Mercurial > hg > OKFNAnnotator
comparison AuthTokenGenerator.py @ 2:4c6c8835fc5c
new version for new Annotator Auth API using PyJWT.
author | casties |
---|---|
date | Fri, 23 Mar 2012 17:50:06 +0100 |
parents | c33668e282fa |
children | 17bbd5e80d15 |
comparison
equal
deleted
inserted
replaced
1:7f0324b249d3 | 2:4c6c8835fc5c |
---|---|
1 from OFS.SimpleItem import SimpleItem | 1 from OFS.SimpleItem import SimpleItem |
2 from Products.PageTemplates.PageTemplateFile import PageTemplateFile | 2 from Products.PageTemplates.PageTemplateFile import PageTemplateFile |
3 from OFS.PropertyManager import PropertyManager | 3 from OFS.PropertyManager import PropertyManager |
4 | 4 |
5 import logging | |
5 import datetime | 6 import datetime |
6 import hashlib | 7 import jwt |
7 import json | |
8 | 8 |
9 | 9 |
10 ZERO = datetime.timedelta(0) | 10 ZERO = datetime.timedelta(0) |
11 class Utc(datetime.tzinfo): | 11 class Utc(datetime.tzinfo): |
12 def utcoffset(self, dt): | 12 def utcoffset(self, dt): |
22 | 22 |
23 class AuthTokenGenerator(SimpleItem, PropertyManager): | 23 class AuthTokenGenerator(SimpleItem, PropertyManager): |
24 """Generator of auth tokens for OKFN Annotator""" | 24 """Generator of auth tokens for OKFN Annotator""" |
25 | 25 |
26 meta_type = 'AuthTokenGenerator' | 26 meta_type = 'AuthTokenGenerator' |
27 _properties=({'id':'consumer_key', 'type': 'string', 'mode': 'w'}, | 27 _properties = ({'id':'consumer_key', 'type': 'string', 'mode': 'w'}, |
28 {'id':'consumer_secret', 'type': 'string', 'mode': 'w'}, | 28 {'id':'consumer_secret', 'type': 'string', 'mode': 'w'}, |
29 ) | 29 ) |
30 | 30 |
31 manage_options = PropertyManager.manage_options + SimpleItem.manage_options | 31 manage_options = PropertyManager.manage_options + SimpleItem.manage_options |
32 | 32 |
33 # Only change this if you're sure you know what you're doing | 33 # Only change this if you're sure you know what you're doing |
34 consumerTtl = 86400 | 34 tokenTtl = 86400 |
35 | 35 |
36 def __init__(self, id, consumerKey=None, consumerSecret=None): | 36 def __init__(self, id, consumerKey=None, consumerSecret=None): |
37 """init document viewer""" | 37 """init document viewer""" |
38 self.id=id | 38 self.id = id |
39 self.consumer_key = consumerKey | 39 self.consumer_key = consumerKey |
40 self.consumer_secret = consumerSecret | 40 self.consumer_secret = consumerSecret |
41 | 41 |
42 def index_html(self, user='anonymous', password=None): | 42 def index_html(self, user='anonymous', password=None): |
43 """returns authentication token for user""" | 43 """returns authentication token for user""" |
44 if self._token_allowed(): | 44 if self._token_allowed(): |
45 token = self._generate_token(user) | 45 token = self._generate_token(user) |
46 self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json") | 46 # set CORS headers |
47 origin = self.REQUEST.getHeader("Origin", None) | 47 origin = self.REQUEST.getHeader("Origin", None) |
48 if origin is not None: | 48 if origin is not None: |
49 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) | 49 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) |
50 else: | 50 else: |
51 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") | 51 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") |
52 | 52 |
53 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") | 53 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") |
54 json.dump(token, self.REQUEST.RESPONSE) | 54 logging.debug("token=%s"%token) |
55 self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") | |
56 return token | |
57 # send as JSON | |
58 #self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json") | |
59 #json.dump(token, self.REQUEST.RESPONSE) | |
55 else: | 60 else: |
56 self.REQUEST.RESPONSE.setStatus('Forbidden') | 61 self.REQUEST.RESPONSE.setStatus('Forbidden') |
57 return "SORRY, NOT ALLOWED!" | 62 return "SORRY, NOT ALLOWED!" |
58 | 63 |
59 def _token_allowed(self, user=None, password=None): | 64 def _token_allowed(self, user=None, password=None): |
60 # here we should check the login | 65 # here we should check the login |
61 return True | 66 return True |
62 | 67 |
63 def _generate_token(self, user_id): | 68 def _generate_token(self, user_id): |
64 #return JSON-token | 69 #return JSON-token |
65 issue_time = datetime.datetime.now(UTC).isoformat() | 70 issue_time = datetime.datetime.now(UTC).replace(microsecond=0) |
66 token = hashlib.sha256(self.consumer_secret + user_id + issue_time).hexdigest() | 71 |
67 | 72 return jwt.encode({ |
68 return dict( | 73 'consumerKey': self.consumer_key, |
69 consumerKey=self.consumer_key, | 74 'userId': user_id, |
70 authToken=token, | 75 'issuedAt': issue_time.isoformat(), |
71 authTokenIssueTime=issue_time, | 76 'ttl': self.tokenTtl |
72 authTokenTTL=self.consumerTtl, | 77 }, self.consumer_secret) |
73 userId=user_id | 78 |
74 ) | |
75 | 79 |
76 def manage_addAuthTokenGeneratorForm(self): | 80 def manage_addAuthTokenGeneratorForm(self): |
77 """form for adding AuthTokenGenerator""" | 81 """form for adding AuthTokenGenerator""" |
78 pt = PageTemplateFile("zpt/manage_addAuthTokenGenerator", globals()).__of__(self) | 82 pt = PageTemplateFile("zpt/manage_addAuthTokenGenerator", globals()).__of__(self) |
79 return pt() | 83 return pt() |