Commit 88af9245 authored by lukas.burgey's avatar lukas.burgey

Change some logging in the views.auth.clients

parent f9de0e89
Pipeline #110536 passed with stage
in 1 minute and 22 seconds
# pylint: disable=too-many-return-statements
import logging
import json
......@@ -19,25 +17,14 @@ ALLOW = HttpResponse('allow')
DENY = HttpResponse('deny')
### HELPERS FOR ALL ENDPOINTS ###
def _valid_vhost(request):
if request.POST.get('vhost') == RabbitMQInstance().vhost:
return True
LOGGER.error('illegal vhost requested')
return False
def _valid_permission(request):
perm = request.POST.get('permission', [])
if 'write' not in perm:
return True
LOGGER.info('Illegal permission requested %s', perm)
return False
def _valid_user(request):
return _apiclient_valid(request) or _webpage_client_userid(request)
def _apiclient_valid(request):
valid = User.objects.filter(
user_type=User.TYPE_CHOICE_DOWNSTREAM,
......@@ -57,6 +44,8 @@ def _webpage_client_userid(request):
return userid
### USER ENDPOINT ###
def _webpage_client_valid(request):
userid = _webpage_client_userid(request)
try:
......@@ -64,19 +53,15 @@ def _webpage_client_valid(request):
session_key=request.POST.get('password'),
)
sd = session.get_decoded()
if settings.DEBUG:
LOGGER.debug('Session data: %s', json.dumps(sd, sort_keys=True, indent=4))
LOGGER.log(settings.DEBUGX_LOG_LEVEL, 'Session data: %s', json.dumps(sd, sort_keys=True, indent=4))
return sd.get('_auth_user_id') == userid
except Session.DoesNotExist:
# LOGGER.info("User %s has no session", userid)
LOGGER.log(settings.DEBUGX_LOG_LEVEL, 'User %s has no session', userid)
return False
# VIEWS: authentication and authorization for
# apiclients and webpage-clients
def user_endpoint(request):
if _webpage_client_valid(request):
# LOGGER.info('Authenticated webpage client')
......@@ -96,6 +81,11 @@ def user_endpoint(request):
return DENY
### VHOST ENDPOINT ###
def _valid_user(request):
return _apiclient_valid(request) or _webpage_client_userid(request)
def vhost_endpoint(request):
# check if on the correct virtual host
if _valid_vhost(request) and _valid_user(request):
......@@ -105,6 +95,8 @@ def vhost_endpoint(request):
return DENY
### RESOURCE ENDPOINT ###
def _resource_authorized_webpage_client(request):
resource = request.POST.get('resource')
name = request.POST.get('name', '')
......@@ -121,7 +113,6 @@ def _resource_authorized_webpage_client(request):
and name == _webpage_client_userid(request)
)
def _resource_authorized_apiclient(request):
resource = request.POST.get('resource')
name = request.POST.get('name', '')
......@@ -135,7 +126,6 @@ def _resource_authorized_apiclient(request):
and 'write' not in permission
)
def resource_auth_decision(request, decision):
user = request.POST.get('username')
permission = request.POST.get('permission', [])
......@@ -146,7 +136,6 @@ def resource_auth_decision(request, decision):
return decision
def resource_endpoint(request):
if _valid_vhost(request):
if (
......@@ -164,6 +153,15 @@ def resource_endpoint(request):
return resource_auth_decision(request, DENY)
### TOPIC ENDPOINT ###
def _valid_permission(request):
perm = request.POST.get('permission', [])
if 'write' not in perm:
return True
LOGGER.info('Illegal permission requested %s', perm)
return False
def topic_auth_decision(request, decision):
user = request.POST.get('username')
permission = request.POST.get('permission', [])
......@@ -175,17 +173,15 @@ def topic_auth_decision(request, decision):
return decision
def topic_endpoint_webpageclient(request, webpage_client_userid):
try:
User.objects.get(id=webpage_client_userid)
return topic_auth_decision(request, ALLOW)
except User.DoesNotExist:
LOGGER.info('User %s does not exist', webpage_client_userid)
LOGGER.log(settings.DEBUGX_LOG_LEVEL, 'Webpage client %s does not exist', webpage_client_userid)
return topic_auth_decision(request, DENY)
def topic_endpoint_apiclient(request, apiclient):
name = request.POST.get('name', '')
routing_key = request.POST.get('routing_key', '')
......@@ -235,12 +231,13 @@ def topic_endpoint_apiclient(request, apiclient):
return topic_auth_decision(request, DENY)
def topic_endpoint(request):
if not _valid_vhost(request) or not _valid_permission(request):
return DENY
webpage_client_userid = _webpage_client_userid(request)
LOGGER.log(settings.DEBUGX_LOG_LEVEL, 'Webpage client userid: %s', webpage_client_userid)
if webpage_client_userid != '':
return topic_endpoint_webpageclient(request, webpage_client_userid)
......@@ -252,5 +249,5 @@ def topic_endpoint(request):
return topic_endpoint_apiclient(request, apiclient)
except User.DoesNotExist:
LOGGER.info('User %s does not exist', request.POST.get('username', ''))
LOGGER.log(settings.DEBUGX_LOG_LEVEL, 'Apiclient %s does not exist', request.POST.get('username'))
return topic_auth_decision(request, DENY)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment