diff --git a/geonode/geoserver/signals.py b/geonode/geoserver/signals.py index 42cf6e40dda..8a7937c968b 100644 --- a/geonode/geoserver/signals.py +++ b/geonode/geoserver/signals.py @@ -525,7 +525,7 @@ def command_url(command): for style in instance.styles.all(): legend_url = ogc_server_settings.PUBLIC_LOCATION + \ - 'wms?request=GetLegendGraphic&format=image/png&WIDTH=20&HEIGHT=20&LAYER=' + \ + 'ows?service=WMS&request=GetLegendGraphic&format=image/png&WIDTH=20&HEIGHT=20&LAYER=' + \ instance.alternate + '&STYLE=' + style.name + \ '&legend_options=fontAntiAliasing:true;fontSize:12;forceLabels:on' diff --git a/geonode/proxy/views.py b/geonode/proxy/views.py index 2b42a853d6a..026d64b9390 100644 --- a/geonode/proxy/views.py +++ b/geonode/proxy/views.py @@ -59,14 +59,16 @@ "^(?i)(version)=(\d\.\d\.\d)(?i)&(?i)request=(?i)(GetCapabilities)&(?i)service=(?i)(\w\w\w)$") -def header_auth_view(auth_header): - encoded_credentials = auth_header.split(' ')[1] # Removes "Basic " to isolate credentials - decoded_credentials = base64.b64decode(encoded_credentials).decode("utf-8").split(':') - username = decoded_credentials[0] - password = decoded_credentials[1] - # if the credentials are correct, then the feed_bot is not None, but is a User object. - feed_bot = authenticate(username=username, password=password) - return feed_bot +def user_from_basic_auth(auth_header): + if 'Basic' in auth_header: + encoded_credentials = auth_header.split(' ')[1] # Removes "Basic " to isolate credentials + decoded_credentials = base64.b64decode(encoded_credentials).decode("utf-8").split(':') + username = decoded_credentials[0] + password = decoded_credentials[1] + # if the credentials are correct, then the feed_bot is not None, but is a User object. + user = authenticate(username=username, password=password) + return user + return None @requires_csrf_token @@ -172,9 +174,11 @@ def proxy(request, url=None, response_callback=None, 'HTTP_AUTHORIZATION', request.META.get('HTTP_AUTHORIZATION2')) if auth: - _user = header_auth_view(auth) + _user = user_from_basic_auth(auth) if not _user: - headers['Authorization'] = auth + if 'Bearer' in auth: + access_token = auth.replace('Bearer ', '') + headers['Authorization'] = auth else: try: from oauth2_provider.models import AccessToken, get_application_model @@ -185,9 +189,8 @@ def proxy(request, url=None, response_callback=None, traceback.print_exc() logger.error("Could retrieve OAuth2 Access Token for user %s" % _user) - if access_token: - if request.method in ("POST", "PUT", "DELETE"): - headers['Authorization'] = 'Bearer %s' % access_token + if access_token and not headers.get('Authorization'): + headers['Authorization'] = 'Bearer %s' % access_token site_url = urlsplit(settings.SITEURL) @@ -211,14 +214,11 @@ def proxy(request, url=None, response_callback=None, _url = parsed.geturl() - if access_token and 'access_token' not in _url: + if request.method == "GET" and access_token and 'access_token' not in _url: query_separator = '&' if '?' in _url else '?' _url = ('%s%saccess_token=%s' % (_url, query_separator, access_token)) - logger.debug(" - REQUEST HEADERS %s " % headers) - logger.debug(" - URL %s " % _url) - conn.request(request.method, _url, request.body, headers) response = conn.getresponse() content = response.read()