def wrapper(*args, **kwargs):
# Check that the endpoint is protected by gatekeeper and check access
if is_secured_request(request.headers) and _allows_access(
rule, *args, **kwargs):
return func(*args, **kwargs)
else:
return "Forbidden", 403
def wrapper(*args, **kwargs) -> tuple[str, int]:
# Check that the endpoint is protected by oauth2-proxy and check access
if is_secured_request(request.headers) and _allows_access(
rule, *args, **kwargs):
return func(*args, **kwargs)
else:
return "Forbidden", 403
def wrapper(*args, **kwargs):
if is_secured_request(request.headers):
roles = extract_roles(request.headers)
if GOB_HR_ADMIN in roles:
return view_func(*args, **kwargs)
return "Forbidden", 403
def wrapper(*args, **kwargs):
if is_secured_request(request.headers):
"""Access Token is forwarded by OAuth2Proxy. Keycloak roles are present in access token"""
setattr(request, 'roles', extract_roles(request.headers))
if _allows_access(rule, *args, **kwargs):
return func(*args, **kwargs)
return "Forbidden", 403
def _secure_headers_detected(rule, *args, **kwargs):
"""
Check if any secure headers are present in the request
:param rule:
:param args:
:param kwargs:
:return:
"""
return is_secured_request(request.headers)
def get_user_from_request() -> dict:
"""
Gets the user information from the request header set by keycloak
and returns a dict with the user information for the Datapunt Audit Logger
"""
user = {
'authenticated':
True if is_secured_request(request.headers) else False,
'provider': 'Keycloak',
'realm': '',
'email': request.headers.get(USER_EMAIL_HEADER, ''),
'roles': extract_roles(request.headers),
'ip': get_client_ip(request)
}
return user
def test_is_secured_request(self):
self.assertTrue(
is_secured_request({ACCESS_TOKEN_HEADER: 'access token'}))
self.assertFalse(is_secured_request({}))