root / helpdesk / middleware.py @ f4fe8796
History | View | Annotate | Download (4.5 kB)
1 | 6ff0245f | Georgios Gousios | # vim: set fileencoding=utf-8 :
|
---|---|---|---|
2 | 6ff0245f | Georgios Gousios | # Copyright 2011 GRNET S.A. All rights reserved.
|
3 | 6ff0245f | Georgios Gousios | #
|
4 | 6ff0245f | Georgios Gousios | # Redistribution and use in source and binary forms, with or without
|
5 | 6ff0245f | Georgios Gousios | # modification, are permitted provided that the following conditions
|
6 | 6ff0245f | Georgios Gousios | # are met:
|
7 | 6ff0245f | Georgios Gousios | #
|
8 | 6ff0245f | Georgios Gousios | # 1. Redistributions of source code must retain the above copyright
|
9 | 6ff0245f | Georgios Gousios | # notice, this list of conditions and the following disclaimer.
|
10 | 6ff0245f | Georgios Gousios | #
|
11 | 6ff0245f | Georgios Gousios | # 2. Redistributions in binary form must reproduce the above copyright
|
12 | 6ff0245f | Georgios Gousios | # notice, this list of conditions and the following disclaimer in the
|
13 | 6ff0245f | Georgios Gousios | # documentation and/or other materials provided with the distribution.
|
14 | 6ff0245f | Georgios Gousios | #
|
15 | 6ff0245f | Georgios Gousios | # THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
16 | 6ff0245f | Georgios Gousios | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
17 | 6ff0245f | Georgios Gousios | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
18 | 6ff0245f | Georgios Gousios | # ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
19 | 6ff0245f | Georgios Gousios | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
20 | 6ff0245f | Georgios Gousios | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
21 | 6ff0245f | Georgios Gousios | # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
22 | 6ff0245f | Georgios Gousios | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
23 | 6ff0245f | Georgios Gousios | # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
24 | 6ff0245f | Georgios Gousios | # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
25 | 6ff0245f | Georgios Gousios | # SUCH DAMAGE.
|
26 | 6ff0245f | Georgios Gousios | #
|
27 | 6ff0245f | Georgios Gousios | # The views and conclusions contained in the software and documentation are
|
28 | 6ff0245f | Georgios Gousios | # those of the authors and should not be interpreted as representing official
|
29 | 6ff0245f | Georgios Gousios | # policies, either expressed or implied, of GRNET S.A.
|
30 | 0e3918f3 | Georgios Gousios | |
31 | 5ac53b64 | Georgios Gousios | from synnefo.aai import middleware |
32 | 6ff0245f | Georgios Gousios | from synnefo.db.models import SynnefoUser |
33 | 6ff0245f | Georgios Gousios | from django.conf import settings |
34 | 6ff0245f | Georgios Gousios | from django.http import HttpResponse |
35 | 6ff0245f | Georgios Gousios | import time |
36 | 6ff0245f | Georgios Gousios | |
37 | 6ff0245f | Georgios Gousios | class HelpdeskMiddleware(object): |
38 | 6ff0245f | Georgios Gousios | |
39 | 6ff0245f | Georgios Gousios | auth_tmp_token = "X-Auth-Tmp-Token"
|
40 | 5ac53b64 | Georgios Gousios | install_path = "/helpdesk"
|
41 | 5ac53b64 | Georgios Gousios | |
42 | 5ac53b64 | Georgios Gousios | def __init__(self): |
43 | 5ac53b64 | Georgios Gousios | middleware.add_url_exception(self.install_path)
|
44 | 6ff0245f | Georgios Gousios | |
45 | 6ff0245f | Georgios Gousios | def process_request(self, request): |
46 | 0e3918f3 | Georgios Gousios | |
47 | 10ac885c | Georgios Gousios | if not request.path.startswith('/helpdesk'): |
48 | 10ac885c | Georgios Gousios | if not 'X-Auth-Tmp-Token' in request.COOKIES: |
49 | 10ac885c | Georgios Gousios | return
|
50 | 1b68fa48 | Georgios Gousios | |
51 | 0e3918f3 | Georgios Gousios | # Check the request's IP address
|
52 | 0e3918f3 | Georgios Gousios | allowed = settings.HELPDESK_ALLOWED_IPS |
53 | 0e3918f3 | Georgios Gousios | if not check_ip(request.META['REMOTE_ADDR'], allowed): |
