Commit 4fcfeb55 authored by Giorgos Korfiatis's avatar Giorgos Korfiatis

astakos: Strengthen authentication in user_from_token

All user-related API calls make use of this decorator to authenticate
the user. Previously it used to check only for the existence of the token;
now it makes all checks previously found in the `authenticate' API call.
The latter now just prepares the response data; it depends on the
decorator for authentication per se.
parent b7a1601b
......@@ -31,8 +31,6 @@
# interpreted as representing official policies, either expressed
# or implied, of GRNET S.A.
from time import time, mktime
from django.http import HttpResponse
from django.utils import simplejson as json
from django.views.decorators.csrf import csrf_exempt
......@@ -63,17 +61,6 @@ def authenticate(request):
if not user:
raise faults.BadRequest('No user')
# Check if the is active.
if not user.is_active:
raise faults.Unauthorized('User inactive')
# Check if the token has expired.
if (time() - mktime(user.auth_token_expires.timetuple())) > 0:
raise faults.Unauthorized('Authentication expired')
if not user.signed_terms:
raise faults.Unauthorized('Pending approval terms')
response = HttpResponse()
user_info = {
'id': user.id,
......
......@@ -80,10 +80,23 @@ def user_from_token(func):
raise faults.Unauthorized("Invalid X-Auth-Token")
try:
request.user = AstakosUser.objects.get(auth_token=token)
user = AstakosUser.objects.get(auth_token=token)
except AstakosUser.DoesNotExist:
raise faults.Unauthorized('Invalid X-Auth-Token')
# Check if the user is active.
if not user.is_active:
raise faults.Unauthorized('User inactive')
# Check if the token has expired.
if user.token_expired():
raise faults.Unauthorized('Authentication expired')
# Check if the user has accepted the terms.
if not user.signed_terms:
raise faults.Unauthorized('Pending approval terms')
request.user = user
return func(request, *args, **kwargs)
return wrapper
......
......@@ -514,6 +514,9 @@ class AstakosUser(User):
msg = 'Token renewed for %s' % self.log_display
logger.log(astakos_settings.LOGGING_LEVEL, msg)
def token_expired(self):
return self.auth_token_expires < datetime.now()
def flush_sessions(self, current_key=None):
q = self.sessions
if current_key:
......
......@@ -158,7 +158,7 @@ def prepare_response(request, user, next='', renew=False):
or user has not a valid token.
"""
renew = renew or (not user.auth_token)
renew = renew or (user.auth_token_expires < datetime.datetime.now())
renew = renew or user.token_expired()
if renew:
user.renew_token(
flush_sessions=True,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment