tardis.tardis_portal.auth package

Submodules

tardis.tardis_portal.auth.authentication module

A module containing helper methods for the manage_auth_methods function in views.py.

tardis.tardis_portal.auth.authentication.add_auth_method(request)

Add a new authentication method to request.user’s existing list of authentication methods. This method will ask for a confirmation if the user wants to merge two accounts if the authentication method he provided already exists as a method for another user.

Parameters:request – the HTTP request object
Returns:The HttpResponse which contains request.user’s new list of authentication methods
tardis.tardis_portal.auth.authentication.edit_auth_method(request)

Change the local DB (Django) password for request.user.

tardis.tardis_portal.auth.authentication.list_auth_methods(request)

Generate a list of authentication methods that request.user uses to authenticate to the system and send it back in a HttpResponse.

Parameters:request – the HTTP request object
Returns:The HttpResponse which contains request.user’s list of authentication methods
tardis.tardis_portal.auth.authentication.merge_auth_method(request)

Merge the account that the user is logged in as and the account that he provided in the Authentication Form. Merging accounts involve relinking the UserAuthentication table entries, transferring ObjectACL entries to the merged account, changing the Group memberships and deleting the unneeded account.

Parameters:request – the HTTP request object
Returns:The HttpResponse which contains request.user’s new list of authentication methods
tardis.tardis_portal.auth.authentication.remove_auth_method(request)

Removes the non-local DB auth method from the UserAuthentication model.

Parameters:request – the HTTP request object
Returns:The HttpResponse which contains request.user’s new list of authentication methods

tardis.tardis_portal.auth.authorisation module

Object-level authorisation backend

class tardis.tardis_portal.auth.authorisation.ACLAwareBackend

Bases: object

app_label = 'tardis_acls'
authenticate(username, password)

do not use this backend for authentication

get_perm_bool(verb)

relates ACLs to permissions

has_perm(user_obj, perm, obj=None)

main method, calls other methods based on permission type queried

supports_anonymous_user = True
supports_object_permissions = True

tardis.tardis_portal.auth.authservice module

models.py

class tardis.tardis_portal.auth.authservice.AuthService(settings=<django.conf.LazySettings object>)

The AuthService provides an interface for querying the auth(n|z) framework within MyTardis. The auth service works by reading the class path to plugins from the settings file.

Parameters:settings (django.conf.settings) – the settings object that contains the list of user and group plugins.
authenticate(authMethod, **credentials)

Try and authenticate the user using the auth type he/she specified to use and if authentication didn’t work using that

Parameters:
  • authMethod (string) – the shortname of the auth method.
  • **credentials

    the credentials as expected by the auth plugin

getGroups(user)

Return a list of tuples containing pluginname and group id

Parameters:request (django.http.HttpRequest) – a HTTP Request instance
getGroupsForEntity(entity)

Return a list of the groups an entity belongs to

Parameters:entity (string) – the entity to earch for, user or group.

The groups will be reurned as a list similar to:

[{'name': 'Group 456', 'id': '2'},
{'name': 'Group 123', 'id': '1'}]
getUser(authMethod, user_id, force_user_create=False)

Return a user model based on the given auth method and user id.

This function is responsible for creating the user within the Django DB and returning the resulting user model.

getUsernameByEmail(authMethod, email)

Return a username given the auth method and email address of a user.

get_or_create_user(user_obj_or_dict, authMethod=None)

refactored out for external use by AAF and possibly others

searchEntities(filter)

Return a list of users and/or groups

searchGroups(**kw)

Return a list of users and/or groups

Parameters:
  • id – the value of the id to search for
  • name – the value of the displayname to search for
  • max_results – the maximum number of elements to return
  • sort_by – the attribute the users should be sorted on
  • plugin – restrict the search to the specific group provider
searchUsers(filter)

