Commit 5685d34c authored by Lukas Burgey's avatar Lukas Burgey

Rework authentication of rest calls

parent 2e43db90
...@@ -4,7 +4,7 @@ import json ...@@ -4,7 +4,7 @@ import json
from urllib.error import HTTPError from urllib.error import HTTPError
from urllib.request import Request, urlopen from urllib.request import Request, urlopen
from rest_framework.authentication import BaseAuthentication, SessionAuthentication from rest_framework.authentication import BaseAuthentication
from . import utils from . import utils
from .models import OIDCConfig from .models import OIDCConfig
...@@ -119,12 +119,6 @@ class OIDCTokenAuthBackend: ...@@ -119,12 +119,6 @@ class OIDCTokenAuthBackend:
return None return None
class CsrfExemptSessionAuthentication(SessionAuthentication):
def enforce_csrf(self, request):
# No CSRF enforcing
return
class OIDCTokenAuthHTTPBackend(BaseAuthentication): class OIDCTokenAuthHTTPBackend(BaseAuthentication):
def authenticate_header(self, request): def authenticate_header(self, request):
......
from rest_framework.authentication import SessionAuthentication
class CsrfExemptSessionAuthentication(SessionAuthentication):
def enforce_csrf(self, request):
return # To not perform the csrf check previously happening
...@@ -58,8 +58,6 @@ def error_response(request, msg='Server Error', redirect_back=True): ...@@ -58,8 +58,6 @@ def error_response(request, msg='Server Error', redirect_back=True):
class Auth(View): class Auth(View):
permission_classes = (AllowAny,)
def get(self, request): def get(self, request):
try: try:
state = rndstr() state = rndstr()
...@@ -96,8 +94,6 @@ class Auth(View): ...@@ -96,8 +94,6 @@ class Auth(View):
class AuthCallback(View): class AuthCallback(View):
permission_classes = (AllowAny,)
@staticmethod @staticmethod
def retry_flow(): def retry_flow():
LOGGER.debug('Retrying auth flow') LOGGER.debug('Retrying auth flow')
...@@ -179,8 +175,7 @@ class LogoutView(views.APIView): ...@@ -179,8 +175,7 @@ class LogoutView(views.APIView):
class AuthInfo(generics.RetrieveAPIView): class AuthInfo(generics.RetrieveAPIView):
authorization_classes = () permission_classes = (AllowAny,)
permission_classes = ()
serializer_class = AuthInfoSerializer serializer_class = AuthInfoSerializer
def get_object(self): def get_object(self):
......
...@@ -5,8 +5,6 @@ from django.shortcuts import get_object_or_404 ...@@ -5,8 +5,6 @@ from django.shortcuts import get_object_or_404
from rest_framework import status, views, generics, exceptions from rest_framework import status, views, generics, exceptions
from rest_framework.response import Response from rest_framework.response import Response
from feudal.backend.auth.v1 import OIDCTokenAuthHTTPBackend
from .. import models from .. import models
from ..models import serializers, deployments from ..models import serializers, deployments
...@@ -35,7 +33,6 @@ def _error_response(request, error): ...@@ -35,7 +33,6 @@ def _error_response(request, error):
class SSHPublicKeyView(generics.RetrieveDestroyAPIView): class SSHPublicKeyView(generics.RetrieveDestroyAPIView):
authentication_classes = (OIDCTokenAuthHTTPBackend,)
serializer_class = serializers.SSHPublicKeySerializer serializer_class = serializers.SSHPublicKeySerializer
def get_object(self): def get_object(self):
...@@ -52,7 +49,6 @@ class SSHPublicKeyView(generics.RetrieveDestroyAPIView): ...@@ -52,7 +49,6 @@ class SSHPublicKeyView(generics.RetrieveDestroyAPIView):
class SSHPublicKeyListView(generics.ListCreateAPIView): class SSHPublicKeyListView(generics.ListCreateAPIView):
authentication_classes = (OIDCTokenAuthHTTPBackend,)
serializer_class = serializers.SSHPublicKeySerializer serializer_class = serializers.SSHPublicKeySerializer
def get_queryset(self): def get_queryset(self):
