| 1 | from OFS.SimpleItem import SimpleItem |
|---|
| 2 | from Products.PageTemplates.PageTemplateFile import PageTemplateFile |
|---|
| 3 | from OFS.PropertyManager import PropertyManager |
|---|
| 4 | |
|---|
| 5 | import logging |
|---|
| 6 | import datetime |
|---|
| 7 | import jwt |
|---|
| 8 | |
|---|
| 9 | |
|---|
| 10 | ZERO = datetime.timedelta(0) |
|---|
| 11 | class Utc(datetime.tzinfo): |
|---|
| 12 | def utcoffset(self, dt): |
|---|
| 13 | return ZERO |
|---|
| 14 | |
|---|
| 15 | def tzname(self, dt): |
|---|
| 16 | return "UTC" |
|---|
| 17 | |
|---|
| 18 | def dst(self, dt): |
|---|
| 19 | return ZERO |
|---|
| 20 | UTC = Utc() |
|---|
| 21 | |
|---|
| 22 | |
|---|
| 23 | class AuthTokenGenerator(SimpleItem, PropertyManager): |
|---|
| 24 | """Generator of auth tokens for OKFN Annotator""" |
|---|
| 25 | |
|---|
| 26 | meta_type = 'AuthTokenGenerator' |
|---|
| 27 | _properties = ({'id':'consumer_key', 'type': 'string', 'mode': 'w'}, |
|---|
| 28 | {'id':'consumer_secret', 'type': 'string', 'mode': 'w'}, |
|---|
| 29 | ) |
|---|
| 30 | |
|---|
| 31 | manage_options = PropertyManager.manage_options + SimpleItem.manage_options |
|---|
| 32 | |
|---|
| 33 | # Only change this if you're sure you know what you're doing |
|---|
| 34 | tokenTtl = 86400 |
|---|
| 35 | |
|---|
| 36 | def __init__(self, id, consumerKey=None, consumerSecret=None): |
|---|
| 37 | """init document viewer""" |
|---|
| 38 | self.id = id |
|---|
| 39 | self.consumer_key = consumerKey |
|---|
| 40 | self.consumer_secret = consumerSecret |
|---|
| 41 | |
|---|
| 42 | def index_html(self, user='anonymous', password=None): |
|---|
| 43 | """returns authentication token for user""" |
|---|
| 44 | if self._token_allowed(): |
|---|
| 45 | token = self._generate_token(user) |
|---|
| 46 | # set CORS headers |
|---|
| 47 | origin = self.REQUEST.getHeader("Origin", None) |
|---|
| 48 | if origin is not None: |
|---|
| 49 | self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) |
|---|
| 50 | else: |
|---|
| 51 | self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") |
|---|
| 52 | |
|---|
| 53 | self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") |
|---|
| 54 | logging.debug("token=%s"%token) |
|---|
| 55 | self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") |
|---|
| 56 | return token |
|---|
| 57 | # send as JSON |
|---|
| 58 | #self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json") |
|---|
| 59 | #json.dump(token, self.REQUEST.RESPONSE) |
|---|
| 60 | else: |
|---|
| 61 | self.REQUEST.RESPONSE.setStatus('Forbidden') |
|---|
| 62 | return "SORRY, NOT ALLOWED!" |
|---|
| 63 | |
|---|
| 64 | def _token_allowed(self, user=None, password=None): |
|---|
| 65 | # here we should check the login |
|---|
| 66 | return True |
|---|
| 67 | |
|---|
| 68 | def _generate_token(self, user_id): |
|---|
| 69 | #return JSON-token |
|---|
| 70 | issue_time = datetime.datetime.now(UTC).replace(microsecond=0) |
|---|
| 71 | |
|---|
| 72 | return jwt.encode({ |
|---|
| 73 | 'consumerKey': self.consumer_key, |
|---|
| 74 | 'userId': user_id, |
|---|
| 75 | 'issuedAt': issue_time.isoformat(), |
|---|
| 76 | 'ttl': self.tokenTtl |
|---|
| 77 | }, self.consumer_secret) |
|---|
| 78 | |
|---|
| 79 | |
|---|
| 80 | def manage_addAuthTokenGeneratorForm(self): |
|---|
| 81 | """form for adding AuthTokenGenerator""" |
|---|
| 82 | pt = PageTemplateFile("zpt/manage_addAuthTokenGenerator", globals()).__of__(self) |
|---|
| 83 | return pt() |
|---|
| 84 | |
|---|
| 85 | def manage_addAuthTokenGenerator(context, id, consumerKey=None, consumerSecret=None): |
|---|
| 86 | """ """ |
|---|
| 87 | context._setObject(id, AuthTokenGenerator(id, consumerKey=consumerKey, consumerSecret=consumerSecret)) |
|---|
| 88 | return "AuthTokenGenerator Installed: %s" % id |
|---|