Return a list of users and/or groups

tardis.tardis_portal.auth.decorators module

tardis.tardis_portal.auth.decorators.datafile_access_required(f)
tardis.tardis_portal.auth.decorators.dataset_access_required(f)
tardis.tardis_portal.auth.decorators.dataset_download_required(f)
tardis.tardis_portal.auth.decorators.dataset_write_permissions_required(f)
tardis.tardis_portal.auth.decorators.delete_permissions_required(f)
tardis.tardis_portal.auth.decorators.experiment_access_required(f)
tardis.tardis_portal.auth.decorators.experiment_download_required(f)
tardis.tardis_portal.auth.decorators.experiment_ownership_required(f)

A decorator for Django views that validates if a user is an owner of an experiment or ‘superuser’ prior to further processing the request. Unauthenticated requests are redirected to the login page. If the user making the request satisfies none of these criteria, an error response is returned.

Parameters:f (types.FunctionType) – A Django view function
Returns:A Django view function
Return type:types.FunctionType
tardis.tardis_portal.auth.decorators.get_accessible_datafiles_for_user(request)
tardis.tardis_portal.auth.decorators.get_accessible_experiments(request)
tardis.tardis_portal.auth.decorators.get_accessible_experiments_for_dataset(request, dataset_id)
tardis.tardis_portal.auth.decorators.get_owned_experiments(request)
tardis.tardis_portal.auth.decorators.get_shared_experiments(request)
tardis.tardis_portal.auth.decorators.group_ownership_required(f)

A decorator for Django views that validates if a user is a group admin or ‘superuser’ prior to further processing the request. Unauthenticated requests are redirected to the login page. If the user making the request satisfies none of these criteria, an error response is returned.

Parameters:f (types.FunctionType) – A Django view function
Returns:A Django view function
Return type:types.FunctionType
tardis.tardis_portal.auth.decorators.has_datafile_access(request, datafile_id)
tardis.tardis_portal.auth.decorators.has_datafile_download_access(request, datafile_id)
tardis.tardis_portal.auth.decorators.has_dataset_access(request, dataset_id)
tardis.tardis_portal.auth.decorators.has_dataset_download_access(request, dataset_id)
tardis.tardis_portal.auth.decorators.has_dataset_ownership(request, dataset_id)
tardis.tardis_portal.auth.decorators.has_dataset_write(request, dataset_id)
tardis.tardis_portal.auth.decorators.has_delete_permissions(request, experiment_id)
tardis.tardis_portal.auth.decorators.has_experiment_access(request, experiment_id)
tardis.tardis_portal.auth.decorators.has_experiment_download_access(request, experiment_id)
tardis.tardis_portal.auth.decorators.has_experiment_ownership(request, experiment_id)
tardis.tardis_portal.auth.decorators.has_experiment_write(request, experiment_id)
tardis.tardis_portal.auth.decorators.has_read_or_owner_ACL(request, experiment_id)

Check whether the user has read access to the experiment - this means either they have been granted read access, or that they are the owner.

NOTE: This does not check whether the experiment is public or not, which means even when the experiment is public, this method does not automatically returns true.

As such, this method should NOT be used to check whether the user has general read permission.

tardis.tardis_portal.auth.decorators.has_write_permissions(request, experiment_id)
tardis.tardis_portal.auth.decorators.is_group_admin(request, *args, **kwargs)
tardis.tardis_portal.auth.decorators.upload_auth(f)
tardis.tardis_portal.auth.decorators.write_permissions_required(f)

tardis.tardis_portal.auth.fix_circular module

tardis.tardis_portal.auth.fix_circular.getGroups(user)

tardis.tardis_portal.auth.httpbasicendpoint_auth module

Created on Dec 15, 2011

@author: uqtdettr

class tardis.tardis_portal.auth.httpbasicendpoint_auth.HttpBasicEndpointAuth(openerDirector=<urllib2.OpenerDirector instance>, endpoint=None)

Bases: tardis.tardis_portal.auth.interfaces.AuthProvider

This class provides authentication against a HTTP resource protected by HTTP Basic authentication. Access is granted based on the user credentials being valid against that resource.

class SimplePasswordMgr

Bases: urllib2.HTTPPasswordMgr

Simple password manager which provides the same credentials, no matter the realm or the uri.

add_password(realm, uri, username, password)
clear()
find_user_password(realm, authuri)
HttpBasicEndpointAuth.authenticate(request)

Authenticate a user, expecting the user will be using form-based auth and the username and password will be passed in url-encoded form POST variables.

