Skip to content

C
cake-bot
Commit ca440e27 by Oleksandr Barabash
Options

basic auth added

parent c3b303ae
Showing with 42 additions and 8 deletions
utils/functions.py
""" Handy Functions """ """ Handy Functions """
import binascii import binascii
import logging
import sys import sys
import urllib.parse import urllib.parse
from base64 import b64encode, b64decode from base64 import b64encode, b64decode
...@@ -12,6 +13,8 @@ from utils.log import Log ...@@ -12,6 +13,8 @@ from utils.log import Log
TAG = __name__ TAG = __name__
log = logging.getLogger()
DEFAULT_LOCALE = "en" DEFAULT_LOCALE = "en"
...@@ -59,6 +62,17 @@ def parse_auth_header(header: Optional[str]) -> Tuple[Optional[str], ...@@ -59,6 +62,17 @@ def parse_auth_header(header: Optional[str]) -> Tuple[Optional[str],
return None, None return None, None
def parse_basic_auth(data: str, divider=":") -> Tuple[Optional[str],
Optional[str]]:
""" Split Value with divider and return login and password """
try:
login, password = data.split(divider)
return login, password
except ValueError:
log.error("Failed to parse basic auth, data: '{}'".format(data))
return None, None
def b64encode_str(data: str, encoding="utf-8") -> str: def b64encode_str(data: str, encoding="utf-8") -> str:
""" Decode base64 str and return decoded string """ """ Decode base64 str and return decoded string """
return b64encode_np(data.encode(encoding)).decode(encoding) return b64encode_np(data.encode(encoding)).decode(encoding)
......
utils/token_helper.py
...@@ -13,7 +13,7 @@ from azure.core.exceptions import ResourceNotFoundError, HttpResponseError ...@@ -13,7 +13,7 @@ from azure.core.exceptions import ResourceNotFoundError, HttpResponseError
from entities.json.admin_user import AdminUser from entities.json.admin_user import AdminUser
from utils.azure_key_vault_client import AzureKeyVaultClient from utils.azure_key_vault_client import AzureKeyVaultClient
from utils.functions import b64encode_str, b64encode_np, parse_auth_header, \ from utils.functions import b64encode_str, b64encode_np, parse_auth_header, \
b64decode_str, b64decode_np b64decode_str, b64decode_np, parse_basic_auth
from utils.json_func import json_dumps, json_loads from utils.json_func import json_dumps, json_loads
from utils.log import Log from utils.log import Log
...@@ -25,6 +25,17 @@ class TokenHelper: ...@@ -25,6 +25,17 @@ class TokenHelper:
self.azure_kv = azure_kv self.azure_kv = azure_kv
self.executor = ThreadPoolExecutor(10) self.executor = ThreadPoolExecutor(10)
self.io_loop = asyncio.get_event_loop() self.io_loop = asyncio.get_event_loop()
self.login = None
self.password = None
def get_admin_login_password(self):
""" get admin login and password """
if None in [self.login, self.password]:
from config import Auth
login = self.azure_kv.get_secret_bl(Auth.ADMIN_LOGIN_SECRET).value
passwd = self.azure_kv.get_secret_bl(Auth.ADMIN_PASSW_SECRET).value
self.login, self.password = login, passwd
return self.login, self.password
def sign_token_bl(self, header: Dict[str, Union[str, int]], def sign_token_bl(self, header: Dict[str, Union[str, int]],
body: Dict[str, Union[str, int]], body: Dict[str, Union[str, int]],
...@@ -65,14 +76,11 @@ class TokenHelper: ...@@ -65,14 +76,11 @@ class TokenHelper:
""" Perform Auth blocking """ """ Perform Auth blocking """
from config import Auth from config import Auth
login = self.azure_kv.get_secret_bl(Auth.ADMIN_LOGIN_SECRET).value login, password = self.get_admin_login_password()
passw = self.azure_kv.get_secret_bl(Auth.ADMIN_PASSW_SECRET).value if user.login == login and user.password == password:
if user.login == login and user.password == passw:
ttl = 3600 ttl = 3600
token = self.create_token_bl(user.login, ttl) token = self.create_token_bl(user.login, ttl)
return dict(tokenType=Auth.TYPE, return dict(tokenType=Auth.TYPE, expiresIn=ttl, accessToken=token)
expiresIn=ttl,
accessToken=token)
return None return None
def do_auth(self, user: AdminUser): def do_auth(self, user: AdminUser):
...@@ -80,6 +88,16 @@ class TokenHelper: ...@@ -80,6 +88,16 @@ class TokenHelper:
return self.io_loop.run_in_executor(self.executor, self.do_auth_bl, return self.io_loop.run_in_executor(self.executor, self.do_auth_bl,
user) user)
def is_basic_valid(self, credentials: str) -> bool:
""" Check if credentials are valid """
from config import Auth
basic_login, basic_password = parse_basic_auth(credentials)
login, password = self.get_admin_login_password()
if None not in [basic_login, basic_password, login, password] and \
basic_login == login and basic_password == password:
return True
return False
def is_token_valid(self, token: str) -> bool: def is_token_valid(self, token: str) -> bool:
""" Check if token is Valid """ """ Check if token is Valid """
from config import Auth from config import Auth
...@@ -162,7 +180,9 @@ class TokenHelper: ...@@ -162,7 +180,9 @@ class TokenHelper:
request.headers.get("Authorization") request.headers.get("Authorization")
) )
Log.i(__name__, "auth_headers:: type: '{}'".format(a_type)) Log.i(__name__, "auth_headers:: type: '{}'".format(a_type))
if a_type == Auth.TYPE and self.is_token_valid(a_value): if a_type == Auth.Types.BEARER and self.is_token_valid(a_value):
return await f(request)
elif a_type == Auth.Types.BASIC and self.is_basic_valid(a_value):
return await f(request) return await f(request)
return Response(status=HTTPStatus.FORBIDDEN) return Response(status=HTTPStatus.FORBIDDEN)
return wr return wr
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment