2016-10-14 16:49:59 +00:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
#
|
|
|
|
|
|
2016-10-31 10:58:23 +00:00
|
|
|
import base64
|
|
|
|
|
|
|
|
|
|
from django.core.cache import cache
|
|
|
|
|
from django.conf import settings
|
|
|
|
|
from django.utils.translation import ugettext as _
|
2016-10-15 08:04:54 +00:00
|
|
|
from rest_framework import authentication, exceptions, permissions
|
|
|
|
|
from rest_framework.compat import is_authenticated
|
2016-12-21 17:07:05 +00:00
|
|
|
from django.utils.six import text_type
|
|
|
|
|
from django.utils.translation import ugettext_lazy as _
|
|
|
|
|
from rest_framework import HTTP_HEADER_ENCODING
|
2016-10-14 16:49:59 +00:00
|
|
|
|
2016-12-21 17:07:05 +00:00
|
|
|
from common.utils import get_object_or_none
|
2016-12-19 17:19:50 +00:00
|
|
|
from .utils import get_or_refresh_token
|
2016-12-21 17:07:05 +00:00
|
|
|
from .models import User, AccessKey
|
2016-10-14 16:49:59 +00:00
|
|
|
|
|
|
|
|
|
2016-12-21 17:07:05 +00:00
|
|
|
def get_request_date_header(request):
|
|
|
|
|
date = request.META.get('HTTP_DATE', b'')
|
|
|
|
|
if isinstance(date, text_type):
|
|
|
|
|
# Work around django test client oddness
|
|
|
|
|
date = date.encode(HTTP_HEADER_ENCODING)
|
|
|
|
|
|
|
|
|
|
return date
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class AccessKeyAuthentication(authentication.BaseAuthentication):
|
2016-10-14 16:49:59 +00:00
|
|
|
keyword = 'Sign'
|
2016-12-21 17:07:05 +00:00
|
|
|
model = AccessKey
|
2016-10-14 16:49:59 +00:00
|
|
|
|
|
|
|
|
def authenticate(self, request):
|
|
|
|
|
auth = authentication.get_authorization_header(request).split()
|
|
|
|
|
|
|
|
|
|
if not auth or auth[0].lower() != self.keyword.lower().encode():
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
|
if len(auth) == 1:
|
2016-12-21 17:07:05 +00:00
|
|
|
msg = _('Invalid signature header. No credentials provided.')
|
2016-10-14 16:49:59 +00:00
|
|
|
raise exceptions.AuthenticationFailed(msg)
|
|
|
|
|
elif len(auth) > 2:
|
2016-12-21 17:07:05 +00:00
|
|
|
msg = _('Invalid signature header. Signature string should not contain spaces.')
|
2016-10-14 16:49:59 +00:00
|
|
|
raise exceptions.AuthenticationFailed(msg)
|
|
|
|
|
|
2016-12-21 17:07:05 +00:00
|
|
|
|
2016-10-14 16:49:59 +00:00
|
|
|
try:
|
2016-12-21 17:07:05 +00:00
|
|
|
sign = auth[1].decode().split(':')
|
|
|
|
|
if len(sign) != 2:
|
|
|
|
|
msg = _('Invalid signature header. Format like AccessKeyId:Signature')
|
|
|
|
|
raise exceptions.AuthenticationFailed(msg)
|
2016-10-14 16:49:59 +00:00
|
|
|
except UnicodeError:
|
2016-12-21 17:07:05 +00:00
|
|
|
msg = _('Invalid signature header. Signature string should not contain invalid characters.')
|
2016-10-14 16:49:59 +00:00
|
|
|
raise exceptions.AuthenticationFailed(msg)
|
2016-12-21 17:07:05 +00:00
|
|
|
|
|
|
|
|
access_key_id = sign[0]
|
|
|
|
|
secret = sign[1]
|
|
|
|
|
date =
|
|
|
|
|
|
2016-10-14 16:49:59 +00:00
|
|
|
return self.authenticate_credentials(sign)
|
|
|
|
|
|
2016-12-21 17:07:05 +00:00
|
|
|
def authenticate_credentials(self, access_key_id, secret, datetime):
|
|
|
|
|
access_key_id = sign[0]
|
|
|
|
|
secret = sign[1]
|
|
|
|
|
|
|
|
|
|
access_key = get_object_or_none(AccessKey, id=access_key_id)
|
|
|
|
|
if access_key is None or not access_key.user:
|
|
|
|
|
raise exceptions.AuthenticationFailed(_('Invalid signature.'))
|
|
|
|
|
|
|
|
|
|
if not access_key.user.is_active:
|
|
|
|
|
raise exceptions.AuthenticationFailed(_('User disabled.'))
|
|
|
|
|
|
|
|
|
|
return access_key.user, None
|
2016-10-15 08:04:54 +00:00
|
|
|
|
|
|
|
|
|
2016-10-31 10:58:23 +00:00
|
|
|
class AccessTokenAuthentication(authentication.BaseAuthentication):
|
2016-12-16 11:32:05 +00:00
|
|
|
keyword = 'Bearer'
|
2016-10-31 10:58:23 +00:00
|
|
|
model = User
|
|
|
|
|
expiration = settings.CONFIG.TOKEN_EXPIRATION or 3600
|
|
|
|
|
|
|
|
|
|
def authenticate(self, request):
|
|
|
|
|
auth = authentication.get_authorization_header(request).split()
|
|
|
|
|
|
|
|
|
|
if not auth or auth[0].lower() != self.keyword.lower().encode():
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
|
if len(auth) == 1:
|
|
|
|
|
msg = _('Invalid token header. No credentials provided.')
|
|
|
|
|
raise exceptions.AuthenticationFailed(msg)
|
|
|
|
|
elif len(auth) > 2:
|
|
|
|
|
msg = _('Invalid token header. Sign string should not contain spaces.')
|
|
|
|
|
raise exceptions.AuthenticationFailed(msg)
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
token = auth[1].decode()
|
|
|
|
|
except UnicodeError:
|
|
|
|
|
msg = _('Invalid token header. Sign string should not contain invalid characters.')
|
|
|
|
|
raise exceptions.AuthenticationFailed(msg)
|
|
|
|
|
return self.authenticate_credentials(token, request)
|
|
|
|
|
|
|
|
|
|
def authenticate_credentials(self, token, request):
|
|
|
|
|
user_id = cache.get(token)
|
2016-11-10 14:06:23 +00:00
|
|
|
print('Auth id: %s' % user_id)
|
2016-10-31 10:58:23 +00:00
|
|
|
user = get_object_or_none(User, id=user_id)
|
|
|
|
|
|
|
|
|
|
if not user:
|
2016-11-04 10:33:16 +00:00
|
|
|
return None
|
2016-12-19 17:19:50 +00:00
|
|
|
get_or_refresh_token(request, user)
|
2016-10-31 10:58:23 +00:00
|
|
|
return user, None
|
