Add access key auth

fe17bec7 · ibuler · 5b4ce709 · fe17bec7
Commit fe17bec7 authored Dec 21, 2016 by ibuler
Hide whitespace changes
Inline Side-by-side

Showing with 41 additions and 20 deletions

authentication.py apps/users/authentication.py +41 -20

No files found.
--- a/apps/users/authentication.py
+++ b/apps/users/authentication.py
@@ -8,16 +8,27 @@ from django.conf import settings
 from django.utils.translation import ugettext as _
 from rest_framework import authentication, exceptions, permissions
 from rest_framework.compat import is_authenticated
+from django.utils.six import text_type
+from django.utils.translation import ugettext_lazy as _
+from rest_framework import HTTP_HEADER_ENCODING
-from common.utils import signer, get_object_or_none
+from common.utils import get_object_or_none
-from .hands import Terminal
 from .utils import get_or_refresh_token
-from .models import User
+from .models import User, AccessKey
-class TerminalAuthentication(authentication.BaseAuthentication):
+def get_request_date_header(request):
+    date = request.META.get('HTTP_DATE', b'')
+    if isinstance(date, text_type):
+        # Work around django test client oddness
+        date = date.encode(HTTP_HEADER_ENCODING)
+    return date
+class AccessKeyAuthentication(authentication.BaseAuthentication):
    keyword = 'Sign'
-    model = Terminal
+    model = AccessKey
    def authenticate(self, request):
        auth = authentication.get_authorization_header(request).split()
@@ -26,30 +37,40 @@ class TerminalAuthentication(authentication.BaseAuthentication):
            return None
        if len(auth) == 1:
-            msg = _('Invalid sign header. No credentials provided.')
+            msg = _('Invalid signature header. No credentials provided.')
            raise exceptions.AuthenticationFailed(msg)
        elif len(auth) > 2:
-            msg = _('Invalid sign header. Sign string should not contain spaces.')
+            msg = _('Invalid signature header. Signature string should not contain spaces.')
            raise exceptions.AuthenticationFailed(msg)
        try:
-            sign = auth[1].decode()
+            sign = auth[1].decode().split(':')
+            if len(sign) != 2:
+                msg = _('Invalid signature header. Format like AccessKeyId:Signature')
+                raise exceptions.AuthenticationFailed(msg)
        except UnicodeError:
-            msg = _('Invalid token header. Sign string should not contain invalid characters.')
+            msg = _('Invalid signature header. Signature string should not contain invalid characters.')
            raise exceptions.AuthenticationFailed(msg)
+        access_key_id = sign[0]
+        secret = sign[1]
+        date =
        return self.authenticate_credentials(sign)
-    def authenticate_credentials(self, sign):
+    def authenticate_credentials(self, access_key_id, secret, datetime):
-        name = signer.unsign(sign)
+        access_key_id = sign[0]
-        if name:
+        secret = sign[1]
-            terminal = get_object_or_none(self.model, name=name)
-        else:
+        access_key = get_object_or_none(AccessKey, id=access_key_id)
-            raise exceptions.AuthenticationFailed(_('Invalid sign.'))
+        if access_key is None or not access_key.user:
+            raise exceptions.AuthenticationFailed(_('Invalid signature.'))
-        if not terminal or not terminal.is_active:
-            raise exceptions.AuthenticationFailed(_('Terminal inactive or deleted.'))
+        if not access_key.user.is_active:
-        terminal.is_authenticated = True
+            raise exceptions.AuthenticationFailed(_('User disabled.'))
-        return terminal, None
+        return access_key.user, None
 class AccessTokenAuthentication(authentication.BaseAuthentication):