def SecurityCheck(self, func, request, *args, **kwargs):
"""Check if access should be allowed for the request."""
try:
auth_header = request.headers.get("Authorization", "")
if not auth_header.startswith(self.BEARER_PREFIX):
raise ValueError("JWT token is missing.")
token = auth_header[len(self.BEARER_PREFIX):]
auth_domain = config.CONFIG["AdminUI.firebase_auth_domain"]
project_id = auth_domain.split(".")[0]
idinfo = id_token.verify_firebase_token(token,
request,
audience=project_id)
if idinfo["iss"] != self.SECURE_TOKEN_PREFIX + project_id:
raise ValueError("Wrong issuer.")
request.user = idinfo["email"]
except ValueError as e:
# For a homepage, just do a pass-through, otherwise JS code responsible
# for the Firebase auth won't ever get executed. This approach is safe,
# because wsgiapp.HttpRequest object will raise on any attempt to
# access uninitialized HttpRequest.user attribute.
if request.path != "/":
return self.AuthError("JWT token validation failed: %s" % e)
return func(request, *args, **kwargs)
def SecurityCheck(self, func, request, *args, **kwargs):
"""Check if access should be allowed for the request."""
try:
auth_header = request.headers.get("Authorization", "")
if not auth_header.startswith(self.BEARER_PREFIX):
raise ValueError("JWT token is missing.")
token = auth_header[len(self.BEARER_PREFIX):]
auth_domain = config.CONFIG["AdminUI.firebase_auth_domain"]
project_id = auth_domain.split(".")[0]
idinfo = id_token.verify_firebase_token(
token, request, audience=project_id)
if idinfo["iss"] != self.SECURE_TOKEN_PREFIX + project_id:
raise ValueError("Wrong issuer.")
request.user = idinfo["email"]
except ValueError as e:
# For a homepage, just do a pass-through, otherwise JS code responsible
# for the Firebase auth won't ever get executed. This approach is safe,
# because wsgiapp.HttpRequest object will raise on any attempt to
# access uninitialized HttpRequest.user attribute.
if request.path != "/":
return self.AuthError("JWT token validation failed: %s" % e)
return func(request, *args, **kwargs)
def verify_token(token):
try:
return id_token.verify_firebase_token(token, HTTP_REQUEST)
# return result if result['email_verified'] else None
except (ValueError, TypeError):
# invalid id_token
return None
def top_users():
id_token = request.headers['Authorization'].split(' ').pop()
claims = verify_firebase_token(id_token, HTTP_REQUEST)
if not claims:
return 'Unauthorized', 401
return jsonify([{'name': 'bob'}, {'name': 'jim'}])
def validate_firebase(mobile_id):
try:
idinfo = id_token.verify_firebase_token(
mobile_id,
requests.Request(),
audience=settings.FIREBASE_PROJECT_ID)
return True, idinfo['sub']
except ValueError:
return False, ""
def test_verify_firebase_token(verify_token):
result = id_token.verify_firebase_token(mock.sentinel.token,
mock.sentinel.request,
audience=mock.sentinel.audience)
assert result == verify_token.return_value
verify_token.assert_called_once_with(
mock.sentinel.token,
mock.sentinel.request,
audience=mock.sentinel.audience,
certs_url=id_token._GOOGLE_APIS_CERTS_URL)
def auth(token):
request = requests.Request()
if not token:
return {
"statusCode": 401
}
id_info = id_token.verify_firebase_token(token, request)
if not id_info:
return {
"statusCode": 401
}
return id_info
def decorated(*args, **kwargs):
jsonData = request.json
token = jsonData["token"]
if not token:
return jsonify({'message': 'Token is missing!'}), 403
try:
decodedToken = json.dumps(
id_token.verify_firebase_token(id_token=token,
request=requests.Request()))
except:
print('token is invalid')
return jsonify({'message': 'Token is invalid!'}), 403
return f(*args, **kwargs)
def render_index():
if request.method == 'POST':
idToken = request.headers['Authorization'].split(' ')[0]
claims = id_token.verify_firebase_token(idToken, HTTP_REQUEST)
if not claims:
return redirect('logout')
session['Logged'] = True
return 'Logged'
else:
print('Logged in : ', session['Logged'])
if session['Logged'] == True:
return render_template('index.html')
return redirect('logout')
def get_user_from_token(service):
# Returns the owner extracting it from the token
headers = service.request_state.headers.get('authorization')
if headers:
id_token_from_firebase = headers.split(' ').pop()
if id_token_from_firebase == 'undefined' or id_token_from_firebase == 'null':
return None
firebaseUser = id_token.verify_firebase_token(id_token_from_firebase,
HTTP_REQUEST)
if not firebaseUser:
return None
return firebaseUser.get('email')
else:
return None
def mainRoute(endpoint):
dataFile = open("data.json", "r")
jsonDataFile = json.load(dataFile)
jsonParams = request.json
token = jsonParams["token"]
decodedToken = json.loads(
json.dumps(
id_token.verify_firebase_token(id_token=token,
request=requests.Request())))
userId = decodedToken["user_id"]
listName = "bla"
itemName = ""
companyName = ""
if "list_name" in jsonParams:
listName = jsonParams["list_name"]
if "item_name" in jsonParams:
itemName = jsonParams["item_name"]
if "company_name" in jsonParams:
companyName = jsonParams["company_name"]
print('endpoint:', endpoint)
if endpoint == 'create_user':
return create_user(jsonDataFile, userId)
if endpoint == 'add_list':
return add_list(jsonDataFile, userId, listName)
if endpoint == 'remove_list':
return remove_list(jsonDataFile, userId, listName)
if endpoint == 'get_lists':
return get_lists(jsonDataFile, userId)
if endpoint == 'add_item':
return add_item(jsonDataFile, userId, listName, itemName, companyName)
if endpoint == 'remove_item':
return remove_item(jsonDataFile, userId, listName, itemName,
companyName)
if endpoint == 'check_item':
return check_item(jsonDataFile, userId, listName, itemName,
companyName)
if endpoint == 'uncheck_item':
return uncheck_item(jsonDataFile, userId, listName, itemName,
companyName)
def validate_firebase_token_for_info(token):
id_info = id_token.verify_firebase_token(token,
requests.Request(),
audience='prematch-212912')
return validate_for_handle_name(id_info)
def verify_firebase_token(token):
return id_token.verify_firebase_token(token, requests.Request())
