/usr/share/pyshared/maasserver/api_auth.py is in python-django-maas 1.2+bzr1373+dfsg-0ubuntu1~12.04.6.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 | # Copyright 2012 Canonical Ltd. This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).
"""OAuth authentication for the various APIs."""
from __future__ import (
absolute_import,
print_function,
unicode_literals,
)
__metaclass__ = type
__all__ = [
'api_auth',
]
from maasserver.exceptions import Unauthorized
from oauth import oauth
from piston.authentication import (
OAuthAuthentication,
send_oauth_error,
)
from piston.utils import rc
class OAuthUnauthorized(Unauthorized):
"""Unauthorized error for OAuth signed requests with invalid tokens."""
def __init__(self, error):
super(OAuthUnauthorized, self).__init__()
self.error = error
def make_http_response(self):
return send_oauth_error(self.error)
class MAASAPIAuthentication(OAuthAuthentication):
"""Use the currently logged-in user; resort to OAuth if there isn't one.
There may be a user already logged-in via another mechanism, like a
familiar in-browser user/pass challenge.
"""
def is_authenticated(self, request):
if request.user.is_authenticated():
return request.user
# The following is much the same as is_authenticated from Piston's
# OAuthAuthentication, with the difference that an OAuth request that
# does not validate is rejected instead of being silently downgraded.
if self.is_valid_request(request):
try:
consumer, token, parameters = self.validate_token(request)
except oauth.OAuthError as error:
raise OAuthUnauthorized(error)
if consumer and token:
request.user = token.user
request.consumer = consumer
request.throttle_extra = token.consumer.id
return True
return False
def challenge(self):
# Beware: this returns 401: Unauthorized, not 403: Forbidden
# as the name implies.
return rc.FORBIDDEN
# OAuth authentication for the APIs.
api_auth = MAASAPIAuthentication(realm="MAAS API")
|