Skip to content
Snippets Groups Projects

No auth

Merged No auth
duncan.meacher/server:no_auth into master
All threads resolved!
Merged Duncan Meacher requested to merge duncan.meacher/server:no_auth into master
All threads resolved!
Compare
and
2 files
+ 64
27
Compare changes
  • Side-by-side
  • Inline
Files
2
gwdatafind_server/authentication.py
+ 63
27
@@ -17,6 +17,30 @@ AUD = "https://ligo.org/oauth"
SCP = "read:/protected"
def _get_auth_type():
config = current_app.config['LDRDataFindServer']
authType = config['authorization']
if authType == 'virtual_host':
request_ip = request.environ.get(
"SERVER_ADDR",
request.environ.get(
"HTTP_X_FORWARDED_HOST",
request.remote_addr,
),
)
authType = config[request_ip]["authorization"]
if authType == "None":
return None
if isinstance(authType, str):
return [x.strip() for x in authType.split(",")]
return authType
def _validate_scitoken(request, audience=None, scope=None):
raise NotImplementedError("SciTokens not yet implemented. Use X.509 "
"proxy certificate")
@@ -45,34 +69,46 @@ def validate(func):
@wraps(func)
def validator(*args, **kwargs):
try:
# Check for SciToken in header
if 'Authorization' in request.headers:
current_app.logger.info('View request with SciToken.')
try:
_validate_scitoken(request, audience=AUD, scope=SCP)
except NotImplementedError as exc:
msg = "SciToken authentication failed: {!r}"\
.format(exc)
current_app.logger.info('View request error:'
'{}'.format(msg))
content = {"Error, {}.".format(msg): ""}
return content, 403
# Else, check for X.509 certificate info in header
elif 'SSL_CLIENT_S_DN' and 'SSL_CLIENT_I_DN' \
in request.headers:
current_app.logger.info("View request with X.509 proxy "
"certificate.")
try:
_validate_x509(request)
except RuntimeError as exc:
msg = "X.509 authentication failed: {!r}".format(exc)
current_app.logger.info('View request error:'
'{}'.format(msg))
content = {"Error, {}.".format(msg): ""}
return content, 403
authType = _get_auth_type()
if authType is None:
current_app.logger.info('View request, no authentication '
'required')
else:
raise RuntimeError("No Authentication Header or X.509 "
"cert info in header")
# Check for SciToken in header
if (
'bearer-token' in authType
and 'Authorization' in request.headers
):
current_app.logger.info('View request with SciToken.')
try:
_validate_scitoken(request, audience=AUD, scope=SCP)
except NotImplementedError as exc:
msg = "SciToken authentication failed: {!r}"\
.format(exc)
current_app.logger.info('View request error:'
'{}'.format(msg))
content = {"Error, {}.".format(msg): ""}
return content, 403
# Else, check for X.509 certificate info in header
elif (
'grid-mapfile' in authType
and 'SSL_CLIENT_S_DN' in request.headers
and 'SSL_CLIENT_I_DN' in request.headers
):
current_app.logger.info("View request with X.509 proxy "
"certificate.")
try:
_validate_x509(request)
except RuntimeError as exc:
msg = "X.509 authentication failed: {!r}".format(exc)
current_app.logger.info('View request error:'
'{}'.format(msg))
content = {"Error, {}.".format(msg): ""}
return content, 403
else:
raise RuntimeError("No Authentication Header or X.509 "
"cert info in header")
return func(*args, **kwargs)
except RuntimeError as exc:
msg = "Authentication failed: {!r}".format(exc)