zuul-web: refactor auth token handling code
Remove some code redundancy in the auth token validation logic. Change-Id: I58f6f0a222c469e16622f6383bc3669671bf3fd2
This commit is contained in:
parent
74ff81998f
commit
9c463fc185
|
@ -261,6 +261,21 @@ class ZuulWebAPI(object):
|
|||
'error': e,
|
||||
'realm': self.zuulweb.authenticators.default_realm}
|
||||
|
||||
def _auth_token_check(self):
|
||||
rawToken = \
|
||||
cherrypy.request.headers['Authorization'][len('Bearer '):]
|
||||
try:
|
||||
claims = self.zuulweb.authenticators.authenticate(rawToken)
|
||||
except exceptions.AuthTokenException as e:
|
||||
for header, contents in e.getAdditionalHeaders().items():
|
||||
cherrypy.response.headers[header] = contents
|
||||
cherrypy.response.status = e.HTTPError
|
||||
return ({},
|
||||
{'description': e.error_description,
|
||||
'error': e.error,
|
||||
'realm': e.realm})
|
||||
return (claims, None)
|
||||
|
||||
@cherrypy.expose
|
||||
@cherrypy.tools.json_in()
|
||||
@cherrypy.tools.json_out(content_type='application/json; charset=utf-8')
|
||||
|
@ -272,16 +287,9 @@ class ZuulWebAPI(object):
|
|||
if cherrypy.request.method != 'POST':
|
||||
raise cherrypy.HTTPError(405)
|
||||
# AuthN/AuthZ
|
||||
rawToken = cherrypy.request.headers['Authorization'][len('Bearer '):]
|
||||
try:
|
||||
claims = self.zuulweb.authenticators.authenticate(rawToken)
|
||||
except exceptions.AuthTokenException as e:
|
||||
for header, contents in e.getAdditionalHeaders().items():
|
||||
cherrypy.response.headers[header] = contents
|
||||
cherrypy.response.status = e.HTTPError
|
||||
return {'description': e.error_description,
|
||||
'error': e.error,
|
||||
'realm': e.realm}
|
||||
claims, token_error = self._auth_token_check()
|
||||
if token_error is not None:
|
||||
return token_error
|
||||
self.is_authorized(claims, tenant)
|
||||
msg = 'User "%s" requesting "%s" on %s/%s'
|
||||
self.log.info(
|
||||
|
@ -317,16 +325,9 @@ class ZuulWebAPI(object):
|
|||
if cherrypy.request.method != 'POST':
|
||||
raise cherrypy.HTTPError(405)
|
||||
# AuthN/AuthZ
|
||||
rawToken = cherrypy.request.headers['Authorization'][len('Bearer '):]
|
||||
try:
|
||||
claims = self.zuulweb.authenticators.authenticate(rawToken)
|
||||
except exceptions.AuthTokenException as e:
|
||||
for header, contents in e.getAdditionalHeaders().items():
|
||||
cherrypy.response.headers[header] = contents
|
||||
cherrypy.response.status = e.HTTPError
|
||||
return {'description': e.error_description,
|
||||
'error': e.error,
|
||||
'realm': e.realm}
|
||||
claims, token_error = self._auth_token_check()
|
||||
if token_error is not None:
|
||||
return token_error
|
||||
self.is_authorized(claims, tenant)
|
||||
msg = 'User "%s" requesting "%s" on %s/%s'
|
||||
self.log.info(
|
||||
|
@ -394,17 +395,9 @@ class ZuulWebAPI(object):
|
|||
if basic_error is not None:
|
||||
return basic_error
|
||||
# AuthN/AuthZ
|
||||
rawToken = \
|
||||
cherrypy.request.headers['Authorization'][len('Bearer '):]
|
||||
try:
|
||||
claims = self.zuulweb.authenticators.authenticate(rawToken)
|
||||
except exceptions.AuthTokenException as e:
|
||||
for header, contents in e.getAdditionalHeaders().items():
|
||||
cherrypy.response.headers[header] = contents
|
||||
cherrypy.response.status = e.HTTPError
|
||||
return {'description': e.error_description,
|
||||
'error': e.error,
|
||||
'realm': e.realm}
|
||||
claims, token_error = self._auth_token_check()
|
||||
if token_error is not None:
|
||||
return token_error
|
||||
self.is_authorized(claims, tenant)
|
||||
msg = 'User "%s" requesting "%s" on %s/%s'
|
||||
self.log.info(
|
||||
|
@ -510,16 +503,9 @@ class ZuulWebAPI(object):
|
|||
if basic_error is not None:
|
||||
return basic_error
|
||||
# AuthN/AuthZ
|
||||
rawToken = cherrypy.request.headers['Authorization'][len('Bearer '):]
|
||||
try:
|
||||
claims = self.zuulweb.authenticators.authenticate(rawToken)
|
||||
except exceptions.AuthTokenException as e:
|
||||
for header, contents in e.getAdditionalHeaders().items():
|
||||
cherrypy.response.headers[header] = contents
|
||||
cherrypy.response.status = e.HTTPError
|
||||
return {'description': e.error_description,
|
||||
'error': e.error,
|
||||
'realm': e.realm}
|
||||
claims, token_error = self._auth_token_check()
|
||||
if token_error is not None:
|
||||
return token_error
|
||||
self.is_authorized(claims, request['tenant'])
|
||||
msg = 'User "%s" requesting "%s" on %s/%s'
|
||||
self.log.info(
|
||||
|
@ -619,16 +605,10 @@ class ZuulWebAPI(object):
|
|||
basic_error = self._basic_auth_header_check()
|
||||
if basic_error is not None:
|
||||
return basic_error
|
||||
rawToken = cherrypy.request.headers['Authorization'][len('Bearer '):]
|
||||
try:
|
||||
claims = self.zuulweb.authenticators.authenticate(rawToken)
|
||||
except exceptions.AuthTokenException as e:
|
||||
for header, contents in e.getAdditionalHeaders().items():
|
||||
cherrypy.response.headers[header] = contents
|
||||
cherrypy.response.status = e.HTTPError
|
||||
return {'description': e.error_description,
|
||||
'error': e.error,
|
||||
'realm': e.realm}
|
||||
# AuthN/AuthZ
|
||||
claims, token_error = self._auth_token_check()
|
||||
if token_error is not None:
|
||||
return token_error
|
||||
if 'zuul' in claims and 'admin' in claims.get('zuul', {}):
|
||||
return {'zuul': {'admin': claims['zuul']['admin']}, }
|
||||
job = self.rpc.submitJob('zuul:get_admin_tenants',
|
||||
|
|
Loading…
Reference in New Issue