def decode_token(token):
    """Decode JWT token entered by the user."""
    if token is None:
        return http_error('Auth token audience cannot be verified.'), 401

    if token.startswith('Bearer '):
        _, token = token.split(' ', 1)

    pub_key = fetch_public_key(current_app)
    audiences = get_audiences()

    decoded_token = None

    for aud in audiences:
        try:
            decoded_token = jwt.decode(token, pub_key, audience=aud)
        except jwt.InvalidTokenError:
            decoded_token = None
            current_app.logger.error(
                'Auth Token could not be decoded for audience {}'.format(aud))

        if decoded_token is not None:
            break

    if decoded_token is None:
        # raise jwt.InvalidTokenError('Auth token audience cannot be verified.')
        return {}
    return decoded_token
Exemplo n.º 2
0
    def license_recommender(self, input):
        """
        Perform a detailed license analysis for the given list of packages.

        It first identifies representative license for each package. Then, it
        computes representative license for the entire stack itself.

        If there is any unknown license, this function will give up.

        If there is any conflict then it returns pairs of conflicting licenses.

        If a representative stack-license is possible, then it tries to identify
        license based outlier packages.

        :param payload: Input list of package information
        :return: Detailed license analysis output
        """
        if input.get('_resolved') is None or input.get('ecosystem') is None:
            return http_error(
                "Either list of packages or ecosystem value is missing "
                "from payload"), 400

        else:
            for pkg in input.get('_resolved'):
                if pkg.get('package') is None or pkg.get('version') is None:
                    return http_error(
                        "Either component name or component version is missing "
                        "from payload"), 400
            resolved = input['_resolved']
            ecosystem = input['ecosystem']
            user_stack_packages = self.extract_user_stack_package_licenses(
                resolved, ecosystem)
            payload = {"packages": user_stack_packages}
            resp = self.compute_stack_license(payload=payload)
            output = resp
            output['conflict_packages'] = self._extract_conflict_packages(resp)
            output['outlier_packages'] = self._extract_license_outliers(resp)
            output['unknown_licenses'] = self._extract_unknown_licenses(resp)

            return flask.jsonify(output)
    def wrapper(*args, **kwargs):
        """Check if the login is required and if the user can be authorized."""
        # Disable authentication for local setup
        if getenv('DISABLE_AUTHENTICATION') in ('1', 'True', 'true'):
            return view(*args, **kwargs)

        lgr = current_app.logger
        user = None

        try:
            token = get_token_from_auth_header()
            decoded = decode_token(token)
            if not decoded:
                lgr.exception(
                    'Provide an Authorization token with the API request')
                return http_error(
                    'Authentication failed - Not a valid Auth token provided'
                ), 401

            lgr.info('Successfuly authenticated user {e} using JWT'.format(
                e=decoded.get('email')))
        except jwt.ExpiredSignatureError:
            lgr.exception('Expired JWT token')
            decoded = {'email': '*****@*****.**'}
            return http_error('Authentication failed - token has expired'), 401
        except Exception:
            lgr.exception('Failed decoding JWT token')
            decoded = {'email': '*****@*****.**'}
            return http_error(
                'Authentication failed - could not decode JWT token'), 401
        else:
            user = APIUser(decoded.get('email', '*****@*****.**'))

        if user:
            g.current_user = user
        else:
            g.current_user = APIUser('*****@*****.**')
            return http_error('Authentication required'), 401
        return view(*args, **kwargs)