def GET(self):
"""
HTTP Success:
200 OK
HTTP Error:
401 Unauthorized
:param QUERY_STRING: the URL query string itself
:returns: "Rucio-Auth-Token" as a variable-length string header.
"""
header('Access-Control-Allow-Origin', ctx.env.get('HTTP_ORIGIN'))
header('Access-Control-Allow-Headers',
ctx.env.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
header('Access-Control-Allow-Methods', '*')
header('Access-Control-Allow-Credentials', 'true')
# interaction with web browser - display response in html format
header('Content-Type', 'text/html')
header('Cache-Control',
'no-cache, no-store, max-age=0, must-revalidate')
header('Cache-Control', 'post-check=0, pre-check=0', False)
header('Pragma', 'no-cache')
query_string = ctx.env.get('QUERY_STRING')
try:
fetchtoken = ctx.env.get('HTTP_X_RUCIO_CLIENT_FETCH_TOKEN')
fetchtoken = (fetchtoken == 'True')
result = redirect_auth_oidc(query_string, fetchtoken)
except AccessDenied:
render = template.render(
join(dirname(__file__), '../auth_templates/'))
return render.auth_crash('contact')
except RucioException:
render = template.render(
join(dirname(__file__), '../auth_templates/'))
return render.auth_crash('internal_error')
except Exception:
print(format_exc())
render = template.render(
join(dirname(__file__), '../auth_templates/'))
return render.auth_crash('internal_error')
if not result:
render = template.render(
join(dirname(__file__), '../auth_templates/'))
return render.auth_crash('no_token')
if fetchtoken:
# this is only a case of returning the final token to the Rucio Client polling
# or requesting token after copy-pasting the Rucio code from the web page page
header('Content-Type', 'application/octet-stream')
header('X-Rucio-Auth-Token', result)
return str()
else:
raise seeother(result)
def get(self):
"""
.. :quickref: OIDC;
:status 200: OK
:status 303: Redirect
:status 401: Unauthorized
:resheader X-Rucio-Auth-Token: The authentication token
"""
headers = self.get_headers()
# interaction with web browser - display response in html format
headers.set('Content-Type', 'text/html')
headers.set('Cache-Control',
'no-cache, no-store, max-age=0, must-revalidate')
headers.add('Cache-Control', 'post-check=0, pre-check=0')
headers.set('Pragma', 'no-cache')
try:
fetchtoken = (request.headers.get('X-Rucio-Client-Fetch-Token',
default=None) == 'True')
query_string = request.query_string.decode(encoding='utf-8')
result = redirect_auth_oidc(query_string, fetchtoken)
except AccessDenied:
headers.extend(
error_headers(
CannotAuthenticate.__name__,
'Cannot authorize your access, please check your access credentials'
))
return render_template('auth_crash.html',
crashtype='contact'), 401, headers
except Exception as error:
logging.exception("Internal Error")
headers.extend(
error_headers(error.__class__.__name__, str(error.args[0])))
return render_template('auth_crash.html',
crashtype='internal_error'), 500, headers
if not result:
headers.extend(
error_headers(
CannotAuthenticate.__name__,
'Cannot finalize your token request, no authorization content returned from the auth server'
))
return render_template('auth_crash.html',
crashtype='no_result'), 401, headers
if fetchtoken:
# this is only a case of returning the final token to the Rucio Client polling
# or requesting token after copy-pasting the Rucio code from the web page page
headers.set('Content-Type', 'application/octet-stream')
headers.set('X-Rucio-Auth-Token', result)
return '', 200, headers
else:
response = redirect(result, code=303)
response.headers.extend(headers)
return response
