From 0c160c3419ba28c34f73d42d90052f7ab97a3594 Mon Sep 17 00:00:00 2001 From: Martyn Inglis Date: Fri, 5 May 2017 15:19:57 +0100 Subject: [PATCH] Store the service we have used to authenticate the client API user against the request. We can then use this later - saving an extra DB query on every client facing API call - Note this doesn't affect admin calls which do not use the service from the api key, but use the one passed as part of the URL path. --- app/authentication/auth.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/authentication/auth.py b/app/authentication/auth.py index 1e9fbece8..77fba3d95 100644 --- a/app/authentication/auth.py +++ b/app/authentication/auth.py @@ -5,7 +5,7 @@ from sqlalchemy.orm.exc import NoResultFound from notifications_python_client.authentication import decode_jwt_token, get_token_issuer from notifications_python_client.errors import TokenDecodeError, TokenExpiredError, TokenIssuerError -from app.dao.services_dao import dao_fetch_service_by_id +from app.dao.services_dao import dao_fetch_service_by_id_with_api_keys class AuthError(Exception): @@ -59,7 +59,7 @@ def requires_auth(): client = __get_token_issuer(auth_token) try: - service = dao_fetch_service_by_id(client) + service = dao_fetch_service_by_id_with_api_keys(client) except DataError: raise AuthError("Invalid token: service id is not the right data type", 403) except NoResultFound: @@ -81,7 +81,9 @@ def requires_auth(): raise AuthError("Invalid token: API key revoked", 403) g.service_id = api_key.service_id + _request_ctx_stack.top.authenticated_service = service _request_ctx_stack.top.api_user = api_key + return else: # service has API keys, but none matching the one the user provided