...@@ -64,7 +60,6 @@ class SSHPublicKeyListView(generics.ListCreateAPIView): ...@@ -64,7 +60,6 @@ class SSHPublicKeyListView(generics.ListCreateAPIView):
class ServiceListView(generics.ListAPIView): class ServiceListView(generics.ListAPIView):
authentication_classes = (OIDCTokenAuthHTTPBackend,)
serializer_class = serializers.ServiceSerializer serializer_class = serializers.ServiceSerializer
def get_queryset(self): def get_queryset(self):
...@@ -72,7 +67,6 @@ class ServiceListView(generics.ListAPIView): ...@@ -72,7 +67,6 @@ class ServiceListView(generics.ListAPIView):
class DeploymentListView(generics.ListCreateAPIView): class DeploymentListView(generics.ListCreateAPIView):
authentication_classes = (OIDCTokenAuthHTTPBackend,)
serializer_class = serializers.DeploymentSerializer serializer_class = serializers.DeploymentSerializer
def get_queryset(self): def get_queryset(self):
...@@ -84,38 +78,38 @@ class DeploymentListView(generics.ListCreateAPIView): ...@@ -84,38 +78,38 @@ class DeploymentListView(generics.ListCreateAPIView):
# basically obsolete # basically obsolete
class ProvisioningView(views.APIView): # class ProvisioningView(views.APIView):
authentication_classes = (OIDCTokenAuthHTTPBackend,) # authentication_classes = (OIDCTokenAuthHTTPBackend,)
#
def post(self, request): # def post(self, request):
for key in ['s']: # for key in ['s']:
if key not in request.data: # if key not in request.data:
return _error_response(request, 'Missing key "{}"'.format(key)) # return _error_response(request, 'Missing key "{}"'.format(key))
#
service_name = request.data.get('s', '') # service_name = request.data.get('s', '')
state_target = request.data.get('state_target', deployments.DEPLOYED) # state_target = request.data.get('state_target', deployments.DEPLOYED)
#
service = None # service = None
try: # try:
service = request.user.services.get( # service = request.user.services.get(
name=service_name, # name=service_name,
) # )
#
deployment = deployments.get_deployment(request.user, service=service) # deployment = deployments.get_deployment(request.user, service=service)
if deployment is not None: # if deployment is not None:
if state_target == deployments.DEPLOYED: # if state_target == deployments.DEPLOYED:
deployment.user_deploy() # deployment.user_deploy()
elif state_target == deployments.NOT_DEPLOYED: # elif state_target == deployments.NOT_DEPLOYED:
deployment.user_remove() # deployment.user_remove()
else: # else:
return _error_response(request, 'Invalid state_target "{}"'.format(state_target)) # return _error_response(request, 'Invalid state_target "{}"'.format(state_target))
#
return Response( # return Response(
serializers.DeploymentSerializer(deployment).data, # serializers.DeploymentSerializer(deployment).data,
) # )
#
except models.Service.DoesNotExist: # except models.Service.DoesNotExist:
return _error_response( # return _error_response(
request, # request,
'Service "{}" does not exist or you are not authorised to use it'.format(service_name), # 'Service "{}" does not exist or you are not authorised to use it'.format(service_name),
) # )
...@@ -2,7 +2,6 @@ from django.conf.urls import url ...@@ -2,7 +2,6 @@ from django.conf.urls import url
from . import user_rest as views from . import user_rest as views
URLPATTERNS = [ URLPATTERNS = [
url(r'^prov', views.ProvisioningView.as_view()),
url(r'^ssh-key$', views.SSHPublicKeyView.as_view()), url(r'^ssh-key$', views.SSHPublicKeyView.as_view()),
url(r'^ssh-keys$', views.SSHPublicKeyListView.as_view()), url(r'^ssh-keys$', views.SSHPublicKeyListView.as_view()),
url(r'^services$', views.ServiceListView.as_view()), url(r'^services$', views.ServiceListView.as_view()),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment