def SecurityCheck(self, func, request, *args, **kwargs): """Check if access should be allowed for the request.""" try: auth_header = request.headers.get("Authorization", "") if not auth_header.startswith(self.BEARER_PREFIX): raise ValueError("JWT token is missing.") token = auth_header[len(self.BEARER_PREFIX):] auth_domain = config.CONFIG["AdminUI.firebase_auth_domain"] project_id = auth_domain.split(".")[0] idinfo = id_token.verify_firebase_token(token, request, audience=project_id) if idinfo["iss"] != self.SECURE_TOKEN_PREFIX + project_id: raise ValueError("Wrong issuer.") request.user = idinfo["email"] except ValueError as e: # For a homepage, just do a pass-through, otherwise JS code responsible # for the Firebase auth won't ever get executed. This approach is safe, # because wsgiapp.HttpRequest object will raise on any attempt to # access uninitialized HttpRequest.user attribute. if request.path != "/": return self.AuthError("JWT token validation failed: %s" % e) return func(request, *args, **kwargs)
def SecurityCheck(self, func, request, *args, **kwargs): """Check if access should be allowed for the request.""" try: auth_header = request.headers.get("Authorization", "") if not auth_header.startswith(self.BEARER_PREFIX): raise ValueError("JWT token is missing.") token = auth_header[len(self.BEARER_PREFIX):] auth_domain = config.CONFIG["AdminUI.firebase_auth_domain"] project_id = auth_domain.split(".")[0] idinfo = id_token.verify_firebase_token( token, request, audience=project_id) if idinfo["iss"] != self.SECURE_TOKEN_PREFIX + project_id: raise ValueError("Wrong issuer.") request.user = idinfo["email"] except ValueError as e: # For a homepage, just do a pass-through, otherwise JS code responsible # for the Firebase auth won't ever get executed. This approach is safe, # because wsgiapp.HttpRequest object will raise on any attempt to # access uninitialized HttpRequest.user attribute. if request.path != "/": return self.AuthError("JWT token validation failed: %s" % e) return func(request, *args, **kwargs)
def verify_token(token): try: return id_token.verify_firebase_token(token, HTTP_REQUEST) # return result if result['email_verified'] else None except (ValueError, TypeError): # invalid id_token return None
def top_users(): id_token = request.headers['Authorization'].split(' ').pop() claims = verify_firebase_token(id_token, HTTP_REQUEST) if not claims: return 'Unauthorized', 401 return jsonify([{'name': 'bob'}, {'name': 'jim'}])
def validate_firebase(mobile_id): try: idinfo = id_token.verify_firebase_token( mobile_id, requests.Request(), audience=settings.FIREBASE_PROJECT_ID) return True, idinfo['sub'] except ValueError: return False, ""
def test_verify_firebase_token(verify_token): result = id_token.verify_firebase_token(mock.sentinel.token, mock.sentinel.request, audience=mock.sentinel.audience) assert result == verify_token.return_value verify_token.assert_called_once_with( mock.sentinel.token, mock.sentinel.request, audience=mock.sentinel.audience, certs_url=id_token._GOOGLE_APIS_CERTS_URL)
def auth(token): request = requests.Request() if not token: return { "statusCode": 401 } id_info = id_token.verify_firebase_token(token, request) if not id_info: return { "statusCode": 401 } return id_info
def decorated(*args, **kwargs): jsonData = request.json token = jsonData["token"] if not token: return jsonify({'message': 'Token is missing!'}), 403 try: decodedToken = json.dumps( id_token.verify_firebase_token(id_token=token, request=requests.Request())) except: print('token is invalid') return jsonify({'message': 'Token is invalid!'}), 403 return f(*args, **kwargs)
def render_index(): if request.method == 'POST': idToken = request.headers['Authorization'].split(' ')[0] claims = id_token.verify_firebase_token(idToken, HTTP_REQUEST) if not claims: return redirect('logout') session['Logged'] = True return 'Logged' else: print('Logged in : ', session['Logged']) if session['Logged'] == True: return render_template('index.html') return redirect('logout')
def get_user_from_token(service): # Returns the owner extracting it from the token headers = service.request_state.headers.get('authorization') if headers: id_token_from_firebase = headers.split(' ').pop() if id_token_from_firebase == 'undefined' or id_token_from_firebase == 'null': return None firebaseUser = id_token.verify_firebase_token(id_token_from_firebase, HTTP_REQUEST) if not firebaseUser: return None return firebaseUser.get('email') else: return None
def mainRoute(endpoint): dataFile = open("data.json", "r") jsonDataFile = json.load(dataFile) jsonParams = request.json token = jsonParams["token"] decodedToken = json.loads( json.dumps( id_token.verify_firebase_token(id_token=token, request=requests.Request()))) userId = decodedToken["user_id"] listName = "bla" itemName = "" companyName = "" if "list_name" in jsonParams: listName = jsonParams["list_name"] if "item_name" in jsonParams: itemName = jsonParams["item_name"] if "company_name" in jsonParams: companyName = jsonParams["company_name"] print('endpoint:', endpoint) if endpoint == 'create_user': return create_user(jsonDataFile, userId) if endpoint == 'add_list': return add_list(jsonDataFile, userId, listName) if endpoint == 'remove_list': return remove_list(jsonDataFile, userId, listName) if endpoint == 'get_lists': return get_lists(jsonDataFile, userId) if endpoint == 'add_item': return add_item(jsonDataFile, userId, listName, itemName, companyName) if endpoint == 'remove_item': return remove_item(jsonDataFile, userId, listName, itemName, companyName) if endpoint == 'check_item': return check_item(jsonDataFile, userId, listName, itemName, companyName) if endpoint == 'uncheck_item': return uncheck_item(jsonDataFile, userId, listName, itemName, companyName)
def validate_firebase_token_for_info(token): id_info = id_token.verify_firebase_token(token, requests.Request(), audience='prematch-212912') return validate_for_handle_name(id_info)
def verify_firebase_token(token): return id_token.verify_firebase_token(token, requests.Request())