Revision fe7d0186
b/astakosclient/astakosclient/__init__.py | ||
---|---|---|
145 | 145 |
self._ui_prefix = parsed_ui_url.path |
146 | 146 |
self.logger.debug("Got ui_prefix \"%s\"" % self._ui_prefix) |
147 | 147 |
|
148 |
oa2_service_catalog = parse_endpoints(endpoints, ep_name="astakos_oa2") |
|
149 |
self._oa2_url = \ |
|
150 |
oa2_service_catalog[0]['endpoints'][0]['publicURL'] |
|
151 |
parsed_oa2_url = urlparse.urlparse(self._oa2_url) |
|
152 |
self._oa2_prefix = parsed_oa2_url.path |
|
148 |
oauth2_service_catalog = parse_endpoints(endpoints, |
|
149 |
ep_name="astakos_oauth2") |
|
150 |
self._oauth2_url = \ |
|
151 |
oauth2_service_catalog[0]['endpoints'][0]['publicURL'] |
|
152 |
parsed_oauth2_url = urlparse.urlparse(self._oauth2_url) |
|
153 |
self._oauth2_prefix = parsed_oauth2_url.path |
|
153 | 154 |
|
154 | 155 |
def _get_value(self, s): |
155 | 156 |
assert s in ['_account_url', '_account_prefix', |
156 | 157 |
'_ui_url', '_ui_prefix', |
157 |
'_oa2_url', '_oa2_prefix']
|
|
158 |
'_oauth2_url', '_oauth2_prefix']
|
|
158 | 159 |
try: |
159 | 160 |
return getattr(self, s) |
160 | 161 |
except AttributeError: |
... | ... | |
178 | 179 |
return self._get_value('_ui_prefix') |
179 | 180 |
|
180 | 181 |
@property |
181 |
def oa2_url(self): |
|
182 |
return self._get_value('_oa2_url') |
|
182 |
def oauth2_url(self):
|
|
183 |
return self._get_value('_oauth2_url')
|
|
183 | 184 |
|
184 | 185 |
@property |
185 |
def oa2_prefix(self): |
|
186 |
return self._get_value('_oa2_prefix') |
|
186 |
def oauth2_prefix(self):
|
|
187 |
return self._get_value('_oauth2_prefix')
|
|
187 | 188 |
|
188 | 189 |
@property |
189 | 190 |
def api_usercatalogs(self): |
... | ... | |
234 | 235 |
return join_urls(self.ui_prefix, "get_services") |
235 | 236 |
|
236 | 237 |
@property |
237 |
def api_oa2_auth(self): |
|
238 |
return join_urls(self.oa2_prefix, "auth") |
|
238 |
def api_oauth2_auth(self):
|
|
239 |
return join_urls(self.oauth2_prefix, "auth")
|
|
239 | 240 |
|
240 | 241 |
@property |
241 |
def api_oa2_token(self): |
|
242 |
return join_urls(self.oa2_prefix, "token") |
|
242 |
def api_oauth2_token(self):
|
|
243 |
return join_urls(self.oauth2_prefix, "token")
|
|
243 | 244 |
|
244 | 245 |
# ---------------------------------- |
245 | 246 |
@retry_dec |
... | ... | |
925 | 926 |
body=req_body, method="POST") |
926 | 927 |
|
927 | 928 |
# -------------------------------- |
928 |
# do a POST to ``API_OA2_TOKEN`` |
|
929 |
# do a POST to ``API_OAUTH2_TOKEN``
|
|
929 | 930 |
def get_token(self, grant_type, client_id, client_secret, **body_params): |
930 | 931 |
headers = {'content-type': 'application/x-www-form-urlencoded', |
931 | 932 |
'Authorization': 'Basic %s' % b64encode('%s:%s' % |
... | ... | |
933 | 934 |
client_secret))} |
934 | 935 |
body_params['grant_type'] = grant_type |
935 | 936 |
body = urllib.urlencode(body_params) |
936 |
return self._call_astakos(self.api_oa2_token, headers=headers, |
|
937 |
return self._call_astakos(self.api_oauth2_token, headers=headers,
|
|
937 | 938 |
body=body, method="POST") |
938 | 939 |
|
939 | 940 |
|
b/snf-astakos-app/astakos/oa2/backends/base.py | ||
---|---|---|
197 | 197 |
__metaclass__ = BackendBase |
198 | 198 |
|
199 | 199 |
base_url = '' |
200 |
endpoints_prefix = 'oa2/' |
|
200 |
endpoints_prefix = 'oauth2/'
|
|
201 | 201 |
|
202 | 202 |
token_endpoint = 'token/' |
203 | 203 |
token_length = 30 |
... | ... | |
217 | 217 |
code_model = AuthorizationCode |
218 | 218 |
user_model = User |
219 | 219 |
|
220 |
def __init__(self, base_url='', endpoints_prefix='oa2/', id='oa2',
|
|
220 |
def __init__(self, base_url='', endpoints_prefix='oauth2/', id='oauth2',
|
|
221 | 221 |