Parameters:request (django.http.HttpRequest) – a HTTP Request instance
HttpBasicEndpointAuth.get_user(user_id)

tardis.tardis_portal.auth.interfaces module

class tardis.tardis_portal.auth.interfaces.AuthProvider
authenticate(request)

from a request authenticate try to authenticate the user. return a user dict if successful.

getUsernameByEmail(email)

returns the username (format string) from the auth domain

Implementing this function is optional- it is needed for resolving experiment owner email addresses to usernames during ingestion.

get_user(user_id)
class tardis.tardis_portal.auth.interfaces.GroupProvider
getGroupById(id)

return the group associated with the id

getGroups(user)

return an iteration of the available groups.

getGroupsForEntity(id)

return a list of groups associated with a particular entity id

searchGroups(**filter)

return a list of groups that match the filter

class tardis.tardis_portal.auth.interfaces.UserProvider
getUserById(id)

return the user dictionary in the format of:

{"id": 123,
"first_name": "John",
"last_name": "Smith",
"email": "john@example.com"}
getUsernameByEmail(email)

returns the username (format string) from the auth domain needed for resolving experiment owners during ingestion

searchUsers(**filter)

return a list of user descriptions from the auth domain.

each user is in the format of:

{"id": 123,
"first_name": "John",
"last_name": "Smith",
"email": "john@example.com"}

tardis.tardis_portal.auth.ldap_auth module

tardis.tardis_portal.auth.localdb_auth module

Local DB Authentication module.

class tardis.tardis_portal.auth.localdb_auth.DjangoAuthBackend

Bases: tardis.tardis_portal.auth.interfaces.AuthProvider

Authenticate against Django’s Model Backend.

authenticate(request)

authenticate a user, this expect the user will be using form based auth and the username and password will be passed in as POST variables.

Parameters:request (django.http.HttpRequest) – a HTTP Request instance
get_user(user_id)
class tardis.tardis_portal.auth.localdb_auth.DjangoGroupProvider

Bases: tardis.tardis_portal.auth.interfaces.GroupProvider

getGroupById(id)

return the group associated with the id:

{"id": 123,

“display”: “Group Name”,}

getGroups(user)

return an iteration of the available groups.

name = u'django_group'
searchGroups(**filter)
class tardis.tardis_portal.auth.localdb_auth.DjangoUserProvider

Bases: tardis.tardis_portal.auth.interfaces.UserProvider

getUserById(id)

return the user dictionary in the format of:

{"id": 123,
"first_name": "John",
"last_name": "Smith",
"email": "john@example.com"}
name = u'django_user'

tardis.tardis_portal.auth.token_auth module

token authentication module

class tardis.tardis_portal.auth.token_auth.TokenAuthMiddleware

Bases: object

adds tokens to the user object and the session from a GET query

process_request(request)
class tardis.tardis_portal.auth.token_auth.TokenGroupProvider

Bases: tardis.tardis_portal.auth.interfaces.GroupProvider

Transforms tokens into auth groups

getGroups(user)
name = u'token_group'
searchGroups(**kwargs)

return nothing because these are not groups in the standard sense

tardis.tardis_portal.auth.utils module

Created on 15/03/2011

@author: gerson

tardis.tardis_portal.auth.utils.configure_user(user)

Configure a user account that has just been created by adding the user to the default groups and creating a UserProfile.

Parameters:user – the User instance for the newly created account
tardis.tardis_portal.auth.utils.create_user(auth_method, user_id, email='')
tardis.tardis_portal.auth.utils.get_or_create_user(auth_method, user_id, email='')

Module contents