def SecurityCheck(self, func, request, *args, **kwargs): """Wrapping function.""" if self.IAP_HEADER not in request.headers: return http_response.HttpResponse("Unauthorized", status=401) jwt = request.headers.get(self.IAP_HEADER) try: request.user, _ = validate_iap.ValidateIapJwtFromComputeEngine( jwt, self.cloud_project_id, self.backend_service_id) return func(request, *args, **kwargs) except validate_iap.IAPValidationFailedError as e: # Return failure if IAP is not decoded correctly. logging.error("IAPWebAuthManager failed with: %s", e) return http_response.HttpResponse("Unauthorized", status=401)
def SecurityCheck(self, func, request, *args, **kwargs): """Wrapping function.""" if self.iap_header in request.headers: jwt = request.headers.get(self.iap_header) user_id, user_email, error_str = validate_iap.ValidateIapJwtFromComputeEngine( jwt, self.cloud_project_id, self.backend_service_id) else: return werkzeug_wrappers.Response("Unauthorized", status=401) if error_str: # Log error logging.error("IAPWebAuthManager failed with: %s", error_str) # Return failure if IAP is not decoded correctly return werkzeug_wrappers.Response("Unauthorized", status=401) else: # Generate a new user if not created, else authenticate current request.user = user_email return func(request, *args, **kwargs)