Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
feudal
feudalBackend
Commits
27adaffe
Commit
27adaffe
authored
Oct 29, 2018
by
Lukas Burgey
Browse files
Lint some code
parent
03e91116
Changes
1
Show whitespace changes
Inline
Side-by-side
feudal/backend/auth/v1/views/clients.py
View file @
27adaffe
...
...
@@ -22,6 +22,7 @@ def _valid_vhost(request):
LOGGER
.
error
(
'illegal vhost requested'
)
return
False
def
_valid_permission
(
request
):
perm
=
request
.
POST
.
get
(
'permission'
)
if
perm
!=
'write'
:
...
...
@@ -29,9 +30,11 @@ def _valid_permission(request):
LOGGER
.
error
(
'illegal permission requested %s'
,
perm
)
return
False
def
_valid_user
(
request
):
return
_apiclient_valid
(
request
)
or
_webpage_client_userid
(
request
)
def
_apiclient_valid
(
request
):
valid
=
models
.
User
.
objects
.
filter
(
user_type
=
'apiclient'
,
...
...
@@ -41,6 +44,7 @@ def _apiclient_valid(request):
return
True
return
False
def
_apiclient_get
(
request
):
user
=
models
.
User
.
objects
.
filter
(
user_type
=
'apiclient'
,
...
...
@@ -52,6 +56,7 @@ def _apiclient_get(request):
LOGGER
.
error
(
'unable to get user for request'
)
return
None
def
_webpage_client_userid
(
request
):
userid
=
''
username
=
request
.
POST
.
get
(
'username'
)
...
...
@@ -61,6 +66,7 @@ def _webpage_client_userid(request):
userid
=
components
[
1
]
return
userid
def
_webpage_client_valid
(
request
):
userid
=
_webpage_client_userid
(
request
)
try
:
...
...
@@ -76,6 +82,7 @@ def _webpage_client_valid(request):
# VIEWS: authentication and authorization for
# apiclients and webpage-clients
def
user_endpoint
(
request
):
if
_webpage_client_valid
(
request
):
# LOGGER.info('Authenticated webpage client')
...
...
@@ -86,13 +93,13 @@ def user_endpoint(request):
password
=
request
.
POST
.
get
(
'password'
),
)
if
user
is
not
None
:
#LOGGER.info('Authenticated client as %s', user)
#
LOGGER.info('Authenticated client as %s', user)
return
ALLOW
LOGGER
.
error
(
'Failed to authenticate user for RabbitMQ'
)
return
DENY
def
vhost_endpoint
(
request
):
# check if on the correct virtual host
if
_valid_vhost
(
request
)
and
_valid_user
(
request
):
...
...
@@ -101,6 +108,7 @@ def vhost_endpoint(request):
LOGGER
.
error
(
'Authorization check for vhost failed for %s'
,
request
.
POST
)
return
DENY
def
_resource_authorized_webpage_client
(
request
):
resource
=
request
.
POST
.
get
(
'resource'
)
name
=
request
.
POST
.
get
(
'name'
,
''
)
...
...
@@ -108,7 +116,7 @@ def _resource_authorized_webpage_client(request):
return
(
resource
==
'exchange'
and
name
==
'users'
and
not
'write'
in
permission
and
'write'
not
in
permission
)
or
(
resource
==
'queue'
and
name
.
startswith
(
'stomp-subscription-'
)
...
...
@@ -117,6 +125,7 @@ def _resource_authorized_webpage_client(request):
and
name
==
_webpage_client_userid
(
request
)
)
def
_resource_authorized_apiclient
(
request
):
resource
=
request
.
POST
.
get
(
'resource'
)
name
=
request
.
POST
.
get
(
'name'
,
''
)
...
...
@@ -127,9 +136,10 @@ def _resource_authorized_apiclient(request):
)
or
(
resource
==
'exchange'
and
name
in
models
.
RabbitMQInstance
.
load
().
exchanges
and
not
'write'
in
permission
and
'write'
not
in
permission
)
def
resource_auth_decision
(
request
,
decision
):
user
=
request
.
POST
.
get
(
'username'
)
permission
=
request
.
POST
.
get
(
'permission'
,
[])
...
...
@@ -154,6 +164,7 @@ def resource_auth_decision(request, decision):
)
return
decision
def
resource_endpoint
(
request
):
if
_valid_vhost
(
request
):
if
(
...
...
@@ -170,6 +181,7 @@ def resource_endpoint(request):
return
resource_auth_decision
(
request
,
DENY
)
def
topic_auth_decision
(
request
,
decision
):
user
=
request
.
POST
.
get
(
'username'
)
permission
=
request
.
POST
.
get
(
'permission'
,
[])
...
...
@@ -198,19 +210,21 @@ def topic_auth_decision(request, decision):
)
return
decision
def
topic_endpoint_webpageclient
(
request
,
webpage_client_userid
):
permission
=
request
.
POST
.
get
(
'permission'
,
[])
try
:
models
.
User
.
objects
.
get
(
id
=
webpage_client_userid
)
if
not
'write'
in
permission
:
if
'write'
not
in
permission
:
return
topic_auth_decision
(
request
,
ALLOW
)
return
topic_auth_decision
(
request
,
DENY
)
except
models
.
User
.
DoesNotExist
:
return
topic_auth_decision
(
request
,
DENY
)
def
topic_endpoint_apiclient
(
request
,
apiclient
):
name
=
request
.
POST
.
get
(
'name'
,
''
)
routing_key
=
request
.
POST
.
get
(
'routing_key'
,
''
)
...
...
@@ -246,6 +260,7 @@ def topic_endpoint_apiclient(request, apiclient):
return
topic_auth_decision
(
request
,
DENY
)
def
topic_endpoint
(
request
):
if
not
_valid_vhost
(
request
)
or
not
_valid_permission
(
request
):
return
DENY
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment