def decode_token(token): """Decode JWT token entered by the user.""" if token is None: return http_error('Auth token audience cannot be verified.'), 401 if token.startswith('Bearer '): _, token = token.split(' ', 1) pub_key = fetch_public_key(current_app) audiences = get_audiences() decoded_token = None for aud in audiences: try: decoded_token = jwt.decode(token, pub_key, audience=aud) except jwt.InvalidTokenError: decoded_token = None current_app.logger.error( 'Auth Token could not be decoded for audience {}'.format(aud)) if decoded_token is not None: break if decoded_token is None: # raise jwt.InvalidTokenError('Auth token audience cannot be verified.') return {} return decoded_token
def license_recommender(self, input): """ Perform a detailed license analysis for the given list of packages. It first identifies representative license for each package. Then, it computes representative license for the entire stack itself. If there is any unknown license, this function will give up. If there is any conflict then it returns pairs of conflicting licenses. If a representative stack-license is possible, then it tries to identify license based outlier packages. :param payload: Input list of package information :return: Detailed license analysis output """ if input.get('_resolved') is None or input.get('ecosystem') is None: return http_error( "Either list of packages or ecosystem value is missing " "from payload"), 400 else: for pkg in input.get('_resolved'): if pkg.get('package') is None or pkg.get('version') is None: return http_error( "Either component name or component version is missing " "from payload"), 400 resolved = input['_resolved'] ecosystem = input['ecosystem'] user_stack_packages = self.extract_user_stack_package_licenses( resolved, ecosystem) payload = {"packages": user_stack_packages} resp = self.compute_stack_license(payload=payload) output = resp output['conflict_packages'] = self._extract_conflict_packages(resp) output['outlier_packages'] = self._extract_license_outliers(resp) output['unknown_licenses'] = self._extract_unknown_licenses(resp) return flask.jsonify(output)
def wrapper(*args, **kwargs): """Check if the login is required and if the user can be authorized.""" # Disable authentication for local setup if getenv('DISABLE_AUTHENTICATION') in ('1', 'True', 'true'): return view(*args, **kwargs) lgr = current_app.logger user = None try: token = get_token_from_auth_header() decoded = decode_token(token) if not decoded: lgr.exception( 'Provide an Authorization token with the API request') return http_error( 'Authentication failed - Not a valid Auth token provided' ), 401 lgr.info('Successfuly authenticated user {e} using JWT'.format( e=decoded.get('email'))) except jwt.ExpiredSignatureError: lgr.exception('Expired JWT token') decoded = {'email': '*****@*****.**'} return http_error('Authentication failed - token has expired'), 401 except Exception: lgr.exception('Failed decoding JWT token') decoded = {'email': '*****@*****.**'} return http_error( 'Authentication failed - could not decode JWT token'), 401 else: user = APIUser(decoded.get('email', '*****@*****.**')) if user: g.current_user = user else: g.current_user = APIUser('*****@*****.**') return http_error('Authentication required'), 401 return view(*args, **kwargs)