Commit 4fcfeb55 authored by Giorgos Korfiatis's avatar Giorgos Korfiatis

astakos: Strengthen authentication in user_from_token

All user-related API calls make use of this decorator to authenticate
the user. Previously it used to check only for the existence of the token;
now it makes all checks previously found in the `authenticate' API call.
The latter now just prepares the response data; it depends on the
decorator for authentication per se.
parent b7a1601b
...@@ -31,8 +31,6 @@ ...@@ -31,8 +31,6 @@
# interpreted as representing official policies, either expressed # interpreted as representing official policies, either expressed
# or implied, of GRNET S.A. # or implied, of GRNET S.A.
from time import time, mktime
from django.http import HttpResponse from django.http import HttpResponse
from django.utils import simplejson as json from django.utils import simplejson as json
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
...@@ -63,17 +61,6 @@ def authenticate(request): ...@@ -63,17 +61,6 @@ def authenticate(request):
if not user: if not user:
raise faults.BadRequest('No user') raise faults.BadRequest('No user')
# Check if the is active.
if not user.is_active:
raise faults.Unauthorized('User inactive')
# Check if the token has expired.
if (time() - mktime(user.auth_token_expires.timetuple())) > 0:
raise faults.Unauthorized('Authentication expired')
if not user.signed_terms:
raise faults.Unauthorized('Pending approval terms')
response = HttpResponse() response = HttpResponse()
user_info = { user_info = {
'id': user.id, 'id': user.id,
......
...@@ -80,10 +80,23 @@ def user_from_token(func): ...@@ -80,10 +80,23 @@ def user_from_token(func):
raise faults.Unauthorized("Invalid X-Auth-Token") raise faults.Unauthorized("Invalid X-Auth-Token")
try: try:
request.user = AstakosUser.objects.get(auth_token=token) user = AstakosUser.objects.get(auth_token=token)
except AstakosUser.DoesNotExist: except AstakosUser.DoesNotExist:
raise faults.Unauthorized('Invalid X-Auth-Token') raise faults.Unauthorized('Invalid X-Auth-Token')
# Check if the user is active.
if not user.is_active:
raise faults.Unauthorized('User inactive')
# Check if the token has expired.
if user.token_expired():
raise faults.Unauthorized('Authentication expired')
# Check if the user has accepted the terms.
if not user.signed_terms:
raise faults.Unauthorized('Pending approval terms')
request.user = user
return func(request, *args, **kwargs) return func(request, *args, **kwargs)
return wrapper return wrapper
......
...@@ -514,6 +514,9 @@ class AstakosUser(User): ...@@ -514,6 +514,9 @@ class AstakosUser(User):
msg = 'Token renewed for %s' % self.log_display msg = 'Token renewed for %s' % self.log_display
logger.log(astakos_settings.LOGGING_LEVEL, msg) logger.log(astakos_settings.LOGGING_LEVEL, msg)
def token_expired(self):
return self.auth_token_expires < datetime.now()
def flush_sessions(self, current_key=None): def flush_sessions(self, current_key=None):
q = self.sessions q = self.sessions
if current_key: if current_key:
......
...@@ -158,7 +158,7 @@ def prepare_response(request, user, next='', renew=False): ...@@ -158,7 +158,7 @@ def prepare_response(request, user, next='', renew=False):
or user has not a valid token. or user has not a valid token.
""" """
renew = renew or (not user.auth_token) renew = renew or (not user.auth_token)
renew = renew or (user.auth_token_expires < datetime.datetime.now()) renew = renew or user.token_expired()
if renew: if renew:
user.renew_token( user.renew_token(
flush_sessions=True, flush_sessions=True,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment