magpie.adapter.magpieowssecurity ================================ .. py:module:: magpie.adapter.magpieowssecurity Attributes ---------- .. autoapisummary:: magpie.adapter.magpieowssecurity.LOGGER Classes ------- .. autoapisummary:: magpie.adapter.magpieowssecurity.MagpieOWSSecurity Module Contents --------------- .. py:data:: LOGGER .. py:class:: MagpieOWSSecurity(container: magpie.typedefs.AnySettingsContainer) Bases: :py:obj:`twitcher.interface.OWSSecurityInterface` .. py:attribute:: _cached_request :type: Dict[uuid.UUID, pyramid.request.Request] .. py:attribute:: settings .. py:attribute:: magpie_url .. py:attribute:: twitcher_ssl_verify :value: False .. py:attribute:: twitcher_protected_path .. py:method:: _get_service_cached(service_name: magpie.typedefs.Str, request_uuid: uuid.UUID) -> Tuple[magpie.services.ServiceInterface, Dict[str, magpie.typedefs.AnyValue]] Cache this method with :py:mod:`beaker` based on the provided caching key parameters. If the cache is not hit (expired timeout or new key entry), calls :func:`service_factory` to retrieve the actual :class:`ServiceInterface` implementation. Otherwise, returns the cached service to avoid SQL queries. .. note:: Function arguments are required to generate caching keys by which cached elements will be retrieved. Those arguments must be serializable to generate the cache key (i.e.: cannot pass a :class:`Request` object that contains session and other unserializable/circular references). .. seealso:: - :meth:`magpie.adapter.magpieowssecurity.MagpieOWSSecurity.get_service` - :meth:`magpie.adapter.magpieservice.MagpieServiceStore.fetch_by_name` .. py:method:: get_service(request: pyramid.request.Request) -> magpie.services.ServiceInterface Obtains the service referenced by the request. Caching is automatically handled according to configured application settings and whether the specific service name being requested was already processed recently and not expired. .. py:method:: verify_request(request: pyramid.request.Request) -> bool Verify that the service request is allowed. .. versionadded:: 3.18 Available only in ``Twitcher >= 0.6.x``. .. py:method:: check_request(request: pyramid.request.Request) -> None Verifies if the request user has access to the targeted resource according to parent service and permissions. If the request path corresponds to configured `Twitcher` proxy, evaluate the :term:`ACL`. Otherwise, ignore request access validation. In the case `Twitcher` proxy path is matched, the :term:`Logged User` **MUST** be allowed access following :term:`Effective Permissions ` resolution via :term:`ACL`. Otherwise, :exception:`OWSAccessForbidden` is raised. Failing to parse the request or any underlying component that raises an exception will be left up to the parent caller to handle the exception. In most typical use case, this means `Twitcher` will raise a generic :exception:`OWSException` with ``NoApplicableCode``, unless the exception was more specifically handled. :raises OWSAccessForbidden: If the user does not have access to the targeted resource under the service. :raises HTTPBadRequest: If a request parsing error was detected when trying to resolve the permission based on the service/resource. :raises Exception: Any derived exception that was not explicitly handled is re-raised directly after logging the event. :returns: Nothing if user has access. .. py:method:: update_request_cookies(request: pyramid.request.Request) -> None Ensure login of the user and update the request cookies if Twitcher is in a special configuration. Only update if ``MAGPIE_COOKIE_NAME`` is missing and is retrievable from ``access_token`` field within the ``Authorization`` header. Counter-validate the login procedure by calling Magpie's ``/session`` which should indicate if there is a logged user.