示例#1
0
def inbound(request):
    """Authenticate from a cookie or an API key in basic auth.
    """
    user = None
    if 'Authorization' in request.headers:
        header = request.headers['authorization']
        if header.startswith('Basic '):
            creds = header[len('Basic '):].decode('base64')
            token, ignored = creds.split(':')
            user = User.from_api_key(token)

            # We don't require CSRF if they basically authenticated.
            csrf_token = csrf._get_new_csrf_key()
            request.headers.cookie['csrf_token'] = csrf_token
            request.headers['X-CSRF-TOKEN'] = csrf_token
            if 'Referer' not in request.headers:
                request.headers['Referer'] = \
                                        'https://%s/' % csrf._get_host(request)
    elif 'session' in request.headers.cookie:
        token = request.headers.cookie['session'].value
        user = User.from_session_token(token)

    if user is None:
        user = User()
    request.context['user'] = user
示例#2
0
def inbound(request):
    """Authenticate from a cookie or an API key in basic auth.
    """
    user = None
    if 'Authorization' in request.headers:
        header = request.headers['authorization']
        if header.startswith('Basic '):
            creds = header[len('Basic '):].decode('base64')
            token, ignored = creds.split(':')
            user = User.from_api_key(token)

            # We don't require CSRF if they basically authenticated.
            csrf_token = csrf._get_new_csrf_key()
            request.headers.cookie['csrf_token'] = csrf_token
            request.headers['X-CSRF-TOKEN'] = csrf_token
            if 'Referer' not in request.headers:
                request.headers['Referer'] = \
                                        'https://%s/' % csrf._get_host(request)
    elif 'session' in request.headers.cookie:
        token = request.headers.cookie['session'].value
        user = User.from_session_token(token)

    if user is None:
        user = User()
    request.context['user'] = user
示例#3
0
def inbound(request):
    """Authenticate from a cookie or an API key in basic auth.
    """
    user = None
    if request.line.uri.startswith("/assets/"):
        pass
    elif "Authorization" in request.headers:
        header = request.headers["authorization"]
        if header.startswith("Basic "):
            creds = header[len("Basic ") :].decode("base64")
            token, ignored = creds.split(":")
            user = User.from_api_key(token)

            # We don't require CSRF if they basically authenticated.
            csrf_token = csrf._get_new_csrf_key()
            request.headers.cookie["csrf_token"] = csrf_token
            request.headers["X-CSRF-TOKEN"] = csrf_token
            if "Referer" not in request.headers:
                request.headers["Referer"] = "https://%s/" % csrf._get_host(request)
    elif "session" in request.headers.cookie:
        token = request.headers.cookie["session"].value
        user = User.from_session_token(token)

    request.context["user"] = user or User()
示例#4
0
 def test_user_can_be_loaded_from_api_key(self):
     alice = self.make_participant('alice')
     api_key = alice.recreate_api_key()
     actual = User.from_api_key(api_key).participant.username
     assert actual == 'alice'
示例#5
0
 def test_user_from_None_api_key_is_anonymous(self):
     self.make_participant('alice')
     self.make_participant('bob')
     user = User.from_api_key(None)
     assert user.ANON
示例#6
0
 def test_user_from_bad_api_key_is_anonymous(self):
     user = User.from_api_key('deadbeef')
     assert user.ANON