warricksothr
/
Corvus
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
A multipurpose python flask API server and administration SPA
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
3 Branches
0 Tags
251 KiB
Tree: bcbb1750b8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bcbb1750b8'
${ noResults }
Corvus/server/atheneum/middleware/authentication_middleware.py

87 lines
2.6 KiB
Raw Normal View History

Initial copy from Atheneum project
6 years ago
  1. import base64
  2. from functools import wraps
  3. from typing import Optional, Callable, Any
  5. from flask import request, Response, g
  6. from werkzeug.datastructures import Authorization
  7. from werkzeug.http import bytes_to_wsgi, wsgi_to_bytes
  9. from atheneum.service import (
  10. authentication_service,
  11. user_service,
  12. user_token_service
  13. )
  16. def authenticate_with_password(name: str, password: str) -> bool:
  17. user = user_service.find_by_name(name)
  18. if user is not None \
  19. and authentication_service.is_valid_password(user, password):
  20. g.user = user
  21. return True
  22. return False
  25. def authenticate_with_token(name: str, token: str) -> bool:
  26. user = user_service.find_by_name(name)
  27. if user is not None:
  28. user_token = user_token_service.find_by_user_and_token(user, token)
  29. if user is not None \
  30. and authentication_service.is_valid_token(user_token):
  31. g.user = user
  32. g.user_token = user_token
  33. return True
  34. return False
  37. def authentication_failed(auth_type: str) -> Response:
  38. return Response(
  39. status=401,
  40. headers={
  41. 'WWW-Authenticate': '%s realm="Login Required"' % auth_type
  42. })
  45. def parse_token_authorization_header(
  46. header_value: str) -> Optional[Authorization]:
  47. if not header_value:
  48. return None
  49. value = wsgi_to_bytes(header_value)
  50. try:
  51. auth_type, auth_info = value.split(None, 1)
  52. auth_type = auth_type.lower()
  53. except ValueError:
  54. return None
  55. if auth_type == b'token':
  56. try:
  57. username, token = base64.b64decode(auth_info).split(b':', 1)
  58. except Exception:
  59. return None
  60. return Authorization('token', {'username': bytes_to_wsgi(username),
  61. 'password': bytes_to_wsgi(token)})
  62. return None
  65. def require_basic_auth(func: Callable) -> Callable:
  66. @wraps(func)
  67. def decorate(*args: list, **kwargs: dict) -> Any:
  68. auth = request.authorization
  69. if auth and authenticate_with_password(auth.username, auth.password):
  70. return func(*args, **kwargs)
  71. else:
  72. return authentication_failed('Basic')
  74. return decorate
  77. def require_token_auth(func: Callable) -> Callable:
  78. @wraps(func)
  79. def decorate(*args: list, **kwargs: dict) -> Any:
  80. token = parse_token_authorization_header(
  81. request.headers.get('Authorization', None))
  82. if token and authenticate_with_token(token.username, token.password):
  83. return func(*args, **kwargs)
  84. else:
  85. return authentication_failed('Bearer')
  87. return decorate