def check_api_key(*args, **kwargs):
FORBIDDEN = requests.codes.forbidden
# enforce admin permission
try:
return jwt.has_one_of_roles([ADMIN])(func)(*args, **kwargs)
except Exception as e:
current_app.logger.error(str(e))
# TODO this checks for debug purpose, will be reworked in final pr
otl_guid = request.headers.get(ONE_TIME_LINK)
otp_guid = request.headers.get(ONE_TIME_PASSWORD)
if not otl_guid and not otp_guid:
current_app.logger.info("OTL and OTP is empty")
abort(FORBIDDEN)
elif otl_guid and otl_guid == cache.get(otl_guid):
current_app.logger.info("OTL IS PRESENT NEED TO GENERATE OTP")
abort(FORBIDDEN)
elif not otl_guid and otp_guid:
current_app.logger.info("OTL is not present but OTP is")
otp_app_guid = cache.get(otp_guid)
header_app_guid = request.headers.get("app_guid")
if otp_app_guid and otp_app_guid == header_app_guid:
current_app.logger.info("OTP is correct")
return func(*args, **kwargs)
else:
current_app.logger.info("OTP is linked to a different application")
abort(FORBIDDEN)
else:
current_app.logger.info("OTP is expired")
abort(FORBIDDEN)
def wrapper(*args, **kwds):
return jwt.has_one_of_roles(roles)(func)(*args, **kwds)
def wrapper(*args, **kwds):
try:
return jwt.has_one_of_roles(roles)(func)(*args, **kwds)
except AuthError as e:
raise Forbidden(e.error['description'])