def test_using_kwargs_permission_url(
self, mocked_generate_jwt, mocked_200_granted_permissions
):
try:
check_user_permissions({}, "connection_id", fluidly_api_url=FLUIDLY_API_URL)
except ValueError:
pytest.fail("Unexpected ValueError")
def test_passing_env_permission_url(
self,
mocked_generate_jwt,
mocked_200_granted_permissions,
mocked_env_permissions_url_path,
):
try:
check_user_permissions({}, "connection_id")
except ValueError:
pytest.fail("Unexpected ValueError")
def test_not_granted_permissions(
self, mocked_generate_jwt, mocked_200_not_granted_permissions
):
assert (
check_user_permissions({}, "connection_id", fluidly_api_url=FLUIDLY_API_URL)
== False
)
def get_authorised_user(request: Request) -> Dict[str, Any]:
"""Retrieves the authentication information from Google Cloud Endpoints
and passes it to user permissions service"""
encoded_user_info = request.headers.get("X-Endpoint-API-UserInfo", None)
if not encoded_user_info:
raise HTTPException(status_code=401,
detail="User is not authenticated")
decoded_user_info = base64_decode(encoded_user_info)
user_info = json.loads(decoded_user_info)
claims = json.loads(user_info.get("claims", "{}"))
email = claims.get("https://api.fluidly.com/email", None)
auth0_claims = claims.get("https://api.fluidly.com/app_metadata", {})
internal_claims = claims.get("https://api.fluidly.com/internal_metadata",
{})
connection_id = request.path_params["connection_id"]
user_id = auth0_claims.get("userId", None)
try:
is_service_account = internal_claims.get("isServiceAccount", False)
if not is_service_account and not check_user_permissions(
claims, connection_id):
raise HTTPException(status_code=403,
detail="User cannot access this resource")
except (
ValueError,
UserPermissionsPayloadException,
UserPermissionsRequestException,
):
raise HTTPException(
status_code=403,
detail="An issue occurred while fetching permissions")
return {"connection_id": connection_id, "user_id": user_id, "email": email}
def decorated_function(*args, **kwargs):
"""Retrieves the authentication information from Google Cloud Endpoints
and passes it to user permissions service"""
encoded_user_info = request.headers.get("X-Endpoint-API-UserInfo", None)
if not encoded_user_info:
raise APIException(status=401, title="User is not authenticated")
decoded_user_info = base64_decode(encoded_user_info)
user_info = json.loads(decoded_user_info)
claims = json.loads(user_info.get("claims", "{}"))
auth0_claims = claims.get("https://api.fluidly.com/app_metadata", {})
internal_claims = claims.get("https://api.fluidly.com/internal_metadata", {})
connection_id = request.view_args["connection_id"]
user_id = auth0_claims.get("userId", None)
try:
is_service_account = internal_claims.get("isServiceAccount", False)
if not is_service_account and not check_user_permissions(
claims, connection_id
):
raise APIException(status=403, title="User cannot access this resource")
except (
ValueError,
UserPermissionsPayloadException,
UserPermissionsRequestException,
):
raise APIException(
status=403, title="An issue occurred while fetching permissions"
)
g.connection_id = connection_id
g.user_id = user_id
return f(*args, **kwargs)
def test_payload_exception_when_unavailable(
self, mocked_generate_jwt, mocked_500_permissions
):
with pytest.raises(UserPermissionsPayloadException):
check_user_permissions({}, "connection_id", fluidly_api_url=FLUIDLY_API_URL)
def test_required_permission_url(self):
with pytest.raises(ValueError, match="Please provide FLUIDLY_API_URL"):
check_user_permissions({}, "connection_id")
