def inner_wrapper(*args, **kwargs):
try:
with Yosai.context(self._yosai):
# Context Manager functions
try:
try:
identity = self.authenticate(request_proxy)
if not identity.username:
raise UnauthenticatedError('Authentication Required')
except:
raise UnauthenticatedError('Authentication Required')
ApiRequestContextProxy.set_identity(identity)
if self._check_account(identity.user_account, identity.user_account_type, with_names, with_types):
return f(*args, **kwargs)
finally:
# Teardown the request context
ApiRequestContextProxy.set_identity(None)
except UnauthorizedAccountError as ex:
return make_response_error(str(ex), in_httpcode=403), 403
except UnauthenticatedError as ex:
return Response(response='Unauthorized', status=401, headers=[('WWW-Authenticate', 'basic realm="Authentication required"')])
except Exception as ex:
logger.exception('Unexpected exception: {}'.format(ex))
return make_response_error('Internal error', in_httpcode=500), 500
def inner_wrapper(*args, **kwargs):
try:
with Yosai.context(self._yosai):
# Context Manager functions
try:
try:
identity = self.authenticate(request_proxy)
if not identity.username:
raise UnauthenticatedError('Authentication Required')
except:
raise UnauthenticatedError('Authentication Required')
ApiRequestContextProxy.set_identity(identity)
permissions_final = []
# Bind all the permissions as needed
for perm in permission_s:
domain = perm.domain if perm.domain else '*'
action = perm.action if perm.action else '*'
target = perm.target if perm.target else '*'
if hasattr(domain, 'bind'):
domain.bind(operation=f, kwargs=kwargs)
domain = domain.value
if hasattr(action, 'bind'):
action.bind(operation=f, kwargs=kwargs)
action = action.value
if hasattr(target, 'bind'):
target.bind(operation=f, kwargs=kwargs)
target = target.value
#permissions_final.append(':'.join([domain, action, target]))
permissions_final.append(Permission(domain, action, target))
# Do the authz on the bound permissions
try:
self.authorize(ApiRequestContextProxy().identity(), permissions_final)
except UnauthorizedError as ex:
raise ex
except Exception as e:
logger.exception('Error doing authz: {}'.format(e))
raise UnauthorizedError(permissions_final)
return f(*args, **kwargs)
finally:
# Teardown the request context
ApiRequestContextProxy.set_identity(None)
except UnauthorizedError as ex:
return make_response_error(str(ex), in_httpcode=403), 403
except UnauthenticatedError as ex:
return Response(response='Unauthorized', status=401, headers=[('WWW-Authenticate', 'basic realm="Authentication required"')])
except AnchoreApiError:
raise
except Exception as ex:
logger.exception('Unexpected exception: {}'.format(ex))
return make_response_error('Internal error', in_httpcode=500), 500
def inline_authz(self, permission_s: list, authc_token: AuthenticationToken=None):
"""
Non-decorator impl of the @requires() decorator for isolated and inline invocation.
Returns authenticated user identity on success or raises an exception
:param permission_s: list of Permission objects
:param authc_token: optional authc token to use for the authc portion, if omitted or None, the flask request context is used
:return: IdentityContext object
"""
try:
with Yosai.context(self._yosai):
# Context Manager functions
try:
try:
if not authc_token:
identity = self.authenticate(request_proxy)
else:
identity = self.authenticate_token(authc_token)
if not identity.username:
raise UnauthenticatedError('Authentication Required')
except:
raise UnauthenticatedError('Authentication Required')
ApiRequestContextProxy.set_identity(identity)
permissions_final = []
# Bind all the permissions as needed
for perm in permission_s:
domain = perm.domain if perm.domain else '*'
action = perm.action if perm.action else '*'
target = perm.target if perm.target else '*'
permissions_final.append(Permission(domain, action, target))
# Do the authz on the bound permissions
try:
self.authorize(ApiRequestContextProxy.identity(), permissions_final)
except UnauthorizedError as ex:
raise ex
except Exception as e:
logger.exception('Error doing authz: {}'.format(e))
raise UnauthorizedError(permissions_final)
return ApiRequestContextProxy.identity()
finally:
# Teardown the request context
ApiRequestContextProxy.set_identity(None)
except UnauthorizedError as ex:
return make_response_error(str(ex), in_httpcode=403), 403
except UnauthenticatedError as ex:
return Response(response='Unauthorized', status=401,
headers=[('WWW-Authenticate', 'basic realm="Authentication required"')])
except AnchoreApiError:
raise
except Exception as ex:
logger.exception('Unexpected exception: {}'.format(ex))
return make_response_error('Internal error', in_httpcode=500), 500
def inline_authz(self, permission_s: list):
"""
Non-decorator impl of the @requires() decorator for isolated and inline invocation.
Returns None on success or raises an exception
:param permission_s:
:return:
"""
try:
with Yosai.context(self._yosai):
# Context Manager functions
try:
try:
identity = self.authenticate(request_proxy)
if not identity.username:
raise UnauthenticatedError(
'Authentication Required')
except:
raise UnauthenticatedError('Authentication Required')
ApiRequestContextProxy.set_identity(identity)
permissions_final = []
# Bind all the permissions as needed
for perm in permission_s:
domain = perm.domain if perm.domain else '*'
action = perm.action if perm.action else '*'
target = perm.target if perm.target else '*'
permissions_final.append(':'.join(
[domain, action, target]))
# Do the authz on the bound permissions
try:
self.authorize(identity, permissions_final)
except UnauthorizedError as ex:
raise ex
except Exception as e:
logger.exception('Error doing authz: {}'.format(e))
raise UnauthorizedError(permissions_final)
return None
finally:
# Teardown the request context
ApiRequestContextProxy.set_identity(None)
except UnauthorizedError as ex:
return make_response_error(str(ex), in_httpcode=403), 403
except UnauthenticatedError as ex:
return Response(response='Unauthorized',
status=401,
headers=[('WWW-Authenticate',
'basic realm="Authentication required"')
])
except Exception as ex:
logger.exception('Unexpected exception: {}'.format(ex))
return make_response_error('Internal error', in_httpcode=500), 500
