Mercurial > hg > OKFNAnnotator

view AuthTokenGenerator.py @ 2:4c6c8835fc5c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
new version for new Annotator Auth API using PyJWT.
author casties
date Fri, 23 Mar 2012 17:50:06 +0100
parents c33668e282fa
children 17bbd5e80d15
line wrap: on
line source

from OFS.SimpleItem import SimpleItem
from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from OFS.PropertyManager import PropertyManager

import logging
import datetime
import jwt


ZERO = datetime.timedelta(0)
class Utc(datetime.tzinfo):
    def utcoffset(self, dt):
        return ZERO

    def tzname(self, dt):
        return "UTC"

    def dst(self, dt):
        return ZERO
UTC = Utc()


class AuthTokenGenerator(SimpleItem, PropertyManager):
    """Generator of auth tokens for OKFN Annotator"""
    
    meta_type = 'AuthTokenGenerator'
    _properties = ({'id':'consumer_key', 'type': 'string', 'mode': 'w'},
                 {'id':'consumer_secret', 'type': 'string', 'mode': 'w'},
                )
    
    manage_options = PropertyManager.manage_options + SimpleItem.manage_options

    # Only change this if you're sure you know what you're doing
    tokenTtl = 86400

    def __init__(self, id, consumerKey=None, consumerSecret=None):
        """init document viewer"""
        self.id = id
        self.consumer_key = consumerKey
        self.consumer_secret = consumerSecret

    def index_html(self, user='anonymous', password=None):
        """returns authentication token for user"""
        if self._token_allowed():
            token = self._generate_token(user)
            # set CORS headers
            origin = self.REQUEST.getHeader("Origin", None)
            if origin is not None:
                self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin)
            else:
                self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*")

            self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true")
            logging.debug("token=%s"%token)
            self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain")
            return token
            # send as JSON
            #self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json")
            #json.dump(token, self.REQUEST.RESPONSE)
        else:
            self.REQUEST.RESPONSE.setStatus('Forbidden')
            return "SORRY, NOT ALLOWED!" 

    def _token_allowed(self, user=None, password=None):
        # here we should check the login
        return True

    def _generate_token(self, user_id):
        #return JSON-token
        issue_time = datetime.datetime.now(UTC).replace(microsecond=0)
        
        return jwt.encode({
           'consumerKey': self.consumer_key,
           'userId': user_id,
           'issuedAt': issue_time.isoformat(),
           'ttl': self.tokenTtl
           }, self.consumer_secret)
        

def manage_addAuthTokenGeneratorForm(self):
    """form for adding AuthTokenGenerator"""
    pt = PageTemplateFile("zpt/manage_addAuthTokenGenerator", globals()).__of__(self)
    return pt()

def manage_addAuthTokenGenerator(context, id, consumerKey=None, consumerSecret=None):
    """ """
    context._setObject(id, AuthTokenGenerator(id, consumerKey=consumerKey, consumerSecret=consumerSecret))
    return "AuthTokenGenerator Installed: %s" % id