def is_authenticated(self, request): if not request.external_auth_info: return False req_headers = request_headers(request) macaroon_bakery = _get_bakery(request) auth_checker = macaroon_bakery.checker.auth( httpbakery.extract_macaroons(req_headers)) try: auth_info = auth_checker.allow( checkers.AuthContext(), [bakery.LOGIN_OP]) except (bakery.DischargeRequiredError, bakery.PermissionDenied): return False # set the user in the request so that it's considered authenticated. If # a user is not found with the username from the identity, it's # created. user, created = User.objects.get_or_create( username=auth_info.identity.id(), defaults={'is_superuser': True}) # Only check the user with IDM again if it wasn't just created if not created and not validate_user_external_auth(user): return False request.user = user return True
def is_authenticated(self, request): if not request.external_auth_info: return False req_headers = request_headers(request) macaroon_bakery = _get_bakery(request) auth_checker = macaroon_bakery.checker.auth( httpbakery.extract_macaroons(req_headers)) try: auth_info = auth_checker.allow(checkers.AuthContext(), [bakery.LOGIN_OP]) except (bakery.DischargeRequiredError, bakery.PermissionDenied): return False # set the user in the request so that it's considered authenticated. If # a user is not found with the username from the identity, it's # created. username = auth_info.identity.id() try: user = User.objects.get(username=username) if user.userprofile.is_local: return False except User.DoesNotExist: user = User(username=username) user.save() if not validate_user_external_auth(user, request.external_auth_info): return False request.user = user return True
def __call__(self, request): if not request.external_auth_info: return HttpResponseNotFound('Not found') macaroon_bakery = _get_bakery(request) req_headers = request_headers(request) auth_checker = macaroon_bakery.checker.auth( httpbakery.extract_macaroons(req_headers)) try: auth_info = auth_checker.allow( checkers.AuthContext(), [bakery.LOGIN_OP]) except bakery.DischargeRequiredError as err: return _authorization_request( macaroon_bakery, derr=err, req_headers=req_headers) except bakery.VerificationError: return _authorization_request( macaroon_bakery, req_headers=req_headers, auth_endpoint=request.external_auth_info.url, auth_domain=request.external_auth_info.domain) except bakery.PermissionDenied: return HttpResponseForbidden() user = authenticate(request, identity=auth_info.identity) if user is None: # macaroon authentication can return None if the user exists but # doesn't have permission to log in return HttpResponseForbidden('User login not allowed') login( request, user, backend='maasserver.macaroon_auth.MacaroonAuthorizationBackend') return JsonResponse( {attr: getattr(user, attr) for attr in ('id', 'username', 'is_superuser')})
def __call__(self, request): if not request.external_auth_info: return HttpResponseNotFound('Not found') macaroon_bakery = _get_bakery(request) req_headers = request_headers(request) auth_checker = macaroon_bakery.checker.auth( httpbakery.extract_macaroons(req_headers)) try: auth_info = auth_checker.allow( checkers.AuthContext(), [bakery.LOGIN_OP]) except bakery.DischargeRequiredError as err: return _authorization_request( macaroon_bakery, derr=err, req_headers=req_headers) except bakery.VerificationError: return _authorization_request( macaroon_bakery, req_headers=req_headers, auth_endpoint=request.external_auth_info.url) except bakery.PermissionDenied: return HttpResponseForbidden() # a user is always returned since the authentication middleware creates # one if not found user = authenticate(request, identity=auth_info.identity) login( request, user, backend='maasserver.macaroon_auth.MacaroonAuthorizationBackend') return JsonResponse({'id': user.id, 'username': user.username})
def __call__(self, request): auth_endpoint = Config.objects.get_config('external_auth_url') if not auth_endpoint: return HttpResponseNotFound('Not found') macaroon_bakery = self._setup_bakery(auth_endpoint, request) req_headers = request_headers(request) auth_checker = macaroon_bakery.checker.auth( httpbakery.extract_macaroons(req_headers)) try: auth_info = auth_checker.allow( checkers.AuthContext(), [bakery.LOGIN_OP]) except bakery.DischargeRequiredError as err: return self._authorization_request( request, req_headers, macaroon_bakery, err) except bakery.PermissionDenied: return HttpResponseForbidden() # a user is always returned since the authentication middleware creates # one if not found user = authenticate(request, identity=auth_info.identity) backend = ( 'maasserver.views.macaroon_auth.MacaroonAuthenticationBackend') login(request, user, backend=backend) return JsonResponse({'id': user.id, 'username': user.username})
def test_non_http_headers_ignored(self): request = HttpRequest() request.META.update({ "HTTP_HOST": "www.example.com", "SERVER_NAME": "myserver" }) self.assertEqual(views.request_headers(request), {"host": "www.example.com"})
def test_non_http_headers_ignored(self): request = HttpRequest() request.META.update({ 'HTTP_HOST': 'www.example.com', 'SERVER_NAME': 'myserver' }) self.assertEqual(views.request_headers(request), {'host': 'www.example.com'})
def test_headers(self): request = HttpRequest() request.META.update({ 'HTTP_HOST': 'www.example.com', 'HTTP_CONTENT_TYPE': 'text/plain' }) self.assertEqual(views.request_headers(request), { 'host': 'www.example.com', 'content-type': 'text/plain' })
def test_headers(self): request = HttpRequest() request.META.update({ "HTTP_HOST": "www.example.com", "HTTP_CONTENT_TYPE": "text/plain" }) self.assertEqual( views.request_headers(request), { "host": "www.example.com", "content-type": "text/plain" }, )
def test_case_insensitive(self): request = HttpRequest() request.META["HTTP_CONTENT_TYPE"] = "text/plain" headers = views.request_headers(request) self.assertEqual(headers["Content-type"], "text/plain")
def test_case_insensitive(self): request = HttpRequest() request.META['HTTP_CONTENT_TYPE'] = 'text/plain' headers = views.request_headers(request) self.assertEqual(headers['Content-type'], 'text/plain')