async def token_check(request): if str(request.rel_url) == "/": logger.info('<< %s - whitelisted request for %s' % (get_ip(request), request.rel_url)) return await handler(request) for item in self.whitelist: if str(request.rel_url).startswith(item): logger.info('<< %s - whitelisted request for %s' % (get_ip(request), request.rel_url)) return await handler(request) if not request.method == 'OPTIONS': request.user = None try: jwt_token = request.headers.get('authorization', None) except: logger.error( '.! %s - could not get jwt token from authorization header' % (get_ip(request), request.rel_url), exc_info=True) if not jwt_token: # CHEESE: Is this the same as the section below? Which one is more correct? try: if 'access_token' in request.cookies: #logger.info('.. token from cookie: %s' % request.cookies['token']) jwt_token = request.cookies['access_token'] except: logger.error( '.! %s - could not get jwt token from cookies' % (get_ip(request), request.rel_url), exc_info=True) if not jwt_token: # CHEESE: There is probably a better way to get this information, but this is a shim for EventSource not being able # to send an Authorization header from the client side. It also does not appear send cookies in the normal way # but you can farm them out of the headers try: if 'Cookie' in request.headers: cookies = request.headers['Cookie'].split('; ') logger.info('cookies: %s' % cookies) for hcookie in cookies: if hcookie.split('=')[0] == 'access_token': jwt_token = hcookie.split('=')[1] except: logger.error( '!! %s - Could not decipher token from header cookies' % (get_ip(request), request.rel_url), exc_info=True) if jwt_token: try: payload = jwt.decode(jwt_token, self.JWT_SECRET, algorithms=[self.JWT_ALGORITHM]) except (jwt.DecodeError, jwt.ExpiredSignatureError): logger.warn( '.- %s - Token is invalid for user. Path: %s' % (get_ip(request), request.rel_url), exc_info=True) raise web.HTTPUnauthorized() #return self.json_response({'message': 'Token is invalid'}, status=400) if 'instance' not in payload or payload[ 'instance'] != self.instance_id: # This invalidates acccess_tokens from previous starts of the application logger.debug( '.- %s - Token not correct for this instance. Path: %s' % (get_ip(request), request.rel_url)) #logger.warn('-- Headers: %s' % request.headers) raise web.HTTPUnauthorized() try: request.user = self.users.get(id=payload['user_id']) if getattr(request.user, 'timeout', None): return web.HTTPUnavailableForLegalReasons( 'You are in timeout') request.user.id = payload['user_id'] except: logger.error( '!! %s - error getting user for path: %s / user_id: %s' % (get_ip(request), request.rel_url, payload['user_id']), exc_info=True) raise web.HTTPUnauthorized() else: logger.warn( '.- %s - No token available for user. Path: %s' % (get_ip(request), request.rel_url)) logger.warn('-- Headers: %s' % request.headers) raise web.HTTPUnauthorized() #return self.json_response({'message': 'Token is missing'}, status=400) return await handler(request)
def test_link_header_451(buf, request): resp = web.HTTPUnavailableForLegalReasons(link='http://warning.or.kr/') assert 'http://warning.or.kr/' == resp.link assert '<http://warning.or.kr/>; rel="blocked-by"' == resp.headers['Link']
def function950(function376, function972): var3658 = web.HTTPUnavailableForLegalReasons(link='http://warning.or.kr/') assert ('http://warning.or.kr/' == var3658.link) assert ( '<http://warning.or.kr/>; rel="blocked-by"' == var3658.headers['Link'])