def validate_internal_request(request): internal_token = request.headers.get(INTERNAL_TOKEN_HEADER) if not internal_token: raise InvalidInternalToken('no token') try: decoded_data = jwt.decode(internal_token, get_config_by_key_path(['signing_secret']), algorithms=[SIGNING_ALGORITHM]) if 'exp' not in decoded_data: logging.warning( 'Someone attempted to use an invalid internal token: %s', internal_token) raise InvalidInternalToken('missing exp') except jwt.exceptions.InvalidSignatureError: logging.warning( 'Someone attempted to use an invalid internal token: %s', internal_token) raise InvalidInternalToken('invalid signature') except jwt.exceptions.ExpiredSignatureError: logging.warning( 'Someone attempted to use an expired internal token: %s', internal_token) raise InvalidInternalToken('expired') if request.url != decoded_data['url']: logging.warning( 'Someone attempted to use an internal token with the' ' wrong URL. Token URL: %s. Request URL: %s. Token: %s', decoded_data['url'], request.url, internal_token) raise InvalidInternalToken('mismatched URL') return True
import logging import os import traceback import jinja2 from flask import Flask, send_from_directory, redirect, request, jsonify from flask_login import LoginManager, current_user from flask_sqlalchemy import SQLAlchemy as _BaseSQLAlchemy from flask_migrate import Migrate, upgrade as upgrade_db from flask_wtf.csrf import generate_csrf import sentry_sdk from werkzeug.routing import BaseConverter from shared_helpers import config sentry_config = config.get_config_by_key_path(['monitoring', 'sentry']) if sentry_config: from sentry_sdk.integrations.flask import FlaskIntegration sentry_sdk.init(dsn=sentry_config['dsn'], integrations=[FlaskIntegration()], traces_sample_rate=sentry_config.get( 'traces_sample_rate', 0.1)) JINJA_ENVIRONMENT = jinja2.Environment(loader=jinja2.FileSystemLoader( os.path.join(os.path.dirname(__file__), 'static')), extensions=['jinja2.ext.autoescape'], autoescape=True) def init_app_without_routes(disable_csrf=False):
import datetime import logging import os from urllib.parse import quote from flask import abort, request, redirect from flask_login import login_user, current_user from flask_wtf.csrf import validate_csrf from wtforms.validators import ValidationError from modules.organizations.utils import get_organization_id_for_email from modules.users.helpers import get_or_create_user, get_user_by_id from shared_helpers import config from shared_helpers.services import validate_internal_request, get as service_get, InvalidInternalToken ADDITIONAL_ALLOWED_ORIGINS = config.get_config_by_key_path( ['additional_allowed_origins']) or [] csrf_exempt_paths = set() def login_test_user(): if os.getenv('ENVIRONMENT') == 'test_env' and request.headers.get( 'TROTTO_USER_UNDER_TEST'): login_user( get_or_create_user( request.headers.get('TROTTO_USER_UNDER_TEST'), get_organization_id_for_email( request.headers.get('TROTTO_USER_UNDER_TEST')))) def check_csrf():