def test_using_kwargs_permission_url( self, mocked_generate_jwt, mocked_200_granted_permissions ): try: check_user_permissions({}, "connection_id", fluidly_api_url=FLUIDLY_API_URL) except ValueError: pytest.fail("Unexpected ValueError")
def test_passing_env_permission_url( self, mocked_generate_jwt, mocked_200_granted_permissions, mocked_env_permissions_url_path, ): try: check_user_permissions({}, "connection_id") except ValueError: pytest.fail("Unexpected ValueError")
def test_not_granted_permissions( self, mocked_generate_jwt, mocked_200_not_granted_permissions ): assert ( check_user_permissions({}, "connection_id", fluidly_api_url=FLUIDLY_API_URL) == False )
def get_authorised_user(request: Request) -> Dict[str, Any]: """Retrieves the authentication information from Google Cloud Endpoints and passes it to user permissions service""" encoded_user_info = request.headers.get("X-Endpoint-API-UserInfo", None) if not encoded_user_info: raise HTTPException(status_code=401, detail="User is not authenticated") decoded_user_info = base64_decode(encoded_user_info) user_info = json.loads(decoded_user_info) claims = json.loads(user_info.get("claims", "{}")) email = claims.get("https://api.fluidly.com/email", None) auth0_claims = claims.get("https://api.fluidly.com/app_metadata", {}) internal_claims = claims.get("https://api.fluidly.com/internal_metadata", {}) connection_id = request.path_params["connection_id"] user_id = auth0_claims.get("userId", None) try: is_service_account = internal_claims.get("isServiceAccount", False) if not is_service_account and not check_user_permissions( claims, connection_id): raise HTTPException(status_code=403, detail="User cannot access this resource") except ( ValueError, UserPermissionsPayloadException, UserPermissionsRequestException, ): raise HTTPException( status_code=403, detail="An issue occurred while fetching permissions") return {"connection_id": connection_id, "user_id": user_id, "email": email}
def decorated_function(*args, **kwargs): """Retrieves the authentication information from Google Cloud Endpoints and passes it to user permissions service""" encoded_user_info = request.headers.get("X-Endpoint-API-UserInfo", None) if not encoded_user_info: raise APIException(status=401, title="User is not authenticated") decoded_user_info = base64_decode(encoded_user_info) user_info = json.loads(decoded_user_info) claims = json.loads(user_info.get("claims", "{}")) auth0_claims = claims.get("https://api.fluidly.com/app_metadata", {}) internal_claims = claims.get("https://api.fluidly.com/internal_metadata", {}) connection_id = request.view_args["connection_id"] user_id = auth0_claims.get("userId", None) try: is_service_account = internal_claims.get("isServiceAccount", False) if not is_service_account and not check_user_permissions( claims, connection_id ): raise APIException(status=403, title="User cannot access this resource") except ( ValueError, UserPermissionsPayloadException, UserPermissionsRequestException, ): raise APIException( status=403, title="An issue occurred while fetching permissions" ) g.connection_id = connection_id g.user_id = user_id return f(*args, **kwargs)
def test_payload_exception_when_unavailable( self, mocked_generate_jwt, mocked_500_permissions ): with pytest.raises(UserPermissionsPayloadException): check_user_permissions({}, "connection_id", fluidly_api_url=FLUIDLY_API_URL)
def test_required_permission_url(self): with pytest.raises(ValueError, match="Please provide FLUIDLY_API_URL"): check_user_permissions({}, "connection_id")