def validate_internal_request(request):
internal_token = request.headers.get(INTERNAL_TOKEN_HEADER)
if not internal_token:
raise InvalidInternalToken('no token')
try:
decoded_data = jwt.decode(internal_token,
get_config_by_key_path(['signing_secret']),
algorithms=[SIGNING_ALGORITHM])
if 'exp' not in decoded_data:
logging.warning(
'Someone attempted to use an invalid internal token: %s',
internal_token)
raise InvalidInternalToken('missing exp')
except jwt.exceptions.InvalidSignatureError:
logging.warning(
'Someone attempted to use an invalid internal token: %s',
internal_token)
raise InvalidInternalToken('invalid signature')
except jwt.exceptions.ExpiredSignatureError:
logging.warning(
'Someone attempted to use an expired internal token: %s',
internal_token)
raise InvalidInternalToken('expired')
if request.url != decoded_data['url']:
logging.warning(
'Someone attempted to use an internal token with the'
' wrong URL. Token URL: %s. Request URL: %s. Token: %s',
decoded_data['url'], request.url, internal_token)
raise InvalidInternalToken('mismatched URL')
return True
import logging
import os
import traceback
import jinja2
from flask import Flask, send_from_directory, redirect, request, jsonify
from flask_login import LoginManager, current_user
from flask_sqlalchemy import SQLAlchemy as _BaseSQLAlchemy
from flask_migrate import Migrate, upgrade as upgrade_db
from flask_wtf.csrf import generate_csrf
import sentry_sdk
from werkzeug.routing import BaseConverter
from shared_helpers import config
sentry_config = config.get_config_by_key_path(['monitoring', 'sentry'])
if sentry_config:
from sentry_sdk.integrations.flask import FlaskIntegration
sentry_sdk.init(dsn=sentry_config['dsn'],
integrations=[FlaskIntegration()],
traces_sample_rate=sentry_config.get(
'traces_sample_rate', 0.1))
JINJA_ENVIRONMENT = jinja2.Environment(loader=jinja2.FileSystemLoader(
os.path.join(os.path.dirname(__file__), 'static')),
extensions=['jinja2.ext.autoescape'],
autoescape=True)
def init_app_without_routes(disable_csrf=False):
import datetime
import logging
import os
from urllib.parse import quote
from flask import abort, request, redirect
from flask_login import login_user, current_user
from flask_wtf.csrf import validate_csrf
from wtforms.validators import ValidationError
from modules.organizations.utils import get_organization_id_for_email
from modules.users.helpers import get_or_create_user, get_user_by_id
from shared_helpers import config
from shared_helpers.services import validate_internal_request, get as service_get, InvalidInternalToken
ADDITIONAL_ALLOWED_ORIGINS = config.get_config_by_key_path(
['additional_allowed_origins']) or []
csrf_exempt_paths = set()
def login_test_user():
if os.getenv('ENVIRONMENT') == 'test_env' and request.headers.get(
'TROTTO_USER_UNDER_TEST'):
login_user(
get_or_create_user(
request.headers.get('TROTTO_USER_UNDER_TEST'),
get_organization_id_for_email(
request.headers.get('TROTTO_USER_UNDER_TEST'))))
def check_csrf():