darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-01 15:46:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

attach api_key to app

Browse Source 
we previously attached the service id and the key's secret
also more refactoring of auth.py
This commit is contained in:
Leo Hemsted
2016-06-29 16:33:02 +01:00
parent adbe02783d
commit 39519e3f36
3 changed files with 48 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
app/authentication/auth.py
View File

@@ -2,7 +2,7 @@ from flask import request, jsonify, _request_ctx_stack, current_app
from notifications_python_client.authentication import decode_jwt_token, get_token_issuer
from notifications_python_client.errors import TokenDecodeError, TokenExpiredError
from app.dao.api_key_dao import get_unsigned_secrets
from app.dao.api_key_dao import get_model_api_keys
def authentication_response(message, code):
@@ -23,37 +23,36 @@ def requires_auth():
auth_token = auth_header[7:]
try:
api_client = fetch_client(get_token_issuer(auth_token))
client = get_token_issuer(auth_token)
except TokenDecodeError:
return authentication_response("Invalid token: signature", 403)
for secret in api_client['secret']:
try:
decode_jwt_token(
auth_token,
secret
)
_request_ctx_stack.top.api_user = api_client
return
except TokenExpiredError:
errors_resp = authentication_response("Invalid token: expired", 403)
except TokenDecodeError:
errors_resp = authentication_response("Invalid token: signature", 403)
if client == current_app.config.get('ADMIN_CLIENT_USER_NAME'):
errors_resp = get_decode_errors(auth_token, current_app.config.get('ADMIN_CLIENT_SECRET'), expiry_date=None)
return errors_resp
if not api_client['secret']:
secret_keys = get_model_api_keys(client)
for api_key in secret_keys:
errors_resp = get_decode_errors(auth_token, api_key.unsigned_secret, api_key.expiry_date)
if not errors_resp:
if api_key.expiry_date:
return authentication_response("Invalid token: revoked", 403)
else:
_request_ctx_stack.top.api_user = api_key
return
if not secret_keys:
errors_resp = authentication_response("Invalid token: no api keys for service", 403)
current_app.logger.info(errors_resp)
return errors_resp
def fetch_client(client):
if client == current_app.config.get('ADMIN_CLIENT_USER_NAME'):
return {
"client": client,
"secret": [current_app.config.get('ADMIN_CLIENT_SECRET')]
}
def get_decode_errors(auth_token, unsigned_secret, expiry_date=None):
try:
decode_jwt_token(auth_token, unsigned_secret)
except TokenExpiredError:
return authentication_response("Invalid token: expired", 403)
except TokenDecodeError:
return authentication_response("Invalid token: signature", 403)
else:
return {
"client": client,
"secret": get_unsigned_secrets(client)
}
return None

8
app/notifications/rest.py
View File

@@ -169,7 +169,7 @@ def process_firetext_response():
@notifications.route('/notifications/<uuid:notification_id>', methods=['GET'])
def get_notifications(notification_id):
notification = notifications_dao.get_notification(api_user['client'], notification_id)
notification = notifications_dao.get_notification(str(api_user.service_id), notification_id)
return jsonify(data={"notification": notification_status_schema.dump(notification).data}), 200
@@ -181,7 +181,7 @@ def get_all_notifications():
limit_days = data.get('limit_days')
pagination = notifications_dao.get_notifications_for_service(
api_user['client'],
str(api_user.service_id),
filter_dict=data,
page=page,
page_size=page_size,
@@ -203,8 +203,8 @@ def send_notification(notification_type):
if notification_type not in ['sms', 'email']:
assert False
service_id = api_user['client']
service = services_dao.dao_fetch_service_by_id(api_user['client'])
service_id = str(api_user.service_id)
service = services_dao.dao_fetch_service_by_id(service_id)
service_stats = notifications_dao.dao_get_notification_statistics_for_service_and_day(
service_id,