def _get_tenant():
ctx = stack.top
if ctx is not None:
if not hasattr(ctx, 'tenant'):
body = request.json
cur_sender = cur_context = None
if request.args.get('signed_request',
None) or 'authorization' in request.headers:
cur_tenant, data = _validate_jwt(request)
cur_sender = User(data['sub'])
cur_context = data.get('context', None)
elif body and 'oauth_client_id' in body:
tenant_id = body['oauth_client_id']
cur_tenant = Tenant.load(tenant_id)
else:
cur_tenant = None
if body and 'item' in body:
sent_by = _extract_sender(body['item'])
if sent_by:
user = User(user_id=sent_by['id'],
name=sent_by['name'],
mention_name=sent_by['mention_name'])
# Check if the sender in the webhook matches the one provided in the JWT
if cur_sender and str(cur_sender.id) != str(user.id):
abort(400)
cur_sender = user
ctx.tenant = cur_tenant
ctx.sender = cur_sender
ctx.context = cur_context
return ctx.tenant
def _validate_jwt(req):
jwt_data = req.args.get("signed_request", None)
if not jwt_data:
abort(401)
oauth_id = jwt.decode(jwt_data, verify=False)["iss"]
client = Tenant.load(oauth_id)
data = jwt.decode(jwt_data, client.secret)
return client, data["prn"]
def _get_tenant():
ctx = stack.top
if ctx is not None:
if not hasattr(ctx, "tenant"):
if request.args.get("signed_request", None):
cur_tenant, prn = _validate_jwt(request)
ctx.sender = User(prn)
elif request.json and "oauth_client_id" in request.json:
body = request.json
tenant_id = body["oauth_client_id"]
cur_tenant = Tenant.load(tenant_id)
if "item" in body and "sender" in body["item"]:
user = User(
user_id=body["item"]["sender"]["id"],
name=body["item"]["sender"]["name"],
mention_name=body["item"]["sender"]["mention_name"],
)
ctx.sender = user
else:
cur_tenant = None
ctx.tenant = cur_tenant
return ctx.tenant
def _validate_jwt(req):
if 'signed_request' in req.form:
jwt_data = req.form['signed_request']
else:
jwt_data = req.args.get('signed_request', None)
if not jwt_data:
header = req.headers.get('authorization', '')
jwt_data = header[4:] if header.startswith('JWT ') else None
if not jwt_data:
abort(401)
try:
oauth_id = jwt.decode(jwt_data, verify=False)['iss']
client = Tenant.load(oauth_id)
data = jwt.decode(jwt_data, client.secret, leeway=10)
return client, data
except jwt.DecodeError:
abort(400)
except jwt.ExpiredSignature:
abort(401)
def get_tenant(tenant_id):
return Tenant.load(tenant_id)
def get_tenant(tenant_id):
try:
return Tenant.load(tenant_id)
except:
app.logger.error("Not able to load tenant")
return None
