Commit 719e1fcb authored by Lukas Burgey's avatar Lukas Burgey

Change authentication of clients at rabbitmq to delegated http auth

parent 64f88bf7
import logging
from django.http import HttpResponse
from django.contrib.auth import authenticate
LOGGER = logging.getLogger(__name__)
def user_endpoint(request):
LOGGER.debug('RabbitMQ sent auth request')
if 'username' in request.POST and 'password' in request.POST:
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user:
LOGGER.info('Authenticated client as %s', user)
if user.is_superuser:
return HttpResponse("allow administrator")
else:
return HttpResponse("allow management")
LOGGER.error('Failed to authenticate user for RabbitMQ')
return HttpResponse("deny")
def vhost(request):
return HttpResponse("allow")
def resource(request):
return HttpResponse("allow")
def topic(request):
return HttpResponse("allow")
from django.conf.urls import url
from . import views
from django.views.decorators.csrf import csrf_exempt
from . import views, client_views
URLPATTERNS = [
url(r'^info/', views.AuthInfo.as_view()),
url(r'^request/', views.Auth.as_view()),
url(r'^callback/', views.AuthCallback.as_view()),
url(r'^logout/', views.LogoutView.as_view()),
url(r'^client/user', csrf_exempt(client_views.user_endpoint)),
url(r'^client/vhost', csrf_exempt(client_views.vhost)),
url(r'^client/resource', csrf_exempt(client_views.resource)),
url(r'^client/topic', csrf_exempt(client_views.topic)),
]
import logging
from rest_framework import generics, views
from rest_framework.authentication import TokenAuthentication
from rest_framework.authentication import TokenAuthentication, BasicAuthentication
from rest_framework.response import Response
from .serializers import SiteSerializer, ServiceSerializer
......@@ -9,7 +9,7 @@ LOGGER = logging.getLogger(__name__)
# authentication class for the client api
AUTHENTICATION_CLASSES = (TokenAuthentication, )
AUTHENTICATION_CLASSES = (BasicAuthentication, )
class DeploymentsView(generics.RetrieveAPIView):
......
......@@ -288,7 +288,6 @@ class User(AbstractUser):
max_length=150,
blank=True,
null=True,
editable=False,
)
# the real state of the user
# (self.is_active is the supposed state of the user)
......@@ -330,7 +329,11 @@ class User(AbstractUser):
return 'DEACTIVATED USER {}'.format(self.username)
return 'USER {}'.format(self.username)
elif self.user_type == 'apiclient':
return 'APICLIENT {}@{}'.format(self.username, self.site)
try:
return 'APICLIENT {}@{}'.format(self.username, self.site)
except:
return 'APICLIENT {}'.format(self.username)
else:
raise Exception()
......@@ -739,29 +742,29 @@ class DeploymentTaskItem(models.Model):
# RECEIVERS
#
@receiver(post_save, sender=settings.AUTH_USER_MODEL)
def create_auth_token(sender, instance=None, created=False, **kwargs):
if instance.user_type == 'apiclient' and created:
Token.objects.create(user=instance)
@receiver(post_save, sender=Site)
def register_at_rabbitmq(sender, instance=None, created=False, **kwargs):
if not created:
return
RabbitMQInstance.load().register_site(instance)
#@receiver(post_save, sender=settings.AUTH_USER_MODEL)
#def create_auth_token(sender, instance=None, created=False, **kwargs):
# if instance.user_type == 'apiclient' and created:
# Token.objects.create(user=instance)
@receiver(pre_delete, sender=Site)
def deregister_at_rabbitmq(sender, instance=None, **kwargs):
RabbitMQInstance.load().deregister_site(instance)
@receiver(post_save, sender=Service)
def update_at_rabbitmq(sender, instance=None, **kwargs):
for site in instance.site.all():
RabbitMQInstance.load().update_site(site)
#@receiver(post_save, sender=Site)
#def register_at_rabbitmq(sender, instance=None, created=False, **kwargs):
# if not created:
# return
#
# RabbitMQInstance.load().register_site(instance)
#
#
#@receiver(pre_delete, sender=Site)
#def deregister_at_rabbitmq(sender, instance=None, **kwargs):
# RabbitMQInstance.load().deregister_site(instance)
#
#
#@receiver(post_save, sender=Service)
#def update_at_rabbitmq(sender, instance=None, **kwargs):
# for site in instance.site.all():
# RabbitMQInstance.load().update_site(site)
@receiver(post_save, sender=User)
......
......@@ -102,11 +102,23 @@ DATABASES = {
CORS_ORIGIN_ALLOW_ALL = True
# AUTHENTICATION AND AUTHORIZATION
AUTHENTICATION_BACKENDS = [
'django_backend.backend.auth.v1.models.OIDCTokenAuthBackend',
'django.contrib.auth.backends.ModelBackend',
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'django_backend.backend.auth.v1.auth_class.CsrfExemptSessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
],
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
],
}
# Password validation
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
......@@ -146,16 +158,6 @@ USE_TZ = True
STATIC_URL = '/backend/static/'
STATIC_ROOT = 'static'
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'django_backend.backend.auth.v1.auth_class.CsrfExemptSessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
],
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
],
}
LOGGING = {
'version': 1,
'disable_existing_loggers': True,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment