Commit 5b1e3520 authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Fix the client auth checks

parent 0fb63401
import logging import logging
import re import re
from django.contrib.auth.models import AbstractUser, Group
from django.http import HttpResponse from django.http import HttpResponse
from django.contrib.auth import authenticate from django.contrib.auth import authenticate
from django.contrib.sessions.models import Session from django.contrib.sessions.models import Session
from ...models import User, RabbitMQInstance from ...models import Site, User, RabbitMQInstance
LOGGER = logging.getLogger(__name__) LOGGER = logging.getLogger(__name__)
CLIENT_DEBUGGING = False CLIENT_DEBUGGING = False
...@@ -222,10 +223,31 @@ def topic_endpoint(request): ...@@ -222,10 +223,31 @@ def topic_endpoint(request):
if routing_key == user.site.name: if routing_key == user.site.name:
return ALLOW return ALLOW
else: else:
LOGGER.error('[auth:topic_endpoint] Client of site %s tried to access site %s', user.site, routing_key) LOGGER.error(
'[auth:topic_endpoint] Client of site %s tried to access site %s',
user.site,
routing_key,
)
elif name == 'groups': elif name == 'groups':
# TODO do some sensible filtering here! try:
return ALLOW group = Group.objects.get(name=routing_key)
try:
Site.objects.get(
services__groups=group,
client=user,
)
return ALLOW
except Site.MultipleObjectsReturned:
return ALLOW
except Site.DoesNotExist:
return DENY
except Group.DoesNotExist:
return DENY
LOGGER.error('[auth:topic_endpoint] Authorization check for topic failed for %s', request.POST) LOGGER.error('[auth:topic_endpoint] Authorization check for topic failed for %s', request.POST)
return DENY return DENY
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment