Authorization request module

This module defines authorization helper functions using JWT.

VestaRestPackage.request_authorisation.validate_authorisation(request, security_settings, simple_private_key=None, allow_security_bypass=True)[source]

Validate authorization.

Parameters:
  • request – Instance of flask.request.
  • security_settings – Python dictionary object containing security settings. Example of security object. AUTHORISATION_KEY and BYPASS_SECURITY are optional.

For example:

SECURITY = {
   'AUTHORISATION_KEY': "aed9yhfapgaegaeg"
   'JWT': {
   'JWT_SIGNATURE_KEY': "vJmMvm44x6RJcVXNPy6UDcSfJHOHNHrT1tKpo4IQ4MU=",
   'JWT_AUDIENCE': "vlbTest",
   'JWT_ALGORITHM': "HS512",
   'JWT_DURATION': 600  # The following is specified in seconds.
  }
}

Currently, request is authorised if one of these 3 conditions is met:

  1. security_settings[“BYPASS_SECURITY”]=True and allow_security_bypass=True. In this case no security checks are made.
  2. authorisation_key = security_settings[“AUTHORISATION_KEY”] && authorisation_key != None.
  3. Requests headers contains an autorisation field with a token ‘Authorization’. JWT will validate this token.

Note

Does not check if security or request object are valid. Will crash if they are not.