def authenticate(username, password, required_scopes=None):
""" Performs basic authentication from the user table in the database
Args:
username (str): username
password (str): password
Returns:
:obj:`argparse.Namespace`: command line parameters namespace
"""
# perform query
user_model = User.query.filter_by(username=username).first()
print("username = ", user_model.username)
# compare the db pass with the request one
if verify_pass(password, user_model.password) and user_model.admin == True:
info = {'sub': username, 'scope': 'admin'}
elif password == user_model.password:
info = {'sub': username, 'scope': ''}
else:
# optional: raise exception for custom error response
return None
# optional
if required_scopes is not None and not validate_scope(
required_scopes, info['scope']):
raise OAuthScopeProblem(
description=
'Provided user doesn\'t have the required access rights',
required_scopes=required_scopes,
token_scopes=info['scope'])
return info
def basic_auth(username, password, required_scopes=None):
# optional
if required_scopes is not None and not validate_scope(required_scopes, info['scope']):
raise OAuthScopeProblem(
description='Provided user doesn\'t have the required access rights',
required_scopes=required_scopes,
token_scopes=info['scope']
)
return {"sub":username, "secret":password}
def wrapper(*args, **kwargs):
logger.debug("%s Oauth verification...", request.url)
authorization = request.headers.get('Authorization') # type: str
# check if session authenticated user
is_authenticated = flask_session.get('is_authenticated')
user = flask_session.get('user')
token = flask_session.get('access_token')
if not authorization and not token:
logger.info("... No auth provided. Aborting with 401.")
raise OAuthProblem(description='No authorization token provided')
if not all([user, is_authenticated, token]):
if not token:
try:
_, token = authorization.split() # type: str, str
except ValueError:
raise OAuthProblem(
description='Invalid authorization header')
token_info = fetch_token_info(token_info_url, token)
user_scopes = set(token_info['scope'])
logger.debug("... Scopes required: %s", allowed_scopes)
logger.debug("... User scopes: %s", user_scopes)
if not allowed_scopes <= user_scopes:
logger.info(
textwrap.dedent("""
... User scopes (%s) do not match the scopes necessary to call endpoint (%s).
Aborting with 403.""").replace('\n', ''),
user_scopes, allowed_scopes)
raise OAuthScopeProblem(
description=
'Provided token doesn\'t have the required scope',
required_scopes=allowed_scopes,
token_scopes=user_scopes)
logger.info("... Token authenticated.")
request.user = token_info.get('uid')
request.token_info = token_info
set_token_info(token_info)
return function(*args, **kwargs)
def basic_auth(username, password, required_scopes=None):
if username == 'admin' and password == 'admin':
info = {'sub': 'admin', 'scope': 'secret'}
else:
raise Unauthorized(
f'Incorrect username: {username} or password: {password}')
if required_scopes is not None and not validate_scope(
required_scopes, info['scope']):
raise OAuthScopeProblem(
description=
'Provided user doesn\'t have the required access rights',
required_scopes=required_scopes,
token_scopes=info['scope'])
return info
def basic_auth(username, password, required_scopes=None):
if username == 'admin' and password == 'secret':
info = {'sub': 'admin', 'scope': 'secret'}
elif username == 'foo' and password == 'bar':
info = {'sub': 'user1', 'scope': ''}
else:
# optional: raise exception for custom error response
return None
# optional
if required_scopes is not None and not validate_scope(required_scopes, info['scope']):
raise OAuthScopeProblem(
description='Provided user doesn\'t have the required access rights',
required_scopes=required_scopes,
token_scopes=info['scope']
)
return info
def basic_auth(username, password, required_scopes=None):
if username == 'admin' and password == 'secret':
info = {'sub': 'admin', "scope": "secret"}
elif username == "foo" and password == "bar":
info = {'sub': "user1", "scope": ""}
else:
return None
# optional
if required_scopes is not None and not validate_scope(
required_scopes, info['scope']):
raise OAuthScopeProblem(
description=
"Provided user doesn\'t have the required access rights",
required_scopes=required_scopes,
token_scopes=info['scope'])
return info