Statistics
| Branch: | Tag: | Revision:

root / api / middleware.py @ aa197ee4

History | View | Annotate | Download (2.7 kB)

1
from django.conf import settings
2
from django.http import HttpResponse, HttpResponseRedirect
3
from synnefo.db.models import SynnefoUser
4
from synnefo.aai.shibboleth import Tokens, register_shibboleth_user
5
import time
6
import datetime
7

    
8
class ApiAuthMiddleware(object):
9

    
10
    auth_token = "X-Auth-Token"
11
    auth_user  = "X-Auth-User"
12
    auth_key   = "X-Auth-Key"
13

    
14
    def process_request(self, request):
15
        if not request.path.startswith('/api/') :
16
            return
17

    
18
        token = None
19

    
20
        #Try to find token in a cookie
21
        try:
22
            token = request.COOKIES['X-Auth-Token']
23
        except Exception:
24
            pass
25

    
26
        #Try to find token in request header
27
        if not token:
28
            token = request.META.get('HTTP_X_AUTH_TOKEN', None)
29

    
30
        if token:
31
            user = None
32
            #Retrieve user from DB or other caching mechanism
33
            try:
34
                user = SynnefoUser.objects.get(auth_token=token)
35
            except SynnefoUser.DoesNotExist:
36
                user = None
37

    
38
            #Check user's auth token
39
            if (time.time() -
40
                time.mktime(user.auth_token_created.timetuple()) -
41
                settings.AUTH_TOKEN_DURATION * 3600) > 0:
42
                #The user's token has expired, re-login
43
                user = None
44

    
45
            request.user = user
46
            return
47

    
48
        #A Rackspace API authentication request
49
        if self.auth_user in request.META and self.auth_key in request.META and 'GET' == request.method:
50
            # This is here merely for compatibility with the Openstack API.
51
            # All normal users should authenticate through Sibbolleth. Admin
52
            # users or other selected users could use this as a bypass
53
            # mechanism
54
            user = SynnefoUser.objects\
55
                    .filter(name = request.META[self.auth_user]) \
56
                    .filter(uniq = request.META[self.auth_key])
57

    
58
            response = HttpResponse()
59
            if user.count() <= 0:
60
                response.status_code = 401
61
            else:
62
                response.status_code = 204
63
                response['X-Auth-Token'] = user[0].auth_token
64
                #TODO: set the following fields when we do have this info
65
                response['X-Server-Management-Url'] = ""
66
                response['X-Storage-Url'] = ""
67
                response['X-CDN-Management-Url'] = ""
68
            return response
69

    
70
        request.user = None
71

    
72
    def process_response(self, request, response):
73
        #Tell proxies and other interested parties that the
74
        #request varies based on the auth token, to avoid
75
        #caching of results
76
        response['Vary'] = self.auth_token
77
        return response
78