def authorize(self, req): if "AUTHORIZATION" not in req.headers: raise falcon.HTTPMissingHeader("Authorization") components = req.headers["AUTHORIZATION"].split(" ") if len(components) != 2: raise falcon.HTTPInvalidHeader("Expected <type> <credentials>", "Authorization") type,creds = components if type not in self.supportedAuthorizationTypes: raise falcon.HTTPInvalidHeader("Unsupported credential type", "Authorization") if creds not in self.db.authKeys(): raise falcon.HTTPInvalidHeader("Invalid credentials", "Authorization")
def _raise(self, description): """Raises a HTTPInvalidHeader exception with descrition. Args: descrition (str): error descrition """ raise falcon.HTTPInvalidHeader(description, SIGNATURE_HEADER)
def do_auth(self, req, resp, resource, params): if resource._conf.get('auth', False): if not req.auth: raise falcon.HTTPMissingHeader("Missing OAuth token", "Authorization") try: bearer, token = req.auth.split() assert(bearer == "OAuth") except AssertionError as exp: raise falcon.HTTPInvalidHeader("Malformed Authorization header", "Authorization") parts = token.split('.') if len(parts) != 3: raise falcon.HTTPUnauthorized("Token is not a valid JWT token") itok = ".".join(parts[:2]) sig = hmac.new(resource._conf.get('secret', "there is no secret").encode('utf-8'), itok.encode('utf-8'), digestmod=hashlib.sha256).digest() if not hmac.compare_digest(base64.urlsafe_b64encode(sig), parts[2].encode('utf-8')): raise falcon.HTTPForbidden() payload = json.loads(base64.urlsafe_b64decode(parts[1]).decode('utf-8')) if payload["exp"] < int(time.time()): raise falcon.HTTPForbidden(description="Token has expired") if not resource.authorize(payload['prv']): raise falcon.HTTPForbidden(description="User does not have permission to use this function") self._usr = payload["iss"]
def on_get(self, req, resp): raise falcon.HTTPInvalidHeader('Please provide a valid token.', 'X-Auth-Token', code='A1001')