def inner_wrapper(*args, **kwargs): try: with Yosai.context(self._yosai): # Context Manager functions try: try: identity = self.authenticate(request_proxy) if not identity.username: raise UnauthenticatedError('Authentication Required') except: raise UnauthenticatedError('Authentication Required') ApiRequestContextProxy.set_identity(identity) if self._check_account(identity.user_account, identity.user_account_type, with_names, with_types): return f(*args, **kwargs) finally: # Teardown the request context ApiRequestContextProxy.set_identity(None) except UnauthorizedAccountError as ex: return make_response_error(str(ex), in_httpcode=403), 403 except UnauthenticatedError as ex: return Response(response='Unauthorized', status=401, headers=[('WWW-Authenticate', 'basic realm="Authentication required"')]) except Exception as ex: logger.exception('Unexpected exception: {}'.format(ex)) return make_response_error('Internal error', in_httpcode=500), 500
def inner_wrapper(*args, **kwargs): try: with Yosai.context(self._yosai): # Context Manager functions try: try: identity = self.authenticate(request_proxy) if not identity.username: raise UnauthenticatedError('Authentication Required') except: raise UnauthenticatedError('Authentication Required') ApiRequestContextProxy.set_identity(identity) permissions_final = [] # Bind all the permissions as needed for perm in permission_s: domain = perm.domain if perm.domain else '*' action = perm.action if perm.action else '*' target = perm.target if perm.target else '*' if hasattr(domain, 'bind'): domain.bind(operation=f, kwargs=kwargs) domain = domain.value if hasattr(action, 'bind'): action.bind(operation=f, kwargs=kwargs) action = action.value if hasattr(target, 'bind'): target.bind(operation=f, kwargs=kwargs) target = target.value #permissions_final.append(':'.join([domain, action, target])) permissions_final.append(Permission(domain, action, target)) # Do the authz on the bound permissions try: self.authorize(ApiRequestContextProxy().identity(), permissions_final) except UnauthorizedError as ex: raise ex except Exception as e: logger.exception('Error doing authz: {}'.format(e)) raise UnauthorizedError(permissions_final) return f(*args, **kwargs) finally: # Teardown the request context ApiRequestContextProxy.set_identity(None) except UnauthorizedError as ex: return make_response_error(str(ex), in_httpcode=403), 403 except UnauthenticatedError as ex: return Response(response='Unauthorized', status=401, headers=[('WWW-Authenticate', 'basic realm="Authentication required"')]) except AnchoreApiError: raise except Exception as ex: logger.exception('Unexpected exception: {}'.format(ex)) return make_response_error('Internal error', in_httpcode=500), 500
def inline_authz(self, permission_s: list, authc_token: AuthenticationToken=None): """ Non-decorator impl of the @requires() decorator for isolated and inline invocation. Returns authenticated user identity on success or raises an exception :param permission_s: list of Permission objects :param authc_token: optional authc token to use for the authc portion, if omitted or None, the flask request context is used :return: IdentityContext object """ try: with Yosai.context(self._yosai): # Context Manager functions try: try: if not authc_token: identity = self.authenticate(request_proxy) else: identity = self.authenticate_token(authc_token) if not identity.username: raise UnauthenticatedError('Authentication Required') except: raise UnauthenticatedError('Authentication Required') ApiRequestContextProxy.set_identity(identity) permissions_final = [] # Bind all the permissions as needed for perm in permission_s: domain = perm.domain if perm.domain else '*' action = perm.action if perm.action else '*' target = perm.target if perm.target else '*' permissions_final.append(Permission(domain, action, target)) # Do the authz on the bound permissions try: self.authorize(ApiRequestContextProxy.identity(), permissions_final) except UnauthorizedError as ex: raise ex except Exception as e: logger.exception('Error doing authz: {}'.format(e)) raise UnauthorizedError(permissions_final) return ApiRequestContextProxy.identity() finally: # Teardown the request context ApiRequestContextProxy.set_identity(None) except UnauthorizedError as ex: return make_response_error(str(ex), in_httpcode=403), 403 except UnauthenticatedError as ex: return Response(response='Unauthorized', status=401, headers=[('WWW-Authenticate', 'basic realm="Authentication required"')]) except AnchoreApiError: raise except Exception as ex: logger.exception('Unexpected exception: {}'.format(ex)) return make_response_error('Internal error', in_httpcode=500), 500
def inline_authz(self, permission_s: list): """ Non-decorator impl of the @requires() decorator for isolated and inline invocation. Returns None on success or raises an exception :param permission_s: :return: """ try: with Yosai.context(self._yosai): # Context Manager functions try: try: identity = self.authenticate(request_proxy) if not identity.username: raise UnauthenticatedError( 'Authentication Required') except: raise UnauthenticatedError('Authentication Required') ApiRequestContextProxy.set_identity(identity) permissions_final = [] # Bind all the permissions as needed for perm in permission_s: domain = perm.domain if perm.domain else '*' action = perm.action if perm.action else '*' target = perm.target if perm.target else '*' permissions_final.append(':'.join( [domain, action, target])) # Do the authz on the bound permissions try: self.authorize(identity, permissions_final) except UnauthorizedError as ex: raise ex except Exception as e: logger.exception('Error doing authz: {}'.format(e)) raise UnauthorizedError(permissions_final) return None finally: # Teardown the request context ApiRequestContextProxy.set_identity(None) except UnauthorizedError as ex: return make_response_error(str(ex), in_httpcode=403), 403 except UnauthenticatedError as ex: return Response(response='Unauthorized', status=401, headers=[('WWW-Authenticate', 'basic realm="Authentication required"') ]) except Exception as ex: logger.exception('Unexpected exception: {}'.format(ex)) return make_response_error('Internal error', in_httpcode=500), 500