Beispiel #1
0
def validate_token_info(
    token_info: InternalSecurityCheckResponse,
    scope_validate_func: ScopeValidateFunc,
    required_scopes: Sequence[str],
) -> InternalSecurityCheckResponse:
    scopes: Optional[Sequence[str]] = None
    if not token_info:
        return None

    if "scopes" in token_info:
        scopes = token_info.get("scopes")
    elif "scope" in token_info:
        scope = token_info.get("scope")
        if isinstance(scope, str):
            scopes = scope.split()
        else:
            raise ValueError("'scope' should be a string")

    if not scopes:
        raise ValueError("missing scopes in token info")

    if not scope_validate_func(required_scopes, scopes):
        raise SecurityException(
            f"Invalid scopes: required: {required_scopes}, provided: {scopes}")

    return token_info
Beispiel #2
0
def load_bearer_info_func(scheme: SecurityScheme) -> BearerInfoFunc:
    if not scheme.x_bearer_info_func:
        raise SecurityException("Missing Bearer info function")
    try:
        return load_handler(scheme.x_bearer_info_func)
    except (AttributeError, ValueError) as err:
        raise SecurityException from err
Beispiel #3
0
def load_api_key_info_func(scheme: SecurityScheme) -> APIKeyInfoFunc:
    if not scheme.x_api_key_info_func:
        raise SecurityException("Missing API Key info function")
    try:
        return load_handler(scheme.x_api_key_info_func)
    except (AttributeError, ValueError) as err:
        raise SecurityException from err
Beispiel #4
0
def validate_scopes(required_scopes: Sequence[str],
                    token_scopes: Sequence[str]) -> bool:
    """Validates that all require scopes are present in the token scopes"""
    missing_scopes = set(required_scopes) - set(token_scopes)
    if missing_scopes:
        raise SecurityException(f"Missing required scopes: {missing_scopes}")

    return not missing_scopes
Beispiel #5
0
    def decorator(handler: Func[T]) -> Func[T]:
        if handler is None:
            raise SecurityException("invalid or missing handler")

        @wraps(handler)
        def handler_with_security(*args: Any, **kwargs: Any) -> T:
            # match the args that connexion passes to handlers after a security check
            token_info = security_handler(current_flask_request)
            user = token_info.get("sub", token_info.get("uid"))
            return handler(*args, user=user, token_info=token_info, **kwargs)

        return handler_with_security
Beispiel #6
0
def extract_auth_header(request: Request) -> Optional[Tuple[str, str]]:
    authorization = request.headers.get("Authorization")

    if not authorization:
        return None
    try:
        lhs, rhs = authorization.split(None, 1)
        if not lhs or not rhs:
            raise SecurityException("invalid Authorization header"
                                    " expected: <format> <value>"
                                    f" found {authorization}")
        return lhs, rhs
    except ValueError as err:
        raise SecurityException from err
Beispiel #7
0
    def security_handler(request: Request) -> SecurityInfo:

        # apply the security schemes in the order listed in the API file
        for check in security_checks:

            # if a security check fails if will raise the appropriate exception
            # if the security check passes it will return a dict of kwargs to pass to the handler   # noqa: 501
            # if the check is not applicable based on lack provided argument the check will return None indicating   # noqa: 501
            # that the next (if any) check should be run.
            security_args = check(request)
            if security_args:
                return security_args

        raise SecurityException("No checks passed")