Revision ace55618
Added by Serghei Mihai over 8 years ago
ckanext/ozwillo_organization_api/plugin.py | ||
---|---|---|
22 | 22 |
|
23 | 23 |
log = logging.getLogger(__name__) |
24 | 24 |
|
25 |
def valid_signature_required(func):
|
|
25 |
def valid_signature_required(secret_prefix):
|
|
26 | 26 |
|
27 | 27 |
signature_header_name = config.get(plugin_config_prefix + 'signature_header_name', |
28 | 28 |
'X-Hub-Signature') |
29 |
instantiated_secret = config.get(plugin_config_prefix + 'instantiation_secret', |
|
30 |
'secret') |
|
31 |
|
|
32 |
def wrapper(context, data): |
|
33 |
if signature_header_name in request.headers: |
|
34 |
if request.headers[signature_header_name].startswith('sha1='): |
|
35 |
algo, received_hmac = request.headers[signature_header_name].rsplit('=') |
|
36 |
computed_hmac = hmac.new(instantiated_secret, request.body, sha1).hexdigest() |
|
37 |
# the received hmac is uppercase according to |
|
38 |
# http://doc.ozwillo.com/#ref-3-2-1 |
|
39 |
if received_hmac != computed_hmac.upper(): |
|
40 |
log.info('Invalid HMAC') |
|
41 |
raise logic.NotAuthorized(_('Invalid HMAC')) |
|
29 |
api_secret = config.get(plugin_config_prefix + secret_prefix +'_secret', 'secret') |
|
30 |
|
|
31 |
def decorator(func): |
|
32 |
def wrapper(context, data): |
|
33 |
if signature_header_name in request.headers: |
|
34 |
if request.headers[signature_header_name].startswith('sha1='): |
|
35 |
algo, received_hmac = request.headers[signature_header_name].rsplit('=') |
|
36 |
computed_hmac = hmac.new(api_secret, request.body, sha1).hexdigest() |
|
37 |
# the received hmac is uppercase according to |
|
38 |
# http://doc.ozwillo.com/#ref-3-2-1 |
|
39 |
if received_hmac != computed_hmac.upper(): |
|
40 |
log.info('Invalid HMAC') |
|
41 |
raise logic.NotAuthorized(_('Invalid HMAC')) |
|
42 |
else: |
|
43 |
log.info('Invalid HMAC algo') |
|
44 |
raise logic.ValidationError(_('Invalid HMAC algo')) |
|
42 | 45 |
else: |
43 |
log.info('Invalid HMAC algo') |
|
44 |
raise logic.ValidationError(_('Invalid HMAC algo')) |
|
45 |
else: |
|
46 |
log.info('No HMAC in the header') |
|
47 |
raise logic.NotAuthorized(_("No HMAC in the header")) |
|
48 |
return func(context, data) |
|
49 |
return wrapper |
|
50 |
|
|
51 |
@valid_signature_required |
|
46 |
log.info('No HMAC in the header') |
|
47 |
raise logic.NotAuthorized(_("No HMAC in the header")) |
|
48 |
return func(context, data) |
|
49 |
return wrapper |
|
50 |
return decorator |
|
51 |
|
|
52 |
|
|
53 |
@valid_signature_required(secret_prefix='instantiation') |
|
52 | 54 |
def create_organization(context, data_dict): |
53 | 55 |
context['ignore_auth'] = True |
54 | 56 |
model = context['model'] |
... | ... | |
149 | 151 |
log.debug('Validation error "%s" occured while creating organization' % e) |
150 | 152 |
raise |
151 | 153 |
|
152 |
@valid_signature_required |
|
154 |
@valid_signature_required(secret_prefix='destruction')
|
|
153 | 155 |
def delete_organization(context, data_dict): |
154 | 156 |
data_dict['id'] = data_dict.pop('instance_id') |
155 | 157 |
context['ignore_auth'] = True |
Also available in: Unified diff
fix organization creation and deletion api secret reading (#9801)