warricksothr
/
Corvus
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
A multipurpose python flask API server and administration SPA
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
3 Branches
0 Tags
251 KiB
Tree: eef24284e0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'eef24284e0'
${ noResults }
Corvus/server/corvus/middleware/authentication_middleware.py

139 lines
3.5 KiB
Raw Normal View History

Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Renamed from Atheneum to Corvus
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
Updating with pylint and pydocstyle testing
6 years ago
Initial copy from Atheneum project
6 years ago
  1. """Middleware to handle authentication."""
  2. import base64
  3. from functools import wraps
  4. from typing import Optional, Callable, Any
  6. import binascii
  7. from flask import request, Response, g
  8. from werkzeug.datastructures import Authorization
  9. from werkzeug.http import bytes_to_wsgi, wsgi_to_bytes
  11. from corvus.service import (
  12. authentication_service,
  13. user_service,
  14. user_token_service
  15. )
  18. def authenticate_with_password(name: str, password: str) -> bool:
  19. """
  20. Authenticate a username and a password.
  22. :param name:
  23. :param password:
  24. :return:
  25. """
  26. user = user_service.find_by_name(name)
  27. if user is not None \
  28. and authentication_service.is_valid_password(user, password):
  29. g.user = user
  30. return True
  31. return False
  34. def authenticate_with_token(name: str, token: str) -> bool:
  35. """
  36. Authenticate a username and a token.
  38. :param name:
  39. :param token:
  40. :return:
  41. """
  42. user = user_service.find_by_name(name)
  43. if user is not None:
  44. user_token = user_token_service.find_by_user_and_token(user, token)
  45. if user is not None \
  46. and authentication_service.is_valid_token(user_token):
  47. g.user = user
  48. g.user_token = user_token
  49. return True
  50. return False
  53. def authentication_failed(auth_type: str) -> Response:
  54. """
  55. Return a correct response for failed authentication.
  57. :param auth_type:
  58. :return:
  59. """
  60. return Response(
  61. status=401,
  62. headers={
  63. 'WWW-Authenticate': '%s realm="Login Required"' % auth_type
  64. })
  67. def parse_token_header(
  68. header_value: str) -> Optional[Authorization]:
  69. """
  70. Parse the Authorization: Token header for the username and token.
  72. :param header_value:
  73. :return:
  74. """
  75. if not header_value:
  76. return None
  77. value = wsgi_to_bytes(header_value)
  78. try:
  79. auth_type, auth_info = value.split(None, 1)
  80. auth_type = auth_type.lower()
  81. except ValueError:
  82. return None
  83. if auth_type == b'token':
  84. try:
  85. username, token = base64.b64decode(auth_info).split(b':', 1)
  86. except binascii.Error:
  87. return None
  88. return Authorization('token', {'username': bytes_to_wsgi(username),
  89. 'password': bytes_to_wsgi(token)})
  90. return None
  93. def require_basic_auth(func: Callable) -> Callable:
  94. """
  95. Decorate require inline basic auth.
  97. :param func:
  98. :return:
  99. """
  100. @wraps(func)
  101. def decorate(*args: list, **kwargs: dict) -> Any:
  102. """
  103. Authenticate with a password.
  105. :param args:
  106. :param kwargs:
  107. :return:
  108. """
  109. auth = request.authorization
  110. if auth and authenticate_with_password(auth.username, auth.password):
  111. return func(*args, **kwargs)
  112. return authentication_failed('Basic')
  114. return decorate
  117. def require_token_auth(func: Callable) -> Callable:
  118. """
  119. Decorate require inline token auth.
  121. :param func:
  122. :return:
  123. """
  124. @wraps(func)
  125. def decorate(*args: list, **kwargs: dict) -> Any:
  126. """
  127. Authenticate with a token.
  129. :param args:
  130. :param kwargs:
  131. :return:
  132. """
  133. token = parse_token_header(
  134. request.headers.get('Authorization', None))
  135. if token and authenticate_with_token(token.username, token.password):
  136. return func(*args, **kwargs)
  137. return authentication_failed('Bearer')
  139. return decorate