def authorize(self, req):
if "AUTHORIZATION" not in req.headers:
raise falcon.HTTPMissingHeader("Authorization")
components = req.headers["AUTHORIZATION"].split(" ")
if len(components) != 2:
raise falcon.HTTPInvalidHeader("Expected <type> <credentials>", "Authorization")
type,creds = components
if type not in self.supportedAuthorizationTypes:
raise falcon.HTTPInvalidHeader("Unsupported credential type", "Authorization")
if creds not in self.db.authKeys():
raise falcon.HTTPInvalidHeader("Invalid credentials", "Authorization")
def _raise(self, description):
"""Raises a HTTPInvalidHeader exception with descrition.
Args:
descrition (str): error descrition
"""
raise falcon.HTTPInvalidHeader(description, SIGNATURE_HEADER)
def do_auth(self, req, resp, resource, params):
if resource._conf.get('auth', False):
if not req.auth:
raise falcon.HTTPMissingHeader("Missing OAuth token", "Authorization")
try:
bearer, token = req.auth.split()
assert(bearer == "OAuth")
except AssertionError as exp:
raise falcon.HTTPInvalidHeader("Malformed Authorization header", "Authorization")
parts = token.split('.')
if len(parts) != 3:
raise falcon.HTTPUnauthorized("Token is not a valid JWT token")
itok = ".".join(parts[:2])
sig = hmac.new(resource._conf.get('secret', "there is no secret").encode('utf-8'), itok.encode('utf-8'), digestmod=hashlib.sha256).digest()
if not hmac.compare_digest(base64.urlsafe_b64encode(sig), parts[2].encode('utf-8')):
raise falcon.HTTPForbidden()
payload = json.loads(base64.urlsafe_b64decode(parts[1]).decode('utf-8'))
if payload["exp"] < int(time.time()):
raise falcon.HTTPForbidden(description="Token has expired")
if not resource.authorize(payload['prv']):
raise falcon.HTTPForbidden(description="User does not have permission to use this function")
self._usr = payload["iss"]
def on_get(self, req, resp):
raise falcon.HTTPInvalidHeader('Please provide a valid token.',
'X-Auth-Token',
code='A1001')
