From 59ce4518593d6dbba2f141915f663df209e961e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20K=C3=A1cha?= <ph@cesnet.cz>
Date: Thu, 15 Jan 2015 20:26:41 +0100
Subject: [PATCH] Diversified HTTP codes, more unified error messages,
 completed authentication.

---
 warden3/warden_server/warden_server.py | 29 ++++++++++++++++++--------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/warden3/warden_server/warden_server.py b/warden3/warden_server/warden_server.py
index 2d43bb4..8bbc6a3 100755
--- a/warden3/warden_server/warden_server.py
+++ b/warden3/warden_server/warden_server.py
@@ -200,9 +200,12 @@ class X509Authenticator(NoAuthenticator):
                 return None
             return client
 
+        if method in ['getInfo', 'getEvents']:
+            return client
+
         try:
             identity = event['Node'][0]['Name'].lower()
-        except KeyError:
+        except (KeyError, TypeError):
             # Event does not bear valid Node attribute
             logging.info("Auth failed: event does not bear valid Node attribute")
             return None
@@ -365,13 +368,13 @@ class MySQL(Object):
         logging.debug("fetch_events: id=%i, count=%i, cat=%s, nocat=%s, tag=%s, notag=%s, group=%s, nogroup=%s" % (id, count, str(cat), str(nocat), str(tag), str(notag), str(group), str(nogroup)))
 
         if cat and nocat:
-            raise Error("Unrealizable conditions. Choose cat or nocat option.", 500, method='getEvents', 
+            raise Error("Unrealizable conditions. Choose cat or nocat option.", 422, method='getEvents', 
                         exc=sys.exc_info(), detail={'cat': cat, 'nocat' : nocat})
         if tag and notag:
-            raise Error("Unrealizable conditions. Choose tag or notag option.", 500, method='getEvents', 
+            raise Error("Unrealizable conditions. Choose tag or notag option.", 422, method='getEvents', 
                         exc=sys.exc_info(), detail={'tag': cat, 'notag' : nocat})
         if group and nogroup:
-            raise Error("Unrealizable conditions. Choose group or nogroup option.", 500, method='getEvents', 
+            raise Error("Unrealizable conditions. Choose group or nogroup option.", 422, method='getEvents', 
                         exc=sys.exc_info(), detail={'tag': cat, 'notag' : nocat})
 
         sqlwhere = []
@@ -604,7 +607,7 @@ class Server(Object):
             try:
                 injson = environ['wsgi.input'].read()
             except:
-                raise Error("Data read error", 400, method=path, exc=sys.exc_info())
+                raise Error("Data read error", 408, method=path, exc=sys.exc_info())
 
             try:
                 method = getattr(self.handler, path)
@@ -614,7 +617,7 @@ class Server(Object):
 
             client = self.auth.authenticate(environ)
             if not client:
-                raise Error("I'm watching YOU. (Authenticate)", 403, method=path)
+                raise Error("I'm watching. Authenticate.", 403, method=path)
 
             try:
                 events = json.loads(injson) if injson else None
@@ -694,7 +697,7 @@ class WardenHandler(Object):
     def getDebug(self, _env, _client):
         auth = self.auth.authorize(_env, _client, 'getDebug', None, None)
         if not auth:
-            raise Error("I'm watching YOU. (Authorization)", 403, method='getDebug', detail={"client": _client})
+            raise Error("I'm watching. Authorize.", 403, method='getDebug', detail={"client": _client})
         
         return {
             "environment": _env,
@@ -704,6 +707,10 @@ class WardenHandler(Object):
 
     @expose
     def getInfo(self, _env, _client):
+        auth = self.auth.authorize(_env, _client, 'getInfo', None, None)
+        if not auth:
+            raise Error("I'm watching. Authorize.", 403, method='getDebug', detail={"client": _client})
+
         info = {
             "version": VERSION,
             "send_events_limit": self.send_events_limit,
@@ -720,6 +727,10 @@ class WardenHandler(Object):
             tag=None, notag=None,
             group=None, nogroup=None):
 
+        auth = self.auth.authorize(_env, _client, 'getEvents', None, None)
+        if not auth:
+            raise Error("I'm watching. Authorize.", 403, method='getDebug', detail={"client": _client})
+
         try:
             id = int(id[0])
         except (ValueError, TypeError, IndexError):
@@ -760,10 +771,10 @@ class WardenHandler(Object):
     @expose
     def sendEvents(self, _env, _client, events=[]):
         if not isinstance(events, list):
-            raise Error("List of events expected", 400, method="sendEvents")
+            raise Error("List of events expected.", 400, method="sendEvents")
 
         if len(events)>self.send_events_limit:
-            raise Error("Too much events in one batch", 400, method="sendEvents",
+            raise Error("Too much events in one batch.", 413, method="sendEvents",
                 detail={"limit": self.send_events_limit})
 
         saved = 0
-- 
GitLab