← Back to branch summary

~larry-e-works/uci-engine/write-exitcode-to-file

« back to all changes in this revision

Viewing changes to nf-stats-service/nfss/auth.py

  • Committer: Thomi Richards
  • Date: 2014-06-27 20:02:44 UTC
  • mto: (629.2.9 nfss)
  • mto: This revision was merged to the branch mainline in revision 636.
  • Revision ID: thomi.richards@canonical.com-20140627200244-zi7dwxnyw38ypr2f
Initial version.

Show diffs side-by-side

added added

removed removed

Lines of Context:
nf-stats-service/nfss/auth.py
 
1
#!/usr/bin/env python3
 
2
# Ubuntu CI Engine
 
3
# Copyright 2014 Canonical Ltd.
 
4
#
 
5
# This program is free software: you can redistribute it and/or modify it
 
6
# under the terms of the GNU Affero General Public License version 3, as
 
7
# published by the Free Software Foundation.
 
8
#
 
9
# This program is distributed in the hope that it will be useful, but
 
10
# WITHOUT ANY WARRANTY; without even the implied warranties of
 
11
# MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
 
12
# PURPOSE.  See the GNU Affero General Public License for more details.
 
13
#
 
14
# You should have received a copy of the GNU Affero General Public License
 
15
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
16
 
 
17
from oauthlib.oauth1 import RequestValidator, WebApplicationServer
 
18
from pyramid.httpexceptions import HTTPForbidden
 
19
import functools
 
20
 
 
21
from nfss import database
 
22
 
 
23
 
 
24
class NFSSRequestValidator(RequestValidator):
 
25
 
 
26
    def __init__(self, database_connection):
 
27
        super().__init__()
 
28
        self._database = database_connection
 
29
 
 
30
    @property
 
31
    def enforce_ssl(self):
 
32
        return False
 
33
 
 
34
    @property
 
35
    def dummy_client(self):
 
36
        return "dummy-client-access-token"
 
37
 
 
38
    def validate_client_key(self, client_key, request):
 
39
        return database.get_auth_client_key_exists(self._database, client_key)
 
40
 
 
41
    def validate_access_token(self, client_key, resource_owner_key, request):
 
42
        return database.get_auth_resource_owner_key_for_client_key(
 
43
            self._database,
 
44
            client_key
 
45
        )
 
46
 
 
47
    def validate_timestamp_and_nonce(self, client_key, timestamp, nonce,
 
48
                                     request, request_token=None,
 
49
                                     access_token=None):
 
50
        token = request_token or access_token
 
51
        if not database.get_auth_nonce_already_used(
 
52
            self._database,
 
53
            client_key,
 
54
            timestamp,
 
55
            nonce,
 
56
            token
 
57
        ):
 
58
            database.store_nonce(
 
59
                self._database,
 
60
                client_key,
 
61
                timestamp,
 
62
                nonce,
 
63
                token
 
64
            )
 
65
            return True
 
66
        return False
 
67
 
 
68
    def validate_realms(self, client_key, token, request, uri=None,
 
69
                        realms=None):
 
70
        # Realms are used so we can split the app into several sections with
 
71
        # different authentications in each. We're not using realms, so we
 
72
        # just return True straight away:
 
73
        return True
 
74
 
 
75
    def get_client_secret(self, client_key, request):
 
76
        # We don't use the client secret, so this will always return the
 
77
        # empty string.
 
78
        return ''
 
79
 
 
80
    def get_access_token_secret(self, client_key, owner_key, request):
 
81
        return database.get_auth_resource_owner_secret_for_client_key(
 
82
            self._database,
 
83
            client_key
 
84
        )
 
85
 
 
86
 
 
87
def oauth_protected(realms=None):
 
88
    def wrapper(f):
 
89
        @functools.wraps(f)
 
90
        def verify_oauth(request, *args, **kwargs):
 
91
            provider = WebApplicationServer(
 
92
                NFSSRequestValidator(
 
93
                    request.database()
 
94
                )
 
95
            )
 
96
            v, r = provider.validate_protected_resource_request(
 
97
                request.url,
 
98
                http_method=request.method,
 
99
                body=request.body,
 
100
                headers=request.headers,
 
101
                realms=realms or []
 
102
            )
 
103
            if v:
 
104
                return f(request, r, *args, **kwargs)
 
105
            else:
 
106
                raise HTTPForbidden()
 
107
        return verify_oauth
 
108
    return wrapper