def get_farm_access_allow_public( user_access: dict = Depends(get_current_user_farm_access), api_token_access: dict = Depends(get_api_token_farm_access), ): farm_access = None # If open registration is enabled, allow minimal access. if settings.AGGREGATOR_OPEN_FARM_REGISTRATION is True: farm_access = FarmAccess(scopes=[], farm_id_list=[], all_farms=False) # Still check for a request with higher permissions. # This is the same as the get_farm_access dependency above. if user_access is not None: logger.debug(f"Request has user_access: {user_access}") farm_access = user_access if api_token_access is not None: logger.debug(f"Request has api_token access: {api_token_access}") farm_access = api_token_access if farm_access is None: logger.debug(f"Request has no farm access.") raise HTTPException(status_code=HTTP_401_UNAUTHORIZED, detail="Could not validate credentials") return farm_access
def get_api_token_farm_access( security_scopes: SecurityScopes, settings=Depends(get_settings), api_token: str = Security(api_token_header), ): # Right now, api-tokens are only used for Invite Farm Registration (if enabled) # Don't authorize requests with valid api-tokens if this setting is not enabled. if settings.AGGREGATOR_INVITE_FARM_REGISTRATION and api_token is not None: try: token_data = _validate_token(api_token) except (PyJWTError, ValidationError) as e: raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Could not validate credentials", ) for scope in security_scopes.scopes: if scope not in token_data.scopes: raise HTTPException(status_code=HTTP_401_UNAUTHORIZED, detail="Not enough permissions.") return FarmAccess(scopes=token_data.scopes, farm_id_list=token_data.farm_id, all_farms=False) return None
def get_current_user_farm_access(security_scopes: SecurityScopes, db: Session = Depends(get_db), token: str = Security(optional_oauth2)): if security_scopes.scopes: authenticate_value = f'Bearer scope="{security_scopes.scope_str}"' else: authenticate_value = f"Bearer" credentials_exception = HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Could not validate credentials", headers={"WWW-Authenticate": authenticate_value}, ) if token is None: # Make this an optional dependency. Don't raise an error if no user is logged in. return None else: try: token_data = _validate_token(token) except (PyJWTError, ValidationError) as e: raise credentials_exception user = crud.user.get(db, user_id=token_data.user_id) if user is None: raise credentials_exception for scope in security_scopes.scopes: if scope not in token_data.scopes: raise HTTPException(status_code=HTTP_401_UNAUTHORIZED, detail="Not enough permissions.") all_farms = False if crud.user.is_superuser(user): all_farms = True return FarmAccess(scopes=token_data.scopes, user_id=token_data.user_id, all_farms=all_farms)
def get_api_key_farm_access( security_scopes: SecurityScopes, db: Session = Depends(get_db), api_key: str = Security(api_key_header), ): if api_key is None: return None else: try: token_data = _validate_token(api_key) except (PyJWTError, ValidationError) as e: raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Could not validate api key.", ) for scope in security_scopes.scopes: if scope not in token_data.scopes: raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Not enough permissions.", ) key_in_db = crud.api_key.get_by_key(db, key=api_key.encode()) if key_in_db is None: raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="API Key doesn't exist.", ) if not key_in_db.enabled: raise HTTPException(status_code=HTTP_401_UNAUTHORIZED, detail="API Key is not enabled.") return FarmAccess(scopes=token_data.scopes, farm_id_list=token_data.farm_id, all_farms=token_data.all_farms)
def get_api_token_farm_access( security_scopes: SecurityScopes, api_token: str = Security(api_key_header), ): if api_token is None: return None else: try: token_data = _validate_token(api_token) except (PyJWTError, ValidationError) as e: raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Could not validate credentials", ) for scope in security_scopes.scopes: if scope not in token_data.scopes: raise HTTPException(status_code=HTTP_401_UNAUTHORIZED, detail="Not enough permissions.") return FarmAccess(scopes=token_data.scopes, farm_id_list=token_data.farm_id, all_farms=False)