def get_farm_access_allow_public(
user_access: dict = Depends(get_current_user_farm_access),
api_token_access: dict = Depends(get_api_token_farm_access),
):
farm_access = None
# If open registration is enabled, allow minimal access.
if settings.AGGREGATOR_OPEN_FARM_REGISTRATION is True:
farm_access = FarmAccess(scopes=[], farm_id_list=[], all_farms=False)
# Still check for a request with higher permissions.
# This is the same as the get_farm_access dependency above.
if user_access is not None:
logger.debug(f"Request has user_access: {user_access}")
farm_access = user_access
if api_token_access is not None:
logger.debug(f"Request has api_token access: {api_token_access}")
farm_access = api_token_access
if farm_access is None:
logger.debug(f"Request has no farm access.")
raise HTTPException(status_code=HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials")
return farm_access
def get_api_token_farm_access(
security_scopes: SecurityScopes,
settings=Depends(get_settings),
api_token: str = Security(api_token_header),
):
# Right now, api-tokens are only used for Invite Farm Registration (if enabled)
# Don't authorize requests with valid api-tokens if this setting is not enabled.
if settings.AGGREGATOR_INVITE_FARM_REGISTRATION and api_token is not None:
try:
token_data = _validate_token(api_token)
except (PyJWTError, ValidationError) as e:
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
)
for scope in security_scopes.scopes:
if scope not in token_data.scopes:
raise HTTPException(status_code=HTTP_401_UNAUTHORIZED,
detail="Not enough permissions.")
return FarmAccess(scopes=token_data.scopes,
farm_id_list=token_data.farm_id,
all_farms=False)
return None
def get_current_user_farm_access(security_scopes: SecurityScopes,
db: Session = Depends(get_db),
token: str = Security(optional_oauth2)):
if security_scopes.scopes:
authenticate_value = f'Bearer scope="{security_scopes.scope_str}"'
else:
authenticate_value = f"Bearer"
credentials_exception = HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": authenticate_value},
)
if token is None:
# Make this an optional dependency. Don't raise an error if no user is logged in.
return None
else:
try:
token_data = _validate_token(token)
except (PyJWTError, ValidationError) as e:
raise credentials_exception
user = crud.user.get(db, user_id=token_data.user_id)
if user is None:
raise credentials_exception
for scope in security_scopes.scopes:
if scope not in token_data.scopes:
raise HTTPException(status_code=HTTP_401_UNAUTHORIZED,
detail="Not enough permissions.")
all_farms = False
if crud.user.is_superuser(user):
all_farms = True
return FarmAccess(scopes=token_data.scopes,
user_id=token_data.user_id,
all_farms=all_farms)
def get_api_key_farm_access(
security_scopes: SecurityScopes,
db: Session = Depends(get_db),
api_key: str = Security(api_key_header),
):
if api_key is None:
return None
else:
try:
token_data = _validate_token(api_key)
except (PyJWTError, ValidationError) as e:
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail="Could not validate api key.",
)
for scope in security_scopes.scopes:
if scope not in token_data.scopes:
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail="Not enough permissions.",
)
key_in_db = crud.api_key.get_by_key(db, key=api_key.encode())
if key_in_db is None:
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail="API Key doesn't exist.",
)
if not key_in_db.enabled:
raise HTTPException(status_code=HTTP_401_UNAUTHORIZED,
detail="API Key is not enabled.")
return FarmAccess(scopes=token_data.scopes,
farm_id_list=token_data.farm_id,
all_farms=token_data.all_farms)
def get_api_token_farm_access(
security_scopes: SecurityScopes,
api_token: str = Security(api_key_header),
):
if api_token is None:
return None
else:
try:
token_data = _validate_token(api_token)
except (PyJWTError, ValidationError) as e:
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
)
for scope in security_scopes.scopes:
if scope not in token_data.scopes:
raise HTTPException(status_code=HTTP_401_UNAUTHORIZED,
detail="Not enough permissions.")
return FarmAccess(scopes=token_data.scopes,
farm_id_list=token_data.farm_id,
all_farms=False)