token_endpoint='token/', token_length=30, |
222 | 222 |
token_expires=20, authorization_endpoint='auth/', |
223 | 223 |
authorization_code_length=60, **kwargs): |
/dev/null | ||
---|---|---|
1 |
# Copyright 2013 GRNET S.A. All rights reserved. |
|
2 |
# |
|
3 |
# Redistribution and use in source and binary forms, with or |
|
4 |
# without modification, are permitted provided that the following |
|
5 |
# conditions are met: |
|
6 |
# |
|
7 |
# 1. Redistributions of source code must retain the above |
|
8 |
# copyright notice, this list of conditions and the following |
|
9 |
# disclaimer. |
|
10 |
# |
|
11 |
# 2. Redistributions in binary form must reproduce the above |
|
12 |
# copyright notice, this list of conditions and the following |
|
13 |
# disclaimer in the documentation and/or other materials |
|
14 |
# provided with the distribution. |
|
15 |
# |
|
16 |
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS |
|
17 |
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
18 |
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
19 |
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR |
|
20 |
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
21 |
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|
22 |
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
|
23 |
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
|
24 |
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
25 |
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
|
26 |
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
27 |
# POSSIBILITY OF SUCH DAMAGE. |
|
28 |
# |
|
29 |
# The views and conclusions contained in the software and |
|
30 |
# documentation are those of the authors and should not be |
|
31 |
# interpreted as representing official policies, either expressed |
|
32 |
# or implied, of GRNET S.A. |
|
33 |
|
|
34 |
from optparse import make_option |
|
35 |
|
|
36 |
from django.db import transaction |
|
37 |
from django.core.management.base import CommandError |
|
38 |
|
|
39 |
from snf_django.management.commands import SynnefoCommand |
|
40 |
|
|
41 |
from astakos.oa2.models import Client, RedirectUrl |
|
42 |
|
|
43 |
|
|
44 |
class Command(SynnefoCommand): |
|
45 |
args = "<identfier>" |
|
46 |
help = "Create a oauth2 client" |
|
47 |
|
|
48 |
option_list = SynnefoCommand.option_list + ( |
|
49 |
make_option('--secret', |
|
50 |
dest='secret', |
|
51 |
metavar='SECRET', |
|
52 |
action='store', |
|
53 |
default=None, |
|
54 |
help="Set client's secret"), |
|
55 |
make_option('--is-trusted', |
|
56 |
action='store_true', |
|
57 |
dest='is_trusted', |
|
58 |
default=False, |
|
59 |
help="Whether client is trusted or not"), |
|
60 |
make_option('--type', |
|
61 |
action='store', |
|
62 |
dest='type', |
|
63 |
default='confidential', |
|
64 |
help="Set client's type"), |
|
65 |
make_option('--url', |
|
66 |
action='append', |
|
67 |
dest='urls', |
|
68 |
default=[], |
|
69 |
help="Set client's redirect URLs"), |
|
70 |
) |
|
71 |
|
|
72 |
@transaction.commit_on_success |
|
73 |
def handle(self, *args, **options): |
|
74 |
if len(args) != 1: |
|
75 |
raise CommandError("Invalid number of arguments") |
|
76 |
|
|
77 |
if not options['urls']: |
|
78 |
raise CommandError("There should be at least one redirect URI") |
|
79 |
|
|
80 |
identifier = args[0].decode('utf8') |
|
81 |
|
|
82 |
try: |
|
83 |
c = Client(identifier=identifier, secret=options['secret'], |
|
84 |
type=options['type'], is_trusted=options['is_trusted']) |
|
85 |
c.save() |
|
86 |
c.redirecturl_set.bulk_create((RedirectUrl(client=c, url=url) for |
|
87 |
url in options['urls'])) |
|
88 |
c.save() |
|
89 |
|
|
90 |
except BaseException, e: |
|
91 |
raise CommandError(e) |
|
92 |
else: |
