Source code for VestaRestPackage.request_authorisation
#!/usr/bin/env python
# coding:utf-8
"""
This module defines authorization helper functions using JWT.
"""
# -- Standard lib ------------------------------------------------------------
import logging
# -- Project specific --------------------------------------------------------
from .vesta_exceptions import SettingsException
from .vesta_exceptions import VRPException
from .jwt_ import validate_token
[docs]def validate_authorisation(request, security_settings,
simple_private_key=None,
allow_security_bypass=True):
"""
Validate authorization.
:param request: Instance of :py:class:`flask.request`.
:param security_settings: Python dictionary object containing security
settings. Example of security object.
AUTHORISATION_KEY and BYPASS_SECURITY are
optional.
For example:
.. code-block:: python
SECURITY = {
'AUTHORISATION_KEY': "aed9yhfapgaegaeg"
'JWT': {
'JWT_SIGNATURE_KEY': "vJmMvm44x6RJcVXNPy6UDcSfJHOHNHrT1tKpo4IQ4MU=",
'JWT_AUDIENCE': "vlbTest",
'JWT_ALGORITHM': "HS512",
'JWT_DURATION': 600 # The following is specified in seconds.
}
}
Currently, request is authorised if one of these 3 conditions is met:
#. security_settings["BYPASS_SECURITY"]=True and
allow_security_bypass=True. In this case no security checks are made.
#. authorisation_key = security_settings["AUTHORISATION_KEY"] &&
authorisation_key != None.
#. Requests headers contains an autorisation field with a token
'Authorization'. JWT will validate this token.
.. note:: Does not check if security or request object are valid. Will crash
if they are not.
"""
logger = logging.getLogger(__name__)
if security_settings is None:
raise SettingsException('Security Settings object is empty')
if "BYPASS_SECURITY" in security_settings:
if allow_security_bypass and security_settings["BYPASS_SECURITY"]:
return
if "AUTHORISATION_KEY" in security_settings:
if simple_private_key is not None and\
simple_private_key == security_settings["AUTHORISATION_KEY"]:
return
authorisation_token = request.headers.get("Authorization")
logger.debug("Token %s", authorisation_token)
if authorisation_token is None:
raise VRPException("Authorisation token is empty")
validate_token(authorisation_token,
security_settings["JWT"]["JWT_SIGNATURE_KEY"],
security_settings["JWT"]["JWT_AUDIENCE"])