Commit 719e1fcb authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Change authentication of clients at rabbitmq to delegated http auth

parent 64f88bf7
import logging
from django.http import HttpResponse
from django.contrib.auth import authenticate
LOGGER = logging.getLogger(__name__)
def user_endpoint(request):
LOGGER.debug('RabbitMQ sent auth request')
if 'username' in request.POST and 'password' in request.POST:
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user:
LOGGER.info('Authenticated client as %s', user)
if user.is_superuser:
return HttpResponse("allow administrator")
else:
return HttpResponse("allow management")
LOGGER.error('Failed to authenticate user for RabbitMQ')
return HttpResponse("deny")
def vhost(request):
return HttpResponse("allow")
def resource(request):
return HttpResponse("allow")
def topic(request):
return HttpResponse("allow")
from django.conf.urls import url from django.conf.urls import url
from . import views from django.views.decorators.csrf import csrf_exempt
from . import views, client_views
URLPATTERNS = [ URLPATTERNS = [
url(r'^info/', views.AuthInfo.as_view()), url(r'^info/', views.AuthInfo.as_view()),
url(r'^request/', views.Auth.as_view()), url(r'^request/', views.Auth.as_view()),
url(r'^callback/', views.AuthCallback.as_view()), url(r'^callback/', views.AuthCallback.as_view()),
url(r'^logout/', views.LogoutView.as_view()), url(r'^logout/', views.LogoutView.as_view()),
url(r'^client/user', csrf_exempt(client_views.user_endpoint)),
url(r'^client/vhost', csrf_exempt(client_views.vhost)),
url(r'^client/resource', csrf_exempt(client_views.resource)),
url(r'^client/topic', csrf_exempt(client_views.topic)),
] ]
import logging import logging
from rest_framework import generics, views from rest_framework import generics, views
from rest_framework.authentication import TokenAuthentication from rest_framework.authentication import TokenAuthentication, BasicAuthentication
from rest_framework.response import Response from rest_framework.response import Response
from .serializers import SiteSerializer, ServiceSerializer from .serializers import SiteSerializer, ServiceSerializer
...@@ -9,7 +9,7 @@ LOGGER = logging.getLogger(__name__) ...@@ -9,7 +9,7 @@ LOGGER = logging.getLogger(__name__)
# authentication class for the client api # authentication class for the client api
AUTHENTICATION_CLASSES = (TokenAuthentication, ) AUTHENTICATION_CLASSES = (BasicAuthentication, )
class DeploymentsView(generics.RetrieveAPIView): class DeploymentsView(generics.RetrieveAPIView):
......
...@@ -288,7 +288,6 @@ class User(AbstractUser): ...@@ -288,7 +288,6 @@ class User(AbstractUser):
max_length=150, max_length=150,
blank=True, blank=True,
null=True, null=True,
editable=False,
) )
# the real state of the user # the real state of the user
# (self.is_active is the supposed state of the user) # (self.is_active is the supposed state of the user)
...@@ -330,7 +329,11 @@ class User(AbstractUser): ...@@ -330,7 +329,11 @@ class User(AbstractUser):
return 'DEACTIVATED USER {}'.format(self.username) return 'DEACTIVATED USER {}'.format(self.username)
return 'USER {}'.format(self.username) return 'USER {}'.format(self.username)
elif self.user_type == 'apiclient': elif self.user_type == 'apiclient':
try:
return 'APICLIENT {}@{}'.format(self.username, self.site) return 'APICLIENT {}@{}'.format(self.username, self.site)
except:
return 'APICLIENT {}'.format(self.username)
else: else:
raise Exception() raise Exception()
...@@ -739,29 +742,29 @@ class DeploymentTaskItem(models.Model): ...@@ -739,29 +742,29 @@ class DeploymentTaskItem(models.Model):
# RECEIVERS # RECEIVERS
# #
@receiver(post_save, sender=settings.AUTH_USER_MODEL) #@receiver(post_save, sender=settings.AUTH_USER_MODEL)
def create_auth_token(sender, instance=None, created=False, **kwargs): #def create_auth_token(sender, instance=None, created=False, **kwargs):
if instance.user_type == 'apiclient' and created: # if instance.user_type == 'apiclient' and created:
Token.objects.create(user=instance) # Token.objects.create(user=instance)
@receiver(post_save, sender=Site)
def register_at_rabbitmq(sender, instance=None, created=False, **kwargs):
if not created:
return
RabbitMQInstance.load().register_site(instance)
@receiver(pre_delete, sender=Site) #@receiver(post_save, sender=Site)
def deregister_at_rabbitmq(sender, instance=None, **kwargs): #def register_at_rabbitmq(sender, instance=None, created=False, **kwargs):
RabbitMQInstance.load().deregister_site(instance) # if not created:
# return
#
@receiver(post_save, sender=Service) # RabbitMQInstance.load().register_site(instance)
def update_at_rabbitmq(sender, instance=None, **kwargs): #
for site in instance.site.all(): #
RabbitMQInstance.load().update_site(site) #@receiver(pre_delete, sender=Site)
#def deregister_at_rabbitmq(sender, instance=None, **kwargs):
# RabbitMQInstance.load().deregister_site(instance)
#
#
#@receiver(post_save, sender=Service)
#def update_at_rabbitmq(sender, instance=None, **kwargs):
# for site in instance.site.all():
# RabbitMQInstance.load().update_site(site)
@receiver(post_save, sender=User) @receiver(post_save, sender=User)
......
...@@ -102,11 +102,23 @@ DATABASES = { ...@@ -102,11 +102,23 @@ DATABASES = {
CORS_ORIGIN_ALLOW_ALL = True CORS_ORIGIN_ALLOW_ALL = True
# AUTHENTICATION AND AUTHORIZATION
AUTHENTICATION_BACKENDS = [ AUTHENTICATION_BACKENDS = [
'django_backend.backend.auth.v1.models.OIDCTokenAuthBackend', 'django_backend.backend.auth.v1.models.OIDCTokenAuthBackend',
'django.contrib.auth.backends.ModelBackend', 'django.contrib.auth.backends.ModelBackend',
] ]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'django_backend.backend.auth.v1.auth_class.CsrfExemptSessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
],
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
],
}
# Password validation # Password validation
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators # https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
...@@ -146,16 +158,6 @@ USE_TZ = True ...@@ -146,16 +158,6 @@ USE_TZ = True
STATIC_URL = '/backend/static/' STATIC_URL = '/backend/static/'
STATIC_ROOT = 'static' STATIC_ROOT = 'static'
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'django_backend.backend.auth.v1.auth_class.CsrfExemptSessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
],
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
],
}
LOGGING = { LOGGING = {
'version': 1, 'version': 1,
'disable_existing_loggers': True, 'disable_existing_loggers': True,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment