Synnefo

# Copyright 2011-2012 GRNET S.A. All rights reserved.

# 

# Redistribution and use in source and binary forms, with or

# without modification, are permitted provided that the following

# conditions are met:

# 

#   1. Redistributions of source code must retain the above

#      copyright notice, this list of conditions and the following

#      disclaimer.

# 

#   2. Redistributions in binary form must reproduce the above

#      copyright notice, this list of conditions and the following

#      disclaimer in the documentation and/or other materials

#      provided with the distribution.

# 

# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS

# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR

# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF

# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN

# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

# POSSIBILITY OF SUCH DAMAGE.

# 

# The views and conclusions contained in the software and

# documentation are those of the authors and should not be

# interpreted as representing official policies, either expressed

# or implied, of GRNET S.A.

from time import time, mktime

from urlparse import urlparse

from urllib import quote, unquote

from django.conf import settings

from django.utils import simplejson as json

from synnefo.lib.pool.http import get_http_connection

def authenticate(token, authentication_url='http://127.0.0.1:8000/im/authenticate'):

    p = urlparse(authentication_url)

    kwargs = {}

    kwargs['headers'] = {}

    kwargs['headers']['X-Auth-Token'] = token

    kwargs['headers']['Content-Length'] = 0

    conn = get_http_connection(p.netloc, p.scheme)

    try:

        conn.request('GET', p.path, **kwargs)

        response = conn.getresponse()

        headers = response.getheaders()

        headers = dict((unquote(h), unquote(v)) for h,v in headers)

        length = response.getheader('content-length', None)

        data = response.read(length)

        status = int(response.status)

    finally:

        conn.close()

    if status < 200 or status >= 300:

        raise Exception(data, status)

    return json.loads(data)

def user_for_token(token, authentication_url, override_users):

    if not token:

        return None

    if override_users:

        try:

            return {'uniq': override_users[token].decode('utf8')}

        except:

            return None

    try:

        return authenticate(token, authentication_url)

    except Exception, e:

        # In case of Unauthorized response return None

        if e.args and e.args[-1] == 401:

            return None

        raise e

def get_user(request, authentication_url='http://127.0.0.1:8000/im/authenticate', override_users={}, fallback_token=None):

    request.user = None

    request.user_uniq = None

    # Try to find token in a parameter or in a request header.

    user = user_for_token(request.GET.get('X-Auth-Token'), authentication_url, override_users)

    if not user:

        user = user_for_token(request.META.get('HTTP_X_AUTH_TOKEN'), authentication_url, override_users)

    if not user:

        user = user_for_token(fallback_token, authentication_url, override_users)

    if not user:

        return

    request.user = user

    request.user_uniq = user['uniq']