From 29fd399b06f524337e109cab2757cdd9477ab22d Mon Sep 17 00:00:00 2001 From: Ryan Petrello Date: Fri, 30 Aug 2019 14:38:57 -0400 Subject: [PATCH] introduce a new API for generating licenses from candlepin creds --- awx/api/urls/urls.py | 2 ++ awx/api/views/__init__.py | 1 + awx/api/views/root.py | 72 +++++++++++++++++++++++---------------- 3 files changed, 46 insertions(+), 29 deletions(-) diff --git a/awx/api/urls/urls.py b/awx/api/urls/urls.py index ede960ecb6..ab7d61fd23 100644 --- a/awx/api/urls/urls.py +++ b/awx/api/urls/urls.py @@ -14,6 +14,7 @@ from awx.api.views import ( ApiV2RootView, ApiV2PingView, ApiV2ConfigView, + ApiV2SubscriptionView, AuthView, UserMeList, DashboardView, @@ -94,6 +95,7 @@ v2_urls = [ url(r'^metrics/$', MetricsView.as_view(), name='metrics_view'), url(r'^ping/$', ApiV2PingView.as_view(), name='api_v2_ping_view'), url(r'^config/$', ApiV2ConfigView.as_view(), name='api_v2_config_view'), + url(r'^config/subscriptions/$', ApiV2SubscriptionView.as_view(), name='api_v2_subscription_view'), url(r'^auth/$', AuthView.as_view()), url(r'^me/$', UserMeList.as_view(), name='user_me_list'), url(r'^dashboard/$', DashboardView.as_view(), name='dashboard_view'), diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py index a6d92e9578..9302249e67 100644 --- a/awx/api/views/__init__.py +++ b/awx/api/views/__init__.py @@ -147,6 +147,7 @@ from awx.api.views.root import ( # noqa ApiV2RootView, ApiV2PingView, ApiV2ConfigView, + ApiV2SubscriptionView, ) diff --git a/awx/api/views/root.py b/awx/api/views/root.py index 44b8cb293b..b45ccc0071 100644 --- a/awx/api/views/root.py +++ b/awx/api/views/root.py @@ -171,6 +171,45 @@ class ApiV2PingView(APIView): return Response(response) +class ApiV2SubscriptionView(APIView): + + permission_classes = (IsAuthenticated,) + name = _('Configuration') + swagger_topic = 'System Configuration' + + def check_permissions(self, request): + super(ApiV2SubscriptionView, self).check_permissions(request) + if not request.user.is_superuser and request.method.lower() not in {'options', 'head'}: + self.permission_denied(request) # Raises PermissionDenied exception. + + def post(self, request): + from awx.main.utils.common import get_licenser + data = request.data.copy() + if data.get('rh_password') == '$encrypted$': + data['rh_password'] = settings.REDHAT_PASSWORD + try: + user, pw = data.get('rh_username'), data.get('rh_password') + validated = get_licenser().validate_rh(user, pw) + if user: + settings.REDHAT_USERNAME = data['rh_username'] + if pw: + settings.REDHAT_PASSWORD = data['rh_password'] + except Exception as exc: + msg = _("Invalid License") + if ( + isinstance(exc, requests.exceptions.HTTPError) and + getattr(getattr(exc, 'response', None), 'status_code', None) == 401 + ): + msg = _("The provided credentials are invalid (HTTP 401).") + if isinstance(exc, ValueError) and exc.args: + msg = exc.args[0] + logger.exception(smart_text(u"Invalid license submitted."), + extra=dict(actor=request.user.username)) + return Response({"error": msg}, status=status.HTTP_400_BAD_REQUEST) + + return Response(validated) + + class ApiV2ConfigView(APIView): permission_classes = (IsAuthenticated,) @@ -250,39 +289,14 @@ class ApiV2ConfigView(APIView): logger.info(smart_text(u"Invalid JSON submitted for license."), extra=dict(actor=request.user.username)) return Response({"error": _("Invalid JSON")}, status=status.HTTP_400_BAD_REQUEST) - try: from awx.main.utils.common import get_licenser license_data = json.loads(data_actual) - if license_data.get('rh_password') == '$encrypted$': - license_data['rh_password'] = settings.REDHAT_PASSWORD license_data_validated = get_licenser(**license_data).validate() - if license_data_validated.get('valid_key') and 'license_key' not in license_data: - if license_data.get('rh_username') and license_data.get('rh_password'): - settings.REDHAT_USERNAME = license_data['rh_username'] - settings.REDHAT_PASSWORD = license_data['rh_password'] - license_data = { - "eula_accepted": eula_accepted, - "features": license_data_validated['features'], - "license_type": license_data_validated['license_type'], - "license_date": license_data_validated['license_date'], - "license_key": license_data_validated['license_key'], - "instance_count": license_data_validated['instance_count'], - } - if license_data_validated.get('trial'): - license_data['trial'] = True - except Exception as exc: - msg = _("Invalid License") - if ( - isinstance(exc, requests.exceptions.HTTPError) and - getattr(getattr(exc, 'response', None), 'status_code', None) == 401 - ): - msg = _("The provided credentials are invalid (HTTP 401).") - if isinstance(exc, ValueError) and exc.args: - msg = exc.args[0] - logger.exception(smart_text(u"Invalid license submitted."), - extra=dict(actor=request.user.username)) - return Response({"error": msg}, status=status.HTTP_400_BAD_REQUEST) + except Exception: + logger.warning(smart_text(u"Invalid license submitted."), + extra=dict(actor=request.user.username)) + return Response({"error": _("Invalid License")}, status=status.HTTP_400_BAD_REQUEST) # If the license is valid, write it to the database. if license_data_validated['valid_key']: