def wrapper(*args, **kwargs): # Check that the endpoint is protected by gatekeeper and check access if is_secured_request(request.headers) and _allows_access( rule, *args, **kwargs): return func(*args, **kwargs) else: return "Forbidden", 403
def wrapper(*args, **kwargs) -> tuple[str, int]: # Check that the endpoint is protected by oauth2-proxy and check access if is_secured_request(request.headers) and _allows_access( rule, *args, **kwargs): return func(*args, **kwargs) else: return "Forbidden", 403
def wrapper(*args, **kwargs): if is_secured_request(request.headers): roles = extract_roles(request.headers) if GOB_HR_ADMIN in roles: return view_func(*args, **kwargs) return "Forbidden", 403
def wrapper(*args, **kwargs): if is_secured_request(request.headers): """Access Token is forwarded by OAuth2Proxy. Keycloak roles are present in access token""" setattr(request, 'roles', extract_roles(request.headers)) if _allows_access(rule, *args, **kwargs): return func(*args, **kwargs) return "Forbidden", 403
def _secure_headers_detected(rule, *args, **kwargs): """ Check if any secure headers are present in the request :param rule: :param args: :param kwargs: :return: """ return is_secured_request(request.headers)
def get_user_from_request() -> dict: """ Gets the user information from the request header set by keycloak and returns a dict with the user information for the Datapunt Audit Logger """ user = { 'authenticated': True if is_secured_request(request.headers) else False, 'provider': 'Keycloak', 'realm': '', 'email': request.headers.get(USER_EMAIL_HEADER, ''), 'roles': extract_roles(request.headers), 'ip': get_client_ip(request) } return user
def test_is_secured_request(self): self.assertTrue( is_secured_request({ACCESS_TOKEN_HEADER: 'access token'})) self.assertFalse(is_secured_request({}))