22 |
22 |
|
23 |
23 |
log = logging.getLogger(__name__)
|
24 |
24 |
|
25 |
|
def valid_signature_required(func):
|
|
25 |
def valid_signature_required(secret_prefix):
|
26 |
26 |
|
27 |
27 |
signature_header_name = config.get(plugin_config_prefix + 'signature_header_name',
|
28 |
28 |
'X-Hub-Signature')
|
29 |
|
instantiated_secret = config.get(plugin_config_prefix + 'instantiation_secret',
|
30 |
|
'secret')
|
31 |
|
|
32 |
|
def wrapper(context, data):
|
33 |
|
if signature_header_name in request.headers:
|
34 |
|
if request.headers[signature_header_name].startswith('sha1='):
|
35 |
|
algo, received_hmac = request.headers[signature_header_name].rsplit('=')
|
36 |
|
computed_hmac = hmac.new(instantiated_secret, request.body, sha1).hexdigest()
|
37 |
|
# the received hmac is uppercase according to
|
38 |
|
# http://doc.ozwillo.com/#ref-3-2-1
|
39 |
|
if received_hmac != computed_hmac.upper():
|
40 |
|
log.info('Invalid HMAC')
|
41 |
|
raise logic.NotAuthorized(_('Invalid HMAC'))
|
|
29 |
api_secret = config.get(plugin_config_prefix + secret_prefix +'_secret', 'secret')
|
|
30 |
|
|
31 |
def decorator(func):
|
|
32 |
def wrapper(context, data):
|
|
33 |
if signature_header_name in request.headers:
|
|
34 |
if request.headers[signature_header_name].startswith('sha1='):
|
|
35 |
algo, received_hmac = request.headers[signature_header_name].rsplit('=')
|
|
36 |
computed_hmac = hmac.new(api_secret, request.body, sha1).hexdigest()
|
|
37 |
# the received hmac is uppercase according to
|
|
38 |
# http://doc.ozwillo.com/#ref-3-2-1
|
|
39 |
if received_hmac != computed_hmac.upper():
|
|
40 |
log.info('Invalid HMAC')
|
|
41 |
raise logic.NotAuthorized(_('Invalid HMAC'))
|
|
42 |
else:
|
|
43 |
log.info('Invalid HMAC algo')
|
|
44 |
raise logic.ValidationError(_('Invalid HMAC algo'))
|
42 |
45 |
else:
|
43 |
|
log.info('Invalid HMAC algo')
|
44 |
|
raise logic.ValidationError(_('Invalid HMAC algo'))
|
45 |
|
else:
|
46 |
|
log.info('No HMAC in the header')
|
47 |
|
raise logic.NotAuthorized(_("No HMAC in the header"))
|
48 |
|
return func(context, data)
|
49 |
|
return wrapper
|
50 |
|
|
51 |
|
@valid_signature_required
|
|
46 |
log.info('No HMAC in the header')
|
|
47 |
raise logic.NotAuthorized(_("No HMAC in the header"))
|
|
48 |
return func(context, data)
|
|
49 |
return wrapper
|
|
50 |
return decorator
|
|
51 |
|
|
52 |
|
|
53 |
@valid_signature_required(secret_prefix='instantiation')
|
52 |
54 |
def create_organization(context, data_dict):
|
53 |
55 |
context['ignore_auth'] = True
|
54 |
56 |
model = context['model']
|
... | ... | |
149 |
151 |
log.debug('Validation error "%s" occured while creating organization' % e)
|
150 |
152 |
raise
|
151 |
153 |
|
152 |
|
@valid_signature_required
|
|
154 |
@valid_signature_required(secret_prefix='destruction')
|
153 |
155 |
def delete_organization(context, data_dict):
|
154 |
156 |
data_dict['id'] = data_dict.pop('instance_id')
|
155 |
157 |
context['ignore_auth'] = True
|
156 |
|
-
|