def resolve(self, authorization: http.Header, route: Route) -> AuthData:
"""
Describe
"""
if route.handler.__name__ in self.no_auth_list:
log.info(f"No auth handler")
return AuthData()
scheme, token = self.get_data_by_header(authorization)
if "Bearer" in scheme:
try:
payload = jwt.decode(token, self.secret, self.algorithms)
user_id = payload.get("user_id")
user = User.find(user_id)
if user is None:
msg = "Unauthorized, invalid token"
raise exceptions.HTTPException({"message": msg},
status_code=401)
return AuthData(user, None)
except jwt.DecodeError:
msg = "Unauthorized, invalid token"
raise exceptions.HTTPException({"message": msg},
status_code=401)
except jwt.ExpiredSignatureError:
msg = "Unauthorized, token expired"
raise exceptions.HTTPException({"message": msg},
status_code=401)
if "Token" in scheme:
if route.handler.__name__ in self.accept_token_list:
service = Service.where("token", token).first()
if service is None:
msg = "Unauthorized, invalid token"
raise exceptions.HTTPException({"message": msg},
status_code=401)
return AuthData(None, service)
msg = f"This endpoint is not available by Token, please use Bearer header"
raise exceptions.Forbidden({"message": msg})
def create_id(p: http.QueryParam, name: str, login: str,
password: str) -> dict:
_auth(p)
if redisclient.get_id(name):
raise exceptions.HTTPException(
'The identity {} already exists'.format(name), 500)
response = redisclient.set_id(
name, json.dumps({
'login': login,
'password': password
}))
if not response:
raise exceptions.HTTPException(
'Internal error while creating ' + 'identity {}'.format(name), 500)
return {'created': name}
def raise_about_authorization_format(self):
"""
Describe
"""
msg = "Please add a valid Authorization Header Ex: Bearer <token> or Token <token>"
raise exceptions.HTTPException({"message": msg}, status_code=401)
def delete_id(p: http.QueryParam, name: str) -> dict:
_auth(p)
response = redisclient.get_id(name)
if response is None:
raise exceptions.NotFound()
if not redisclient.delete_id(name):
raise exceptions.HTTPException(
'Internal error while deleting ' + 'identity {}'.format(name), 500)
return {'deleted': name}
def on_request(self, authorization: http.Header, request: http.Request):
if '/auth/' in request.url:
return
is_authenticated = False
for auth_component in settings.APISTAR_SETTINGS.get(
'AUTH_COMPONENTS', []):
user = auth_component.resolve(authorization)
if user:
is_authenticated = True
if not is_authenticated:
raise exceptions.HTTPException(
{'message': 'User must be logged in.'}, status_code=403)
def update_id(p: http.QueryParam, name: str, login: http.QueryParam,
password: http.QueryParam) -> dict:
_auth(p)
old_id = redisclient.get_id(name)
if not old_id:
raise exceptions.NotFound()
new_id = json.loads(old_id)
if not (login or password):
raise exceptions.BadRequest()
if login:
new_id['login'] = login
if password:
new_id['password'] = password
response = redisclient.set_id(name, json.dumps(new_id))
if not response:
raise exceptions.HTTPException(
'Internal error while updating ' + 'identity {}'.format(name), 500)
return json.loads(redisclient.get_id(name))
def on_request(self, path: http.Path, user: User = None) -> None:
white_list = NO_AUTH_ENDPOINTS
white_list = list(map(lambda x: x.replace('/', ''), white_list))
path = path.replace('/', '')
if user is None and path not in white_list:
raise exceptions.HTTPException('Unauthorized', 401)