|
93 |
self.stdout.write('Client created successfully\n') |
/dev/null | ||
---|---|---|
1 |
# Copyright 2013 GRNET S.A. All rights reserved. |
|
2 |
# |
|
3 |
# Redistribution and use in source and binary forms, with or |
|
4 |
# without modification, are permitted provided that the following |
|
5 |
# conditions are met: |
|
6 |
# |
|
7 |
# 1. Redistributions of source code must retain the above |
|
8 |
# copyright notice, this list of conditions and the following |
|
9 |
# disclaimer. |
|
10 |
# |
|
11 |
# 2. Redistributions in binary form must reproduce the above |
|
12 |
# copyright notice, this list of conditions and the following |
|
13 |
# disclaimer in the documentation and/or other materials |
|
14 |
# provided with the distribution. |
|
15 |
# |
|
16 |
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS |
|
17 |
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
18 |
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
19 |
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR |
|
20 |
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
21 |
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|
22 |
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
|
23 |
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
|
24 |
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
25 |
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
|
26 |
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
27 |
# POSSIBILITY OF SUCH DAMAGE. |
|
28 |
# |
|
29 |
# The views and conclusions contained in the software and |
|
30 |
# documentation are those of the authors and should not be |
|
31 |
# interpreted as representing official policies, either expressed |
|
32 |
# or implied, of GRNET S.A. |
|
33 |
|
|
34 |
from optparse import make_option |
|
35 |
|
|
36 |
from snf_django.management.commands import ListCommand |
|
37 |
|
|
38 |
from astakos.oa2.models import Client |
|
39 |
|
|
40 |
|
|
41 |
def get_redirect_urls(client): |
|
42 |
return ','.join(client.redirecturl_set.values_list('url', flat=True)) |
|
43 |
|
|
44 |
|
|
45 |
class Command(ListCommand): |
|
46 |
help = "List oauth2 clients" |
|
47 |
|
|
48 |
object_class = Client |
|
49 |
|
|
50 |
FIELDS = { |
|
51 |
'id': ('id', ('The id of the client')), |
|
52 |
'name': ('name', 'The name of the client'), |
|
53 |
'identifier': ('identifier', 'The unique client identifier'), |
|
54 |
'type': ('type', 'The client type'), |
|
55 |
'is_trusted': ('is_trusted', 'Whether the client is trusted or not'), |
|
56 |
'redirect_urls': (get_redirect_urls, 'The registered redirect URLs') |
|
57 |
} |
|
58 |
|
|
59 |
fields = ['id', 'identifier', 'type', 'is_trusted'] |
|
60 |
|
|
61 |
option_list = ListCommand.option_list + ( |
|
62 |
make_option('--confidential', |
|
63 |
action='store_true', |
|
64 |
dest='confidential', |
|
65 |
default=False, |
|
66 |
help="Display only confidential clients"), |
|
67 |
make_option('--public', |
|
68 |
action='store_true', |
|
69 |
dest='public', |
|
70 |
default=False, |
|
71 |
help="Display only public clients"), |
|
72 |
make_option('--trusted', |
|
73 |
action='store_true', |
|
74 |
dest='trusted', |
|
75 |
default=False, |
|
76 |
help="Display only trusted clients"), |
|
77 |
) |
|
78 |
|
|
79 |
def handle_args(self, *args, **options): |
|
80 |
if options['confidential']: |
|
81 |
self.filters['type'] = 'confidential' |
|
82 |
|
|
83 |
if options['public']: |
|
84 |
self.filters['type'] = 'public' |
|
85 |
|
|
86 |
if options['trusted']: |
|
87 |
self.filters['is_trusted'] = True |
/dev/null | ||
---|---|---|
1 |
# Copyright 2013 GRNET S.A. All rights reserved. |
|
2 |
# |
|
3 |
# Redistribution and use in source and binary forms, with or |
|
