warricksothr
/
Atheneum
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
An ebook/comic library service and web client
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11 Commits
3 Branches
0 Tags
255 KiB
Tree: 8822aa8796
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8822aa8796'
${ noResults }
Atheneum/server/atheneum/middleware/authentication_middleware.py

84 lines
2.5 KiB
Raw Normal View History

Adding some simple tests for the login/bump/logout features
6 years ago
  1. import base64
  2. from functools import wraps
  3. from typing import Optional, Callable
  5. from flask import request, Response, g
  6. from werkzeug.datastructures import Authorization
  7. from werkzeug.http import bytes_to_wsgi, wsgi_to_bytes
  9. from atheneum.service import (
  10. authentication_service,
  11. user_service,
  12. user_token_service
  13. )
  16. def authenticate_with_password(name: str, password: str) -> bool:
  17. user = user_service.find_by_name(name)
  18. if user is not None \
  19. and authentication_service.is_valid_password(user, password):
  20. g.user = user
  21. return True
  22. return False
  25. def authenticate_with_token(name: str, token: str) -> bool:
  26. user = user_service.find_by_name(name)
  27. user_token = user_token_service.find_by_user_and_token(user, token)
  28. if user is not None \
  29. and authentication_service.is_valid_token(user_token):
  30. g.user = user
  31. g.user_token = user_token
  32. return True
  33. return False
  36. def authentication_failed(auth_type: str) -> Response:
  37. return Response(
  38. status=401,
  39. headers={
  40. 'WWW-Authenticate': '%s realm="Login Required"' % auth_type
  41. })
  44. def parse_token_authorization_header(header_value) -> Optional[Authorization]:
  45. if not header_value:
  46. return
  47. value = wsgi_to_bytes(header_value)
  48. try:
  49. auth_type, auth_info = value.split(None, 1)
  50. auth_type = auth_type.lower()
  51. except ValueError:
  52. return
  53. if auth_type == b'token':
  54. try:
  55. username, token = base64.b64decode(auth_info).split(b':', 1)
  56. except Exception:
  57. return
  58. return Authorization('token', {'username': bytes_to_wsgi(username),
  59. 'password': bytes_to_wsgi(token)})
  62. def require_basic_auth(func: Callable) -> Callable:
  63. @wraps(func)
  64. def decorate(*args, **kwargs):
  65. auth = request.authorization
  66. if auth and authenticate_with_password(auth.username, auth.password):
  67. return func(*args, **kwargs)
  68. else:
  69. return authentication_failed('Basic')
  71. return decorate
  74. def require_token_auth(func: Callable) -> Callable:
  75. @wraps(func)
  76. def decorate(*args, **kwargs):
  77. token = parse_token_authorization_header(
  78. request.headers.get('Authorization', None))
  79. if token and authenticate_with_token(token.username, token.password):
  80. return func(*args, **kwargs)
  81. else:
  82. return authentication_failed('Bearer')
  84. return decorate