StackStorm /
st2
| Conditions | 16 |
| Total Lines | 100 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 2 | ||
| Bugs | 0 | Features | 0 |
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
Complex classes like StandaloneAuthHandler.handle_auth() often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
| 1 | # Licensed to the StackStorm, Inc ('StackStorm') under one or more |
||
| 71 | def handle_auth(self, request, headers=None, remote_addr=None, remote_user=None, |
||
| 72 | authorization=None, **kwargs): |
||
| 73 | auth_backend = self._auth_backend.__class__.__name__ |
||
| 74 | |||
| 75 | extra = {'auth_backend': auth_backend, 'remote_addr': remote_addr} |
||
| 76 | |||
| 77 | if not authorization: |
||
| 78 | LOG.audit('Authorization header not provided', extra=extra) |
||
| 79 | abort_request() |
||
| 80 | return |
||
| 81 | |||
| 82 | auth_type, auth_value = authorization |
||
| 83 | if auth_type.lower() not in ['basic']: |
||
| 84 | extra['auth_type'] = auth_type |
||
| 85 | LOG.audit('Unsupported authorization type: %s' % (auth_type), extra=extra) |
||
| 86 | abort_request() |
||
| 87 | return |
||
| 88 | |||
| 89 | try: |
||
| 90 | auth_value = base64.b64decode(auth_value) |
||
| 91 | except Exception: |
||
| 92 | LOG.audit('Invalid authorization header', extra=extra) |
||
| 93 | abort_request() |
||
| 94 | return |
||
| 95 | |||
| 96 | split = auth_value.split(':') |
||
| 97 | if len(split) != 2: |
||
| 98 | LOG.audit('Invalid authorization header', extra=extra) |
||
| 99 | abort_request() |
||
| 100 | return |
||
| 101 | |||
| 102 | username, password = split |
||
| 103 | result = self._auth_backend |
||
| 104 | |||
| 105 | result = self._auth_backend.authenticate(username=username, password=password) |
||
| 106 | if result is True: |
||
| 107 | ttl = getattr(request, 'ttl', None) |
||
| 108 | impersonate_user = getattr(request, 'user', None) |
||
| 109 | |||
| 110 | if impersonate_user is not None: |
||
| 111 | # check this is a service account |
||
| 112 | try: |
||
| 113 | if not User.get_by_name(username).is_service: |
||
| 114 | message = "Current user is not a service and cannot " \ |
||
| 115 | "request impersonated tokens" |
||
| 116 | abort_request(status_code=http_client.BAD_REQUEST, |
||
| 117 | message=message) |
||
| 118 | return |
||
| 119 | username = impersonate_user |
||
| 120 | except (UserNotFoundError, StackStormDBObjectNotFoundError): |
||
| 121 | message = "Could not locate user %s" % \ |
||
| 122 | (impersonate_user) |
||
| 123 | abort_request(status_code=http_client.BAD_REQUEST, |
||
| 124 | message=message) |
||
| 125 | return |
||
| 126 | else: |
||
| 127 | impersonate_user = getattr(request, 'impersonate_user', None) |
||
| 128 | nickname_origin = getattr(request, 'nickname_origin', None) |
||
| 129 | if impersonate_user is not None: |
||
| 130 | try: |
||
| 131 | # check this is a service account |
||
| 132 | if not User.get_by_name(username).is_service: |
||
| 133 | raise NotServiceUserError() |
||
| 134 | username = User.get_by_nickname(impersonate_user, |
||
| 135 | nickname_origin).name |
||
| 136 | except NotServiceUserError: |
||
| 137 | message = "Current user is not a service and cannot " \ |
||
| 138 | "request impersonated tokens" |
||
| 139 | abort_request(status_code=http_client.BAD_REQUEST, |
||
| 140 | message=message) |
||
| 141 | return |
||
| 142 | except (UserNotFoundError, StackStormDBObjectNotFoundError): |
||
| 143 | message = "Could not locate user %s@%s" % \ |
||
| 144 | (impersonate_user, nickname_origin) |
||
| 145 | abort_request(status_code=http_client.BAD_REQUEST, |
||
| 146 | message=message) |
||
| 147 | return |
||
| 148 | except NoNicknameOriginProvidedError: |
||
| 149 | message = "Nickname origin is not provided for nickname '%s'" % \ |
||
| 150 | impersonate_user |
||
| 151 | abort_request(status_code=http_client.BAD_REQUEST, |
||
| 152 | message=message) |
||
| 153 | return |
||
| 154 | except AmbiguousUserError: |
||
| 155 | message = "%s@%s matched more than one username" % \ |
||
| 156 | (impersonate_user, nickname_origin) |
||
| 157 | abort_request(status_code=http_client.BAD_REQUEST, |
||
| 158 | message=message) |
||
| 159 | return |
||
| 160 | try: |
||
| 161 | token = self._create_token_for_user( |
||
| 162 | username=username, ttl=ttl) |
||
| 163 | return token |
||
| 164 | except TTLTooLargeException as e: |
||
| 165 | abort_request(status_code=http_client.BAD_REQUEST, |
||
| 166 | message=e.message) |
||
| 167 | return |
||
| 168 | |||
| 169 | LOG.audit('Invalid credentials provided', extra=extra) |
||
| 170 | abort_request() |
||
| 171 |
Loading history...