| 1 |  |  | # Licensed to the StackStorm, Inc ('StackStorm') under one or more | 
            
                                                                                                            
                            
            
                                    
            
            
                | 2 |  |  | # contributor license agreements.  See the NOTICE file distributed with | 
            
                                                                                                            
                            
            
                                    
            
            
                | 3 |  |  | # this work for additional information regarding copyright ownership. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 4 |  |  | # The ASF licenses this file to You under the Apache License, Version 2.0 | 
            
                                                                                                            
                            
            
                                    
            
            
                | 5 |  |  | # (the "License"); you may not use this file except in compliance with | 
            
                                                                                                            
                            
            
                                    
            
            
                | 6 |  |  | # the License.  You may obtain a copy of the License at | 
            
                                                                                                            
                            
            
                                    
            
            
                | 7 |  |  | # | 
            
                                                                                                            
                            
            
                                    
            
            
                | 8 |  |  | #     http://www.apache.org/licenses/LICENSE-2.0 | 
            
                                                                                                            
                            
            
                                    
            
            
                | 9 |  |  | # | 
            
                                                                                                            
                            
            
                                    
            
            
                | 10 |  |  | # Unless required by applicable law or agreed to in writing, software | 
            
                                                                                                            
                            
            
                                    
            
            
                | 11 |  |  | # distributed under the License is distributed on an "AS IS" BASIS, | 
            
                                                                                                            
                            
            
                                    
            
            
                | 12 |  |  | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 13 |  |  | # See the License for the specific language governing permissions and | 
            
                                                                                                            
                            
            
                                    
            
            
                | 14 |  |  | # limitations under the License. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 15 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 16 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 17 |  |  | import pecan | 
            
                                                                                                            
                            
            
                                    
            
            
                | 18 |  |  | from pecan import rest | 
            
                                                                                                            
                            
            
                                    
            
            
                | 19 |  |  | from six.moves import http_client | 
            
                                                                                                            
                            
            
                                    
            
            
                | 20 |  |  | from oslo_config import cfg | 
            
                                                                                                            
                            
            
                                    
            
            
                | 21 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 22 |  |  | from st2common.exceptions.auth import TokenNotFoundError, TokenExpiredError | 
            
                                                                                                            
                            
            
                                    
            
            
                | 23 |  |  | from st2common.exceptions.param import ParamException | 
            
                                                                                                            
                            
            
                                    
            
            
                | 24 |  |  | from st2common.models.api.base import jsexpose | 
            
                                                                                                            
                            
            
                                    
            
            
                | 25 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 26 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 27 |  |  | from st2common.util import auth as auth_utils | 
            
                                                                                                            
                            
            
                                    
            
            
                | 28 |  |  | from st2common import log as logging | 
            
                                                                                                            
                            
            
                                    
            
            
                | 29 |  |  | from st2common.models.api.auth import TokenAPI | 
            
                                                                                                            
                            
            
                                    
            
            
                | 30 |  |  | import st2auth.handlers as handlers | 
            
                                                                                                            
                            
            
                                    
            
            
                | 31 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 32 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 33 |  |  | HANDLER_MAPPINGS = { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 34 |  |  |     'proxy': handlers.ProxyAuthHandler, | 
            
                                                                                                            
                            
            
                                    
            
            
                | 35 |  |  |     'standalone': handlers.StandaloneAuthHandler | 
            
                                                                                                            
                            
            
                                    
            
            
                | 36 |  |  | } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 37 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 38 |  |  | LOG = logging.getLogger(__name__) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 39 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 40 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 41 |  |  | class TokenValidationController(rest.RestController): | 
            
                                                                                                            
                            
            
                                    
            
            
                | 42 |  |  |     @jsexpose(body_cls=TokenAPI, status_code=http_client.OK) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 43 |  |  |     def post(self, request, **kwargs): | 
            
                                                                                                            
                            
            
                                    
            
            
                | 44 |  |  |         token = getattr(request, 'token', None) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 45 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 46 |  |  |         if not token: | 
            
                                                                                                            
                            
            
                                    
            
            
                | 47 |  |  |             pecan.abort(http_client.BAD_REQUEST, 'Token is not provided.') | 
            
                                                                                                            
                            
            
                                    
            
            
                | 48 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 49 |  |  |         try: | 
            
                                                                                                            
                            
            
                                    
            
            
                | 50 |  |  |             return {'valid': auth_utils.validate_token(token) is not None} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 51 |  |  |         except (TokenNotFoundError, TokenExpiredError): | 
            
                                                                                                            
                            
            
                                    
            
            
                | 52 |  |  |             return {'valid': False} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 53 |  |  |         except Exception: | 
            
                                                                                                            
                            
            
                                    
            
            
                | 54 |  |  |             msg = 'Unexpected error occurred while verifying token.' | 
            
                                                                                                            
                            
            
                                    
            
            
                | 55 |  |  |             LOG.exception(msg) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 56 |  |  |             pecan.abort(http_client.INTERNAL_SERVER_ERROR, msg) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 57 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 58 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 59 |  |  | class TokenController(rest.RestController): | 
            
                                                                                                            
                            
            
                                    
            
            
                | 60 |  |  |     validate = TokenValidationController() | 
            
                                                                                                            
                            
            
                                    
            
            
                | 61 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 62 |  |  |     def __init__(self, *args, **kwargs): | 
            
                                                                                                            
                            
            
                                    
            
            
                | 63 |  |  |         super(TokenController, self).__init__(*args, **kwargs) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 64 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 65 |  |  |         try: | 
            
                                                                                                            
                            
            
                                    
            
            
                | 66 |  |  |             self.handler = HANDLER_MAPPINGS[cfg.CONF.auth.mode]() | 
            
                                                                                                            
                            
            
                                    
            
            
                | 67 |  |  |         except KeyError: | 
            
                                                                                                            
                            
            
                                    
            
            
                | 68 |  |  |             raise ParamException("%s is not a valid auth mode" % | 
            
                                                                                                            
                            
            
                                    
            
            
                | 69 |  |  |                                  cfg.CONF.auth.mode) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 70 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 71 |  |  |     @jsexpose(body_cls=TokenAPI, status_code=http_client.CREATED) | 
            
                                                                                                            
                                                                
            
                                    
            
            
                | 72 |  |  |     def post(self, request, **kwargs): | 
            
                                                        
            
                                    
            
            
                | 73 |  |  |         token = self.handler.handle_auth(request=request, headers=pecan.request.headers, | 
            
                                                        
            
                                    
            
            
                | 74 |  |  |                                          remote_addr=pecan.request.remote_addr, | 
            
                                                        
            
                                    
            
            
                | 75 |  |  |                                          remote_user=pecan.request.remote_user, | 
            
                                                        
            
                                    
            
            
                | 76 |  |  |                                          authorization=pecan.request.authorization, | 
            
                                                        
            
                                    
            
            
                | 77 |  |  |                                          **kwargs) | 
            
                                                        
            
                                    
            
            
                | 78 |  |  |         return process_successful_response(token=token) | 
            
                                                        
            
                                    
            
            
                | 79 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 80 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 81 |  |  | def process_successful_response(token): | 
            
                                                        
            
                                    
            
            
                | 82 |  |  |     api_url = cfg.CONF.auth.api_url | 
            
                                                        
            
                                    
            
            
                | 83 |  |  |     pecan.response.headers['X-API-URL'] = api_url | 
            
                                                        
            
                                    
            
            
                | 84 |  |  |     return token | 
            
                                                        
            
                                    
            
            
                | 85 |  |  |  |