Diversified HTTP codes, more unified error messages, completed authentication.

59ce4518 · Pavel Kácha · 8e3eaed6 · 59ce4518
Commit 59ce4518 authored 10 years ago by Pavel Kácha
--- a/warden3/warden_server/warden_server.py
+++ b/warden3/warden_server/warden_server.py
@@ -200,9 +200,12 @@ class X509Authenticator(NoAuthenticator):
                return None
            return client

+        if method in ['getInfo', 'getEvents']:
+            return client
+
        try:
            identity = event['Node'][0]['Name'].lower()
-        except KeyError:
+        except (KeyError, TypeError):
            # Event does not bear valid Node attribute
            logging.info("Auth failed: event does not bear valid Node attribute")
            return None
@@ -365,13 +368,13 @@ class MySQL(Object):
        logging.debug("fetch_events: id=%i, count=%i, cat=%s, nocat=%s, tag=%s, notag=%s, group=%s, nogroup=%s" % (id, count, str(cat), str(nocat), str(tag), str(notag), str(group), str(nogroup)))

        if cat and nocat:
-            raise Error("Unrealizable conditions. Choose cat or nocat option.", 500, method='getEvents', 
+            raise Error("Unrealizable conditions. Choose cat or nocat option.", 422, method='getEvents', 
                        exc=sys.exc_info(), detail={'cat': cat, 'nocat' : nocat})
        if tag and notag:
-            raise Error("Unrealizable conditions. Choose tag or notag option.", 500, method='getEvents', 
+            raise Error("Unrealizable conditions. Choose tag or notag option.", 422, method='getEvents', 
                        exc=sys.exc_info(), detail={'tag': cat, 'notag' : nocat})
        if group and nogroup:
-            raise Error("Unrealizable conditions. Choose group or nogroup option.", 500, method='getEvents', 
+            raise Error("Unrealizable conditions. Choose group or nogroup option.", 422, method='getEvents', 
                        exc=sys.exc_info(), detail={'tag': cat, 'notag' : nocat})

        sqlwhere = []
@@ -604,7 +607,7 @@ class Server(Object):
            try:
                injson = environ['wsgi.input'].read()
            except:
-                raise Error("Data read error", 400, method=path, exc=sys.exc_info())
+                raise Error("Data read error", 408, method=path, exc=sys.exc_info())

            try:
                method = getattr(self.handler, path)
@@ -614,7 +617,7 @@ class Server(Object):

            client = self.auth.authenticate(environ)
            if not client:
-                raise Error("I'm watching YOU. (Authenticate)", 403, method=path)
+                raise Error("I'm watching. Authenticate.", 403, method=path)

            try:
                events = json.loads(injson) if injson else None
@@ -694,7 +697,7 @@ class WardenHandler(Object):
    def getDebug(self, _env, _client):
        auth = self.auth.authorize(_env, _client, 'getDebug', None, None)
        if not auth:
-            raise Error("I'm watching YOU. (Authorization)", 403, method='getDebug', detail={"client": _client})
+            raise Error("I'm watching. Authorize.", 403, method='getDebug', detail={"client": _client})
        
        return {
            "environment": _env,
@@ -704,6 +707,10 @@ class WardenHandler(Object):

    @expose
    def getInfo(self, _env, _client):
+        auth = self.auth.authorize(_env, _client, 'getInfo', None, None)
+        if not auth:
+            raise Error("I'm watching. Authorize.", 403, method='getDebug', detail={"client": _client})
+
        info = {
            "version": VERSION,
            "send_events_limit": self.send_events_limit,
@@ -720,6 +727,10 @@ class WardenHandler(Object):
            tag=None, notag=None,
            group=None, nogroup=None):

+        auth = self.auth.authorize(_env, _client, 'getEvents', None, None)
+        if not auth:
+            raise Error("I'm watching. Authorize.", 403, method='getDebug', detail={"client": _client})
+
        try:
            id = int(id[0])
        except (ValueError, TypeError, IndexError):
@@ -760,10 +771,10 @@ class WardenHandler(Object):
    @expose
    def sendEvents(self, _env, _client, events=[]):
        if not isinstance(events, list):
-            raise Error("List of events expected", 400, method="sendEvents")
+            raise Error("List of events expected.", 400, method="sendEvents")

        if len(events)>self.send_events_limit:
-            raise Error("Too much events in one batch", 400, method="sendEvents",
+            raise Error("Too much events in one batch.", 413, method="sendEvents",
                detail={"limit": self.send_events_limit})

        saved = 0