Revision 5ae33f6c snf-pithos-app/pithos/api/util.py
| b/snf-pithos-app/pithos/api/util.py | ||
|---|---|---|
| 1120 | 1120 |
return decorator |
| 1121 | 1121 |
|
| 1122 | 1122 |
|
| 1123 |
def request_oa2_token(request, client, client_credentials, redirect_uri, |
|
| 1124 |
**kwargs): |
|
| 1125 |
""" |
|
| 1126 |
:raises: AstakosClientException, ValueError |
|
| 1127 |
""" |
|
| 1128 |
data = client.get_token('authorization_code', *client_credentials,
|
|
| 1129 |
redirect_uri=redirect_uri, **kwargs) |
|
| 1130 |
params = {'access_token': data.get('access_token', '')}
|
|
| 1131 |
return HttpResponseRedirect('%s?%s' % (redirect_uri,
|
|
| 1132 |
urlencode(params))) |
|
| 1133 |
|
|
| 1134 |
|
|
| 1135 | 1123 |
def view_method(): |
| 1136 | 1124 |
"""Decorator function for views.""" |
| 1137 | 1125 |
|
| 1138 | 1126 |
def decorator(func): |
| 1139 | 1127 |
@wraps(func) |
| 1140 | 1128 |
def wrapper(request, *args, **kwargs): |
| 1129 |
if request.method != 'GET': |
|
| 1130 |
return HttpResponseNotAllowed(['GET']) |
|
| 1131 |
|
|
| 1141 | 1132 |
try: |
| 1142 | 1133 |
access_token = request.GET.get('access_token')
|
| 1143 | 1134 |
requested_resource = request.path.split(VIEW_PREFIX, 2)[-1] |
| ... | ... | |
| 1145 | 1136 |
retry=2, use_pool=True, |
| 1146 | 1137 |
logger=logger) |
| 1147 | 1138 |
if access_token is not None: |
| 1148 |
# authenticate using the temporary access token
|
|
| 1139 |
# authenticate using the short-term access token
|
|
| 1149 | 1140 |
request.user = astakos.validate_token(access_token, |
| 1150 | 1141 |
requested_resource) |
| 1151 | 1142 |
request.user_uniq = request.user["access"]["user"]["id"] |
| 1152 | 1143 |
|
| 1153 |
response = func(request, *args, **kwargs) |
|
| 1144 |
_func = api_method(token_required=False, |
|
| 1145 |
user_required=False)(func) |
|
| 1146 |
response = _func(request, *args, **kwargs) |
|
| 1154 | 1147 |
if response.status_code == 404: |
| 1155 | 1148 |
raise Http404 |
| 1156 | 1149 |
elif response.status_code in [401, 403]: |
| ... | ... | |
| 1161 | 1154 |
# TODO: check if client credentials are not set |
| 1162 | 1155 |
authorization_code = request.GET.get('code')
|
| 1163 | 1156 |
if authorization_code is None: |
| 1157 |
# request authorization code |
|
| 1164 | 1158 |
params = {'response_type': 'code',
|
| 1165 | 1159 |
'client_id': client_id, |
| 1166 | 1160 |
'redirect_uri': |
| 1167 | 1161 |
request.build_absolute_uri(request.path), |
| 1168 |
'scope': request.path.split(VIEW_PREFIX, 2)[-1], |
|
| 1169 |
'state': '' # TODO include state for security |
|
| 1170 |
} |
|
| 1162 |
'state': '', # TODO include state for security |
|
| 1163 |
'scope': request.path.split(VIEW_PREFIX, 2)[-1]} |
|
| 1171 | 1164 |
return HttpResponseRedirect('%s?%s' %
|
| 1172 | 1165 |
(astakos.api_oa2_auth, |
| 1173 | 1166 |
urlencode(params))) |
| 1174 | 1167 |
else: |
| 1168 |
# request short-term access code |
|
| 1175 | 1169 |
redirect_uri = join_urls(BASE_HOST, request.path) |
| 1176 |
return request_oa2_token(request, |
|
| 1177 |
astakos, |
|
| 1178 |
OA2_CLIENT_CREDENTIALS, |
|
| 1170 |
data = astakos.get_token('authorization_code',
|
|
| 1171 |
*OA2_CLIENT_CREDENTIALS, |
|
| 1179 | 1172 |
redirect_uri=redirect_uri, |
| 1180 | 1173 |
scope=requested_resource, |
| 1181 | 1174 |
code=authorization_code) |
| 1182 |
except AstakosClientException: |
|
| 1175 |
params = {'access_token': data.get('access_token', '')}
|
|
| 1176 |
return HttpResponseRedirect('%s?%s' % (redirect_uri,
|
|
| 1177 |
urlencode(params))) |
|
| 1178 |
except AstakosClientException, err: |
|
| 1179 |
logger.exception(err) |
|
| 1183 | 1180 |
raise PermissionDenied |
| 1184 | 1181 |
return wrapper |
| 1185 | 1182 |
return decorator |
Also available in: Unified diff