warricksothr
/
Corvus
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
A multipurpose python flask API server and administration SPA
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
28 Commits
3 Branches
0 Tags
251 KiB
Tree: 8a33190da0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8a33190da0'
${ noResults }
Corvus/server/corvus/middleware/authentication_middleware.py

208 lines
5.6 KiB
Raw Normal View History

Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with latest Atheneum changes
6 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
Initial copy from Atheneum project
6 years ago
Updating with latest Atheneum changes
6 years ago
Initial copy from Atheneum project
6 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
Renamed from Atheneum to Corvus
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with latest Atheneum changes
6 years ago
Refactor: Address some mypy complaints
5 years ago
Initial copy from Atheneum project
6 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
Refactor: Address some mypy complaints
5 years ago
Updating with pylint and pydocstyle testing
6 years ago
Refactor: Address some mypy complaints
5 years ago
Initial copy from Atheneum project
6 years ago
Refactor: Address some mypy complaints
5 years ago
Updating with pylint and pydocstyle testing
6 years ago
Refactor: Address some mypy complaints
5 years ago
Initial copy from Atheneum project
6 years ago
Refactor: Moved token validation, made token list a page, documentation
5 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with latest Atheneum changes
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Refactor: Address some mypy complaints
5 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
Initial copy from Atheneum project
6 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
Initial copy from Atheneum project
6 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Refactor: Address some mypy complaints
5 years ago
Initial copy from Atheneum project
6 years ago
Migrating latest Atheneum changes to Corvus
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with latest Atheneum changes
6 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
Updating with latest Atheneum changes
6 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
Refactor: Address mock issues, mypy complaints, and pycodestyle issues
5 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
Refactor: Appease the pylint rules for the repository
5 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
Refactor: Appease the pylint rules for the repository
5 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
Refactor: Appease the pylint rules for the repository
5 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
Refactor: Address some mypy complaints
5 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
Refactor: Appease the pylint rules for the repository
5 years ago
Refactor: Add token management endpoints and new @require annotation
5 years ago
  1. """Middleware to handle authentication."""
  2. import base64
  3. import binascii
  4. from enum import Enum
  5. from functools import wraps
  6. from typing import Optional, Callable, Any
  8. from flask import request, Response, g, json
  9. from werkzeug.datastructures import Authorization
  10. from werkzeug.http import bytes_to_wsgi, wsgi_to_bytes
  12. from corvus.api.model import APIMessage
  13. from corvus.service import (
  14. authentication_service,
  15. user_service,
  16. user_token_service
  17. )
  18. from corvus.service.role_service import ROLES, Role
  19. from corvus.service import transformation_service
  22. class Auth(Enum):
  23. """Authentication scheme definitions."""
  25. TOKEN = 'TOKEN'
  26. BASIC = 'BASIC'
  27. NONE = 'NONE'
  30. def authenticate_with_password(
  31. name: Optional[str], password: Optional[str]) -> bool:
  32. """
  33. Authenticate a username and a password.
  35. :param name:
  36. :param password:
  37. :return:
  38. """
  39. if name is None or password is None:
  40. return False
  41. user = user_service.find_by_name(name)
  42. if user is not None \
  43. and authentication_service.is_valid_password(user, password):
  44. g.user = user
  45. return True
  46. return False
  49. def authenticate_with_token(name: Optional[str], token: Optional[str]) -> bool:
  50. """
  51. Authenticate a username and a token.
  53. :param name:
  54. :param token:
  55. :return:
  56. """
  57. if name is None or token is None:
  58. return False
  59. user = user_service.find_by_name(name)
  60. if user is not None:
  61. user_token = user_token_service.find_by_user_and_token(user, token)
  62. if user is not None \
  63. and user_token_service.is_valid_token(user_token):
  64. g.user = user
  65. g.user_token = user_token
  66. return True
  67. return False
  70. def authentication_failed(auth_type: str) -> Response:
  71. """
  72. Return a correct response for failed authentication.
  74. :param auth_type:
  75. :return:
  76. """
  77. return Response(
  78. status=401,
  79. headers={
  80. 'WWW-Authenticate': '%s realm="Login Required"' % auth_type
  81. })
  84. def authorization_failed(required_role: str) -> Response:
  85. """Return a correct response for failed authorization."""
