Implemented authentication for services except for S3.

2019-07-02 17:40:08 +02:00 · 2019-07-02 17:40:08 +02:00 · fbd0749854
commit fbd0749854
parent 0b51dd47f3
4 changed files with 266 additions and 18 deletions
--- a/moto/core/responses.py
+++ b/moto/core/responses.py
@ -8,6 +8,8 @@ import re
 import io

 import pytz
+
+from moto.core.authentication import IAMRequest
 from moto.core.exceptions import DryRunClientError

 from jinja2 import Environment, DictLoader, TemplateNotFound
@ -103,7 +105,22 @@ class _TemplateEnvironmentMixin(object):
        return self.environment.get_template(template_id)


-class BaseResponse(_TemplateEnvironmentMixin):
+class ActionAuthenticatorMixin(object):
+
+    INITIALIZATION_STEP_COUNT = 5
+    request_count = 0
+
+    def _authenticate_action(self):
+        iam_request = IAMRequest(method=self.method, path=self.path, data=self.querystring, headers=self.headers)
+        iam_request.check_signature()
+
+        if ActionAuthenticatorMixin.request_count >= ActionAuthenticatorMixin.INITIALIZATION_STEP_COUNT:
+            iam_request.check_action_permitted()
+        else:
+            ActionAuthenticatorMixin.request_count += 1
+
+
+class BaseResponse(_TemplateEnvironmentMixin, ActionAuthenticatorMixin):

    default_region = 'us-east-1'
    # to extract region, use [^.]
@ -273,6 +290,13 @@ class BaseResponse(_TemplateEnvironmentMixin):

    def call_action(self):
        headers = self.response_headers
+
+        try:
+            self._authenticate_action()
+        except HTTPException as http_error:
+            response = http_error.description, dict(status=http_error.code)
+            return self._send_response(headers, response)
+
        action = camelcase_to_underscores(self._get_action())
        method_names = method_names_from_class(self.__class__)
        if action in method_names:
@ -285,16 +309,7 @@ class BaseResponse(_TemplateEnvironmentMixin):
            if isinstance(response, six.string_types):
                return 200, headers, response
            else:
-                if len(response) == 2:
-                    body, new_headers = response
-                else:
-                    status, new_headers, body = response
-                status = new_headers.get('status', 200)
-                headers.update(new_headers)
-                # Cast status to string
-                if "status" in headers:
-                    headers['status'] = str(headers['status'])
-                return status, headers, body
+                return self._send_response(headers, response)

        if not action:
            return 404, headers, ''
@ -302,6 +317,19 @@ class BaseResponse(_TemplateEnvironmentMixin):
        raise NotImplementedError(
            "The {0} action has not been implemented".format(action))

+    @staticmethod
+    def _send_response(headers, response):
+        if len(response) == 2:
+            body, new_headers = response
+        else:
+            status, new_headers, body = response
+        status = new_headers.get('status', 200)
+        headers.update(new_headers)
+        # Cast status to string
+        if "status" in headers:
+            headers['status'] = str(headers['status'])
+        return status, headers, body
+
    def _get_param(self, param_name, if_none=None):
        val = self.querystring.get(param_name)
        if val is not None: