X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=osm_nbi%2Fnbi.py;h=262e34981afc0e638788ae6fc1ecaa767caacb8a;hb=refs%2Fchanges%2F86%2F6386%2F3;hp=3cc12b9a03b4ea3e2ed07cf5df7ebf5ae6791cef;hpb=aae4dc451ebc9a2dbfaa3cf4211014ac7b27ea9d;p=osm%2FNBI.git diff --git a/osm_nbi/nbi.py b/osm_nbi/nbi.py index 3cc12b9..262e349 100644 --- a/osm_nbi/nbi.py +++ b/osm_nbi/nbi.py @@ -10,11 +10,12 @@ import logging import logging.handlers import getopt import sys + +from auth import Authenticator from engine import Engine, EngineException from osm_common.dbbase import DbException from osm_common.fsbase import FsException from osm_common.msgbase import MsgException -from base64 import standard_b64decode from http import HTTPStatus from codecs import getreader from os import environ, path @@ -76,7 +77,7 @@ URL: /osm GET POST /tokens O O / O O /users O O - / O O + / O O O O /projects O O / O O /vims_accounts (also vims for compatibility) O O @@ -145,6 +146,7 @@ class Server(object): def __init__(self): self.instance += 1 self.engine = Engine() + self.authenticator = Authenticator(self.engine) self.valid_methods = { # contains allowed URL and methods "admin": { "v1": { @@ -152,7 +154,7 @@ class Server(object): "": {"METHODS": ("GET", "DELETE")} }, "users": {"METHODS": ("GET", "POST"), - "": {"METHODS": ("GET", "POST", "DELETE")} + "": {"METHODS": ("GET", "POST", "DELETE", "PATCH", "PUT")} }, "projects": {"METHODS": ("GET", "POST"), "": {"METHODS": ("GET", "DELETE")} @@ -235,48 +237,6 @@ class Server(object): }, } - def _authorization(self): - token = None - user_passwd64 = None - try: - # 1. Get token Authorization bearer - auth = cherrypy.request.headers.get("Authorization") - if auth: - auth_list = auth.split(" ") - if auth_list[0].lower() == "bearer": - token = auth_list[-1] - elif auth_list[0].lower() == "basic": - user_passwd64 = auth_list[-1] - if not token: - if cherrypy.session.get("Authorization"): - # 2. Try using session before request a new token. If not, basic authentication will generate - token = cherrypy.session.get("Authorization") - if token == "logout": - token = None # force Unauthorized response to insert user pasword again - elif user_passwd64 and cherrypy.request.config.get("auth.allow_basic_authentication"): - # 3. Get new token from user password - user = None - passwd = None - try: - user_passwd = standard_b64decode(user_passwd64).decode() - user, _, passwd = user_passwd.partition(":") - except Exception: - pass - outdata = self.engine.new_token(None, {"username": user, "password": passwd}) - token = outdata["id"] - cherrypy.session['Authorization'] = token - # 4. Get token from cookie - # if not token: - # auth_cookie = cherrypy.request.cookie.get("Authorization") - # if auth_cookie: - # token = auth_cookie.value - return self.engine.authorize(token) - except EngineException as e: - if cherrypy.session.get('Authorization'): - del cherrypy.session['Authorization'] - cherrypy.response.headers["WWW-Authenticate"] = 'Bearer realm="{}"'.format(e) - raise - def _format_in(self, kwargs): try: indata = None @@ -403,7 +363,7 @@ class Server(object): session = None try: if cherrypy.request.method == "GET": - session = self._authorization() + session = self.authenticator.authorize() outdata = "Index page" else: raise cherrypy.HTTPError(HTTPStatus.METHOD_NOT_ALLOWED.value, @@ -444,19 +404,19 @@ class Server(object): raise NbiException("Expected application/yaml or application/json Content-Type", HTTPStatus.BAD_REQUEST) try: if method == "GET": - session = self._authorization() + session = self.authenticator.authorize() if token_id: - outdata = self.engine.get_token(session, token_id) + outdata = self.authenticator.get_token(session, token_id) else: - outdata = self.engine.get_token_list(session) + outdata = self.authenticator.get_token_list(session) elif method == "POST": try: - session = self._authorization() + session = self.authenticator.authorize() except Exception: session = None if kwargs: indata.update(kwargs) - outdata = self.engine.new_token(session, indata, cherrypy.request.remote) + outdata = self.authenticator.new_token(session, indata, cherrypy.request.remote) session = outdata cherrypy.session['Authorization'] = outdata["_id"] self._set_location_header("admin", "v1", "tokens", outdata["_id"]) @@ -466,9 +426,9 @@ class Server(object): if not token_id and "id" in kwargs: token_id = kwargs["id"] elif not token_id: - session = self._authorization() + session = self.authenticator.authorize() token_id = session["_id"] - outdata = self.engine.del_token(token_id) + outdata = self.authenticator.del_token(token_id) session = None cherrypy.session['Authorization'] = "logout" # cherrypy.response.cookie["Authorization"] = token_id @@ -511,7 +471,7 @@ class Server(object): return f elif len(args) == 2 and args[0] == "db-clear": - return self.engine.del_item_list({"project_id": "admin"}, args[1], {}) + return self.engine.del_item_list({"project_id": "admin", "admin": True}, args[1], kwargs) elif args and args[0] == "prune": return self.engine.prune() elif args and args[0] == "login": @@ -644,7 +604,7 @@ class Server(object): return self.token(method, _id, kwargs) # self.engine.load_dbase(cherrypy.request.app.config) - session = self._authorization() + session = self.authenticator.authorize() indata = self._format_in(kwargs) engine_item = item if item == "subscriptions": @@ -730,6 +690,7 @@ class Server(object): cherrypy.response.status = HTTPStatus.ACCEPTED.value elif method in ("PUT", "PATCH"): + outdata = None if not indata and not kwargs: raise NbiException("Nothing to update. Provide payload and/or query string", HTTPStatus.BAD_REQUEST) @@ -738,10 +699,9 @@ class Server(object): cherrypy.request.headers) if not completed: cherrypy.response.headers["Transaction-Id"] = id - cherrypy.response.status = HTTPStatus.NO_CONTENT.value - outdata = None else: - outdata = {"id": self.engine.edit_item(session, engine_item, _id, indata, kwargs, force=force)} + self.engine.edit_item(session, engine_item, _id, indata, kwargs, force=force) + cherrypy.response.status = HTTPStatus.NO_CONTENT.value else: raise NbiException("Method {} not allowed".format(method), HTTPStatus.METHOD_NOT_ALLOWED) return self._format_out(outdata, session, _format)