Mercurial > hg > OKFNAnnotator
comparison AuthTokenGenerator.py @ 2:4c6c8835fc5c
new version for new Annotator Auth API using PyJWT.
| author | casties |
|---|---|
| date | Fri, 23 Mar 2012 17:50:06 +0100 |
| parents | c33668e282fa |
| children | 17bbd5e80d15 |
comparison
equal
deleted
inserted
replaced
| 1:7f0324b249d3 | 2:4c6c8835fc5c |
|---|---|
| 1 from OFS.SimpleItem import SimpleItem | 1 from OFS.SimpleItem import SimpleItem |
| 2 from Products.PageTemplates.PageTemplateFile import PageTemplateFile | 2 from Products.PageTemplates.PageTemplateFile import PageTemplateFile |
| 3 from OFS.PropertyManager import PropertyManager | 3 from OFS.PropertyManager import PropertyManager |
| 4 | 4 |
| 5 import logging | |
| 5 import datetime | 6 import datetime |
| 6 import hashlib | 7 import jwt |
| 7 import json | |
| 8 | 8 |
| 9 | 9 |
| 10 ZERO = datetime.timedelta(0) | 10 ZERO = datetime.timedelta(0) |
| 11 class Utc(datetime.tzinfo): | 11 class Utc(datetime.tzinfo): |
| 12 def utcoffset(self, dt): | 12 def utcoffset(self, dt): |
| 22 | 22 |
| 23 class AuthTokenGenerator(SimpleItem, PropertyManager): | 23 class AuthTokenGenerator(SimpleItem, PropertyManager): |
| 24 """Generator of auth tokens for OKFN Annotator""" | 24 """Generator of auth tokens for OKFN Annotator""" |
| 25 | 25 |
| 26 meta_type = 'AuthTokenGenerator' | 26 meta_type = 'AuthTokenGenerator' |
| 27 _properties=({'id':'consumer_key', 'type': 'string', 'mode': 'w'}, | 27 _properties = ({'id':'consumer_key', 'type': 'string', 'mode': 'w'}, |
| 28 {'id':'consumer_secret', 'type': 'string', 'mode': 'w'}, | 28 {'id':'consumer_secret', 'type': 'string', 'mode': 'w'}, |
| 29 ) | 29 ) |
| 30 | 30 |
| 31 manage_options = PropertyManager.manage_options + SimpleItem.manage_options | 31 manage_options = PropertyManager.manage_options + SimpleItem.manage_options |
| 32 | 32 |
| 33 # Only change this if you're sure you know what you're doing | 33 # Only change this if you're sure you know what you're doing |
| 34 consumerTtl = 86400 | 34 tokenTtl = 86400 |
| 35 | 35 |
| 36 def __init__(self, id, consumerKey=None, consumerSecret=None): | 36 def __init__(self, id, consumerKey=None, consumerSecret=None): |
| 37 """init document viewer""" | 37 """init document viewer""" |
| 38 self.id=id | 38 self.id = id |
| 39 self.consumer_key = consumerKey | 39 self.consumer_key = consumerKey |
| 40 self.consumer_secret = consumerSecret | 40 self.consumer_secret = consumerSecret |
| 41 | 41 |
| 42 def index_html(self, user='anonymous', password=None): | 42 def index_html(self, user='anonymous', password=None): |
| 43 """returns authentication token for user""" | 43 """returns authentication token for user""" |
| 44 if self._token_allowed(): | 44 if self._token_allowed(): |
| 45 token = self._generate_token(user) | 45 token = self._generate_token(user) |
| 46 self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json") | 46 # set CORS headers |
| 47 origin = self.REQUEST.getHeader("Origin", None) | 47 origin = self.REQUEST.getHeader("Origin", None) |
| 48 if origin is not None: | 48 if origin is not None: |
| 49 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) | 49 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) |
| 50 else: | 50 else: |
| 51 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") | 51 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") |
| 52 | 52 |
| 53 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") | 53 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") |
| 54 json.dump(token, self.REQUEST.RESPONSE) | 54 logging.debug("token=%s"%token) |
| 55 self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") | |
| 56 return token | |
| 57 # send as JSON | |
| 58 #self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json") | |
| 59 #json.dump(token, self.REQUEST.RESPONSE) | |
| 55 else: | 60 else: |
| 56 self.REQUEST.RESPONSE.setStatus('Forbidden') | 61 self.REQUEST.RESPONSE.setStatus('Forbidden') |
| 57 return "SORRY, NOT ALLOWED!" | 62 return "SORRY, NOT ALLOWED!" |
| 58 | 63 |
| 59 def _token_allowed(self, user=None, password=None): | 64 def _token_allowed(self, user=None, password=None): |
| 60 # here we should check the login | 65 # here we should check the login |
| 61 return True | 66 return True |
| 62 | 67 |
| 63 def _generate_token(self, user_id): | 68 def _generate_token(self, user_id): |
| 64 #return JSON-token | 69 #return JSON-token |
| 65 issue_time = datetime.datetime.now(UTC).isoformat() | 70 issue_time = datetime.datetime.now(UTC).replace(microsecond=0) |
| 66 token = hashlib.sha256(self.consumer_secret + user_id + issue_time).hexdigest() | 71 |
| 67 | 72 return jwt.encode({ |
| 68 return dict( | 73 'consumerKey': self.consumer_key, |
| 69 consumerKey=self.consumer_key, | 74 'userId': user_id, |
| 70 authToken=token, | 75 'issuedAt': issue_time.isoformat(), |
| 71 authTokenIssueTime=issue_time, | 76 'ttl': self.tokenTtl |
| 72 authTokenTTL=self.consumerTtl, | 77 }, self.consumer_secret) |
| 73 userId=user_id | 78 |
| 74 ) | |
| 75 | 79 |
| 76 def manage_addAuthTokenGeneratorForm(self): | 80 def manage_addAuthTokenGeneratorForm(self): |
| 77 """form for adding AuthTokenGenerator""" | 81 """form for adding AuthTokenGenerator""" |
| 78 pt = PageTemplateFile("zpt/manage_addAuthTokenGenerator", globals()).__of__(self) | 82 pt = PageTemplateFile("zpt/manage_addAuthTokenGenerator", globals()).__of__(self) |
| 79 return pt() | 83 return pt() |