Commit 5b1e3520 authored by Lukas Burgey's avatar Lukas Burgey

Fix the client auth checks

parent 0fb63401
import logging
import re
from django.contrib.auth.models import AbstractUser, Group
from django.http import HttpResponse
from django.contrib.auth import authenticate
from django.contrib.sessions.models import Session
from ...models import User, RabbitMQInstance
from ...models import Site, User, RabbitMQInstance
LOGGER = logging.getLogger(__name__)
CLIENT_DEBUGGING = False
......@@ -222,10 +223,31 @@ def topic_endpoint(request):
if routing_key == user.site.name:
return ALLOW
else:
LOGGER.error('[auth:topic_endpoint] Client of site %s tried to access site %s', user.site, routing_key)
LOGGER.error(
'[auth:topic_endpoint] Client of site %s tried to access site %s',
user.site,
routing_key,
)
elif name == 'groups':
# TODO do some sensible filtering here!
return ALLOW
try:
group = Group.objects.get(name=routing_key)
try:
Site.objects.get(
services__groups=group,
client=user,
)
return ALLOW
except Site.MultipleObjectsReturned:
return ALLOW
except Site.DoesNotExist:
return DENY
except Group.DoesNotExist:
return DENY
LOGGER.error('[auth:topic_endpoint] Authorization check for topic failed for %s', request.POST)
return DENY
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment