Revision 244c552b snf-app/synnefo/api/middleware.py
b/snf-app/synnefo/api/middleware.py | ||
---|---|---|
1 |
from django.http import HttpResponse |
|
2 |
from synnefo.db.models import SynnefoUser |
|
3 |
from django.utils.cache import patch_vary_headers |
|
4 |
import time |
|
1 |
# Copyright 2012 GRNET S.A. All rights reserved. |
|
2 |
# |
|
3 |
# Redistribution and use in source and binary forms, with or |
|
4 |
# without modification, are permitted provided that the following |
|
5 |
# conditions are met: |
|
6 |
# |
|
7 |
# 1. Redistributions of source code must retain the above |
|
8 |
# copyright notice, this list of conditions and the following |
|
9 |
# disclaimer. |
|
10 |
# |
|
11 |
# 2. Redistributions in binary form must reproduce the above |
|
12 |
# copyright notice, this list of conditions and the following |
|
13 |
# disclaimer in the documentation and/or other materials |
|
14 |
# provided with the distribution. |
|
15 |
# |
|
16 |
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS |
|
17 |
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
18 |
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
19 |
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR |
|
20 |
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
21 |
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|
22 |
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
|
23 |
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
|
24 |
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
25 |
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
|
26 |
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
27 |
# POSSIBILITY OF SUCH DAMAGE. |
|
28 |
# |
|
29 |
# The views and conclusions contained in the software and |
|
30 |
# documentation are those of the authors and should not be |
|
31 |
# interpreted as representing official policies, either expressed |
|
32 |
# or implied, of GRNET S.A. |
|
5 | 33 |
|
6 |
class ApiAuthMiddleware(object):
|
|
34 |
from django.utils.cache import patch_vary_headers
|
|
7 | 35 |
|
8 |
auth_token = "X-Auth-Token" |
|
9 |
auth_user = "X-Auth-User" |
|
10 |
auth_key = "X-Auth-Key" |
|
11 | 36 |
|
37 |
class ApiAuthMiddleware(object): |
|
12 | 38 |
def process_request(self, request): |
13 |
if not request.path.startswith('/api/') : |
|
14 |
return |
|
15 |
|
|
16 |
token = None |
|
17 |
|
|
18 |
# Try to find token in a cookie |
|
19 |
token = request.COOKIES.get('X-Auth-Token', None) |
|
20 |
|
|
21 |
# Try to find token in request header |
|
22 |
if not token: |
|
23 |
token = request.META.get('HTTP_X_AUTH_TOKEN', None) |
|
24 |
|
|
25 |
if token: |
|
26 |
user = None |
|
27 |
# Retrieve user from DB or other caching mechanism |
|
28 |
try: |
|
29 |
user = SynnefoUser.objects.get(auth_token=token) |
|
30 |
except SynnefoUser.DoesNotExist: |
|
31 |
user = None |
|
32 |
|
|
33 |
# Check user's auth token |
|
34 |
if user and (time.time() - |
|
35 |
time.mktime(user.auth_token_expires.timetuple())) > 0: |
|
36 |
# The user's token has expired, re-login |
|
37 |
user = None |
|
38 |
|
|
39 |
request.user = user |
|
40 |
return |
|
41 |
|
|
42 |
# A Rackspace API authentication request |
|
43 |
if self.auth_user in request.META and \ |
|
44 |
self.auth_key in request.META and \ |
|
45 |
'GET' == request.method: |
|
46 |
# This is here merely for compatibility with the Openstack API. |
|
47 |
# All normal users should authenticate through Shibboleth. Admin |
|
48 |
# users or other selected users could use this as a bypass |
|
49 |
# mechanism |
|
50 |
user = SynnefoUser.objects\ |
|
51 |
.filter(name = request.META[self.auth_user]) \ |
|
52 |
.filter(uniq = request.META[self.auth_key]) |
|
53 |
|
|
54 |
response = HttpResponse() |
|
55 |
if user.count() <= 0: |
|
56 |
response.status_code = 401 |
|
57 |
else: |
|
58 |
response.status_code = 204 |
|
59 |
response['X-Auth-Token'] = user[0].auth_token |
|
60 |
# TODO: set the following fields when we do have this info |
|
61 |
response['X-Server-Management-Url'] = "" |
|
62 |
response['X-Storage-Url'] = "" |
|
63 |
response['X-CDN-Management-Url'] = "" |
|
64 |
return response |
|
65 |
|
|
66 | 39 |
request.user = None |
67 | 40 |
|
68 | 41 |
def process_response(self, request, response): |
... | ... | |
70 | 43 |
# based on X-Auth-Token, to avoid caching of results |
71 | 44 |
patch_vary_headers(response, ('X-Auth-Token',)) |
72 | 45 |
return response |
73 |
|
Also available in: Unified diff