def init_secured_app(_app):
cfy_config = config.instance()
if cfy_config.auth_token_generator:
register_auth_token_generator(_app,
config.instance().auth_token_generator)
# init and configure flask-securest
secure_app = SecuREST(_app)
secure_app.logger = create_logger(
logger_name='flask-securest',
log_level=cfy_config.securest_log_level,
log_file=cfy_config.securest_log_file,
log_file_size_MB=cfy_config.securest_log_file_size_MB,
log_files_backup_count=cfy_config.securest_log_files_backup_count
)
if cfy_config.securest_userstore_driver:
register_userstore_driver(secure_app,
cfy_config.securest_userstore_driver)
register_authentication_providers(
secure_app, cfy_config.securest_authentication_providers)
def unauthorized_user_handler():
utils.abort_error(
manager_exceptions.UnauthorizedError('user unauthorized'),
current_app.logger,
hide_server_message=True)
secure_app.unauthorized_user_handler = unauthorized_user_handler
if config.instance().security_bypass_port:
secure_app.request_security_bypass_handler = \
request_security_bypass_handler
def init_secured_app(_app):
cfy_config = config.instance()
if cfy_config.security_auth_token_generator:
register_auth_token_generator(
_app,
config.instance().security_auth_token_generator)
# init and configure flask-securest
secure_app = SecuREST(_app)
secure_app.logger = create_logger(
logger_name='flask-securest',
log_level=cfy_config.security_audit_log_level,
log_file=cfy_config.security_audit_log_file,
log_file_size_MB=cfy_config.security_audit_log_file_size_MB,
log_files_backup_count=cfy_config.security_audit_log_files_backup_count
)
if cfy_config.security_userstore_driver:
register_userstore_driver(secure_app,
cfy_config.security_userstore_driver)
register_authentication_providers(
secure_app, cfy_config.security_authentication_providers)
def unauthorized_user_handler():
utils.abort_error(
manager_exceptions.UnauthorizedError('user unauthorized'),
current_app.logger,
hide_server_message=True)
secure_app.unauthorized_user_handler = unauthorized_user_handler
secure_app.request_security_bypass_handler = \
request_security_bypass_handler
def init_secured_app(_app):
def register_auth_token_generator(auth_token_generator):
_app.logger.debug('registering auth token generator {0}'.format(
auth_token_generator))
_app.auth_token_generator = create_instance(auth_token_generator)
def register_userstore_driver(userstore_driver):
secure_app.app.logger.debug(
'registering userstore driver {0}'.format(userstore_driver))
secure_app.userstore_driver = create_instance(userstore_driver)
def register_authentication_providers(authentication_providers):
# Note: the order of registration is important here
for provider in authentication_providers:
secure_app.app.logger.debug(
'registering authentication provider {0}'.format(provider))
secure_app.register_authentication_provider(
provider['name'], create_instance(provider))
def register_authorization_provider(authorization_provider):
secure_app.app.logger.debug(
'registering authorization provider {0}'.format(
authorization_provider))
secure_app.authorization_provider = \
create_instance(authorization_provider)
def create_instance(class_details):
if type(class_details) is not dict:
raise ValueError('Cannot create a class instance, class_details'
' is not a dict: {0}'.format(class_details))
if IMPLEMENTATION_KEY not in class_details:
raise ValueError('Cannot create a class instance, class_details'
' is missing a {0} key: {1}'.format(
IMPLEMENTATION_KEY, class_details))
path_to_class = class_details[IMPLEMENTATION_KEY]
class_init_args = class_details.get(PROPERTIES_KEY)
if class_init_args:
for name, value in class_init_args.iteritems():
if type(value) is dict \
and IMPLEMENTATION_KEY in value:
# create inner class instance
class_init_args[name] = create_instance(value)
return utils.get_class_instance(path_to_class, class_init_args)
def unauthorized_user_handler():
utils.abort_error(
manager_exceptions.UnauthorizedError('user unauthorized'),
current_app.logger,
hide_server_message=True)
def _is_internal_request(req):
server_port = req.headers.get('X-Server-Port')
return str(server_port) == SECURITY_BYPASS_PORT
cfy_config = config.instance()
if cfy_config.security_auth_token_generator:
register_auth_token_generator(
config.instance().security_auth_token_generator)
# init and configure flask-securest
secure_app = SecuREST(_app)
secure_app.logger = create_logger(
logger_name='flask-securest',
log_level=cfy_config.security_audit_log_level,
log_file=cfy_config.security_audit_log_file,
log_file_size_MB=cfy_config.security_audit_log_file_size_MB,
log_files_backup_count=cfy_config.security_audit_log_files_backup_count
)
if cfy_config.security_userstore_driver:
register_userstore_driver(cfy_config.security_userstore_driver)
register_authentication_providers(
cfy_config.security_authentication_providers)
if cfy_config.security_authorization_provider:
register_authorization_provider(
cfy_config.security_authorization_provider)
secure_app.unauthorized_user_handler = unauthorized_user_handler
secure_app.skip_auth_hook = _is_internal_request
def init_secured_app(_app):
def register_auth_token_generator(auth_token_generator):
_app.logger.debug('registering auth token generator {0}'
.format(auth_token_generator))
_app.auth_token_generator = create_instance(auth_token_generator)
def register_userstore_driver(userstore_driver):
secure_app.app.logger.debug('registering userstore driver {0}'
.format(userstore_driver))
secure_app.userstore_driver = create_instance(userstore_driver)
def register_authentication_providers(authentication_providers):
# Note: the order of registration is important here
for provider in authentication_providers:
secure_app.app.logger.debug(
'registering authentication provider {0}'.format(provider))
secure_app.register_authentication_provider(
provider['name'], create_instance(provider))
def register_authorization_provider(authorization_provider):
secure_app.app.logger.debug('registering authorization provider {0}'
.format(authorization_provider))
secure_app.authorization_provider = \
create_instance(authorization_provider)
def create_instance(class_details):
if type(class_details) is not dict:
raise ValueError('Cannot create a class instance, class_details'
' is not a dict: {0}'.format(class_details))
if IMPLEMENTATION_KEY not in class_details:
raise ValueError('Cannot create a class instance, class_details'
' is missing a {0} key: {1}'.
format(IMPLEMENTATION_KEY, class_details))
path_to_class = class_details[IMPLEMENTATION_KEY]
class_init_args = class_details.get(PROPERTIES_KEY)
if class_init_args:
for name, value in class_init_args.iteritems():
if type(value) is dict \
and IMPLEMENTATION_KEY in value:
# create inner class instance
class_init_args[name] = create_instance(value)
return utils.get_class_instance(path_to_class, class_init_args)
def unauthorized_user_handler():
utils.abort_error(
manager_exceptions.UnauthorizedError('user unauthorized'),
current_app.logger,
hide_server_message=True)
def _is_internal_request(req):
server_port = req.headers.get('X-Server-Port')
return str(server_port) == SECURITY_BYPASS_PORT
cfy_config = config.instance()
if cfy_config.security_auth_token_generator:
register_auth_token_generator(
config.instance().security_auth_token_generator)
# init and configure flask-securest
secure_app = SecuREST(_app)
secure_app.logger = create_logger(
logger_name='flask-securest',
log_level=cfy_config.security_audit_log_level,
log_file=cfy_config.security_audit_log_file,
log_file_size_MB=cfy_config.security_audit_log_file_size_MB,
log_files_backup_count=cfy_config.security_audit_log_files_backup_count
)
if cfy_config.security_userstore_driver:
register_userstore_driver(cfy_config.security_userstore_driver)
register_authentication_providers(
cfy_config.security_authentication_providers)
if cfy_config.security_authorization_provider:
register_authorization_provider(
cfy_config.security_authorization_provider)
secure_app.unauthorized_user_handler = unauthorized_user_handler
secure_app.skip_auth_hook = _is_internal_request
