def update(cls, url, target_usr, token, update_data, Etag):
auth = security.authorize(url=url,
method="PUT",
token=token,
target_usr=target_usr)
logger.debug("auth: " + str(auth))
if auth:
cur_usr_info = user_svc.get_by_email(target_usr)
cur_usr_info = json.dumps(cur_usr_info, sort_keys=True)
logger.debug("cur_usr_info: " + str(cur_usr_info))
etag = security.ETag(Etag=Etag, cur_usr_info=cur_usr_info)
if etag:
hashed_pw = security.hash_password(
{"password": update_data['password']})
update_data["password"] = hashed_pw
logger.debug("************" + str(update_data["password"]))
try:
result = user_svc.update_user(update_data, target_usr)
s_info = user_svc.get_by_email(update_data['email'])
tok = security.generate_token(s_info)
return "success", tok, s_info
except:
return "exception", None, None
else:
return "Content Conflict", None, None
else:
return "No authentication", None, None
def test_middleware(parameter):
security_middleware.authorize(request.url, request.method,
request.headers.get("Authorization", None))
logger.debug("/api/user/<email>" + json.dumps(request, default=str))
# Other middleware goes here ...
# Now do the application functions.
# And now do the functions for post processing the request.
logger.debug("/api/user/<email>" + json.dumps(request, default=str))
if request.method in ('POST', 'PUT', 'DELETE'):
notification_middleware.publish_change_event(request.url, request.json)
# More stuff goes here.
return "something"
def before_request():
inputs = log_and_extract_input(demo)
rsp = security.authorize(inputs)
if rsp is not None:
rsp_status = 404
rsp_txt = "Not authorized"
full_rsp = Response(rsp_txt, status=rsp_status, content_type="text/plain")
return full_rsp
else:
pass
def delete(cls, url, target_usr, token):
auth = security.authorize(url=url,
method="DELETE",
token=token,
target_usr=target_usr)
logger.debug("auth: " + str(auth))
if auth:
try:
result = user_svc.delete_user(target_usr)
return result
except:
return None
else:
return None
def check_security():
# print("check security here")
if request.method == "OPTIONS": # allow CORS requests
return Response("",
status=204,
headers={
"Connection": "keep-alive",
"Access-Control-Allow-Origin": '*',
"Access-Control-Allow-Methods":
"POST, GET, PUT, DELETE",
"Access-Control-Max-Age": "86400",
"Access-Control-Allow-Headers": '*'
})
token = request.headers.get("Login-Token", None)
return security_middleware.authorize(request, token)
def before_decorator():
print(".... In before decorator ...")
# pull auth header from request
# check with security middleware that it's the expected user
if 'Authorization' in request.headers:
print('got request with auth header')
uri = request.path
method = request.method
auth_token = request.headers.get('Authorization')
if not security_middleware.authorize(uri, method, auth_token):
print("authentication failed")
rsp_data = None
rsp_status = 403
rsp_txt = "NOT AUTHORIZED"
full_rsp = Response(rsp_txt,
status=rsp_status,
content_type="text/plain")
return full_rsp