def decode_token(token):
"""Decode JWT token entered by the user."""
if token is None:
return http_error('Auth token audience cannot be verified.'), 401
if token.startswith('Bearer '):
_, token = token.split(' ', 1)
pub_key = fetch_public_key(current_app)
audiences = get_audiences()
decoded_token = None
for aud in audiences:
try:
decoded_token = jwt.decode(token, pub_key, audience=aud)
except jwt.InvalidTokenError:
decoded_token = None
current_app.logger.error(
'Auth Token could not be decoded for audience {}'.format(aud))
if decoded_token is not None:
break
if decoded_token is None:
# raise jwt.InvalidTokenError('Auth token audience cannot be verified.')
return {}
return decoded_token
def license_recommender(self, input):
"""
Perform a detailed license analysis for the given list of packages.
It first identifies representative license for each package. Then, it
computes representative license for the entire stack itself.
If there is any unknown license, this function will give up.
If there is any conflict then it returns pairs of conflicting licenses.
If a representative stack-license is possible, then it tries to identify
license based outlier packages.
:param payload: Input list of package information
:return: Detailed license analysis output
"""
if input.get('_resolved') is None or input.get('ecosystem') is None:
return http_error(
"Either list of packages or ecosystem value is missing "
"from payload"), 400
else:
for pkg in input.get('_resolved'):
if pkg.get('package') is None or pkg.get('version') is None:
return http_error(
"Either component name or component version is missing "
"from payload"), 400
resolved = input['_resolved']
ecosystem = input['ecosystem']
user_stack_packages = self.extract_user_stack_package_licenses(
resolved, ecosystem)
payload = {"packages": user_stack_packages}
resp = self.compute_stack_license(payload=payload)
output = resp
output['conflict_packages'] = self._extract_conflict_packages(resp)
output['outlier_packages'] = self._extract_license_outliers(resp)
output['unknown_licenses'] = self._extract_unknown_licenses(resp)
return flask.jsonify(output)
def wrapper(*args, **kwargs):
"""Check if the login is required and if the user can be authorized."""
# Disable authentication for local setup
if getenv('DISABLE_AUTHENTICATION') in ('1', 'True', 'true'):
return view(*args, **kwargs)
lgr = current_app.logger
user = None
try:
token = get_token_from_auth_header()
decoded = decode_token(token)
if not decoded:
lgr.exception(
'Provide an Authorization token with the API request')
return http_error(
'Authentication failed - Not a valid Auth token provided'
), 401
lgr.info('Successfuly authenticated user {e} using JWT'.format(
e=decoded.get('email')))
except jwt.ExpiredSignatureError:
lgr.exception('Expired JWT token')
decoded = {'email': '*****@*****.**'}
return http_error('Authentication failed - token has expired'), 401
except Exception:
lgr.exception('Failed decoding JWT token')
decoded = {'email': '*****@*****.**'}
return http_error(
'Authentication failed - could not decode JWT token'), 401
else:
user = APIUser(decoded.get('email', '*****@*****.**'))
if user:
g.current_user = user
else:
g.current_user = APIUser('*****@*****.**')
return http_error('Authentication required'), 401
return view(*args, **kwargs)