  86. return Response(
  87. status=401,
  88. response=json.dumps({
  89. 'message': '{} role not present'.format(required_role)
  90. }),
  91. content_type='application/json'
  92. )
  95. def parse_token_header(
  96. header_value: Optional[str]) -> Optional[Authorization]:
  97. """
  98. Parse the Authorization: Token header for the username and token.
  100. :param header_value:
  101. :return:
  102. """
  103. if not header_value:
  104. return None
  105. auth_info = wsgi_to_bytes(header_value)
  106. try:
  107. username, token = base64.b64decode(auth_info).split(b':', 1)
  108. except binascii.Error:
  109. return None
  110. return Authorization('token', {'username': bytes_to_wsgi(username),
  111. 'password': bytes_to_wsgi(token)})
  114. def require_basic_auth(func: Callable) -> Callable:
  115. """
  116. Decorate require inline basic auth.
  118. :param func:
  119. :return:
  120. """
  121. @wraps(func)
  122. def decorate(*args: list, **kwargs: dict) -> Any:
  123. """
  124. Authenticate with a password.
  126. :param args:
  127. :param kwargs:
  128. :return:
  129. """
  130. auth = request.authorization
  131. if auth and authenticate_with_password(auth.username, auth.password):
  132. return func(*args, **kwargs)
  133. return authentication_failed('Basic')
  135. return decorate
  138. def require_token_auth(func: Callable) -> Callable:
  139. """
  140. Decorate require inline token auth.
  142. :param func:
  143. :return:
  144. """
  145. @wraps(func)
  146. def decorate(*args: list, **kwargs: dict) -> Any:
  147. """
  148. Authenticate with a token.
  150. :param args:
  151. :param kwargs:
  152. :return:
  153. """
  154. token = parse_token_header(
  155. request.headers.get('X-Auth-Token'))
  156. if token and authenticate_with_token(token.username, token.password):
  157. return func(*args, **kwargs)
  158. return authentication_failed('Token')
  160. return decorate
  163. def require_role(required_role: Role) -> Callable:
  164. """
  165. Decorate require a user role.
  167. :param required_role:
  168. :return:
  169. """
  170. def required_role_decorator(func: Callable) -> Callable:
  171. """Decorate the function."""
  172. @wraps(func)
  173. def decorate(*args: list, **kwargs: dict) -> Any:
  174. """Require a user role."""
  175. if g.user.role in ROLES.find_roles_in_hierarchy(required_role):
  176. return func(*args, **kwargs)
  177. return authorization_failed(required_role.value)
  178. return decorate
  179. return required_role_decorator
  182. def require(required_auth: Auth, required_role: Role) -> Callable:
  183. """
  184. Decorate require Auth and Role.
  186. :param required_auth:
  187. :param required_role:
  188. :return:
  189. """
  190. def require_decorator(func: Callable) -> Callable:
  191. @wraps(func)
  192. def decorate(*args: list, **kwargs: dict) -> Any:
  193. decorated = require_role(required_role)(func)
  194. if required_auth == Auth.BASIC:
  195. decorated = require_basic_auth(decorated)
  196. elif required_auth == Auth.TOKEN:
  197. decorated = require_token_auth(decorated)
  198. else:
  199. return Response(
  200. response=transformation_service.serialize_model(
  201. APIMessage(
  202. message="Unexpected Server Error",
  203. success=False
  204. )),
  205. status=500)
  206. return decorated(*args, **kwargs)
  207. return decorate
  208. return require_decorator