commit/galaxy-central: martenson: api_key retrieval through API using basic authentication
1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/a24014287a29/ Changeset: a24014287a29 User: martenson Date: 2014-01-16 19:20:10 Summary: api_key retrieval through API using basic authentication Affected #: 3 files diff -r ee176b881f3784ab658254ff4d471bcd113f05ce -r a24014287a29cddcd4ef392a4bde59a833c3ecab lib/galaxy/model/__init__.py --- a/lib/galaxy/model/__init__.py +++ b/lib/galaxy/model/__init__.py @@ -734,8 +734,7 @@ self.tags = [] def _next_hid( self ): - # TODO: override this with something in the database that ensures - # better integrity + # this is overriden in mapping.py db_next_hid() method if len( self.datasets ) == 0: return 1 else: @@ -3446,4 +3445,7 @@ self.context = context class APIKeys( object ): - pass + def __init__( self, id=None, user_id=None, key=None): + self.id = id + self.user_id = user_id + self.key = key diff -r ee176b881f3784ab658254ff4d471bcd113f05ce -r a24014287a29cddcd4ef392a4bde59a833c3ecab lib/galaxy/webapps/galaxy/api/authenticate.py --- /dev/null +++ b/lib/galaxy/webapps/galaxy/api/authenticate.py @@ -0,0 +1,78 @@ +""" +API key retrieval through BaseAuth +""" + +from galaxy import util, web +from pprint import pprint +from galaxy.web.base.controller import BaseAPIController +from base64 import b64decode, b64encode +from urllib import quote, unquote +from galaxy.exceptions import ObjectNotFound +from paste.httpexceptions import HTTPBadRequest + + +import logging +log = logging.getLogger( __name__ ) + +class AuthenticationController( BaseAPIController ): + + @web.expose_api_anonymous + def get_api_key( self, trans, **kwd ): + """ + def get_api_key( self, trans, **kwd ) + * GET /api/authenticate/baseauth + returns an API key for authenticated user based on BaseAuth headers + """ + email, password = _decode_baseauth( trans.environ.get( 'HTTP_AUTHORIZATION' ) ) + + user = trans.sa_session.query( trans.app.model.User ).filter( trans.app.model.User.table.c.email == email ).all() + + if (len(user) is not 1): + # DB is inconsistent and we have more users with same email + raise ObjectNotFound + else: + user = user[0] + is_valid_user = user.check_password( password ) + + if (is_valid_user): + user_id = user.id + api_key_row = trans.sa_session.query( trans.app.model.APIKeys ).filter( trans.app.model.APIKeys.table.c.user_id == user_id ).first() + else: + trans.response.status = 500 + return "invalid password" + + return dict('api_key', api_key_row.key) + +def _decode_baseauth( encoded_str ): + """Decode an encrypted HTTP basic authentication string. Returns a tuple of + the form (email, password), and raises a DecodeError exception if + nothing could be decoded. + """ + split = encoded_str.strip().split(' ') + + # If split is only one element, try to decode the email and password + # directly. + if len(split) == 1: + try: + email, password = b64decode(split[0]).split(':') + except: + raise HTTPBadRequest + + # If there are only two elements, check the first and ensure it says + # 'basic' so that we know we're about to decode the right thing. If not, + # bail out. + elif len(split) == 2: + if split[0].strip().lower() == 'basic': + try: + email, password = b64decode(split[1]).split(':') + except: + raise DecodeError + else: + raise HTTPBadRequest + + # If there are more than 2 elements, something crazy must be happening. + # Bail. + else: + raise HTTPBadRequest + + return unquote(email), unquote(password) diff -r ee176b881f3784ab658254ff4d471bcd113f05ce -r a24014287a29cddcd4ef392a4bde59a833c3ecab lib/galaxy/webapps/galaxy/buildapp.py --- a/lib/galaxy/webapps/galaxy/buildapp.py +++ b/lib/galaxy/webapps/galaxy/buildapp.py @@ -169,6 +169,16 @@ webapp.mapper.connect( 'workflow_dict', '/api/workflows/download/{workflow_id}', controller='workflows', action='workflow_dict', conditions=dict( method=['GET'] ) ) webapp.mapper.connect( 'import_shared_workflow', '/api/workflows/import', controller='workflows', action='import_shared_worflow', conditions=dict( method=['POST'] ) ) + # ============================ + # ===== AUTHENTICATE API ===== + # ============================ + + webapp.mapper.connect( 'api_key_retrieval', + '/api/authenticate/baseauth/', + controller='authenticate', + action='get_api_key', + conditions=dict( method=[ "GET" ] ) ) + # ======================= # ===== LIBRARY API ===== # ======================= Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.
participants (1)
-
commits-noreply@bitbucket.org