Commit 27adaffe authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Lint some code

parent 03e91116
...@@ -22,6 +22,7 @@ def _valid_vhost(request): ...@@ -22,6 +22,7 @@ def _valid_vhost(request):
LOGGER.error('illegal vhost requested') LOGGER.error('illegal vhost requested')
return False return False
def _valid_permission(request): def _valid_permission(request):
perm = request.POST.get('permission') perm = request.POST.get('permission')
if perm != 'write': if perm != 'write':
...@@ -29,9 +30,11 @@ def _valid_permission(request): ...@@ -29,9 +30,11 @@ def _valid_permission(request):
LOGGER.error('illegal permission requested %s', perm) LOGGER.error('illegal permission requested %s', perm)
return False return False
def _valid_user(request): def _valid_user(request):
return _apiclient_valid(request) or _webpage_client_userid(request) return _apiclient_valid(request) or _webpage_client_userid(request)
def _apiclient_valid(request): def _apiclient_valid(request):
valid = models.User.objects.filter( valid = models.User.objects.filter(
user_type='apiclient', user_type='apiclient',
...@@ -41,6 +44,7 @@ def _apiclient_valid(request): ...@@ -41,6 +44,7 @@ def _apiclient_valid(request):
return True return True
return False return False
def _apiclient_get(request): def _apiclient_get(request):
user = models.User.objects.filter( user = models.User.objects.filter(
user_type='apiclient', user_type='apiclient',
...@@ -52,6 +56,7 @@ def _apiclient_get(request): ...@@ -52,6 +56,7 @@ def _apiclient_get(request):
LOGGER.error('unable to get user for request') LOGGER.error('unable to get user for request')
return None return None
def _webpage_client_userid(request): def _webpage_client_userid(request):
userid = '' userid = ''
username = request.POST.get('username') username = request.POST.get('username')
...@@ -61,6 +66,7 @@ def _webpage_client_userid(request): ...@@ -61,6 +66,7 @@ def _webpage_client_userid(request):
userid = components[1] userid = components[1]
return userid return userid
def _webpage_client_valid(request): def _webpage_client_valid(request):
userid = _webpage_client_userid(request) userid = _webpage_client_userid(request)
try: try:
...@@ -76,6 +82,7 @@ def _webpage_client_valid(request): ...@@ -76,6 +82,7 @@ def _webpage_client_valid(request):
# VIEWS: authentication and authorization for # VIEWS: authentication and authorization for
# apiclients and webpage-clients # apiclients and webpage-clients
def user_endpoint(request): def user_endpoint(request):
if _webpage_client_valid(request): if _webpage_client_valid(request):
# LOGGER.info('Authenticated webpage client') # LOGGER.info('Authenticated webpage client')
...@@ -86,13 +93,13 @@ def user_endpoint(request): ...@@ -86,13 +93,13 @@ def user_endpoint(request):
password=request.POST.get('password'), password=request.POST.get('password'),
) )
if user is not None: if user is not None:
#LOGGER.info('Authenticated client as %s', user) # LOGGER.info('Authenticated client as %s', user)
return ALLOW return ALLOW
LOGGER.error('Failed to authenticate user for RabbitMQ') LOGGER.error('Failed to authenticate user for RabbitMQ')
return DENY return DENY
def vhost_endpoint(request): def vhost_endpoint(request):
# check if on the correct virtual host # check if on the correct virtual host
if _valid_vhost(request) and _valid_user(request): if _valid_vhost(request) and _valid_user(request):
...@@ -101,6 +108,7 @@ def vhost_endpoint(request): ...@@ -101,6 +108,7 @@ def vhost_endpoint(request):
LOGGER.error('Authorization check for vhost failed for %s', request.POST) LOGGER.error('Authorization check for vhost failed for %s', request.POST)
return DENY return DENY
def _resource_authorized_webpage_client(request): def _resource_authorized_webpage_client(request):
resource = request.POST.get('resource') resource = request.POST.get('resource')
name = request.POST.get('name', '') name = request.POST.get('name', '')
...@@ -108,7 +116,7 @@ def _resource_authorized_webpage_client(request): ...@@ -108,7 +116,7 @@ def _resource_authorized_webpage_client(request):
return ( return (
resource == 'exchange' resource == 'exchange'
and name == 'users' and name == 'users'
and not 'write' in permission and 'write' not in permission
) or ( ) or (
resource == 'queue' resource == 'queue'
and name.startswith('stomp-subscription-') and name.startswith('stomp-subscription-')
...@@ -117,6 +125,7 @@ def _resource_authorized_webpage_client(request): ...@@ -117,6 +125,7 @@ def _resource_authorized_webpage_client(request):
and name == _webpage_client_userid(request) and name == _webpage_client_userid(request)
) )
def _resource_authorized_apiclient(request): def _resource_authorized_apiclient(request):
resource = request.POST.get('resource') resource = request.POST.get('resource')
name = request.POST.get('name', '') name = request.POST.get('name', '')
...@@ -127,9 +136,10 @@ def _resource_authorized_apiclient(request): ...@@ -127,9 +136,10 @@ def _resource_authorized_apiclient(request):
) or ( ) or (
resource == 'exchange' resource == 'exchange'
and name in models.RabbitMQInstance.load().exchanges and name in models.RabbitMQInstance.load().exchanges
and not 'write' in permission and 'write' not in permission
) )
def resource_auth_decision(request, decision): def resource_auth_decision(request, decision):
user = request.POST.get('username') user = request.POST.get('username')
permission = request.POST.get('permission', []) permission = request.POST.get('permission', [])
...@@ -154,6 +164,7 @@ def resource_auth_decision(request, decision): ...@@ -154,6 +164,7 @@ def resource_auth_decision(request, decision):
) )
return decision return decision
def resource_endpoint(request): def resource_endpoint(request):
if _valid_vhost(request): if _valid_vhost(request):
if ( if (
...@@ -170,6 +181,7 @@ def resource_endpoint(request): ...@@ -170,6 +181,7 @@ def resource_endpoint(request):
return resource_auth_decision(request, DENY) return resource_auth_decision(request, DENY)
def topic_auth_decision(request, decision): def topic_auth_decision(request, decision):
user = request.POST.get('username') user = request.POST.get('username')
permission = request.POST.get('permission', []) permission = request.POST.get('permission', [])
...@@ -198,19 +210,21 @@ def topic_auth_decision(request, decision): ...@@ -198,19 +210,21 @@ def topic_auth_decision(request, decision):
) )
return decision return decision
def topic_endpoint_webpageclient(request, webpage_client_userid): def topic_endpoint_webpageclient(request, webpage_client_userid):
permission = request.POST.get('permission', []) permission = request.POST.get('permission', [])
try: try:
models.User.objects.get(id=webpage_client_userid) models.User.objects.get(id=webpage_client_userid)
if not 'write' in permission: if 'write' not in permission:
return topic_auth_decision(request, ALLOW) return topic_auth_decision(request, ALLOW)
return topic_auth_decision(request, DENY) return topic_auth_decision(request, DENY)
except models.User.DoesNotExist: except models.User.DoesNotExist:
return topic_auth_decision(request, DENY) return topic_auth_decision(request, DENY)
def topic_endpoint_apiclient(request, apiclient): def topic_endpoint_apiclient(request, apiclient):
name = request.POST.get('name', '') name = request.POST.get('name', '')
routing_key = request.POST.get('routing_key', '') routing_key = request.POST.get('routing_key', '')
...@@ -246,6 +260,7 @@ def topic_endpoint_apiclient(request, apiclient): ...@@ -246,6 +260,7 @@ def topic_endpoint_apiclient(request, apiclient):
return topic_auth_decision(request, DENY) return topic_auth_decision(request, DENY)
def topic_endpoint(request): def topic_endpoint(request):
if not _valid_vhost(request) or not _valid_permission(request): if not _valid_vhost(request) or not _valid_permission(request):
return DENY return DENY
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment