def get_user_info():
user_info = {}
set_current_token(validate_request(aud={"user"}))
user_id = current_token["sub"]
username = current_token["context"]["user"]["name"]
if user_id is not None:
user_info = {"user_id": str(user_id), "username": username}
return user_info
def _get_user_info():
"""
Attempt to parse the request for token to authenticate the user. fallback to
populated information about an anonymous user.
"""
try:
set_current_token(validate_request(aud={"user"}))
user_id = str(current_token["sub"])
username = current_token["context"]["user"]["name"]
except JWTError:
# this is fine b/c it might be public data, sign with anonymous username/id
user_id = ANONYMOUS_USER_ID
username = ANONYMOUS_USERNAME
return {"user_id": user_id, "username": username}
def _generate_google_storage_signed_url(self, http_verb, resource_path,
expiration_time):
set_current_token(validate_request(aud={"user"}))
user_id = current_token["sub"]
proxy_group_id = get_or_create_proxy_group_id()
username = current_token.get("context", {}).get("user", {}).get("name")
private_key, key_db_entry = get_or_create_primary_service_account_key(
user_id=user_id, username=username, proxy_group_id=proxy_group_id)
# Make sure the service account key expiration is later
# than the expiration for the signed url. If it's not, we need to
# provision a new service account key.
#
# NOTE: This should occur very rarely: only when the service account key
# already exists and is very close to expiring.
#
# If our scheduled maintainence script removes the url-signing key
# before the expiration of the url then the url will NOT work
# (even though the url itself isn't expired)
if key_db_entry and key_db_entry.expires < expiration_time:
private_key = create_primary_service_account_key(
user_id=user_id,
username=username,
proxy_group_id=proxy_group_id)
final_url = cirrus.google_cloud.utils.get_signed_url(
resource_path,
http_verb,
expiration_time,
extension_headers=None,
content_type="",
md5_value="",
service_account_creds=private_key,
)
return final_url