4 |
# without modification, are permitted provided that the following |
|
5 |
# conditions are met: |
|
6 |
# |
|
7 |
# 1. Redistributions of source code must retain the above |
|
8 |
# copyright notice, this list of conditions and the following |
|
9 |
# disclaimer. |
|
10 |
# |
|
11 |
# 2. Redistributions in binary form must reproduce the above |
|
12 |
# copyright notice, this list of conditions and the following |
|
13 |
# disclaimer in the documentation and/or other materials |
|
14 |
# provided with the distribution. |
|
15 |
# |
|
16 |
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS |
|
17 |
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
18 |
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
19 |
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR |
|
20 |
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
21 |
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|
22 |
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
|
23 |
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
|
24 |
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
25 |
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
|
26 |
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
27 |
# POSSIBILITY OF SUCH DAMAGE. |
|
28 |
# |
|
29 |
# The views and conclusions contained in the software and |
|
30 |
# documentation are those of the authors and should not be |
|
31 |
# interpreted as representing official policies, either expressed |
|
32 |
# or implied, of GRNET S.A. |
|
33 |
|
|
34 |
from django.core.management.base import BaseCommand, CommandError |
|
35 |
from django.db import transaction |
|
36 |
from astakos.oa2.models import Client |
|
37 |
|
|
38 |
|
|
39 |
class Command(BaseCommand): |
|
40 |
args = "<client ID or identifier>" |
|
41 |
help = "Remove an oauth2 client along with its registered redirect urls" |
|
42 |
|
|
43 |
@transaction.commit_on_success |
|
44 |
def handle(self, *args, **options): |
|
45 |
if len(args) != 1: |
|
46 |
raise CommandError("Please provide a client ID or identifier") |
|
47 |
|
|
48 |
ident = args[0] |
|
49 |
try: |
|
50 |
try: |
|
51 |
ident = int(ident) |
|
52 |
client = Client.objects.get(id=ident) |
|
53 |
except ValueError: |
|
54 |
client = Client.objects.get(identifier=ident) |
|
55 |
except Client.DoesNotExist: |
|
56 |
raise CommandError( |
|
57 |
"Client does not exist. You may run snf-manage " |
|
58 |
"oa2-client-list for available client IDs.") |
|
59 |
|
|
60 |
client.redirecturl_set.all().delete() |
|
61 |
client.delete() |
b/snf-astakos-app/astakos/oa2/management/commands/oauth2-client-add.py | ||
---|---|---|
1 |
# Copyright 2013 GRNET S.A. All rights reserved. |
|
2 |
# |
|
3 |
# Redistribution and use in source and binary forms, with or |
|
4 |
# without modification, are permitted provided that the following |
|
5 |
# conditions are met: |
|
6 |
# |
|
7 |
# 1. Redistributions of source code must retain the above |
|
8 |
# copyright notice, this list of conditions and the following |
|
9 |
# disclaimer. |
|
10 |
# |
|
11 |
# 2. Redistributions in binary form must reproduce the above |
|
12 |
# copyright notice, this list of conditions and the following |
|
13 |
# disclaimer in the documentation and/or other materials |
|
14 |
# provided with the distribution. |
|
15 |
# |
|
16 |
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS |
|
17 |
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
18 |
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
19 |
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR |
|
20 |
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
21 |
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|
22 |
