示例#1
0
文件: __init__.py 项目: dimagi/carehq
    def authenticate(self, request):
        if not 'HTTP_AUTHORIZATION' in request.META:
            return False

        if not python_digest.is_digest_credential(request.META['HTTP_AUTHORIZATION']):
            return False

        digest_response = python_digest.parse_digest_credentials(
            request.META['HTTP_AUTHORIZATION'])

        if not digest_response:
            _l.debug('authentication failure: supplied digest credentials could not be ' \
                         'parsed: "%s".' % request.META['HTTP_AUTHORIZATION'])
            return False
        
        if not digest_response.realm == self.realm:
            _l.debug('authentication failure: supplied realm "%s" does not match ' \
                         'configured realm "%s".' % ( digest_response.realm, self.realm))
            return False

        if not python_digest.validate_nonce(digest_response.nonce, self.secret_key):
            _l.debug('authentication failure: nonce validation failed.')
            return False

        partial_digest = self._account_storage.get_partial_digest(digest_response.username)
        if not partial_digest:
            _l.debug('authentication failure: no partial digest available for user "%s".' \
                         % digest_response.username)
            return False

        calculated_request_digest = python_digest.calculate_request_digest(
            method=request.method, digest_response=digest_response,
            partial_digest=partial_digest)
        if not calculated_request_digest == digest_response.response:
            _l.debug('authentication failure: supplied request digest does not match ' \
                         'calculated request digest.')
            return False

        if not python_digest.validate_uri(digest_response.uri, request.path):
            _l.debug('authentication failure: digest authentication uri value "%s" does not ' \
                         'match value "%s" from HTTP request line.' % (digest_response.uri,
                                                                       request.path))
            return False

        user = self._account_storage.get_user(digest_response.username)

        if not self._update_existing_nonce(user, digest_response.nonce, digest_response.nc):
            if (python_digest.get_nonce_timestamp(digest_response.nonce) + self.timeout <
                time.time()):
                _l.debug('authentication failure: attempt to establish a new session with ' \
                             'a stale nonce.')
                return False

            if not self._store_nonce(user, digest_response.nonce, digest_response.nc):
                _l.debug('authentication failure: attempt to establish a previously used ' \
                             'or nonce count.')
                return False

        request.user = user
        return True
示例#2
0
文件: views.py 项目: XemaCobra/Cycles
def hello_with_digest_auth(request):
    auth = request.META.get('HTTP_AUTHORIZATION', None)
    if auth is None:
        return _digest_unauthenticated(request)
        
    try:
        method, data = auth.split(' ', 1)
        if 'digest' != method.lower():
            return _digest_unauthenticated(request)
    except:
        raise
        return _digest_unauthenticated(request)
    
    digest_response = python_digest.parse_digest_credentials(auth)
    expected = python_digest.calculate_request_digest(
        request.method,
        python_digest.calculate_partial_digest(digest_response.username, 'DEV', '12345'),
        digest_response)

    if digest_response.response != expected:
        return _digest_unauthenticated(request)

    return HttpResponse('Hello World')



    
    
示例#3
0
    def is_authenticated(self, request, **kwargs):
        """
        Finds the user and checks their API key.

        Should return either ``True`` if allowed, ``False`` if not or an
        ``HttpResponse`` if you need something custom.
        """
        if not request.META.get('HTTP_AUTHORIZATION'):
            return self._unauthorized()

        try:
            (auth_type,
             data) = request.META['HTTP_AUTHORIZATION'].split(' ', 1)

            if auth_type.lower() != 'digest':
                return self._unauthorized()
        except:
            return self._unauthorized()

        digest_response = python_digest.parse_digest_credentials(
            request.META['HTTP_AUTHORIZATION'])

        # FIXME: Should the nonce be per-user?
        if not python_digest.validate_nonce(
                digest_response.nonce, getattr(settings, 'SECRET_KEY', '')):
            return self._unauthorized()

        user = self.get_user(digest_response.username)
        api_key = self.get_key(user)

        if user is False or api_key is False:
            return self._unauthorized()

        expected = python_digest.calculate_request_digest(
            request.method,
            python_digest.calculate_partial_digest(digest_response.username,
                                                   self.realm, api_key),
            digest_response)

        if not digest_response.response == expected:
            return self._unauthorized()

        if not self.check_active(user):
            return False

        request.user = user
        return True
    def is_authenticated(self, request, **kwargs):
        """
        Finds the user and checks their API key.

        Should return either ``True`` if allowed, ``False`` if not or an
        ``HttpResponse`` if you need something custom.
        """
        if not request.META.get('HTTP_AUTHORIZATION'):
            return self._unauthorized()

        try:
            (auth_type, data) = request.META['HTTP_AUTHORIZATION'].split(
                ' ', 1)

            if auth_type.lower() != 'digest':
                return self._unauthorized()
        except:
            return self._unauthorized()

        digest_response = python_digest.parse_digest_credentials(
            request.META['HTTP_AUTHORIZATION'])

        # FIXME: Should the nonce be per-user?
        if not python_digest.validate_nonce(
                digest_response.nonce, getattr(settings, 'SECRET_KEY', '')):
            return self._unauthorized()

        user = self.get_user(digest_response.username)
        api_key = self.get_key(user)

        if user is False or api_key is False:
            return self._unauthorized()

        expected = python_digest.calculate_request_digest(
            request.method,
            python_digest.calculate_partial_digest(digest_response.username,
                                                   self.realm, api_key),
            digest_response)

        if not digest_response.response == expected:
            return self._unauthorized()

        if not self.check_active(user):
            return False

        request.user = user
        return True
    def is_authenticated(self, request, **kwargs):
        """
        Finds the user and checks their API key.

        Should return either ``True`` if allowed, ``False`` if not or an
        ``HttpResponse`` if you need something custom.
        """
        try:
            self.get_authorization_data(request)
        except ValueError:
            return self._unauthorized()

        digest_response = python_digest.parse_digest_credentials(request.META["HTTP_AUTHORIZATION"])

        # FIXME: Should the nonce be per-user?
        if not python_digest.validate_nonce(digest_response.nonce, settings.SECRET_KEY):
            return self._unauthorized()

        user = self.get_user(digest_response.username)
        api_key = self.get_key(user)

        if user is False or api_key is False:
            return self._unauthorized()

        expected = python_digest.calculate_request_digest(
            request.method,
            python_digest.calculate_partial_digest(digest_response.username, self.realm, api_key),
            digest_response,
        )

        if not digest_response.response == expected:
            return self._unauthorized()

        if not self.check_active(user):
            return False

        request.user = user
        return True
示例#6
0
def hello_with_digest_auth(request):
    auth = request.META.get('HTTP_AUTHORIZATION', None)
    if auth is None:
        return _digest_unauthenticated(request)

    try:
        method, data = auth.split(' ', 1)
        if 'digest' != method.lower():
            return _digest_unauthenticated(request)
    except:
        raise
        return _digest_unauthenticated(request)

    digest_response = python_digest.parse_digest_credentials(auth)
    expected = python_digest.calculate_request_digest(
        request.method,
        python_digest.calculate_partial_digest(digest_response.username, 'DEV',
                                               '12345'), digest_response)

    if digest_response.response != expected:
        return _digest_unauthenticated(request)

    return HttpResponse('Hello World')
示例#7
0
    def authenticate(self, request):
        if not 'HTTP_AUTHORIZATION' in request.META:
            return False

        if not python_digest.is_digest_credential(request.META['HTTP_AUTHORIZATION']):
            return False

        try:
            unicode(request.META['HTTP_AUTHORIZATION'], 'utf-8')
        except UnicodeDecodeError:
            return False

        digest_response = python_digest.parse_digest_credentials(
            request.META['HTTP_AUTHORIZATION'])

        if not digest_response:
            _l.debug('authentication failure: supplied digest credentials could not be ' \
                         'parsed: "%s".' % request.META['HTTP_AUTHORIZATION'])
            return False

        if not digest_response.realm == self.realm:
            _l.debug('authentication failure: supplied realm "%s" does not match ' \
                         'configured realm "%s".' % ( digest_response.realm, self.realm))
            return False

