def osf_storage_create_folder(payload, node_addon, **kwargs): path = payload.get('path') user = User.from_cookie(payload.get('cookie', '')) if not path or not user: raise HTTPError(httplib.BAD_REQUEST) split = path.strip('/').split('/') child = split.pop(-1) if not child: raise HTTPError(httplib.BAD_REQUEST) if split: parent = model.OsfStorageFileNode.get(split[0], node_addon) else: parent = node_addon.root_node try: folder = parent.append_folder(child) except KeyExistsException: folder = parent.find_child_by_name(child, kind='folder') if not folder.is_deleted: raise HTTPError(httplib.CONFLICT, data={ 'message': 'Cannot create folder "{name}" because a file or folder already exists at path "{path}"'.format( name=folder.name, path=folder.materialized_path(), ) }) folder.undelete(Auth(user), recurse=False) folder.log(Auth(user), NodeLog.FOLDER_CREATED) return folder.serialized(), httplib.CREATED
def get_auth(auth, **kwargs): cas_resp = None if not auth.user: # Central Authentication Server OAuth Bearer Token authorization = request.headers.get('Authorization') if authorization and authorization.startswith('Bearer '): client = cas.get_client() try: access_token = cas.parse_auth_header(authorization) cas_resp = client.profile(access_token) except cas.CasError as err: sentry.log_exception() # NOTE: We assume that the request is an AJAX request return json_renderer(err) if cas_resp.authenticated: auth.user = User.load(cas_resp.user) if not auth.user: auth.user = User.from_cookie(request.args.get('cookie')) try: action = request.args['action'] node_id = request.args['nid'] provider_name = request.args['provider'] except KeyError: raise HTTPError(httplib.BAD_REQUEST) node = Node.load(node_id) if not node: raise HTTPError(httplib.NOT_FOUND) check_access(node, auth, action, cas_resp) provider_settings = node.get_addon(provider_name) if not provider_settings: raise HTTPError(httplib.BAD_REQUEST) try: credentials = provider_settings.serialize_waterbutler_credentials() settings = provider_settings.serialize_waterbutler_settings() except exceptions.AddonError: log_exception() raise HTTPError(httplib.BAD_REQUEST) return { 'auth': make_auth(auth.user), # A waterbutler auth dict not an Auth object 'credentials': credentials, 'settings': settings, 'callback_url': node.api_url_for( ('create_waterbutler_log' if not node.is_registration else 'registration_callbacks'), _absolute=True, ), }
def get_auth(**kwargs): try: action = request.args['action'] node_id = request.args['nid'] provider_name = request.args['provider'] except KeyError: raise HTTPError(httplib.BAD_REQUEST) cookie = request.args.get('cookie') view_only = request.args.get('view_only') if 'auth_user_id' in session.data: user = User.load(session.data['auth_user_id']) elif cookie: user = User.from_cookie(cookie) else: user = None node = Node.load(node_id) if not node: raise HTTPError(httplib.NOT_FOUND) check_access(node, user, action, key=view_only) provider_settings = node.get_addon(provider_name) if not provider_settings: raise HTTPError(httplib.BAD_REQUEST) try: credentials = provider_settings.serialize_waterbutler_credentials() settings = provider_settings.serialize_waterbutler_settings() except exceptions.AddonError: log_exception() raise HTTPError(httplib.BAD_REQUEST) return { 'auth': make_auth(user), 'credentials': credentials, 'settings': settings, 'callback_url': node.api_url_for( ('create_waterbutler_log' if not node.is_registration else 'registration_callbacks'), _absolute=True, ), }
def osf_storage_create_folder(payload, node_addon, **kwargs): path = payload.get('path') user = User.from_cookie(payload.get('cookie', '')) if not path or not user: raise HTTPError(httplib.BAD_REQUEST) split = path.strip('/').split('/') child = split.pop(-1) if not child: raise HTTPError(httplib.BAD_REQUEST) if split: parent = model.OsfStorageFileNode.get(split[0], node_addon) else: parent = node_addon.root_node try: folder = parent.append_folder(child) except KeyExistsException: folder = parent.find_child_by_name(child, kind='folder') if not folder.is_deleted: raise HTTPError( httplib.CONFLICT, data={ 'message': 'Cannot create folder "{name}" because a file or folder already exists at path "{path}"' .format( name=folder.name, path=folder.materialized_path(), ) }) folder.undelete(Auth(user), recurse=False) folder.log(Auth(user), NodeLog.FOLDER_CREATED) return folder.serialized(), httplib.CREATED
def get_auth(auth, **kwargs): cas_resp = None if not auth.user: # Central Authentication Server OAuth Bearer Token authorization = request.headers.get('Authorization') if authorization and authorization.startswith('Bearer '): client = cas.get_client() try: access_token = cas.parse_auth_header(authorization) cas_resp = client.profile(access_token) except cas.CasError as err: sentry.log_exception() # NOTE: We assume that the request is an AJAX request return json_renderer(err) if cas_resp.authenticated: auth.user = User.load(cas_resp.user) try: data = jwt.decode( jwe.decrypt(request.args.get('payload', '').encode('utf-8'), WATERBUTLER_JWE_KEY), settings.WATERBUTLER_JWT_SECRET, options={'require_exp': True}, algorithm=settings.WATERBUTLER_JWT_ALGORITHM )['data'] except (jwt.InvalidTokenError, KeyError): raise HTTPError(httplib.FORBIDDEN) if not auth.user: auth.user = User.from_cookie(data.get('cookie', '')) try: action = data['action'] node_id = data['nid'] provider_name = data['provider'] except KeyError: raise HTTPError(httplib.BAD_REQUEST) node = Node.load(node_id) if not node: raise HTTPError(httplib.NOT_FOUND) check_access(node, auth, action, cas_resp) provider_settings = node.get_addon(provider_name) if not provider_settings: raise HTTPError(httplib.BAD_REQUEST) try: credentials = provider_settings.serialize_waterbutler_credentials() waterbutler_settings = provider_settings.serialize_waterbutler_settings() except exceptions.AddonError: log_exception() raise HTTPError(httplib.BAD_REQUEST) return {'payload': jwe.encrypt(jwt.encode({ 'exp': datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.WATERBUTLER_JWT_EXPIRATION), 'data': { 'auth': make_auth(auth.user), # A waterbutler auth dict not an Auth object 'credentials': credentials, 'settings': waterbutler_settings, 'callback_url': node.api_url_for( ('create_waterbutler_log' if not node.is_registration else 'registration_callbacks'), _absolute=True, ), } }, settings.WATERBUTLER_JWT_SECRET, algorithm=settings.WATERBUTLER_JWT_ALGORITHM), WATERBUTLER_JWE_KEY)}
def get_auth(auth, **kwargs): cas_resp = None if not auth.user: # Central Authentication Server OAuth Bearer Token authorization = request.headers.get('Authorization') if authorization and authorization.startswith('Bearer '): client = cas.get_client() try: access_token = cas.parse_auth_header(authorization) cas_resp = client.profile(access_token) except cas.CasError as err: sentry.log_exception() # NOTE: We assume that the request is an AJAX request return json_renderer(err) if cas_resp.authenticated: auth.user = User.load(cas_resp.user) try: data = jwt.decode(jwe.decrypt( request.args.get('payload', '').encode('utf-8'), WATERBUTLER_JWE_KEY), settings.WATERBUTLER_JWT_SECRET, options={'require_exp': True}, algorithm=settings.WATERBUTLER_JWT_ALGORITHM)['data'] except (jwt.InvalidTokenError, KeyError): raise HTTPError(httplib.FORBIDDEN) if not auth.user: auth.user = User.from_cookie(data.get('cookie', '')) try: action = data['action'] node_id = data['nid'] provider_name = data['provider'] except KeyError: raise HTTPError(httplib.BAD_REQUEST) node = Node.load(node_id) if not node: raise HTTPError(httplib.NOT_FOUND) check_access(node, auth, action, cas_resp) provider_settings = node.get_addon(provider_name) if not provider_settings: raise HTTPError(httplib.BAD_REQUEST) try: credentials = provider_settings.serialize_waterbutler_credentials() waterbutler_settings = provider_settings.serialize_waterbutler_settings( ) except exceptions.AddonError: log_exception() raise HTTPError(httplib.BAD_REQUEST) return { 'payload': jwe.encrypt( jwt.encode( { 'exp': datetime.datetime.utcnow() + datetime.timedelta( seconds=settings.WATERBUTLER_JWT_EXPIRATION), 'data': { 'auth': make_auth( auth.user ), # A waterbutler auth dict not an Auth object 'credentials': credentials, 'settings': waterbutler_settings, 'callback_url': node.api_url_for( ('create_waterbutler_log' if not node.is_registration else 'registration_callbacks'), _absolute=True, ), } }, settings.WATERBUTLER_JWT_SECRET, algorithm=settings.WATERBUTLER_JWT_ALGORITHM), WATERBUTLER_JWE_KEY) }
def get_auth(auth, **kwargs): cas_resp = None if not auth.user: # Central Authentication Server OAuth Bearer Token authorization = request.headers.get("Authorization") if authorization and authorization.startswith("Bearer "): client = cas.get_client() try: access_token = cas.parse_auth_header(authorization) cas_resp = client.profile(access_token) except cas.CasError as err: sentry.log_exception() # NOTE: We assume that the request is an AJAX request return json_renderer(err) if cas_resp.authenticated: auth.user = User.load(cas_resp.user) try: data = jwt.decode( jwe.decrypt(request.args.get("payload", "").encode("utf-8"), WATERBUTLER_JWE_KEY), settings.WATERBUTLER_JWT_SECRET, options={"require_exp": True}, algorithm=settings.WATERBUTLER_JWT_ALGORITHM, )["data"] except (jwt.InvalidTokenError, KeyError): raise HTTPError(httplib.FORBIDDEN) if not auth.user: auth.user = User.from_cookie(data.get("cookie", "")) try: action = data["action"] node_id = data["nid"] provider_name = data["provider"] except KeyError: raise HTTPError(httplib.BAD_REQUEST) node = Node.load(node_id) if not node: raise HTTPError(httplib.NOT_FOUND) check_access(node, auth, action, cas_resp) provider_settings = node.get_addon(provider_name) if not provider_settings: raise HTTPError(httplib.BAD_REQUEST) try: credentials = provider_settings.serialize_waterbutler_credentials() waterbutler_settings = provider_settings.serialize_waterbutler_settings() except exceptions.AddonError: log_exception() raise HTTPError(httplib.BAD_REQUEST) return { "payload": jwe.encrypt( jwt.encode( { "exp": datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.WATERBUTLER_JWT_EXPIRATION), "data": { "auth": make_auth(auth.user), # A waterbutler auth dict not an Auth object "credentials": credentials, "settings": waterbutler_settings, "callback_url": node.api_url_for( ("create_waterbutler_log" if not node.is_registration else "registration_callbacks"), _absolute=True, ), }, }, settings.WATERBUTLER_JWT_SECRET, algorithm=settings.WATERBUTLER_JWT_ALGORITHM, ), WATERBUTLER_JWE_KEY, ) }