Project

General

Profile

Download (6.34 KB) Statistics
| Branch: | Tag: | Revision:

organization_api / ckanext / ozwillo_organization_api / plugin.py @ 19d8afdf

1
from hashlib import sha1
2
import hmac
3
import requests
4
import logging
5
import json
6

    
7
import ckan.plugins as plugins
8
import ckan.plugins.toolkit as toolkit
9

    
10
import ckan.logic as logic
11

    
12
from pylons import config
13
from ckan.common import request, _
14
from ckan.logic.action.create import _group_or_org_create as group_or_org_create
15
from ckan.logic.action.create import user_create
16
from ckan.logic.action.delete import _group_or_org_purge
17

    
18
plugin_config_prefix = 'ckanext.ozwillo_organization_api.'
19

    
20
log = logging.getLogger(__name__)
21

    
22
def valid_signature_required(func):
23

    
24
    signature_header_name = config.get(plugin_config_prefix + 'signature_header_name',
25
                                       'X-Hub-Signature')
26
    instantiated_secret = config.get(plugin_config_prefix + 'instantiation_secret',
27
                                     'secret')
28

    
29
    def wrapper(context, data):
30
        if signature_header_name in request.headers:
31
            if request.headers[signature_header_name].startswith('sha1='):
32
                algo, received_hmac = request.headers[signature_header_name].rsplit('=')
33
                computed_hmac = hmac.new(instantiated_secret, request.body, sha1).hexdigest()
34
                # the received hmac is uppercase according to
35
                # http://doc.ozwillo.com/#ref-3-2-1
36
                if received_hmac != computed_hmac.upper():
37
                    raise logic.NotAuthorized(_('Invalid HMAC'))
38
            else:
39
                raise logic.ValidationError(_('Invalid HMAC algo'))
40
        else:
41
            raise logic.NotAuthorized(_("No HMAC in the header"))
42
        return func(context, data)
43
    return wrapper
44

    
45
@valid_signature_required
46
def create_organization(context, data_dict):
47
    context['ignore_auth'] = True
48
    model = context['model']
49
    session = context['session']
50

    
51
    destruction_secret = config.get(plugin_config_prefix + 'destruction_secret',
52
                                       'changeme')
53

    
54
    client_id = data_dict.pop('client_id')
55
    client_secret = data_dict.pop('client_secret')
56
    instance_id = data_dict.pop('instance_id')
57

    
58
    # re-mapping received dict
59
    registration_uri = data_dict.pop('instance_registration_uri')
60
    organization = data_dict['organization']
61
    user = data_dict['user']
62
    user_dict = {
63
        'id': user['id'],
64
        'name': user['name'].lower().replace(' ', '').replace('.', ''),
65
        'email': user['email_address'],
66
        'password': user['id']
67
    }
68
    user_obj = model.User.get(user_dict['name'])
69

    
70
    org_dict = {
71
        'type': 'organization',
72
        'name': organization['name'].lower().replace(' ', '-'),
73
        'id': instance_id,
74
        'title': organization['name'],
75
        'description': organization['type'],
76
        'user': user_dict['name']
77
    }
78

    
79
    if not user_obj:
80
        user_create(context, user_dict)
81
    context['user'] = user_dict['name']
82

    
83
    try:
84
        delete_uri = toolkit.url_for(host=request.host,
85
                                     controller='api', action='action',
86
                                     logic_function="delete-ozwillo-organization",
87
                                     ver=context['api_version'],
88
                                     qualified=True)
89
        organization_uri = toolkit.url_for(host=request.host,
90
                                           controller='organization',
91
                                           action='read',
92
                                           id=org_dict['name'],
93
                                           qualified=True)
94
        default_icon_url = toolkit.url_for(host=request.host,
95
                                           qualified=True,
96
                                           controller='home',
97
                                           action='index') + 'organization_icon.png'
98

    
99
        group_or_org_create(context, org_dict, is_org=True)
100

    
101
        # setting organization as active explicitely
102
        group = model.Group.get(org_dict['name'])
103
        group.state = 'active'
104
        group.image_url = default_icon_url
105
        group.save()
106
        model.repo.new_revision()
107
        model.GroupExtra(group_id=group.id, key='client_id',
108
                         value=client_id).save()
109
        model.GroupExtra(group_id=group.id, key='client_secret',
110
                         value=client_secret).save()
111
        session.flush()
112

    
113
        # notify about organization creation
114
        services = {'services': [{
115
            'local_id': 'organization',
116
            'name': org_dict['title'],
117
            'service_uri': organization_uri + '/sso',
118
            'description': 'Organization ' + org_dict['name'] + ' on CKAN',
119
            'tos_uri': organization_uri,
120
            'policy_uri': organization_uri,
121
            'icon': group.image_url,
122
            'payment_option': 'FREE',
123
            'target_audience': ['PUBLIC_BODIES'],
124
            'contacts': [organization_uri],
125
            'redirect_uris': [organization_uri + '/callback'],
126
            'post_logout_redirect_uris': [organization_uri + '/logout'],
127
            'visible': True}],
128
            'instance_id': instance_id,
129
            'destruction_uri': delete_uri,
130
            'destruction_secret': destruction_secret,
131
            'needed_scopes': [{
132
                'scope_id': 'profile',
133
                'motivation': 'Used to link user to the organization'
134
            }]
135
        }
136
        headers = {'Content-type': 'application/json',
137
                   'Accept': 'application/json'}
138
        requests.post(registration_uri,
139
                      data=json.dumps(services),
140
                      auth=(client_id, client_secret),
141
                      headers=headers
142
                  )
143
    except logic.ValidationError, e:
144
        log.debug('Validation error "%s" occured while creating organization' % e)
145
        raise
146

    
147
@valid_signature_required
148
def delete_organization(context, data_dict):
149
    data_dict['id'] = data_dict.pop('instance_id')
150
    context['ignore_auth'] = True
151
    _group_or_org_purge(context, data_dict, is_org=True)
152

    
153

    
154
class OzwilloOrganizationApiPlugin(plugins.SingletonPlugin):
155
    """
156
    API for OASIS to create and delete an organization
157
    """
158
    plugins.implements(plugins.IActions)
159
    plugins.implements(plugins.IConfigurer)
160

    
161
    def update_config(self, config):
162
        toolkit.add_public_directory(config, 'public')
163

    
164
    def get_actions(self):
165
        return {
166
            'create-ozwillo-organization': create_organization,
167
            'delete-ozwillo-organization': delete_organization
168
        }
(2-2/2)