1 |
5c8cfd17
|
Serghei MIHAI
|
from hashlib import sha1
|
2 |
|
|
import hmac
|
3 |
|
|
|
4 |
|
|
import ckan.plugins as plugins
|
5 |
|
|
import ckan.logic as logic
|
6 |
|
|
|
7 |
|
|
from pylons import config
|
8 |
|
|
from ckan.common import request, _
|
9 |
|
|
from ckan.logic.action.create import _group_or_org_create as group_or_org_create
|
10 |
|
|
|
11 |
|
|
def valid_signature_required(func):
|
12 |
|
|
plugin_config_prefix = 'ckanext.ozwillo_organization_api.'
|
13 |
|
|
signature_header_name = config.get(plugin_config_prefix + 'signature_header_name',
|
14 |
|
|
'X-Hub-Signature')
|
15 |
|
|
instantiated_secret = config.get(plugin_config_prefix + 'instantiated_secret',
|
16 |
|
|
'secret')
|
17 |
|
|
|
18 |
|
|
def wrapper(context, data):
|
19 |
|
|
if signature_header_name in request.headers:
|
20 |
|
|
if request.headers[signature_header_name].startswith('sha1='):
|
21 |
|
|
algo, hash = request.headers[signature_header_name].rsplit('=')
|
22 |
|
|
computed_hash = hmac.new(instantiated_secret, str(data), sha1).hexdigest()
|
23 |
|
|
if hash != computed_hash:
|
24 |
|
|
raise logic.NotAuthorized(_('Invalid HMAC'))
|
25 |
|
|
else:
|
26 |
|
|
raise logic.ValidationError(_('Invalid HMAC algo'))
|
27 |
|
|
else:
|
28 |
|
|
raise logic.NotAuthorized(_("No HMAC in the header"))
|
29 |
|
|
return func(context, data)
|
30 |
|
|
return wrapper
|
31 |
|
|
|
32 |
|
|
@valid_signature_required
|
33 |
|
|
def create_organization(context, data_dict):
|
34 |
|
|
pass
|
35 |
|
|
|
36 |
|
|
@valid_signature_required
|
37 |
|
|
def delete_organization(context, data_dict):
|
38 |
|
|
pass
|
39 |
|
|
|
40 |
|
|
|
41 |
|
|
class OzwilloOrganizationApiPlugin(plugins.SingletonPlugin):
|
42 |
|
|
"""
|
43 |
|
|
API for OASIS to create and delete an organization
|
44 |
|
|
"""
|
45 |
|
|
plugins.implements(plugins.IActions)
|
46 |
|
|
|
47 |
|
|
def get_actions(self):
|
48 |
|
|
return {
|
49 |
|
|
'create-organization': create_organization,
|
50 |
|
|
'delete-organization': delete_organization
|
51 |
|
|
}
|