre-check=0', False) header('Pragma', 'no-cache') query_string = ctx.env.get('QUERY_STRING') try: fetchtoken = ctx.env.get('HTTP_X_RUCIO_CLIENT_FETCH_TOKEN') fetchtoken = (fetchtoken == 'True') result = redirect_auth_oidc(query_string, fetchtoken) except AccessDenied: render = template.render( join(dirname(__file__), '../auth_templates/')) return render.auth_crash('contact') except RucioException: render = template.render( join(dirname(__file__), '../auth_templates/')) return render.auth_crash('internal_error') except Exception: print(format_exc()) render = template.render( join(dirname(__file__), '../auth_templates/')) return render.auth_crash('internal_error') if not result: render = template.render( join(dirname(__file__), '../auth_templates/')) return render.auth_crash('no_token') if fetchtoken: # this is only a case of returning the final token to the Rucio Client polling # or requesting token after copy-pasting the Rucio code from the web page page header('Content-Type', 'application/octet-stream') header('X-Rucio-Auth-Token', result) return str() else: raise seeother(result)
def get(self): """ .. :quickref: OIDC; :status 200: OK :status 303: Redirect :status 401: Unauthorized :resheader X-Rucio-Auth-Token: The authentication token """ headers = self.get_headers() # interaction with web browser - display response in html format headers.set('Content-Type', 'text/html') headers.set('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate') headers.add('Cache-Control', 'post-check=0, pre-check=0') headers.set('Pragma', 'no-cache') try: fetchtoken = (request.headers.get('X-Rucio-Client-Fetch-Token', default=None) == 'True') query_string = request.query_string.decode(encoding='utf-8') result = redirect_auth_oidc(query_string, fetchtoken) except AccessDenied: headers.extend( error_headers( CannotAuthenticate.__name__, 'Cannot authorize your access, please check your access credentials' )) return render_template('auth_crash.html', crashtype='contact'), 401, headers except Exception as error: logging.exception("Internal Error") headers.extend( error_headers(error.__class__.__name__, str(error.args[0]))) return render_template('auth_crash.html', crashtype='internal_error'), 500, headers if not result: headers.extend( error_headers( CannotAuthenticate.__name__, 'Cannot finalize your token request, no authorization content returned from the auth server' )) return render_template('auth_crash.html', crashtype='no_result'), 401, headers if fetchtoken: # this is only a case of returning the final token to the Rucio Client polling # or requesting token after copy-pasting the Rucio code from the web page page headers.set('Content-Type', 'application/octet-stream') headers.set('X-Rucio-Auth-Token', result) return '', 200, headers else: response = redirect(result, code=303) response.headers.extend(headers) return response