Skip to content

Loading…

Move authentication logic in is_unauthorized resource method #158

Merged
merged 1 commit into from

2 participants

@bruth
DBHi member

Fix #155

@naegelyd naegelyd merged commit 7985efe into 2.3

1 check passed

Details default The Travis CI build passed
@naegelyd naegelyd deleted the issue-155 branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 26 additions and 38 deletions.
  1. +0 −30 serrano/decorators.py
  2. +3 −4 serrano/resources/__init__.py
  3. +14 −4 serrano/resources/base.py
  4. +9 −0 serrano/tokens.py
View
30 serrano/decorators.py
@@ -1,30 +0,0 @@
-from functools import wraps
-from django.http import HttpResponse
-from django.contrib.auth import authenticate, login
-from serrano.conf import settings
-
-
-def get_token(request):
- "Attempts to retrieve a token from the request."
- if 'token' in request.REQUEST:
- return request.REQUEST['token']
- if 'HTTP_API_TOKEN' in request.META:
- return request.META['HTTP_API_TOKEN']
- return ''
-
-
-def check_auth(func):
- @wraps(func)
- def inner(self, request, *args, **kwargs):
- user = getattr(request, 'user', None)
-
- # Attempt to authenticate if a token is present
- if not user or not user.is_authenticated():
- token = get_token(request)
- user = authenticate(token=token)
- if user:
- login(request, user)
- elif settings.AUTH_REQUIRED:
- return HttpResponse(status=401)
- return func(self, request, *args, **kwargs)
- return inner
View
7 serrano/resources/__init__.py
@@ -19,10 +19,9 @@
class Root(BaseResource):
# Override to allow a POST to not be checked for authorization since
# this is the only way to authorize.
- def __call__(self, request, *args, **kwargs):
- if request.method == 'POST':
- return super(BaseResource, self).__call__(request, *args, **kwargs)
- return super(Root, self).__call__(request, *args, **kwargs)
+ def is_unauthorized(self, request, *args, **kwargs):
+ if request.method != 'POST':
+ return super(Root, self).is_unauthorized(request, *args, **kwargs)
def get(self, request):
uri = request.build_absolute_uri
View
18 serrano/resources/base.py
@@ -5,7 +5,8 @@
from restlib2.resources import Resource
from avocado.models import DataContext, DataView, DataQuery
from serrano.conf import settings
-from ..decorators import check_auth
+from django.contrib.auth import authenticate, login
+from ..tokens import get_request_token
from .. import cors
__all__ = ('BaseResource', 'ThrottledResource')
@@ -188,9 +189,18 @@ class BaseResource(Resource):
parametizer = Parametizer
- @check_auth
- def __call__(self, request, **kwargs):
- return super(BaseResource, self).__call__(request, **kwargs)
+ def is_unauthorized(self, request, *args, **kwargs):
+ user = getattr(request, 'user', None)
+
+ # Attempt to authenticate if a token is present
+ if not user or not user.is_authenticated():
+ token = get_request_token(request)
+ user = authenticate(token=token)
+
+ if user:
+ login(request, user)
+ elif settings.AUTH_REQUIRED:
+ return True
def process_response(self, request, response):
response = super(BaseResource, self).process_response(
View
9 serrano/tokens.py
@@ -108,3 +108,12 @@ def check(self, user, token):
token_generator = TokenGenerator()
+
+
+def get_request_token(request):
+ "Attempts to retrieve a token from the request."
+ if 'token' in request.REQUEST:
+ return request.REQUEST['token']
+ if 'HTTP_API_TOKEN' in request.META:
+ return request.META['HTTP_API_TOKEN']
+ return ''
Something went wrong with that request. Please try again.