def wrapper(request, *args, **kwargs): pool = Pool() UserApplication = pool.get('res.user.application') authorization = wsgi_to_bytes(request.headers['Authorization']) try: auth_type, auth_info = authorization.split(None, 1) auth_type = auth_type.lower() except ValueError: abort(401) if auth_type != b'bearer': abort(403) application = UserApplication.check(auth_info, name) if not application: abort(403) transaction = Transaction() # TODO language with transaction.set_user(application.user.id), \ transaction.set_context(_check_access=True): try: response = func(request, *args, **kwargs) except Exception, e: if isinstance(e, HTTPException): raise logger.error('%s', request, exc_info=True) abort(500, e)
def wrapper(request, *args, **kwargs): pool = Pool() UserApplication = pool.get('res.user.application') authorization = wsgi_to_bytes(request.headers['Authorization']) try: auth_type, auth_info = authorization.split(None, 1) auth_type = auth_type.lower() except ValueError: abort(HTTPStatus.UNAUTHORIZED) if auth_type != b'bearer': abort(HTTPStatus.FORBIDDEN) application = UserApplication.check(bytes_to_wsgi(auth_info), name) if not application: abort(HTTPStatus.FORBIDDEN) transaction = Transaction() # TODO language with transaction.set_user(application.user.id), \ transaction.set_context(_check_access=True): try: response = func(request, *args, **kwargs) except Exception as e: if isinstance(e, HTTPException): raise logger.error('%s', request, exc_info=True) abort(HTTPStatus.INTERNAL_SERVER_ERROR, e) if not isinstance(response, Response) and json: response = Response(json_.dumps(response, cls=JSONEncoder), content_type='application/json') return response
def parse_authorization_header(header): """ Parses the HTTP Auth Header to a JWT Token Args: header: Authorization header of the HTTP Request Examples: request.headers['Authorization'] or something same Returns: Valid JWT token """ if not header: return None value = wsgi_to_bytes(header) try: auth_type, auth_info = value.split(None, 1) auth_type = auth_type.lower() except ValueError: # Fallback for old versions auth_type = b"bearer" auth_info = value if auth_type == b"basic": try: username, password = base64.b64decode(auth_info).split(b":", 1) with current_app.app_context(): username = to_unicode(username, "utf-8") password = to_unicode(password, "utf-8") user_manager: UserManager = UserManager( current_app.database_manager) auth_module = AuthModule( SystemSettingsReader(current_app.database_manager)) try: user_instance = auth_module.login(user_manager, username, password) except Exception as e: return None if user_instance: tg = TokenGenerator(current_app.database_manager) return tg.generate_token(payload={ 'user': { 'public_id': user_instance.get_public_id() } }) else: return None except Exception: return None if auth_type == b"bearer": try: tv = TokenValidator() decoded_token = tv.decode_token(auth_info) tv.validate_token(decoded_token) return auth_info except Exception: return None return None
def parse_authorization_header(value): if not value: return value = wsgi_to_bytes(value) try: auth_type, auth_info = value.split(None, 1) auth_type = auth_type.lower() except ValueError: return if auth_type == b'session': try: username, userid, session = base64.b64decode(auth_info).split( b':', 3) userid = int(userid) except Exception: return return Authorization( 'session', { 'username': bytes_to_wsgi(username), 'userid': userid, 'session': bytes_to_wsgi(session), }) # JMO: the initial implementation used 'token', # but the IETF specifies 'Bearer' # (cf https://datatracker.ietf.org/doc/html/rfc6750#section-2.1 ). # So, we allow both to maintain compatibility with previous uses, # and be compatible with standard HTTP clients. elif auth_type in (b'token', b'bearer'): return Authorization('token', {'token': bytes_to_wsgi(auth_info)})
def parse_jwt_header(value): """Parse an HTTP bearer authorization header transmitted by the web browser. Try to parse this JWT token, return parsed object or None if header is invalid. :param value: the authorization header to parse. :return: parsed JWT token as a dict object or `None`. """ if not value: return None value = wsgi_to_bytes(value) try: auth_type, auth_info = value.split(None, 1) auth_type = auth_type.lower() except ValueError: return if auth_type == b'bearer': return jwt.decode(auth_info, algorithms=['RS256'], verify=False)
def get_authorization_header(): """ Return request's 'Authorization:' header as a two-tuple of (type, info). """ header = request.environ.get('HTTP_AUTHORIZATION') if not header: return None header = wsgi_to_bytes(header) try: auth_type, auth_info = header.split(None, 1) auth_type = auth_type.lower() except ValueError: return None return auth_type, auth_info
def get_authorization_header(): """ Return request's 'Authorization:' header as a two-tuple of (type, info). """ header = request.environ.get('HTTP_AUTHORIZATION') if not header: return None header = wsgi_to_bytes(header) try: auth_type, auth_info = header.split(None, 1) auth_type = auth_type.lower() except ValueError: return None return auth_type, auth_info
def parse_authorization_header(value): if not value: return value = wsgi_to_bytes(value) try: auth_type, auth_info = value.split(None, 1) auth_type = auth_type.lower() except ValueError: return if auth_type == b'session': try: username, userid, session = base64.b64decode(auth_info).split( b':', 3) userid = int(userid) except Exception: return return Authorization('session', { 'username': bytes_to_wsgi(username), 'userid': userid, 'session': bytes_to_wsgi(session), })
def get_current_session_id_and_token(): auth_header = request.environ.get('HTTP_AUTHORIZATION') auth_token = "" if auth_header: value = http.wsgi_to_bytes(auth_header) try: auth_type, auth_token = value.split(None, 1) auth_type = auth_type.lower() if auth_type != b'bearer': return None except ValueError: logging.warning("Invalid Auth header") return None elif "rbbtoken" in request.cookies: # Session token in cookie needs to be supported for embedded media links auth_token = urllib.parse.unquote(request.cookies['rbbtoken']).encode('latin1') else: return None return unpack_token(base64.b64decode(auth_token))