def wrapper(*args, **kwargs):
if is_authentication_disabled():
return view(*args, **kwargs)
lgr = current_app.logger
threescale_account_secret = get_threescale_account_secret_header()
if threescale_account_secret is not None:
if os.getenv('THREESCALE_ACCOUNT_SECRET') == threescale_account_secret:
lgr.info('Request has been successfully authenticated')
else:
raise AuthError(401, 'Authentication failed - invalid token received')
else:
try:
decoded = decode_user_token(current_app, get_token_from_auth_header())
if not decoded:
lgr.error('Provide an Authorization token with the API request')
raise AuthError(401, 'Authentication failed - token missing')
elif "email_verified" not in decoded:
raise AuthError(401, 'Can not retrieve the '
'email_verified property from the token')
elif decoded["email_verified"] in ('0', 'False', 'false'):
raise AuthError(401, 'Email of the user has not been validated')
lgr.info('Successfully authenticated user {e} using JWT'.
format(e=decoded.get('email')))
except jwt.ExpiredSignatureError:
lgr.error('Expired JWT token')
raise AuthError(401, 'Authentication failed - token has expired')
except Exception as exc:
lgr.error('Failed with exception')
raise exc
return view(*args, **kwargs)
def wrapper(*args, **kwargs):
if is_authentication_disabled():
return view(*args, **kwargs)
lgr = current_app.logger
try:
decoded = decode_service_token(current_app,
get_token_from_auth_header())
if not decoded:
lgr.exception(
'Provide an Authorization token with the API request')
raise AuthError(401, 'Authentication failed - token missing')
lgr.info('Successfully authenticated user {e} using JWT'.format(
e=decoded.get('email')))
except jwt.ExpiredSignatureError as exc:
lgr.exception('Expired JWT token')
raise AuthError(
401, 'Authentication failed - token has expired') from exc
except Exception as exc:
lgr.exception('Failed decoding JWT token')
raise AuthError(
401,
'Authentication failed - could not decode JWT token') from exc
return view(*args, **kwargs)
def wrapper(*args, **kwargs):
if is_authentication_disabled():
return view(*args, **kwargs)
lgr = current_app.logger
threescale_account_secret = get_threescale_account_secret_header()
print("Three Scale token", os.getenv('THREESCALE_ACCOUNT_SECRET'))
lgr.info('Three Scale token')
lgr.info(os.getenv('THREESCALE_ACCOUNT_SECRET'))
print("Secret from headers", threescale_account_secret)
lgr.info('Secret from headersss')
lgr.info(threescale_account_secret)
if threescale_account_secret is not None:
if os.getenv(
'THREESCALE_ACCOUNT_SECRET') == threescale_account_secret:
g.decoded_token = {}
lgr.info('Request has been successfully authenticated')
else:
raise AuthError(
401, 'Authentication failed - invalid token received')
else:
try:
decoded = decode_user_token(current_app,
get_token_from_auth_header())
if not decoded:
lgr.error(
'Provide an Authorization token with the API request')
raise AuthError(401,
'Authentication failed - token missing')
elif 'sub' not in decoded:
raise AuthError(
401, 'Authentication failed sub '
'is not present in the token')
elif 'preferred_username' not in decoded:
raise AuthError(
401, 'Authentication failed username '
'is not present in the token')
lgr.info(
'Successfully authenticated user {e} using JWT'.format(
e=decoded.get('email')))
except jwt.ExpiredSignatureError:
lgr.error('Expired JWT token')
raise AuthError(401,
'Authentication failed - token has expired')
except Exception as exc:
lgr.error('Failed with exception: {e}'.format(e=exc))
raise exc
return view(*args, **kwargs)
def decode_user_token(app, token):
"""Decode the authorization token read from the request header."""
audiences = get_audiences()
decoded_token = decode_token(app, token, audiences)
if decoded_token is None:
raise AuthError(401,
'Authentication failed - token missing or malformed')
if "email_verified" not in decoded_token:
raise AuthError(
401, 'Can not retrieve the email_verified property from the token')
if decoded_token["email_verified"] in ('0', 'False', 'false'):
raise AuthError(401, 'Email of the user has not been validated')
return decoded_token