1
|
from hashlib import sha1
|
2
|
import hmac
|
3
|
|
4
|
import ckan.plugins as plugins
|
5
|
import ckan.logic as logic
|
6
|
|
7
|
from pylons import config
|
8
|
from ckan.common import request, _
|
9
|
from ckan.logic.action.create import _group_or_org_create as group_or_org_create
|
10
|
|
11
|
def valid_signature_required(func):
|
12
|
plugin_config_prefix = 'ckanext.ozwillo_organization_api.'
|
13
|
signature_header_name = config.get(plugin_config_prefix + 'signature_header_name',
|
14
|
'X-Hub-Signature')
|
15
|
instantiated_secret = config.get(plugin_config_prefix + 'instantiated_secret',
|
16
|
'secret')
|
17
|
|
18
|
def wrapper(context, data):
|
19
|
if signature_header_name in request.headers:
|
20
|
if request.headers[signature_header_name].startswith('sha1='):
|
21
|
algo, hash = request.headers[signature_header_name].rsplit('=')
|
22
|
computed_hash = hmac.new(instantiated_secret, str(data), sha1).hexdigest()
|
23
|
if hash != computed_hash:
|
24
|
raise logic.NotAuthorized(_('Invalid HMAC'))
|
25
|
else:
|
26
|
raise logic.ValidationError(_('Invalid HMAC algo'))
|
27
|
else:
|
28
|
raise logic.NotAuthorized(_("No HMAC in the header"))
|
29
|
return func(context, data)
|
30
|
return wrapper
|
31
|
|
32
|
@valid_signature_required
|
33
|
def create_organization(context, data_dict):
|
34
|
pass
|
35
|
|
36
|
@valid_signature_required
|
37
|
def delete_organization(context, data_dict):
|
38
|
pass
|
39
|
|
40
|
|
41
|
class OzwilloOrganizationApiPlugin(plugins.SingletonPlugin):
|
42
|
"""
|
43
|
API for OASIS to create and delete an organization
|
44
|
"""
|
45
|
plugins.implements(plugins.IActions)
|
46
|
|
47
|
def get_actions(self):
|
48
|
return {
|
49
|
'create-organization': create_organization,
|
50
|
'delete-organization': delete_organization
|
51
|
}
|