Revision ace55618
Added by Serghei Mihai almost 10 years ago
| ckanext/ozwillo_organization_api/plugin.py | ||
|---|---|---|
|
|
||
|
log = logging.getLogger(__name__)
|
||
|
|
||
|
def valid_signature_required(func):
|
||
|
def valid_signature_required(secret_prefix):
|
||
|
|
||
|
signature_header_name = config.get(plugin_config_prefix + 'signature_header_name',
|
||
|
'X-Hub-Signature')
|
||
|
instantiated_secret = config.get(plugin_config_prefix + 'instantiation_secret',
|
||
|
'secret')
|
||
|
|
||
|
def wrapper(context, data):
|
||
|
if signature_header_name in request.headers:
|
||
|
if request.headers[signature_header_name].startswith('sha1='):
|
||
|
algo, received_hmac = request.headers[signature_header_name].rsplit('=')
|
||
|
computed_hmac = hmac.new(instantiated_secret, request.body, sha1).hexdigest()
|
||
|
# the received hmac is uppercase according to
|
||
|
# http://doc.ozwillo.com/#ref-3-2-1
|
||
|
if received_hmac != computed_hmac.upper():
|
||
|
log.info('Invalid HMAC')
|
||
|
raise logic.NotAuthorized(_('Invalid HMAC'))
|
||
|
api_secret = config.get(plugin_config_prefix + secret_prefix +'_secret', 'secret')
|
||
|
|
||
|
def decorator(func):
|
||
|
def wrapper(context, data):
|
||
|
if signature_header_name in request.headers:
|
||
|
if request.headers[signature_header_name].startswith('sha1='):
|
||
|
algo, received_hmac = request.headers[signature_header_name].rsplit('=')
|
||
|
computed_hmac = hmac.new(api_secret, request.body, sha1).hexdigest()
|
||
|
# the received hmac is uppercase according to
|
||
|
# http://doc.ozwillo.com/#ref-3-2-1
|
||
|
if received_hmac != computed_hmac.upper():
|
||
|
log.info('Invalid HMAC')
|
||
|
raise logic.NotAuthorized(_('Invalid HMAC'))
|
||
|
else:
|
||
|
log.info('Invalid HMAC algo')
|
||
|
raise logic.ValidationError(_('Invalid HMAC algo'))
|
||
|
else:
|
||
|
log.info('Invalid HMAC algo')
|
||
|
raise logic.ValidationError(_('Invalid HMAC algo'))
|
||
|
else:
|
||
|
log.info('No HMAC in the header')
|
||
|
raise logic.NotAuthorized(_("No HMAC in the header"))
|
||
|
return func(context, data)
|
||
|
return wrapper
|
||
|
|
||
|
@valid_signature_required
|
||
|
log.info('No HMAC in the header')
|
||
|
raise logic.NotAuthorized(_("No HMAC in the header"))
|
||
|
return func(context, data)
|
||
|
return wrapper
|
||
|
return decorator
|
||
|
|
||
|
|
||
|
@valid_signature_required(secret_prefix='instantiation')
|
||
|
def create_organization(context, data_dict):
|
||
|
context['ignore_auth'] = True
|
||
|
model = context['model']
|
||
| ... | ... | |
|
log.debug('Validation error "%s" occured while creating organization' % e)
|
||
|
raise
|
||
|
|
||
|
@valid_signature_required
|
||
|
@valid_signature_required(secret_prefix='destruction')
|
||
|
def delete_organization(context, data_dict):
|
||
|
data_dict['id'] = data_dict.pop('instance_id')
|
||
|
context['ignore_auth'] = True
|
||
Also available in: Unified diff
fix organization creation and deletion api secret reading (#9801)