Project

General

Profile

« Previous | Next » 

Revision ace55618

Added by Serghei Mihai over 8 years ago

fix organization creation and deletion api secret reading (#9801)

View differences:

ckanext/ozwillo_organization_api/plugin.py
22 22

  
23 23
log = logging.getLogger(__name__)
24 24

  
25
def valid_signature_required(func):
25
def valid_signature_required(secret_prefix):
26 26

  
27 27
    signature_header_name = config.get(plugin_config_prefix + 'signature_header_name',
28 28
                                       'X-Hub-Signature')
29
    instantiated_secret = config.get(plugin_config_prefix + 'instantiation_secret',
30
                                     'secret')
31

  
32
    def wrapper(context, data):
33
        if signature_header_name in request.headers:
34
            if request.headers[signature_header_name].startswith('sha1='):
35
                algo, received_hmac = request.headers[signature_header_name].rsplit('=')
36
                computed_hmac = hmac.new(instantiated_secret, request.body, sha1).hexdigest()
37
                # the received hmac is uppercase according to
38
                # http://doc.ozwillo.com/#ref-3-2-1
39
                if received_hmac != computed_hmac.upper():
40
                    log.info('Invalid HMAC')
41
                    raise logic.NotAuthorized(_('Invalid HMAC'))
29
    api_secret = config.get(plugin_config_prefix + secret_prefix +'_secret', 'secret')
30

  
31
    def decorator(func):
32
        def wrapper(context, data):
33
            if signature_header_name in request.headers:
34
                if request.headers[signature_header_name].startswith('sha1='):
35
                    algo, received_hmac = request.headers[signature_header_name].rsplit('=')
36
                    computed_hmac = hmac.new(api_secret, request.body, sha1).hexdigest()
37
                    # the received hmac is uppercase according to
38
                    # http://doc.ozwillo.com/#ref-3-2-1
39
                    if received_hmac != computed_hmac.upper():
40
                        log.info('Invalid HMAC')
41
                        raise logic.NotAuthorized(_('Invalid HMAC'))
42
                else:
43
                    log.info('Invalid HMAC algo')
44
                    raise logic.ValidationError(_('Invalid HMAC algo'))
42 45
            else:
43
                log.info('Invalid HMAC algo')
44
                raise logic.ValidationError(_('Invalid HMAC algo'))
45
        else:
46
            log.info('No HMAC in the header')
47
            raise logic.NotAuthorized(_("No HMAC in the header"))
48
        return func(context, data)
49
    return wrapper
50

  
51
@valid_signature_required
46
                log.info('No HMAC in the header')
47
                raise logic.NotAuthorized(_("No HMAC in the header"))
48
            return func(context, data)
49
        return wrapper
50
    return decorator
51

  
52

  
53
@valid_signature_required(secret_prefix='instantiation')
52 54
def create_organization(context, data_dict):
53 55
    context['ignore_auth'] = True
54 56
    model = context['model']
......
149 151
        log.debug('Validation error "%s" occured while creating organization' % e)
150 152
        raise
151 153

  
152
@valid_signature_required
154
@valid_signature_required(secret_prefix='destruction')
153 155
def delete_organization(context, data_dict):
154 156
    data_dict['id'] = data_dict.pop('instance_id')
155 157
    context['ignore_auth'] = True

Also available in: Unified diff