Exemple #1
0
def _get_tenant():
    ctx = stack.top
    if ctx is not None:
        if not hasattr(ctx, 'tenant'):
            body = request.json
            cur_sender = cur_context = None
            if request.args.get('signed_request',
                                None) or 'authorization' in request.headers:
                cur_tenant, data = _validate_jwt(request)
                cur_sender = User(data['sub'])
                cur_context = data.get('context', None)
            elif body and 'oauth_client_id' in body:
                tenant_id = body['oauth_client_id']
                cur_tenant = Tenant.load(tenant_id)
            else:
                cur_tenant = None

            if body and 'item' in body:
                sent_by = _extract_sender(body['item'])
                if sent_by:
                    user = User(user_id=sent_by['id'],
                                name=sent_by['name'],
                                mention_name=sent_by['mention_name'])
                    # Check if the sender in the webhook matches the one provided in the JWT
                    if cur_sender and str(cur_sender.id) != str(user.id):
                        abort(400)
                    cur_sender = user

            ctx.tenant = cur_tenant
            ctx.sender = cur_sender
            ctx.context = cur_context

        return ctx.tenant
def _validate_jwt(req):
    jwt_data = req.args.get("signed_request", None)
    if not jwt_data:
        abort(401)

    oauth_id = jwt.decode(jwt_data, verify=False)["iss"]
    client = Tenant.load(oauth_id)
    data = jwt.decode(jwt_data, client.secret)
    return client, data["prn"]
def _get_tenant():
    ctx = stack.top
    if ctx is not None:
        if not hasattr(ctx, "tenant"):
            if request.args.get("signed_request", None):
                cur_tenant, prn = _validate_jwt(request)
                ctx.sender = User(prn)
            elif request.json and "oauth_client_id" in request.json:
                body = request.json
                tenant_id = body["oauth_client_id"]
                cur_tenant = Tenant.load(tenant_id)
                if "item" in body and "sender" in body["item"]:
                    user = User(
                        user_id=body["item"]["sender"]["id"],
                        name=body["item"]["sender"]["name"],
                        mention_name=body["item"]["sender"]["mention_name"],
                    )
                    ctx.sender = user

            else:
                cur_tenant = None
            ctx.tenant = cur_tenant
        return ctx.tenant
Exemple #4
0
def _validate_jwt(req):
    if 'signed_request' in req.form:
        jwt_data = req.form['signed_request']
    else:
        jwt_data = req.args.get('signed_request', None)

    if not jwt_data:
        header = req.headers.get('authorization', '')
        jwt_data = header[4:] if header.startswith('JWT ') else None

    if not jwt_data:
        abort(401)

    try:
        oauth_id = jwt.decode(jwt_data, verify=False)['iss']
        client = Tenant.load(oauth_id)
        data = jwt.decode(jwt_data, client.secret, leeway=10)
        return client, data

    except jwt.DecodeError:
        abort(400)
    except jwt.ExpiredSignature:
        abort(401)
Exemple #5
0
def get_tenant(tenant_id):
    return Tenant.load(tenant_id)
Exemple #6
0
def get_tenant(tenant_id):
    try:
        return Tenant.load(tenant_id)
    except:
        app.logger.error("Not able to load tenant")
        return None