def wrapper(*args, **kwargs):
logger.debug("Called with params: %s, %s", args, kwargs)
auth = request.headers.get("authorization", "").strip()
if auth:
try:
extracted_identity, context_dict = identity_from_bearer_token(
auth)
identity_changed.send(app, identity=extracted_identity)
logger.debug("Identity changed to %s",
extracted_identity.id)
auth_context = SignedAuthContext.build_from_signed_dict(
context_dict)
if auth_context is not None:
logger.debug("Auth context set to %s",
auth_context.signed_data)
set_authenticated_context(auth_context)
except InvalidJWTException as ije:
repository = None
if "namespace_name" in kwargs and "repo_name" in kwargs:
repository = kwargs["namespace_name"] + "/" + kwargs[
"repo_name"]
abort(
401,
message=ije.message,
headers=get_auth_headers(repository=repository,
scopes=scopes),
)
else:
logger.debug("No auth header.")
return func(*args, **kwargs)
def test_signed_auth_context(kind, entity_reference, loader, v1_dict_format,
initialized_db):
if kind == ContextEntityKind.anonymous:
validated = ValidatedAuthContext()
assert validated.is_anonymous
else:
ref = loader(entity_reference)
validated = ValidatedAuthContext(**{kind.value: ref})
assert not validated.is_anonymous
assert validated.entity_kind == kind
assert validated.unique_key
signed = SignedAuthContext.build_from_signed_dict(
validated.to_signed_dict(), v1_dict_format=v1_dict_format)
if not v1_dict_format:
# Under legacy V1 format, we don't track the app specific token, merely its associated user.
assert signed.entity_kind == kind
assert signed.description == validated.description
assert signed.credential_username == validated.credential_username
assert (signed.analytics_id_and_public_metadata() ==
validated.analytics_id_and_public_metadata())
assert signed.unique_key == validated.unique_key
assert signed.is_anonymous == validated.is_anonymous
assert signed.authed_user == validated.authed_user
assert signed.has_nonrobot_user == validated.has_nonrobot_user
assert signed.to_signed_dict() == validated.to_signed_dict()