def wrap_action(self, action_, *args, **kwargs): """ Wrap the controller action ``action_``. :param action_: The controller action to be wrapped. ``args`` and ``kwargs`` are the positional and named arguments which will be passed to ``action_`` when called. """ try: # get token # from header information request = RequestOAuth(args[0].R) with ResponseHTTP(response=request.response) as t: _in = u'Failed' # handle token token = request.access_token if token: oauth_context = TokenManager.get_token_context(token.get('token')) if oauth_context.valid: args[0].__dict__.update(R=request) kwargs.update(dict(oauth_context=oauth_context)) # not mandatory use of oauth, but valid token if self.anon: LOG.debug(oauth_context.valid) return action_(*args, **kwargs) # validate scope elif TokenManager.has_valid_scope(oauth_context.scopes, self.allowed_scopes): LOG.debug(oauth_context.scopes) # kwargs.update(dict(oauth_context=oauth_context)) return action_(*args, **kwargs) else: if self.anon: return action_(*args, **kwargs) # api_key = request.matchdict.get(self.api_field, None) # otherwise, we're done, you're not allowed message = 'Not authorized for request.' code, status = ResponseHTTP.FORBIDDEN return t.to_json(_in, message=message, code=code, status=status) except ValueError as e: LOG.debug(e.message)
def get_token_context(token): return TokenManager.get_token_context(token)