Exemple #1
0
    def test_extract_roles(self, mock_jwt):

        mock_jwt.decode.return_value = {
            'realm_access': {
                'roles': ['any roles']
            }
        }

        headers = {ACCESS_TOKEN_HEADER: "the token"}
        roles = extract_roles(headers)
        self.assertEqual(roles, ["any roles"])
        mock_jwt.decode.assert_called_with('the token', verify=False)

        roles = extract_roles({})
        self.assertEqual(roles, [])
Exemple #2
0
    def __init__(self, request):
        """
        A user is instantiated by the parameters in the HTTPS request

        :param request:
        """
        self._roles = extract_roles(request.headers)
Exemple #3
0
def _get_roles():
    """
    Gets the user roles from the request headers
    """
    try:
        return extract_roles(request.headers)
    except AttributeError:
        return []
Exemple #4
0
    def wrapper(*args, **kwargs):
        if is_secured_request(request.headers):
            roles = extract_roles(request.headers)

            if GOB_HR_ADMIN in roles:
                return view_func(*args, **kwargs)

        return "Forbidden", 403
Exemple #5
0
    def wrapper(*args, **kwargs):
        if is_secured_request(request.headers):
            """Access Token is forwarded by OAuth2Proxy. Keycloak roles are present in access token"""
            setattr(request, 'roles', extract_roles(request.headers))

            if _allows_access(rule, *args, **kwargs):
                return func(*args, **kwargs)
        return "Forbidden", 403
Exemple #6
0
    def _before_request(self):
        """Called on every request.

        :return:
        """
        if request.method == 'OPTIONS':
            return

        match = self._match_path(request.path, request.method)
        user_roles = extract_roles(request.headers)

        if not match or not self._is_allowed_access(user_roles, match):
            return "Forbidden", 403
Exemple #7
0
def _allows_access(rule, *args, **kwargs) -> bool:
    """
    Check access to paths with variable catalog/collection names
    """
    roles = extract_roles(request.headers)
    fp_role = _get_role_fp(roles)

    if REQUIRED_ROLE in roles and fp_role:
        # Store the MKS USER and APPLICATION in the global object and allow access
        setattr(g, MKS_APPLICATION_KEY, fp_role)
        setattr(g, MKS_USER_KEY, request.headers.get(USER_NAME_HEADER, ""))
        return True

    return False
Exemple #8
0
def get_user_from_request() -> dict:
    """
    Gets the user information from the request header set by keycloak
    and returns a dict with the user information for the Datapunt Audit Logger
    """
    user = {
        'authenticated':
        True if is_secured_request(request.headers) else False,
        'provider': 'Keycloak',
        'realm': '',
        'email': request.headers.get(USER_EMAIL_HEADER, ''),
        'roles': extract_roles(request.headers),
        'ip': get_client_ip(request)
    }
    return user