54 | 0e3918f3 | Georgios Gousios | try:
|
55 | 0e3918f3 | Georgios Gousios | proxy_ip = request.META['HTTP_X_FORWARDED_FOR']
|
56 | 0e3918f3 | Georgios Gousios | except Exception: |
57 | 5ac53b64 | Georgios Gousios | return HttpResponse(status=403, |
58 | 5ac53b64 | Georgios Gousios | content="IP Address not allowed")
|
59 | 0e3918f3 | Georgios Gousios | if not check_ip(proxy_ip, allowed): |
60 | 5ac53b64 | Georgios Gousios | return HttpResponse(status=403, |
61 | 5ac53b64 | Georgios Gousios | content="IP Address not allowed")
|
62 | 5ac53b64 | Georgios Gousios | |
63 | 5ac53b64 | Georgios Gousios | # Helpdesk application request, search for a valid helpdesk user
|
64 | 5ac53b64 | Georgios Gousios | try:
|
65 | 5ac53b64 | Georgios Gousios | hd_user_token = request.COOKIES['X-Auth-Token']
|
66 | 5ac53b64 | Georgios Gousios | if hd_user_token:
|
67 | 10ac885c | Georgios Gousios | try:
|
68 | 10ac885c | Georgios Gousios | hd_user = SynnefoUser.objects.get(auth_token=hd_user_token) |
69 | 10ac885c | Georgios Gousios | except Exception: |
70 | 10ac885c | Georgios Gousios | return HttpResponse(status=401, |
71 | 10ac885c | Georgios Gousios | content="Not a valid helpdesk user")
|
72 | 10ac885c | Georgios Gousios | |
73 | 5ac53b64 | Georgios Gousios | if not hd_user.type == 'HELPDESK': |
74 | 5ac53b64 | Georgios Gousios | return HttpResponse(status=401, |
75 | 5ac53b64 | Georgios Gousios | content="Not a valid helpdesk user")
|
76 | 5ac53b64 | Georgios Gousios | else:
|
77 | 5ac53b64 | Georgios Gousios | return HttpResponse(status=401, |
78 | 5ac53b64 | Georgios Gousios | content="Not a valid helpdesk user")
|
79 | 5ac53b64 | Georgios Gousios | except KeyError: |
80 | 5ac53b64 | Georgios Gousios | return
|
81 | 0e3918f3 | Georgios Gousios | |
82 | 5ac53b64 | Georgios Gousios | # Helpdesk application request, search for a valid tmp token
|
83 | 10ac885c | Georgios Gousios | if not 'X-Auth-Tmp-Token' in request.COOKIES: |
84 | 15e9cf1a | Georgios Gousios | return
|
85 | 6ff0245f | Georgios Gousios | |
86 | 10ac885c | Georgios Gousios | tmp_token = request.COOKIES['X-Auth-Tmp-Token']
|
87 | 10ac885c | Georgios Gousios | |
88 | 10ac885c | Georgios Gousios | try:
|
89 | 10ac885c | Georgios Gousios | tmp_user = SynnefoUser.objects.get(tmp_auth_token=tmp_token) |
90 | 10ac885c | Georgios Gousios | except Exception: |
91 | 10ac885c | Georgios Gousios | return HttpResponse(status=401, content="Not a valid helpdesk user") |
92 | 6ff0245f | Georgios Gousios | |
93 | 6ff0245f | Georgios Gousios | if (time.time() -
|
94 | 15e9cf1a | Georgios Gousios | time.mktime(tmp_user.tmp_auth_token_expires.timetuple())) > 0:
|
95 | 6ff0245f | Georgios Gousios | # The impersonated user's token has expired, re-login
|
96 | 89f34211 | Georgios Gousios | return
|
97 | 6ff0245f | Georgios Gousios | |
98 | 5ac53b64 | Georgios Gousios | # Impersonate the request user: Perform requests from the helpdesk
|
99 | 5ac53b64 | Georgios Gousios | # account on behalf of the impersonated user
|
100 | 6ff0245f | Georgios Gousios | request.user = tmp_user |
101 | 27f0e60e | Georgios Gousios | request.readonly = True
|
102 | 0e3918f3 | Georgios Gousios | |
103 | 0e3918f3 | Georgios Gousios | def check_ip(ip, allowed): |
104 | 0e3918f3 | Georgios Gousios | for addr in allowed: |
105 | 0e3918f3 | Georgios Gousios | # Check exact match
|
106 | 0e3918f3 | Georgios Gousios | if ip == addr:
|
107 | 0e3918f3 | Georgios Gousios | return True; |
108 | 0e3918f3 | Georgios Gousios | # Check range match
|
109 | 0e3918f3 | Georgios Gousios | if addr.endswith('.0'): |
110 | 0e3918f3 | Georgios Gousios | iprange = ip[0:ip.rfind(".")] |
111 | 0e3918f3 | Georgios Gousios | if addr.startswith(iprange):
|
112 | 0e3918f3 | Georgios Gousios | return True |
113 | 0e3918f3 | Georgios Gousios | else:
|
114 | 0e3918f3 | Georgios Gousios | continue
|
115 | 0e3918f3 | Georgios Gousios | |
116 | 0e3918f3 | Georgios Gousios | return False |