async def token_check(request):
if str(request.rel_url) == "/":
logger.info('<< %s - whitelisted request for %s' %
(get_ip(request), request.rel_url))
return await handler(request)
for item in self.whitelist:
if str(request.rel_url).startswith(item):
logger.info('<< %s - whitelisted request for %s' %
(get_ip(request), request.rel_url))
return await handler(request)
if not request.method == 'OPTIONS':
request.user = None
try:
jwt_token = request.headers.get('authorization', None)
except:
logger.error(
'.! %s - could not get jwt token from authorization header'
% (get_ip(request), request.rel_url),
exc_info=True)
if not jwt_token:
# CHEESE: Is this the same as the section below? Which one is more correct?
try:
if 'access_token' in request.cookies:
#logger.info('.. token from cookie: %s' % request.cookies['token'])
jwt_token = request.cookies['access_token']
except:
logger.error(
'.! %s - could not get jwt token from cookies' %
(get_ip(request), request.rel_url),
exc_info=True)
if not jwt_token:
# CHEESE: There is probably a better way to get this information, but this is a shim for EventSource not being able
# to send an Authorization header from the client side. It also does not appear send cookies in the normal way
# but you can farm them out of the headers
try:
if 'Cookie' in request.headers:
cookies = request.headers['Cookie'].split('; ')
logger.info('cookies: %s' % cookies)
for hcookie in cookies:
if hcookie.split('=')[0] == 'access_token':
jwt_token = hcookie.split('=')[1]
except:
logger.error(
'!! %s - Could not decipher token from header cookies'
% (get_ip(request), request.rel_url),
exc_info=True)
if jwt_token:
try:
payload = jwt.decode(jwt_token,
self.JWT_SECRET,
algorithms=[self.JWT_ALGORITHM])
except (jwt.DecodeError, jwt.ExpiredSignatureError):
logger.warn(
'.- %s - Token is invalid for user. Path: %s' %
(get_ip(request), request.rel_url),
exc_info=True)
raise web.HTTPUnauthorized()
#return self.json_response({'message': 'Token is invalid'}, status=400)
if 'instance' not in payload or payload[
'instance'] != self.instance_id:
# This invalidates acccess_tokens from previous starts of the application
logger.debug(
'.- %s - Token not correct for this instance. Path: %s'
% (get_ip(request), request.rel_url))
#logger.warn('-- Headers: %s' % request.headers)
raise web.HTTPUnauthorized()
try:
request.user = self.users.get(id=payload['user_id'])
if getattr(request.user, 'timeout', None):
return web.HTTPUnavailableForLegalReasons(
'You are in timeout')
request.user.id = payload['user_id']
except:
logger.error(
'!! %s - error getting user for path: %s / user_id: %s'
% (get_ip(request), request.rel_url,
payload['user_id']),
exc_info=True)
raise web.HTTPUnauthorized()
else:
logger.warn(
'.- %s - No token available for user. Path: %s' %
(get_ip(request), request.rel_url))
logger.warn('-- Headers: %s' % request.headers)
raise web.HTTPUnauthorized()
#return self.json_response({'message': 'Token is missing'}, status=400)
return await handler(request)
def test_link_header_451(buf, request):
resp = web.HTTPUnavailableForLegalReasons(link='http://warning.or.kr/')
assert 'http://warning.or.kr/' == resp.link
assert '<http://warning.or.kr/>; rel="blocked-by"' == resp.headers['Link']
def function950(function376, function972):
var3658 = web.HTTPUnavailableForLegalReasons(link='http://warning.or.kr/')
assert ('http://warning.or.kr/' == var3658.link)
assert (
'<http://warning.or.kr/>; rel="blocked-by"' == var3658.headers['Link'])