Commit 5685d34c authored by Lukas Burgey's avatar Lukas Burgey

Rework authentication of rest calls

parent 2e43db90
......@@ -4,7 +4,7 @@ import json
from urllib.error import HTTPError
from urllib.request import Request, urlopen
from rest_framework.authentication import BaseAuthentication, SessionAuthentication
from rest_framework.authentication import BaseAuthentication
from . import utils
from .models import OIDCConfig
......@@ -119,12 +119,6 @@ class OIDCTokenAuthBackend:
return None
class CsrfExemptSessionAuthentication(SessionAuthentication):
def enforce_csrf(self, request):
# No CSRF enforcing
return
class OIDCTokenAuthHTTPBackend(BaseAuthentication):
def authenticate_header(self, request):
......
from rest_framework.authentication import SessionAuthentication
class CsrfExemptSessionAuthentication(SessionAuthentication):
def enforce_csrf(self, request):
return # To not perform the csrf check previously happening
......@@ -58,8 +58,6 @@ def error_response(request, msg='Server Error', redirect_back=True):
class Auth(View):
permission_classes = (AllowAny,)
def get(self, request):
try:
state = rndstr()
......@@ -96,8 +94,6 @@ class Auth(View):
class AuthCallback(View):
permission_classes = (AllowAny,)
@staticmethod
def retry_flow():
LOGGER.debug('Retrying auth flow')
......@@ -179,8 +175,7 @@ class LogoutView(views.APIView):
class AuthInfo(generics.RetrieveAPIView):
authorization_classes = ()
permission_classes = ()
permission_classes = (AllowAny,)
serializer_class = AuthInfoSerializer
def get_object(self):
......
......@@ -5,8 +5,6 @@ from django.shortcuts import get_object_or_404
from rest_framework import status, views, generics, exceptions
from rest_framework.response import Response
from feudal.backend.auth.v1 import OIDCTokenAuthHTTPBackend
from .. import models
from ..models import serializers, deployments
......@@ -35,7 +33,6 @@ def _error_response(request, error):
class SSHPublicKeyView(generics.RetrieveDestroyAPIView):
authentication_classes = (OIDCTokenAuthHTTPBackend,)
serializer_class = serializers.SSHPublicKeySerializer
def get_object(self):
......@@ -52,7 +49,6 @@ class SSHPublicKeyView(generics.RetrieveDestroyAPIView):
class SSHPublicKeyListView(generics.ListCreateAPIView):
authentication_classes = (OIDCTokenAuthHTTPBackend,)
serializer_class = serializers.SSHPublicKeySerializer
def get_queryset(self):
......@@ -64,7 +60,6 @@ class SSHPublicKeyListView(generics.ListCreateAPIView):
class ServiceListView(generics.ListAPIView):
authentication_classes = (OIDCTokenAuthHTTPBackend,)
serializer_class = serializers.ServiceSerializer
def get_queryset(self):
......@@ -72,7 +67,6 @@ class ServiceListView(generics.ListAPIView):
class DeploymentListView(generics.ListCreateAPIView):
authentication_classes = (OIDCTokenAuthHTTPBackend,)
serializer_class = serializers.DeploymentSerializer
def get_queryset(self):
......@@ -84,38 +78,38 @@ class DeploymentListView(generics.ListCreateAPIView):
# basically obsolete
class ProvisioningView(views.APIView):
authentication_classes = (OIDCTokenAuthHTTPBackend,)
def post(self, request):
for key in ['s']:
if key not in request.data:
return _error_response(request, 'Missing key "{}"'.format(key))
service_name = request.data.get('s', '')
state_target = request.data.get('state_target', deployments.DEPLOYED)
service = None
try:
service = request.user.services.get(
name=service_name,
)
deployment = deployments.get_deployment(request.user, service=service)
if deployment is not None:
if state_target == deployments.DEPLOYED:
deployment.user_deploy()
elif state_target == deployments.NOT_DEPLOYED:
deployment.user_remove()
else:
return _error_response(request, 'Invalid state_target "{}"'.format(state_target))
return Response(
serializers.DeploymentSerializer(deployment).data,
)
except models.Service.DoesNotExist:
return _error_response(
request,
'Service "{}" does not exist or you are not authorised to use it'.format(service_name),
)
# class ProvisioningView(views.APIView):
# authentication_classes = (OIDCTokenAuthHTTPBackend,)
#
# def post(self, request):
# for key in ['s']:
# if key not in request.data:
# return _error_response(request, 'Missing key "{}"'.format(key))
#
# service_name = request.data.get('s', '')
# state_target = request.data.get('state_target', deployments.DEPLOYED)
#
# service = None
# try:
# service = request.user.services.get(
# name=service_name,
# )
#
# deployment = deployments.get_deployment(request.user, service=service)
# if deployment is not None:
# if state_target == deployments.DEPLOYED:
# deployment.user_deploy()
# elif state_target == deployments.NOT_DEPLOYED:
# deployment.user_remove()
# else:
# return _error_response(request, 'Invalid state_target "{}"'.format(state_target))
#
# return Response(
# serializers.DeploymentSerializer(deployment).data,
# )
#
# except models.Service.DoesNotExist:
# return _error_response(
# request,
# 'Service "{}" does not exist or you are not authorised to use it'.format(service_name),
# )
......@@ -2,7 +2,6 @@ from django.conf.urls import url
from . import user_rest as views
URLPATTERNS = [
url(r'^prov', views.ProvisioningView.as_view()),
url(r'^ssh-key$', views.SSHPublicKeyView.as_view()),
url(r'^ssh-keys$', views.SSHPublicKeyListView.as_view()),
url(r'^services$', views.ServiceListView.as_view()),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment