vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Port a few more repository methods to the new API interface.

Browse source
This commit is contained in:
jakedt 2014-03-12 20:33:57 -04:00
parent e74eb3ee87
commit 0e3fe8f3b1
5 changed files with 176 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

73
auth/auth.py
View file

@ -108,42 +108,50 @@ def process_token(auth):
identity_changed.send(app, identity=Identity(token_data.code, 'token'))
def process_oauth(auth):
normalized = [part.strip() for part in auth.split(' ') if part]
if normalized[0].lower() != 'bearer' or len(normalized) != 2:
logger.debug('Invalid oauth bearer token format.')
return
def process_oauth(f):
@wraps(f)
def wrapper(*args, **kwargs):
auth = request.headers.get('authorization', '')
if auth:
normalized = [part.strip() for part in auth.split(' ') if part]
if normalized[0].lower() != 'bearer' or len(normalized) != 2:
logger.debug('Invalid oauth bearer token format.')
return
token = normalized[1]
validated = oauth.validate_access_token(token)
if not validated:
logger.warning('OAuth access token could not be validated: %s', token)
authenticate_header = {
'WWW-Authenticate': ('Bearer error="invalid_token", '
'error_description="The access token is invalid"'),
}
abort(401, message="OAuth access token could not be validated: %(token)",
issue='invalid-oauth-token', token=token, header=authenticate_header)
elif validated.expires_at <= datetime.now():
logger.info('OAuth access with an expired token: %s', token)
authenticate_header = {
'WWW-Authenticate': ('Bearer error="invalid_token", '
'error_description="The access token expired"'),
}
abort(401, message="OAuth access token has expired: %(token)", issue='invalid-oauth-token',
token=token, headers=authenticate_header)
token = normalized[1]
validated = oauth.validate_access_token(token)
if not validated:
logger.warning('OAuth access token could not be validated: %s', token)
authenticate_header = {
'WWW-Authenticate': ('Bearer error="invalid_token", '
'error_description="The access token is invalid"'),
}
abort(401, message="OAuth access token could not be validated: %(token)",
issue='invalid-oauth-token', token=token, header=authenticate_header)
elif validated.expires_at <= datetime.now():
logger.info('OAuth access with an expired token: %s', token)
authenticate_header = {
'WWW-Authenticate': ('Bearer error="invalid_token", '
'error_description="The access token expired"'),
}
abort(401, message="OAuth access token has expired: %(token)", issue='invalid-oauth-token',
token=token, headers=authenticate_header)
# We have a valid token
scope_set = scopes.scopes_from_scope_string(validated.scope)
logger.debug('Successfully validated oauth access token: %s with scope: %s', token,
scope_set)
# We have a valid token
scope_set = scopes.scopes_from_scope_string(validated.scope)
logger.debug('Successfully validated oauth access token: %s with scope: %s', token,
scope_set)
ctx = _request_ctx_stack.top
ctx.authenticated_user = validated.authorized_user
ctx = _request_ctx_stack.top
ctx.authenticated_user = validated.authorized_user
new_identity = QuayDeferredPermissionUser(validated.authorized_user.username, 'username',
scope_set)
identity_changed.send(app, identity=new_identity)
new_identity = QuayDeferredPermissionUser(validated.authorized_user.username, 'username',
scope_set)
identity_changed.send(app, identity=new_identity)
else:
logger.debug('No auth header.')
return f(*args, **kwargs)
return wrapper
def process_auth(f):
@ -155,7 +163,6 @@ def process_auth(f):
logger.debug('Validating auth header: %s' % auth)
process_token(auth)
process_basic_auth(auth)
process_oauth(auth)
else:
logger.debug('No auth header.')