aboutsummaryrefslogtreecommitdiffstats
path: root/app/api/middleware
diff options
context:
space:
mode:
authorYaron Yogev <yaronyogev@gmail.com>2017-07-27 09:02:54 +0300
committerYaron Yogev <yaronyogev@gmail.com>2017-07-27 14:56:25 +0300
commit7e83d0876ddb84a45e130eeba28bc40ef53c074b (patch)
tree47d76239ae7658d87c66abd142df92709427e7dd /app/api/middleware
parent378ecbd8947589b9cbb39013a0c2e2aa201e03bd (diff)
Calipso initial release for OPNFV
Change-Id: I7210c244b0c10fa80bfa8c77cb86c9d6ddf8bc88 Signed-off-by: Yaron Yogev <yaronyogev@gmail.com>
Diffstat (limited to 'app/api/middleware')
-rw-r--r--app/api/middleware/__init__.py10
-rw-r--r--app/api/middleware/authentication.py63
2 files changed, 73 insertions, 0 deletions
diff --git a/app/api/middleware/__init__.py b/app/api/middleware/__init__.py
new file mode 100644
index 0000000..1e85a2a
--- /dev/null
+++ b/app/api/middleware/__init__.py
@@ -0,0 +1,10 @@
+###############################################################################
+# Copyright (c) 2017 Koren Lev (Cisco Systems), Yaron Yogev (Cisco Systems) #
+# and others #
+# #
+# All rights reserved. This program and the accompanying materials #
+# are made available under the terms of the Apache License, Version 2.0 #
+# which accompanies this distribution, and is available at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+###############################################################################
+
diff --git a/app/api/middleware/authentication.py b/app/api/middleware/authentication.py
new file mode 100644
index 0000000..bc62fa8
--- /dev/null
+++ b/app/api/middleware/authentication.py
@@ -0,0 +1,63 @@
+###############################################################################
+# Copyright (c) 2017 Koren Lev (Cisco Systems), Yaron Yogev (Cisco Systems) #
+# and others #
+# #
+# All rights reserved. This program and the accompanying materials #
+# are made available under the terms of the Apache License, Version 2.0 #
+# which accompanies this distribution, and is available at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+###############################################################################
+import base64
+
+from api.responders.responder_base import ResponderBase
+from api.auth.auth import Auth
+from api.auth.token import Token
+
+
+class AuthenticationMiddleware(ResponderBase):
+ def __init__(self):
+ super().__init__()
+ self.auth = Auth()
+ self.BASIC_AUTH = "AUTHORIZATION"
+ self.EXCEPTION_ROUTES = ['/auth/tokens']
+
+ def process_request(self, req, resp):
+ if req.path in self.EXCEPTION_ROUTES:
+ return
+
+ self.log.debug("Authentication middleware is processing the request")
+ headers = self.change_dict_naming_convention(req.headers,
+ lambda s: s.upper())
+ auth_error = None
+ if self.BASIC_AUTH in headers:
+ # basic authentication
+ self.log.debug("Authenticating the basic credentials")
+ basic = headers[self.BASIC_AUTH]
+ auth_error = self.authenticate_with_basic_auth(basic)
+ elif Token.FIELD in headers:
+ # token authentication
+ self.log.debug("Authenticating token")
+ token = headers[Token.FIELD]
+ auth_error = self.auth.validate_token(token)
+ else:
+ auth_error = "Authentication required"
+
+ if auth_error:
+ self.unauthorized(auth_error)
+
+ def authenticate_with_basic_auth(self, basic):
+ error = None
+ if not basic or not basic.startswith("Basic"):
+ error = "Credentials not provided"
+ else:
+ # get username and password
+ credential = basic.lstrip("Basic").lstrip()
+ username_password = base64.b64decode(credential).decode("utf-8")
+ credentials = username_password.split(":")
+ if not self.auth.validate_credentials(credentials[0], credentials[1]):
+ self.log.info("Authentication for {0} failed".format(credentials[0]))
+ error = "Authentication failed"
+ else:
+ self.log.info("Authentication for {0} succeeded".format(credentials[0]))
+
+ return error