        if not python_digest.validate_nonce(digest_response.nonce, self.secret_key):
            _l.debug('authentication failure: nonce validation failed.')
            return False

        partial_digest = self._account_storage.get_partial_digest(digest_response.username)
        if not partial_digest:
            _l.debug('authentication failure: no partial digest available for user "%s".' \
                         % digest_response.username)
            return False

        calculated_request_digest = python_digest.calculate_request_digest(
            method=request.method, digest_response=digest_response,
            partial_digest=partial_digest)
        if not calculated_request_digest == digest_response.response:
            _l.debug('authentication failure: supplied request digest does not match ' \
                         'calculated request digest.')
            if self.failure_callback:
                self.failure_callback(request, digest_response.username)
            return False

        if not python_digest.validate_uri(digest_response.uri, request.path):
            _l.debug('authentication failure: digest authentication uri value "%s" does not ' \
                         'match value "%s" from HTTP request line.' % (digest_response.uri,
                                                                       request.path))
            return False

        user = self._account_storage.get_user(digest_response.username)

        if not self._update_existing_nonce(user, digest_response.nonce, digest_response.nc):
            if (python_digest.get_nonce_timestamp(digest_response.nonce) + self.timeout <
                time.time()):
                _l.debug('authentication failure: attempt to establish a new session with ' \
                             'a stale nonce.')
                return False

            if not self._store_nonce(user, digest_response.nonce, digest_response.nc):
                _l.debug('authentication failure: attempt to establish a previously used ' \
                             'or nonce count.')
                return False

        request.user = user
        return True
示例#8
0
    def authenticate(self, request):
        """
        Base authentication method, all checks here
        """
        if not request.headers.get('authorization'):
            return False
        if not python_digest.is_digest_credential(
                request.headers.get('authorization')):
            return False
        digest_response = python_digest.parse_digest_credentials(
            request.headers.get('authorization'))
        if not digest_response:
            log.debug('authentication failure: supplied digest credentials'
                      ' could not be parsed: "%s".'
                      % request.headers.get('authorization'))
            return False

        if not digest_response.username:
            return False

        if not digest_response.realm == self.realm:
            log.debug('authentication failure: supplied realm "%s"'
                      'does not match configured realm "%s".'
                      % (digest_response.realm, self.realm))
            return False

        if not python_digest.validate_nonce(
                digest_response.nonce, self.secret_key):
            log.debug('authentication failure: nonce validation failed.')
            return False
        partial_digest = self._account_storage.get_partial_digest(
            digest_response.username)

        if not partial_digest:
            log.debug('authentication failure: no partial digest available'
                      ' for user "%s".' % digest_response.username)
            return False

        calculated_request_digest = python_digest.calculate_request_digest(
            method=request.method, digest_response=digest_response,
            partial_digest=partial_digest)

        if not calculated_request_digest == digest_response.response:
            log.debug('authentication failure: supplied request digest'
                      'does not match calculated request digest.')
            return False

        if not python_digest.validate_uri(
                digest_response.uri, urllib.parse.unquote(request.path)):
            log.debug('authentication failure: digest authentication uri value'
                      '"%s" does not match value "%s" from HTTP'
                      'request line.' % (digest_response.uri, request.path))
            return False

        if not self._account_storage.is_admin(digest_response.username):
            log.debug('authentication failure: user not in operator admin.')
            return False

        if hasattr(request,'session') and request.session.data.nonce != digest_response.nonce:
            if (int(python_digest.get_nonce_timestamp(digest_response.nonce))
                    + self.timeout < time.time()):
                log.debug('authentication failure: attempt to establish'
                          ' a new session with a stale nonce.')
                return False
            if not self._store_nonce(digest_response.nonce, request):
                log.debug('authentication failure: attempt to establish'
                          ' a previously used or nonce count.')
                return False
        request.user = self._account_storage.get_by_login(
            digest_response.username)
        return True
示例#9
0
 def calculate_request_digest(self, request, digest_response, username, api_key):
     return python_digest.calculate_request_digest(
         request.method,
         python_digest.calculate_partial_digest(username, self.realm, api_key),
         digest_response)