Revision bd93595d snf-astakos-app/astakos/api/tokens.py
| b/snf-astakos-app/astakos/api/tokens.py | ||
|---|---|---|
| 36 | 36 |
from django.http import urlencode |
| 37 | 37 |
from django.views.decorators.csrf import csrf_exempt |
| 38 | 38 |
|
| 39 |
from snf_django.lib.api import faults, utils, api_method, get_token
|
|
| 39 |
from snf_django.lib.api import faults, utils, api_method |
|
| 40 | 40 |
|
| 41 | 41 |
from astakos.im.models import Service, AstakosUser |
| 42 |
from .util import user_from_token, json_response, xml_response |
|
| 42 |
from .util import user_from_token, json_response, xml_response, validate_user
|
|
| 43 | 43 |
|
| 44 | 44 |
import logging |
| 45 | 45 |
logger = logging.getLogger(__name__) |
| ... | ... | |
| 49 | 49 |
logger=logger) |
| 50 | 50 |
@user_from_token # Authenticate user!! |
| 51 | 51 |
def get_endpoints(request, token): |
| 52 |
if token != get_token(request):
|
|
| 52 |
if token != request.user.auth_token:
|
|
| 53 | 53 |
raise faults.Forbidden() |
| 54 | 54 |
|
| 55 | 55 |
belongsTo = request.GET.get('belongsTo')
|
| ... | ... | |
| 92 | 92 |
|
| 93 | 93 |
uuid = None |
| 94 | 94 |
try: |
| 95 |
tenant = req['auth']['tenantName'] |
|
| 96 | 95 |
token_id = req['auth']['token']['id'] |
| 97 | 96 |
except KeyError: |
| 98 | 97 |
try: |
| ... | ... | |
| 109 | 108 |
except AstakosUser.DoesNotExist: |
| 110 | 109 |
raise faults.Unauthorized('Invalid token')
|
| 111 | 110 |
|
| 112 |
if tenant != user.uuid: |
|
| 113 |
raise faults.Unauthorized('Invalid tenant')
|
|
| 111 |
validate_user(user) |
|
| 114 | 112 |
|
| 115 | 113 |
if uuid is not None: |
| 116 | 114 |
if user.uuid != uuid: |
Also available in: Unified diff