diff options
author | drebs <drebs@leap.se> | 2013-04-25 23:15:06 -0300 |
---|---|---|
committer | drebs <drebs@leap.se> | 2013-04-25 23:15:06 -0300 |
commit | cc9537b9c73c6f502dc4576df0aee4409e887d47 (patch) | |
tree | 368b8e4d690d2cdf18f87f2d0e78f4afdb3b8153 /src/leap/soledad/server.py | |
parent | 2ef514b02fa37a0a2ebac0bb9668543e29033a7f (diff) |
Add token auth infrastructure.
Diffstat (limited to 'src/leap/soledad/server.py')
-rw-r--r-- | src/leap/soledad/server.py | 46 |
1 files changed, 24 insertions, 22 deletions
diff --git a/src/leap/soledad/server.py b/src/leap/soledad/server.py index fdb98916..3d3c6f69 100644 --- a/src/leap/soledad/server.py +++ b/src/leap/soledad/server.py @@ -116,36 +116,34 @@ class SoledadAuthMiddleware(object): """ if self.prefix and not environ['PATH_INFO'].startswith(self.prefix): return self._error(start_response, 400, "bad request") + auth = environ.get('HTTP_AUTHORIZATION') + if not auth: + return self._error(start_response, 401, "unauthorized", + "Missing Token Authentication.") + scheme, encoded = auth.split(None, 1) + if scheme.lower() != 'token': + return self._error( + start_response, 401, "unauthorized", + "Missing Token Authentication") + address, token = encoded.decode('base64').split(':', 1) + try: + self.verify_token(environ, address, token) + except Unauthorized: + return self._error( + start_response, 401, "unauthorized", + "Incorrect address or token.") + del environ['HTTP_AUTHORIZATION'] shift_path_info(environ) - qs = parse_qs(environ.get('QUERY_STRING'), strict_parsing=True) - if 'auth_token' not in qs: - if self.need_auth(environ): - return self._error(start_response, 401, "unauthorized", - "Missing Authentication Token.") - else: - token = qs['auth_token'][0] - try: - self.verify_token(environ, token) - except Unauthorized: - return self._error( - start_response, 401, "unauthorized", - "Incorrect password or login.") - # remove auth token from query string. - del qs['auth_token'] - qs_str = '' - if qs: - qs_str = reduce(lambda x, y: '&'.join([x, y]), - map(lambda (x, y): '='.join([x, str(y)]), - qs.iteritems())) - environ['QUERY_STRING'] = qs_str return self.app(environ, start_response) - def verify_token(self, environ, token): + def verify_token(self, environ, address, token): """ Verify if token is valid for authenticating this request. @param environ: Dictionary containing CGI variables. @type environ: dict + @param token: The user address. + @type token: str @param token: The authentication token. @type token: str @@ -195,6 +193,10 @@ class SoledadApp(http_app.HTTPApp): @return: HTTP application results. @rtype: list """ + # TODO: this is a hack for tests to pass, we should remove it asap. + #if environ['CONTENT_LENGTH'] == '': + # environ['CONTENT_LENGTH'] = 1 + #import ipdb; ipdb.set_trace() return http_app.HTTPApp.__call__(self, environ, start_response) |