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
|
23 |
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
|
24 |
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
25 |
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
|
26 |
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
27 |
# POSSIBILITY OF SUCH DAMAGE. |
|
28 |
# |
|
29 |
# The views and conclusions contained in the software and |
|
30 |
# documentation are those of the authors and should not be |
|
31 |
# interpreted as representing official policies, either expressed |
|
32 |
# or implied, of GRNET S.A. |
|
33 |
|
|
34 |
from optparse import make_option |
|
35 |
|
|
36 |
from django.db import transaction |
|
37 |
from django.core.management.base import CommandError |
|
38 |
|
|
39 |
from snf_django.management.commands import SynnefoCommand |
|
40 |
|
|
41 |
from astakos.oa2.models import Client, RedirectUrl |
|
42 |
|
|
43 |
|
|
44 |
class Command(SynnefoCommand): |
|
45 |
args = "<identfier>" |
|
46 |
help = "Create a oauth2 client" |
|
47 |
|
|
48 |
option_list = SynnefoCommand.option_list + ( |
|
49 |
make_option('--secret', |
|
50 |
dest='secret', |
|
51 |
metavar='SECRET', |
|
52 |
action='store', |
|
53 |
default=None, |
|
54 |
help="Set client's secret"), |
|
55 |
make_option('--is-trusted', |
|
56 |
action='store_true', |
|
57 |
dest='is_trusted', |
|
58 |
default=False, |
|
59 |
help="Whether client is trusted or not"), |
|
60 |
make_option('--type', |
|
61 |
action='store', |
|
62 |
dest='type', |
|
63 |
default='confidential', |
|
64 |
help="Set client's type"), |
|
65 |
make_option('--url', |
|
66 |
action='append', |
|
67 |
dest='urls', |
|
68 |
default=[], |
|
69 |
help="Set client's redirect URLs"), |
|
70 |
) |
|
71 |
|
|
72 |
@transaction.commit_on_success |
|
73 |
def handle(self, *args, **options): |
|
74 |
if len(args) != 1: |
|
75 |
raise CommandError("Invalid number of arguments") |
|
76 |
|
|
77 |
if not options['urls']: |
|
78 |
raise CommandError("There should be at least one redirect URI") |
|
79 |
|
|
80 |
identifier = args[0].decode('utf8') |
|
81 |
|
|
82 |
try: |
|
83 |
c = Client(identifier=identifier, secret=options['secret'], |
|
84 |
type=options['type'], is_trusted=options['is_trusted']) |
|
85 |
c.save() |
|
86 |
c.redirecturl_set.bulk_create((RedirectUrl(client=c, url=url) for |
|
87 |
url in options['urls'])) |
|
88 |
c.save() |
|
89 |
|
|
90 |
except BaseException, e: |
|
91 |
raise CommandError(e) |
|
92 |
else: |
|
93 |
self.stdout.write('Client created successfully\n') |
b/snf-astakos-app/astakos/oa2/management/commands/oauth2-client-list.py | ||
---|---|---|
1 |
# Copyright 2013 GRNET S.A. All rights reserved. |
|
2 |
# |
|
3 |
# Redistribution and use in source and binary forms, with or |
|
4 |
# without modification, are permitted provided that the following |
|
5 |
# conditions are met: |
|
6 |
# |
|
7 |
# 1. Redistributions of source code must retain the above |
|
8 |
# copyright notice, this list of conditions and the following |
|
9 |
# disclaimer. |
|
10 |
# |
|
11 |
# 2. Redistributions in binary form must reproduce the above |
|
12 |
# copyright notice, this list of conditions and the following |
|
13 |
# disclaimer in the documentation and/or other materials |
|
14 |
# provided with the distribution. |
|
15 |
# |
|
16 |
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS |
|
17 |
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
18 |
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
19 |
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR |
|
20 |
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
21 |
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|
22 |
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
|
23 |
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
|
24 |
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
25 |
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
|
26 |
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
27 |
# POSSIBILITY OF SUCH DAMAGE. |
|
28 |
# |
|
29 |
# The views and conclusions contained in the software and |
|
30 |
# documentation are those of the authors and should not be |
|
31 |
# interpreted as representing official policies, either expressed |
|
32 |
# or implied, of GRNET S.A. |
|
33 |
|
|
34 |
from optparse import make_option |
|
35 |
|
|
36 |
from snf_django.management.commands import ListCommand |
|
37 |
|
|
38 |
from astakos.oa2.models import Client |
|
39 |
|
|
40 |
|
|
41 |
def get_redirect_urls(client): |
|
42 |
return ','.join(client.redirecturl_set.values_list('url', flat=True)) |
|
43 |
|
|
44 |
|
|
45 |
class Command(ListCommand): |
|
46 |
help = "List oauth2 clients" |
|
47 |
|
|
48 |
object_class = Client |
|
49 |
|
|
50 |
FIELDS = { |
|
51 |
'id': ('id', ('The id of the client')), |
|
52 |
'name': ('name', 'The name of the client'), |
|
53 |
'identifier': ('identifier', 'The unique client identifier'), |
|
54 |
'type': ('type', 'The client type'), |
|
55 |
'is_trusted': ('is_trusted', 'Whether the client is trusted or not'), |
|
56 |
'redirect_urls': (get_redirect_urls, 'The registered redirect URLs') |
|
57 |
} |
|
58 |
|
|
59 |
fields = ['id', 'identifier', 'type', 'is_trusted'] |
|
60 |
|
|
61 |
option_list = ListCommand.option_list + ( |
|
62 |
make_option('--confidential', |
|
63 |
action='store_true', |
|
64 |
dest='confidential', |
|
65 |
default=False, |
|
66 |
help="Display only confidential clients"), |
|
67 |
make_option('--public', |
|
68 |
action='store_true', |
|
69 |
dest='public', |
|
70 |
default=False, |
|
71 |
help="Display only public clients"), |
|
72 |
make_option('--trusted', |
|
73 |
action='store_true', |
|
74 |
dest='trusted', |
|
75 |
default=False, |
|
76 |
help="Display only trusted clients"), |
|
77 |
) |
|
78 |
|
|
79 |
def handle_args(self, *args, **options): |
|
80 |
if options['confidential']: |
|
81 |
self.filters['type'] = 'confidential' |
|
82 |
|
|
83 |
if options['public']: |
|
84 |
self.filters['type'] = 'public' |
|
85 |
|
|
86 |
if options['trusted']: |
|
87 |
self.filters['is_trusted'] = True |
b/snf-astakos-app/astakos/oa2/management/commands/oauth2-client-remove.py | ||
---|---|---|
1 |
# Copyright 2013 GRNET S.A. All rights reserved. |
|
2 |
# |
|
3 |
# Redistribution and use in source and binary forms, with or |
|
4 |
# without modification, are permitted provided that the following |
|
5 |
# conditions are met: |
|
6 |
# |
|
7 |
# 1. Redistributions of source code must retain the above |
|
8 |
# copyright notice, this list of conditions and the following |
|
9 |
# disclaimer. |
|
10 |
# |
|
11 |
# 2. Redistributions in binary form must reproduce the above |
|
12 |
# copyright notice, this list of conditions and the following |
|
13 |
# disclaimer in the documentation and/or other materials |
|
14 |
# provided with the distribution. |
|
15 |
# |
|
16 |
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS |
|
17 |
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
18 |
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
19 |
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR |
|
20 |
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
21 |
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|
22 |
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
|
23 |
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
|
24 |
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
25 |
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
|
26 |
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
27 |
# POSSIBILITY OF SUCH DAMAGE. |
|
28 |
# |
|
29 |
# The views and conclusions contained in the software and |
|
30 |
# documentation are those of the authors and should not be |
|
31 |
# interpreted as representing official policies, either expressed |
|
32 |
# or implied, of GRNET S.A. |
|
33 |
|
|
34 |
from django.core.management.base import BaseCommand, CommandError |
|
35 |
from django.db import transaction |
|
36 |
from astakos.oa2.models import Client |
|
37 |
|
|
38 |
|
|
39 |
class Command(BaseCommand): |
|
40 |
args = "<client ID or identifier>" |
|
41 |
help = "Remove an oauth2 client along with its registered redirect urls" |
|
42 |
|
|
43 |
@transaction.commit_on_success |
|
44 |
def handle(self, *args, **options): |
|
45 |
if len(args) != 1: |
|
46 |
raise CommandError("Please provide a client ID or identifier") |
|
47 |
|
|
48 |
ident = args[0] |
|
49 |
try: |
|
50 |
try: |
|
51 |
ident = int(ident) |
|
52 |
client = Client.objects.get(id=ident) |
|
53 |
except ValueError: |
|
54 |
client = Client.objects.get(identifier=ident) |
|
55 |
except Client.DoesNotExist: |
|
56 |
raise CommandError( |
|
57 |
"Client does not exist. You may run snf-manage " |
|
58 |
"oa2-client-list for available client IDs.") |
|
59 |
|
|
60 |
client.redirecturl_set.all().delete() |
|
61 |
client.delete() |
b/snf-astakos-app/astakos/oa2/services.py | ||
---|---|---|
32 | 32 |
# or implied, of GRNET S.A. |
33 | 33 |
|
34 | 34 |
|
35 |
from astakos.oa2 import settings |
|
36 |
|
|
35 | 37 |
oa2_services = { |
36 |
'astakos_oa2': { |
|
38 |
'astakos_oauth2': {
|
|
37 | 39 |
'type': 'astakos_auth', |
38 | 40 |
'component': 'astakos', |
39 |
'prefix': 'oa2',
|
|
41 |
'prefix': settings.ENDPOINT_PREFIX,
|
|
40 | 42 |
'public': True, |
41 | 43 |
'endpoints': [ |
42 | 44 |
{'versionId': '', |
b/snf-astakos-app/astakos/oa2/settings.py | ||
---|---|---|
2 | 2 |
|
3 | 3 |
|
4 | 4 |
def get_setting(key, default): |
5 |
return getattr(settings, 'OA2_%s' % key, default) |
|
5 |
return getattr(settings, 'OAUTH2_%s' % key, default)
|
|
6 | 6 |
|
7 | 7 |
USER_MODEL = get_setting('USER_MODEL', 'auth.User') |
8 | 8 |
|
9 |
ENDPOINT_PREFIX = get_setting('ENDPOINT_PREFIX', 'oa2/') |
|
9 |
ENDPOINT_PREFIX = get_setting('ENDPOINT_PREFIX', 'oauth2/')
|
|
10 | 10 |
|
11 | 11 |
TOKEN_ENDPOINT = get_setting('TOKEN_ENDPOINT', 'token/') |
12 | 12 |
|
b/snf-astakos-app/conf/20-snf-astakos-oa2-app-settings.py | ||
---|---|---|
1 |
#USER_MODEL = get_setting('USER_MODEL', 'auth.User')
|
|
1 |
#OAUTH2_USER_MODEL = 'auth.User'
|
|
2 | 2 |
# |
3 |
#ENDPOINT_PREFIX = get_setting('ENDPOINT_PREFIX', 'oa2/')
|
|
3 |
#OAUTH2_ENDPOINT_PREFIX = 'oa2/'
|
|
4 | 4 |
# |
5 |
#TOKEN_ENDPOINT = get_setting('TOKEN_ENDPOINT', 'token/')
|
|
5 |
#OAUTH2_TOKEN_ENDPOINT = 'token/'
|
|
6 | 6 |
# |
7 |
#AUTHORIZATION_ENDPOINT = get_setting('AUTHORIZATION_ENDPOINT', 'auth/')
|
|
7 |
#OAUTH2_AUTHORIZATION_ENDPOINT = 'auth/'
|
|
8 | 8 |
# |
9 | 9 |
## Set the length of newly created authorization codes to 60 characters |
10 |
#AUTHORIZATION_CODE_LENGTH = get_setting('AUTHORIZATION_CODE_LENGTH', 60)
|
|
10 |
#OAUTH2_AUTHORIZATION_CODE_LENGTH = 60
|
|
11 | 11 |
# |
12 | 12 |
## Set the length of newly created access tokens to 30 characters |
13 |
#TOKEN_LENGTH = get_setting('TOKEN_LENGTH', 30)
|
|
13 |
#OAUTH2_TOKEN_LENGTH = 30
|
|
14 | 14 |
# |
15 | 15 |
## Set the expiration time of newly created access tokens to 20 seconds |
16 |
#TOKEN_EXPIRES = get_setting('TOKEN_EXPIRES', 20) |
|
16 |
#OAUTH2_TOKEN_EXPIRES = 20 |
b/snf-deploy/files/etc/synnefo/astakos.conf | ||
---|---|---|
91 | 91 |
} |
92 | 92 |
