Commit 7c6be6a2 authored by Lukas Burgey's avatar Lukas Burgey

Implement provisional REST API

parent 706dda00
......@@ -67,6 +67,10 @@ server {
proxy_set_header Connection $connection_upgrade;
}
location /rest {
rewrite "^$" /backend/user-api;
}
location / {
if ($arg_idp) {
return 301 /backend/auth/v1/request$is_args$args;
......
......@@ -84,6 +84,8 @@ def default_idp():
class OIDCTokenAuthBackend(object):
AuthException = Exception("Unable to authenticate user")
def get_userinfo(self, oidc_client, access_token=None):
user_info = None
......@@ -105,12 +107,29 @@ class OIDCTokenAuthBackend(object):
#LOGGER.debug("Got user info:\n%s\n", user_info)
return user_info
def authenticate(self, request, token=None):
def authenticate(self, request, token=None, issuer_uri=None):
if token is None:
return None
idp_id = utils.get_session(request, 'idp_id', None)
oidc_client = OIDCConfig.objects.get(id=idp_id)
oidc_client = None
try:
if issuer_uri is not None:
LOGGER.debug("Attempting to find IdP %s", issuer_uri)
oidc_client = OIDCConfig.objects.get(issuer_uri=issuer_uri)
elif idp_id is not None:
oidc_client = OIDCConfig.objects.get(id=idp_id)
if oidc_client is None:
LOGGER.error("Unable to determine IdP for authentication")
return None
except OIDCConfig.DoesNotExist:
LOGGER.error("Unable to determine IdP for authentication")
return None
# get the user info from the idp
userinfo = self.get_userinfo(
......
......@@ -3,11 +3,13 @@ from django.contrib import admin
from .views.client_urls import URLPATTERNS as clientapi_urls
from .views.webpage_urls import URLPATTERNS as frontend_urls
from .views.user_rest_urls import URLPATTERNS as user_rest_urls
from .auth.v1.urls import URLPATTERNS as auth_urls
URLPATTERNS = [
url(r'^clientapi/', include(clientapi_urls)),
url(r'^api/', include(frontend_urls)),
url(r'^user-api/', include(user_rest_urls)),
url(r'^auth/v1/', include(auth_urls)),
url(r'^admin', admin.site.urls),
]
import logging
from django.contrib.auth import authenticate
from django.contrib.auth.models import Group
from django.shortcuts import get_object_or_404
from rest_framework import status
from rest_framework import views
from rest_framework.permissions import AllowAny
from rest_framework.response import Response
from .. import models
from ..models import serializers as model_serializers
from ..models.serializers import webpage as serializers
LOGGER = logging.getLogger(__name__)
example_input = {
'at': '<OpenID Connect Access Token>',
'iss': '<Issuer URI>',
'key': '<SSH public key>',
's': '<service identifier>',
}
def _error_response(error):
return Response(
{
'error': error,
'example_input': example_input
},
status=status.HTTP_400_BAD_REQUEST,
)
class ProvisioningView(views.APIView):
permission_classes = (AllowAny,)
@staticmethod
def access_token_valid(access_token):
return False
@staticmethod
def service_exists(service_id):
return False
def post(self, request):
LOGGER.debug("Got user REST request: %s", request)
if 'at' not in request.data:
return _error_response("Need access token field 'at'")
if 'iss' not in request.data:
return _error_response("Need issuer uri field 'iss'")
if 'key' not in request.data:
return _error_response("Need ssh key field 'key'")
if 's' not in request.data:
return _error_response("Need service identifier field 's'")
access_token = request.data['at']
issuer_uri = request.data['iss']
key = request.data['key']
service_id = request.data['s']
user = authenticate(
request,
token=access_token,
issuer_uri=issuer_uri,
)
if user is None:
return _error_response("Unable to authenticate user")
LOGGER.debug("USER-RESTAPI: authenticated user %s using access token", user)
if not self.service_exists(service_id):
return _error_response("Invalid service id: Does not exist")
return Response({
'foo': 'bar',
})
from django.conf.urls import url
from . import user_rest as views
URLPATTERNS = [
url(r'^prov', views.ProvisioningView.as_view()),
]
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment