From fd00351ad298abbae45cc4631f3034ebf952759d Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Wed, 15 Mar 2017 16:52:44 +0000 Subject: [PATCH] Testing out adding a admin authentication requirement per blueprint. --- app/authentication/auth.py | 16 ++++++++++++++++ app/service/rest.py | 11 +++++++---- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/app/authentication/auth.py b/app/authentication/auth.py index be89cec2c..1dc614e51 100644 --- a/app/authentication/auth.py +++ b/app/authentication/auth.py @@ -39,6 +39,22 @@ def get_auth_token(req): return auth_header[7:] +def requires_admin_auth(): + auth_token = get_auth_token(request) + try: + client = get_token_issuer(auth_token) + except TokenDecodeError as e: + raise AuthError(e.message, 403) + except TokenIssuerError: + raise AuthError("Invalid token: iss not provided", 403) + + if client == current_app.config.get('ADMIN_CLIENT_USER_NAME'): + g.service_id = current_app.config.get('ADMIN_CLIENT_USER_NAME') + return handle_admin_key(auth_token, current_app.config.get('ADMIN_CLIENT_SECRET')) + else: + raise AuthError('Unauthorized, admin authentication token required', 401) + + def requires_auth(): auth_token = get_auth_token(request) try: diff --git a/app/service/rest.py b/app/service/rest.py index b9c6f6b19..d3b9e5de3 100644 --- a/app/service/rest.py +++ b/app/service/rest.py @@ -4,7 +4,6 @@ from datetime import datetime from flask import ( jsonify, request, - Blueprint, current_app ) from sqlalchemy.orm.exc import NoResultFound @@ -42,9 +41,8 @@ from app.dao import notifications_dao from app.dao.provider_statistics_dao import get_fragment_count from app.dao.users_dao import get_user_by_id from app.errors import ( - register_errors, - InvalidRequest -) + InvalidRequest, + register_errors) from app.service import statistics from app.service.utils import get_whitelist_objects from app.schemas import ( @@ -57,8 +55,13 @@ from app.schemas import ( detailed_service_schema ) from app.utils import pagination_links, get_london_midnight_in_utc +from flask import Blueprint + +from app.authentication.auth import requires_admin_auth service_blueprint = Blueprint('service', __name__) + +service_blueprint.before_request(requires_admin_auth) register_errors(service_blueprint)