} |
93 | 93 |
|
94 |
OAUTH2_USER_MODEL = 'auth.User' |
|
95 |
|
|
96 |
OAUTH2_ENDPOINT_PREFIX = 'oauth2/' |
|
97 |
|
|
98 |
OAUTH2_TOKEN_ENDPOINT = 'token/' |
|
99 |
|
|
100 |
OAUTH2_AUTHORIZATION_ENDPOINT = 'auth/' |
|
101 |
|
|
102 |
OAUTH2_AUTHORIZATION_CODE_LENGTH = 60 |
|
103 |
|
|
104 |
OAUTH2_TOKEN_LENGTH = 30 |
|
105 |
|
|
106 |
OAUTH2_TOKEN_EXPIRES = 20 |
b/snf-pithos-app/conf/20-snf-pithos-app-settings.conf | ||
---|---|---|
58 | 58 |
# Extra requests will be blocked until another has completed. |
59 | 59 |
#PITHOS_BACKEND_POOL_SIZE = 5 |
60 | 60 |
# |
61 |
# Set the credentials (client_id, client_secret) issued to authenticate
|
|
61 |
# Set the credentials (client_id, client_secret) issued for authenticating
|
|
62 | 62 |
# the views with astakos during the resource access token generation procedure |
63 |
#OA2_CLIENT_CREDENTIALS = getattr(settings, 'PITHOS_OA2_CLIENT_CREDENTIALS', |
|
64 |
# (None, None)) |
|
63 |
#PITHOS_OAUTH2_CLIENT_CREDENTIALS = (None, None) |
|
65 | 64 |
# |
66 | 65 |
# Set to False to serve only views |
67 | 66 |
#SERVE_API = getattr(settings, 'PITHOS_SERVE_API', True) |
b/snf-pithos-app/pithos/api/settings.py | ||
---|---|---|
184 | 184 |
BACKEND_HASH_ALGORITHM = getattr( |
185 | 185 |
settings, 'PITHOS_BACKEND_HASH_ALGORITHM', 'sha256') |
186 | 186 |
|
187 |
# Set the credentials (client_id, client_secret) issued to authenticate
|
|
187 |
# Set the credentials (client_id, client_secret) issued for authenticating
|
|
188 | 188 |
# the views with astakos during the resource access token generation procedure |
189 |
OA2_CLIENT_CREDENTIALS = getattr(settings, 'PITHOS_OA2_CLIENT_CREDENTIALS', |
|
190 |
(None, None)) |
|
191 |
|
|
192 |
# Set to False to disable serving object content serving endpoints |
|
193 |
SERVE_API = getattr(settings, 'PITHOS_SERVE_API', True) |
|
189 |
OAUTH2_CLIENT_CREDENTIALS = getattr(settings, |
|
190 |
'PITHOS_OAUTH2_CLIENT_CREDENTIALS', |
|
191 |
(None, None)) |
|
194 | 192 |
|
195 | 193 |
# Set domain to restrict requests of pithos object contents serve endpoint or |
196 | 194 |
# None for no domain restriction |
b/snf-pithos-app/pithos/api/util.py | ||
---|---|---|
67 | 67 |
RADOS_POOL_MAPS, TRANSLATE_UUIDS, |
68 | 68 |
PUBLIC_URL_SECURITY, PUBLIC_URL_ALPHABET, |
69 | 69 |
BASE_HOST, UPDATE_MD5, VIEW_PREFIX, |
70 |
OA2_CLIENT_CREDENTIALS, SERVE_API_DOMAIN) |
|
70 |
OAUTH2_CLIENT_CREDENTIALS, SERVE_API_DOMAIN)
|
|
71 | 71 |
|
72 | 72 |
from pithos.api.resources import resources |
73 | 73 |
from pithos.backends import connect_backend |
... | ... | |
1195 | 1195 |
raise PermissionDenied |
1196 | 1196 |
return response |
1197 | 1197 |
|
1198 |
client_id, client_secret = OA2_CLIENT_CREDENTIALS |
|
1198 |
client_id, client_secret = OAUTH2_CLIENT_CREDENTIALS
|
|
1199 | 1199 |
# TODO: check if client credentials are not set |
1200 | 1200 |
authorization_code = request.GET.get('code') |
1201 | 1201 |
if authorization_code is None: |
... | ... | |
1207 | 1207 |
'state': '', # TODO include state for security |
1208 | 1208 |
'scope': request.path.split(VIEW_PREFIX, 2)[-1]} |
1209 | 1209 |
return HttpResponseRedirect('%s?%s' % |
1210 |
(join_urls(astakos.oa2_url, |
|
1210 |
(join_urls(astakos.oauth2_url,
|
|
1211 | 1211 |
'auth'), |
1212 | 1212 |
urlencode(params))) |
1213 | 1213 |
else: |
... | ... | |
1223 | 1223 |
|
1224 | 1224 |
redirect_uri = '%s%s' % (redirect_host, request.path) |
1225 | 1225 |
data = astakos.get_token('authorization_code', |
1226 |
*OA2_CLIENT_CREDENTIALS, |
|
1226 |
*OAUTH2_CLIENT_CREDENTIALS,
|
|
1227 | 1227 |
redirect_uri=redirect_uri, |
1228 | 1228 |
scope=requested_resource, |
1229 | 1229 |
code=authorization_code) |
Also available in: Unified diff