Revision 5ae33f6c snf-pithos-app/pithos/api/util.py
b/snf-pithos-app/pithos/api/util.py | ||
---|---|---|
1120 | 1120 |
return decorator |
1121 | 1121 |
|
1122 | 1122 |
|
1123 |
def request_oa2_token(request, client, client_credentials, redirect_uri, |
|
1124 |
**kwargs): |
|
1125 |
""" |
|
1126 |
:raises: AstakosClientException, ValueError |
|
1127 |
""" |
|
1128 |
data = client.get_token('authorization_code', *client_credentials, |
|
1129 |
redirect_uri=redirect_uri, **kwargs) |
|
1130 |
params = {'access_token': data.get('access_token', '')} |
|
1131 |
return HttpResponseRedirect('%s?%s' % (redirect_uri, |
|
1132 |
urlencode(params))) |
|
1133 |
|
|
1134 |
|
|
1135 | 1123 |
def view_method(): |
1136 | 1124 |
"""Decorator function for views.""" |
1137 | 1125 |
|
1138 | 1126 |
def decorator(func): |
1139 | 1127 |
@wraps(func) |
1140 | 1128 |
def wrapper(request, *args, **kwargs): |
1129 |
if request.method != 'GET': |
|
1130 |
return HttpResponseNotAllowed(['GET']) |
|
1131 |
|
|
1141 | 1132 |
try: |
1142 | 1133 |
access_token = request.GET.get('access_token') |
1143 | 1134 |
requested_resource = request.path.split(VIEW_PREFIX, 2)[-1] |
... | ... | |
1145 | 1136 |
retry=2, use_pool=True, |
1146 | 1137 |
logger=logger) |
1147 | 1138 |
if access_token is not None: |
1148 |
# authenticate using the temporary access token
|
|
1139 |
# authenticate using the short-term access token
|
|
1149 | 1140 |
request.user = astakos.validate_token(access_token, |
1150 | 1141 |
requested_resource) |
1151 | 1142 |
request.user_uniq = request.user["access"]["user"]["id"] |
1152 | 1143 |
|
1153 |
response = func(request, *args, **kwargs) |
|
1144 |
_func = api_method(token_required=False, |
|
1145 |
user_required=False)(func) |
|
1146 |
response = _func(request, *args, **kwargs) |
|
1154 | 1147 |
if response.status_code == 404: |
1155 | 1148 |
raise Http404 |
1156 | 1149 |
elif response.status_code in [401, 403]: |
... | ... | |
1161 | 1154 |
# TODO: check if client credentials are not set |
1162 | 1155 |
authorization_code = request.GET.get('code') |
1163 | 1156 |
if authorization_code is None: |
1157 |
# request authorization code |
|
1164 | 1158 |
params = {'response_type': 'code', |
1165 | 1159 |
'client_id': client_id, |
1166 | 1160 |
'redirect_uri': |
1167 | 1161 |
request.build_absolute_uri(request.path), |
1168 |
'scope': request.path.split(VIEW_PREFIX, 2)[-1], |
|
1169 |
'state': '' # TODO include state for security |
|
1170 |
} |
|
1162 |
'state': '', # TODO include state for security |
|
1163 |
'scope': request.path.split(VIEW_PREFIX, 2)[-1]} |
|
1171 | 1164 |
return HttpResponseRedirect('%s?%s' % |
1172 | 1165 |
(astakos.api_oa2_auth, |
1173 | 1166 |
urlencode(params))) |
1174 | 1167 |
else: |
1168 |
# request short-term access code |
|
1175 | 1169 |
redirect_uri = join_urls(BASE_HOST, request.path) |
1176 |
return request_oa2_token(request, |
|
1177 |
astakos, |
|
1178 |
OA2_CLIENT_CREDENTIALS, |
|
1170 |
data = astakos.get_token('authorization_code', |
|
1171 |
*OA2_CLIENT_CREDENTIALS, |
|
1179 | 1172 |
redirect_uri=redirect_uri, |
1180 | 1173 |
scope=requested_resource, |
1181 | 1174 |
code=authorization_code) |
1182 |
except AstakosClientException: |
|
1175 |
params = {'access_token': data.get('access_token', '')} |
|
1176 |
return HttpResponseRedirect('%s?%s' % (redirect_uri, |
|
1177 |
urlencode(params))) |
|
1178 |
except AstakosClientException, err: |
|
1179 |
logger.exception(err) |
|
1183 | 1180 |
raise PermissionDenied |
1184 | 1181 |
return wrapper |
1185 | 1182 |
return decorator |
Also available in: Unified diff