From ebae239061dc4ddd5f1a78dd65a68f70f87660ff Mon Sep 17 00:00:00 2001 From: Milo Casagrande Date: Fri, 16 Jan 2015 11:23:30 +0100 Subject: Fix validation functions. * Make sure PUT is considered along with POST. * Add validation for expired fields. Change-Id: Ia9f492b2db838148e1815f636d09c03d62d558a1 --- app/handlers/common.py | 61 ++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 44 insertions(+), 17 deletions(-) diff --git a/app/handlers/common.py b/app/handlers/common.py index 282db22..9f77c38 100644 --- a/app/handlers/common.py +++ b/app/handlers/common.py @@ -851,9 +851,9 @@ def valid_token_general(token, method): """ valid_token = False - if method == "GET" and token.is_get_token: + if all([method == "GET", token.is_get_token]): valid_token = True - elif method == "POST" and token.is_post_token: + elif all([(method == "POST" or method == "PUT"), token.is_post_token]): valid_token = True elif all([method == "DELETE", token.is_delete_token]): if not token.is_lab_token: @@ -875,7 +875,7 @@ def valid_token_bh(token, method): if all([method == "GET", token.is_get_token]): valid_token = True - elif all([method == "POST", token.is_post_token]): + elif all([(method == "POST" or method == "PUT"), token.is_post_token]): valid_token = True elif all([method == "DELETE", token.is_delete_token]): valid_token = True @@ -922,17 +922,40 @@ def validate_token(token_obj, method, remote_ip, validate_func): utils.LOG.error("Retrieved token is not a Token object") valid_token = False else: - valid_token &= validate_func(token, method) - - if token.is_ip_restricted and \ - not _valid_token_ip(token, remote_ip): + if _is_expired_token(token): valid_token = False + else: + valid_token &= validate_func(token, method) + + if all([valid_token, + token.is_ip_restricted, + not _valid_token_ip(token, remote_ip)]): + valid_token = False else: valid_token = False return valid_token +def _is_expired_token(token): + """Verify whther a token is expired or not. + + :param token: The token to verify. + :type token: `models.Token`. + :return True or False. + """ + is_expired = False + if token.expired: + is_expired = True + else: + expires_on = token.expires_on + if expires_on is not None and isinstance(expires_on, datetime.datetime): + if expires_on < datetime.datetime.now(): + is_expired = True + + return is_expired + + def _valid_token_ip(token, remote_ip): """Make sure the token comes from the designated IP addresses. @@ -942,17 +965,21 @@ def _valid_token_ip(token, remote_ip): """ valid_token = False - if remote_ip: - remote_ip = mtoken.convert_ip_address(remote_ip) - - if remote_ip in token.ip_address: - valid_token = True + if token.ip_address is not None: + if remote_ip: + remote_ip = mtoken.convert_ip_address(remote_ip) + + if remote_ip in token.ip_address: + valid_token = True + else: + utils.LOG.warn( + "IP restricted token from wrong IP address: %s", + remote_ip + ) else: - utils.LOG.warn( - "IP restricted token from wrong IP address: %s", - remote_ip - ) + utils.LOG.info( + "No remote IP address provided, cannot validate token") else: - utils.LOG.info("No remote IP address provided, cannot validate token") + valid_token = True return valid_token -- cgit v1.2.3