mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
api: token: drop usage of global authority import
This commit is contained in:
parent
7d514a3bc6
commit
f7d138e303
@ -225,7 +225,7 @@ def certidude_app(log_handlers=[]):
|
|||||||
app.add_route("/api/", SessionResource())
|
app.add_route("/api/", SessionResource())
|
||||||
|
|
||||||
if config.USER_ENROLLMENT_ALLOWED: # TODO: add token enable/disable flag for config
|
if config.USER_ENROLLMENT_ALLOWED: # TODO: add token enable/disable flag for config
|
||||||
app.add_route("/api/token/", TokenResource())
|
app.add_route("/api/token/", TokenResource(authority))
|
||||||
|
|
||||||
# Extended attributes for scripting etc.
|
# Extended attributes for scripting etc.
|
||||||
app.add_route("/api/signed/{cn}/attr/", AttributeResource(authority, namespace="machine"))
|
app.add_route("/api/signed/{cn}/attr/", AttributeResource(authority, namespace="machine"))
|
||||||
|
@ -11,12 +11,15 @@ from time import time
|
|||||||
from certidude import mailer
|
from certidude import mailer
|
||||||
from certidude.decorators import serialize
|
from certidude.decorators import serialize
|
||||||
from certidude.user import User
|
from certidude.user import User
|
||||||
from certidude import config, authority
|
from certidude import config
|
||||||
from certidude.auth import login_required, authorize_admin
|
from certidude.auth import login_required, authorize_admin
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
class TokenResource(object):
|
class TokenResource(object):
|
||||||
|
def __init__(self, authority):
|
||||||
|
self.authority = authority
|
||||||
|
|
||||||
def on_put(self, req, resp):
|
def on_put(self, req, resp):
|
||||||
# Consume token
|
# Consume token
|
||||||
now = time()
|
now = time()
|
||||||
@ -43,7 +46,7 @@ class TokenResource(object):
|
|||||||
common_name = csr["certification_request_info"]["subject"].native["common_name"]
|
common_name = csr["certification_request_info"]["subject"].native["common_name"]
|
||||||
assert common_name == username or common_name.startswith(username + "@"), "Invalid common name %s" % common_name
|
assert common_name == username or common_name.startswith(username + "@"), "Invalid common name %s" % common_name
|
||||||
try:
|
try:
|
||||||
_, resp.body = authority._sign(csr, body)
|
_, resp.body = self.authority._sign(csr, body)
|
||||||
resp.set_header("Content-Type", "application/x-pem-file")
|
resp.set_header("Content-Type", "application/x-pem-file")
|
||||||
logger.info("Autosigned %s as proven by token ownership", common_name)
|
logger.info("Autosigned %s as proven by token ownership", common_name)
|
||||||
except FileExistsError:
|
except FileExistsError:
|
||||||
|
Loading…
Reference in New Issue
Block a user