Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
feudal
feudalBackend
Commits
7c6be6a2
Commit
7c6be6a2
authored
Oct 25, 2018
by
Lukas Burgey
Browse files
Implement provisional REST API
parent
706dda00
Changes
5
Hide whitespace changes
Inline
Side-by-side
example-config/etc/nginx/conf.d/feudal.conf
View file @
7c6be6a2
...
...
@@ -67,6 +67,10 @@ server {
proxy_set_header
Connection
$
connection_upgrade
;
}
location
/
rest
{
rewrite
"^$"
/
backend
/
user
-
api
;
}
location
/ {
if
($
arg_idp
) {
return
301
/
backend
/
auth
/
v1
/
request
$
is_args
$
args
;
...
...
feudal/backend/auth/v1/models.py
View file @
7c6be6a2
...
...
@@ -84,6 +84,8 @@ def default_idp():
class
OIDCTokenAuthBackend
(
object
):
AuthException
=
Exception
(
"Unable to authenticate user"
)
def
get_userinfo
(
self
,
oidc_client
,
access_token
=
None
):
user_info
=
None
...
...
@@ -105,12 +107,29 @@ class OIDCTokenAuthBackend(object):
#LOGGER.debug("Got user info:\n%s\n", user_info)
return
user_info
def
authenticate
(
self
,
request
,
token
=
None
):
def
authenticate
(
self
,
request
,
token
=
None
,
issuer_uri
=
None
):
if
token
is
None
:
return
None
idp_id
=
utils
.
get_session
(
request
,
'idp_id'
,
None
)
oidc_client
=
OIDCConfig
.
objects
.
get
(
id
=
idp_id
)
oidc_client
=
None
try
:
if
issuer_uri
is
not
None
:
LOGGER
.
debug
(
"Attempting to find IdP %s"
,
issuer_uri
)
oidc_client
=
OIDCConfig
.
objects
.
get
(
issuer_uri
=
issuer_uri
)
elif
idp_id
is
not
None
:
oidc_client
=
OIDCConfig
.
objects
.
get
(
id
=
idp_id
)
if
oidc_client
is
None
:
LOGGER
.
error
(
"Unable to determine IdP for authentication"
)
return
None
except
OIDCConfig
.
DoesNotExist
:
LOGGER
.
error
(
"Unable to determine IdP for authentication"
)
return
None
# get the user info from the idp
userinfo
=
self
.
get_userinfo
(
...
...
feudal/backend/urls.py
View file @
7c6be6a2
...
...
@@ -3,11 +3,13 @@ from django.contrib import admin
from
.views.client_urls
import
URLPATTERNS
as
clientapi_urls
from
.views.webpage_urls
import
URLPATTERNS
as
frontend_urls
from
.views.user_rest_urls
import
URLPATTERNS
as
user_rest_urls
from
.auth.v1.urls
import
URLPATTERNS
as
auth_urls
URLPATTERNS
=
[
url
(
r
'^clientapi/'
,
include
(
clientapi_urls
)),
url
(
r
'^api/'
,
include
(
frontend_urls
)),
url
(
r
'^user-api/'
,
include
(
user_rest_urls
)),
url
(
r
'^auth/v1/'
,
include
(
auth_urls
)),
url
(
r
'^admin'
,
admin
.
site
.
urls
),
]
feudal/backend/views/user_rest.py
0 → 100644
View file @
7c6be6a2
import
logging
from
django.contrib.auth
import
authenticate
from
django.contrib.auth.models
import
Group
from
django.shortcuts
import
get_object_or_404
from
rest_framework
import
status
from
rest_framework
import
views
from
rest_framework.permissions
import
AllowAny
from
rest_framework.response
import
Response
from
..
import
models
from
..models
import
serializers
as
model_serializers
from
..models.serializers
import
webpage
as
serializers
LOGGER
=
logging
.
getLogger
(
__name__
)
example_input
=
{
'at'
:
'<OpenID Connect Access Token>'
,
'iss'
:
'<Issuer URI>'
,
'key'
:
'<SSH public key>'
,
's'
:
'<service identifier>'
,
}
def
_error_response
(
error
):
return
Response
(
{
'error'
:
error
,
'example_input'
:
example_input
},
status
=
status
.
HTTP_400_BAD_REQUEST
,
)
class
ProvisioningView
(
views
.
APIView
):
permission_classes
=
(
AllowAny
,)
@
staticmethod
def
access_token_valid
(
access_token
):
return
False
@
staticmethod
def
service_exists
(
service_id
):
return
False
def
post
(
self
,
request
):
LOGGER
.
debug
(
"Got user REST request: %s"
,
request
)
if
'at'
not
in
request
.
data
:
return
_error_response
(
"Need access token field 'at'"
)
if
'iss'
not
in
request
.
data
:
return
_error_response
(
"Need issuer uri field 'iss'"
)
if
'key'
not
in
request
.
data
:
return
_error_response
(
"Need ssh key field 'key'"
)
if
's'
not
in
request
.
data
:
return
_error_response
(
"Need service identifier field 's'"
)
access_token
=
request
.
data
[
'at'
]
issuer_uri
=
request
.
data
[
'iss'
]
key
=
request
.
data
[
'key'
]
service_id
=
request
.
data
[
's'
]
user
=
authenticate
(
request
,
token
=
access_token
,
issuer_uri
=
issuer_uri
,
)
if
user
is
None
:
return
_error_response
(
"Unable to authenticate user"
)
LOGGER
.
debug
(
"USER-RESTAPI: authenticated user %s using access token"
,
user
)
if
not
self
.
service_exists
(
service_id
):
return
_error_response
(
"Invalid service id: Does not exist"
)
return
Response
({
'foo'
:
'bar'
,
})
feudal/backend/views/user_rest_urls.py
0 → 100644
View file @
7c6be6a2
from
django.conf.urls
import
url
from
.
import
user_rest
as
views
URLPATTERNS
=
[
url
(
r
'^prov'
,
views
.
ProvisioningView
.
as_view
()),
]
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment