1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

api: token: drop usage of global authority import

This commit is contained in:
Priit Laes 2018-02-03 13:00:23 +02:00
parent 7d514a3bc6
commit f7d138e303
2 changed files with 6 additions and 3 deletions

View File

@ -225,7 +225,7 @@ def certidude_app(log_handlers=[]):
app.add_route("/api/", SessionResource()) app.add_route("/api/", SessionResource())
if config.USER_ENROLLMENT_ALLOWED: # TODO: add token enable/disable flag for config if config.USER_ENROLLMENT_ALLOWED: # TODO: add token enable/disable flag for config
app.add_route("/api/token/", TokenResource()) app.add_route("/api/token/", TokenResource(authority))
# Extended attributes for scripting etc. # Extended attributes for scripting etc.
app.add_route("/api/signed/{cn}/attr/", AttributeResource(authority, namespace="machine")) app.add_route("/api/signed/{cn}/attr/", AttributeResource(authority, namespace="machine"))

View File

@ -11,12 +11,15 @@ from time import time
from certidude import mailer from certidude import mailer
from certidude.decorators import serialize from certidude.decorators import serialize
from certidude.user import User from certidude.user import User
from certidude import config, authority from certidude import config
from certidude.auth import login_required, authorize_admin from certidude.auth import login_required, authorize_admin
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
class TokenResource(object): class TokenResource(object):
def __init__(self, authority):
self.authority = authority
def on_put(self, req, resp): def on_put(self, req, resp):
# Consume token # Consume token
now = time() now = time()
@ -43,7 +46,7 @@ class TokenResource(object):
common_name = csr["certification_request_info"]["subject"].native["common_name"] common_name = csr["certification_request_info"]["subject"].native["common_name"]
assert common_name == username or common_name.startswith(username + "@"), "Invalid common name %s" % common_name assert common_name == username or common_name.startswith(username + "@"), "Invalid common name %s" % common_name
try: try:
_, resp.body = authority._sign(csr, body) _, resp.body = self.authority._sign(csr, body)
resp.set_header("Content-Type", "application/x-pem-file") resp.set_header("Content-Type", "application/x-pem-file")
logger.info("Autosigned %s as proven by token ownership", common_name) logger.info("Autosigned %s as proven by token ownership", common_name)
except FileExistsError: except FileExistsError: