Esempio n. 1
0
    def decorated_function(*args, **kws):
        """ Decorator fucntion to make endpoint authorization checks easier for read only scopes defined in Okta """
        print("authorize_read_access()")
        authorization_header = None
        has_access = False
        # If
        if "Authorization" in request.headers:
            authorization_header = request.headers["Authorization"]
            authorization_token = authorization_header.replace(
                "Bearer ", "")  # Just get the access toke for introspection
            okta_util = OktaUtil(request.headers, config.okta)
            introspection_response = okta_util.introspect_oauth_token(
                authorization_token)
            # print "introspection_response: {0}".format(json.dumps(introspection_response, indent=4, sort_keys=True))
            if "active" in introspection_response:
                if introspection_response["scope"] == "read_only":
                    has_access = True

        # print "authorization_header: {0}".format(authorization_header)

        if has_access:
            return f(*args, **kws)
        else:
            print("Unauthorized")
            json_response = {"status": "failed"}

            return json.dumps(json_response,
                              default=default_date_to_string_converter)
Esempio n. 2
0
def is_logged_in():
    print "is_logged_in()"
    result = False
    okta_util = OktaUtil(request.headers, config.okta)
    # first check there is a token
    if("token" in request.cookies):
        token = request.cookies["token"]
        if token != "" and token != "NO_TOKEN":
            # introspect token
            introspection_results_json = okta_util.introspect_oauth_token(token)

            if("active" in introspection_results_json):
                result = True

    return result
Esempio n. 3
0
def get_current_user_token():
    print "get_current_user_token()"
    user_results_json = None
    okta_util = OktaUtil(request.headers, config.okta)

    if ("token" in request.cookies):
        introspection_results_json = okta_util.introspect_oauth_token(
            request.cookies.get("token"))

        if ("active" in introspection_results_json):
            if (introspection_results_json["active"]):
                print "Has active token"
                user_results_json = {
                    "active": introspection_results_json["active"],
                    "username": introspection_results_json["username"],
                    "uid": introspection_results_json["uid"]
                }
            else:
                print "Has inactive token"
        else:
            print "has inactive token error"
            check_okta_session_url = okta_util.create_oidc_auth_code_url(
                None, config.okta["oidc_client_id"],
                config.okta["redirect_uri"])
            user_results_json = {
                "active": False,
                "redirect_url": check_okta_session_url
            }
    else:
        print "has no token"
        check_okta_session_url = okta_util.create_oidc_auth_code_url(
            None, config.okta["oidc_client_id"], config.okta["redirect_uri"])
        user_results_json = {
            "active": False,
            "redirect_url": check_okta_session_url
        }

    if (not user_results_json):
        print "has no token default"
        user_results_json = {"active": False}

    return user_results_json