darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-05 02:41:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

Move proxy header check to auth-requiring endpoints

Browse Source 
The main drive behind this is to allow us to enable http healthchecks on
the `/_status` endpoint. The healthcheck requests are happening directly
on the instances without going to the proxy to get the header properly
set.

In any case, endpoints like `/_status` should be generally accessible by
anything without requiring any form of authorization.
This commit is contained in:
Athanasios Voutsadakis
2018-03-27 17:37:09 +01:00
parent 45aca51d4d
commit 463f1eefaf
3 changed files with 33 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/authentication/auth.py
View File

@@ -1,6 +1,7 @@
from flask import request, _request_ctx_stack, current_app, g
from notifications_python_client.authentication import decode_jwt_token, get_token_issuer
from notifications_python_client.errors import TokenDecodeError, TokenExpiredError, TokenIssuerError
from notifications_utils import request_helper
from sqlalchemy.exc import DataError
from sqlalchemy.orm.exc import NoResultFound
@@ -48,6 +49,8 @@ def requires_no_auth():
def requires_admin_auth():
request_helper.check_proxy_header_before_request()
auth_token = get_auth_token(request)
client = __get_token_issuer(auth_token)
@@ -59,6 +62,8 @@ def requires_admin_auth():
def requires_auth():
request_helper.check_proxy_header_before_request()
auth_token = get_auth_token(request)
client = __get_token_issuer(auth_token)