Source Code for Module pulp.server.webservices.auth

 1  #!/usr/bin/env python 
 2  # -*- coding: utf-8 -*- 
 3  # 
 4  # Copyright © 2010 Red Hat, Inc. 
 5  # 
 6  # This software is licensed to you under the GNU General Public License, 
 7  # version 2 (GPLv2). There is NO WARRANTY for this software, express or 
 8  # implied, including the implied warranties of MERCHANTABILITY or FITNESS 
 9  # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 
10  # along with this software; if not, see 
11  # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. 
12  # 
13  # Red Hat trademarks are not licensed under GPLv2. No permission is 
14  # granted to use or replicate Red Hat trademarks that are incorporated 
15  # in this software or its documentation. 
16   
17  import base64 
18  import re 
19   
20  from pulp.server.webservices import http 
21   
22   
23  _whitespace_regex = re.compile('\w+') 
24   
25   
26 -class HTTPAuthError(Exception): 
27      pass 
28   
29   
30 -def is_http_basic_auth(credentials): 
31      """ 
32      Check if the credentials are for http basic authorization 
33      @type credentials: str 
34      @param credentials: value of the HTTP_AUTHORIZATION header 
35      @return: True if the credentials are for http basic authorization, 
36               False otherwise 
37      """ 
38      if len(credentials) < 5: 
39          return False 
40      type = credentials[:5].lower() 
41      return type == 'basic' 
42   
43   
44 -def http_basic_username_password(credentials): 
45      """ 
46      Get the username and password from http basic authorization credentials 
47      """ 
48      credentials = credentials.strip() 
49      if not _whitespace_regex.match(credentials): 
50          raise HTTPAuthError('malformed basic authentication information') 
51      encoded_str = _whitespace_regex.split(credentials, 1)[1].strip() 
52      decoded_str = base64.decodestring(encoded_str) 
53      if decoded_str.find(':') < 0: 
54          raise HTTPAuthError('malformed basic authentication information') 
55      return decoded_str.split(':', 1) 
56       
57       
58 -def is_http_digest_auth(credentials): 
59      """ 
60      Check if the credentials are for http digest authorization 
61      @type credentials: str 
62      @param credentials: value of the HTTP_AUTHORIZATION header 
63      @return: True if the credentials are for http digest authorization, 
64               False otherwise 
65      """ 
66      if len(credentials) < 6: 
67          return False 
68      type = credentials[:6].lower() 
69      return type == 'digest' 
70   
71   
72 -def http_digest_username_password(credentials): 
73      """ 
74      Get the username and password from http digest authorization credentials 
75      """ 
76      raise NotImplementedError('HTTP Digest Authorization not yet implemented') 
77   
78   
79 -def check_roles(roles): 
80      """ 
81      Check the http headers for valid authentication information 
82      """ 
83      # simple check to see if we're even receiving the credentials for now 
84      credentials = http.http_authorization() 
85      if credentials is None: 
86          return False 
87      if is_http_basic_auth(credentials): 
88          pass 
89      elif is_http_digest_auth(credentials): 
90          pass 
91      else: 
92          return False 
93      return True 
94