trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

core: add AuthJsonConsumer to handle websocket authentication

This commit is contained in:
Jens Langhammer 2020-09-26 20:11:04 +02:00
parent 6366d50a0e
commit 07e20a2950
2 changed files with 45 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
passbook/core/channels.py Normal file
View File

@ -0,0 +1,37 @@
"""Channels base classes"""
from channels.generic.websocket import JsonWebsocketConsumer
from django.core.exceptions import ValidationError
from structlog import get_logger
from passbook.core.models import Token, TokenIntents, User
LOGGER = get_logger()
class AuthJsonConsumer(JsonWebsocketConsumer):
"""Authorize a client with a token"""
user: User
def connect(self):
headers = dict(self.scope["headers"])
if b"authorization" not in headers:
LOGGER.warning("WS Request without authorization header")
self.close()
token = headers[b"authorization"]
try:
token_uuid = token.decode("utf-8")
tokens = Token.filter_not_expired(
token_uuid=token_uuid, intent=TokenIntents.INTENT_API
)
if not tokens.exists():
LOGGER.warning("WS Request with invalid token")
self.close()
return False
except ValidationError:
LOGGER.warning("WS Invalid UUID")
self.close()
return False
self.user = tokens.first().user
return True

32
passbook/outposts/channels.py
View File

@ -4,14 +4,13 @@ from enum import IntEnum
from time import time from time import time
from typing import Any, Dict from typing import Any, Dict
from channels.generic.websocket import JsonWebsocketConsumer
from dacite import from_dict from dacite import from_dict
from dacite.data import Data from dacite.data import Data
from django.core.cache import cache from django.core.cache import cache
from django.core.exceptions import ValidationError from guardian.shortcuts import get_objects_for_user
from structlog import get_logger from structlog import get_logger
from passbook.core.models import Token, TokenIntents from passbook.core.channels import AuthJsonConsumer
from passbook.outposts.models import Outpost from passbook.outposts.models import Outpost
LOGGER = get_logger() LOGGER = get_logger()
@ -38,33 +37,18 @@ class WebsocketMessage:
args: Dict[str, Any] = field(default_factory=dict) args: Dict[str, Any] = field(default_factory=dict)
class OutpostConsumer(JsonWebsocketConsumer): class OutpostConsumer(AuthJsonConsumer):
"""Handler for Outposts that connect over websockets for health checks and live updates""" """Handler for Outposts that connect over websockets for health checks and live updates"""
outpost: Outpost outpost: Outpost
def connect(self): def connect(self):
# TODO: This authentication block could be handeled in middleware if not super().connect():
headers = dict(self.scope["headers"]) return
if b"authorization" not in headers:
LOGGER.warning("WS Request without authorization header")
self.close()
token = headers[b"authorization"]
try:
token_uuid = token.decode("utf-8")
tokens = Token.filter_not_expired(
token_uuid=token_uuid, intent=TokenIntents.INTENT_API
)
if not tokens.exists():
LOGGER.warning("WS Request with invalid token")
self.close()
except ValidationError:
LOGGER.warning("WS Invalid UUID")
self.close()
uuid = self.scope["url_route"]["kwargs"]["pk"] uuid = self.scope["url_route"]["kwargs"]["pk"]
outpost = Outpost.objects.filter(pk=uuid) outpost = get_objects_for_user(
self.user, "passbook_outposts.view_outpost"
).filter(pk=uuid)
if not outpost.exists(): if not outpost.exists():
self.close() self.close()
return return