def authErrors(): # Check auth if not request.headers.get('Authorization'): return ({'status': 'error', 'reason': 'Authentication needed'}, 401) method, name, token = Advanced_API.getAuth() data = None if method.lower() not in ['basic', 'token', 'session', 'bearer']: data = ({'status': 'error', 'reason': 'Authorization method not allowed'}, 400) else: try: authenticated = False if method.lower() == 'basic': authenticator = AuthenticationHandler() if authenticator.validateUser(name, token): authenticated = True elif method.lower() == 'bearer': authenticated, name = db.isBearerAuthenticated(token) elif method.lower() == 'token': if db.getToken(name) == token: authenticated = True elif method.lower() == 'session': authenticator = AuthenticationHandler() if authenticator.api_sessions.get(name) == token: authenticated = True if not authenticated: data = ({'status': 'error', 'reason': 'Authentication failed'}, 401) except Exception as e: print(e) data = ({'status': 'error', 'reason': 'Malformed Authentication String'}, 400) if data: return data else: return None
def getAuth(): method, auth = (request.headers.get('Authorization')+" ").split(" ", 1) # Adding and removing space to ensure decent split name, key = (':'+auth.strip()).rsplit(":", 1) name = name[1:] # Adding and removing colon to ensure decent split if method == 'bearer': auth, name = db.isBearerAuthenticated(key) return method, name, key