Skip to content
Snippets Groups Projects

Simplify decorator for auth validation

Merged Simplify decorator for auth validation
duncanmmacleod/gwdatafind-server:simple-decorator into master
Merged Duncan Macleod requested to merge duncanmmacleod/gwdatafind-server:simple-decorator into master
Compare
and
2 files
+ 47
49
Compare changes
  • Side-by-side
  • Inline
Files
2
gwdatafind_server/authentication.py
+ 39
41
@@ -42,44 +42,42 @@ def _validate_x509(request):
def validate():
def decorator(f):
@wraps(f)
def validator(*args, **kwargs):
try:
# Check for SciToken in header
if 'Authorization' in request.headers:
current_app.logger.info('View request with SciToken.')
try:
_validate_scitoken(request, audience=AUD, scope=SCP)
except NotImplementedError as exc:
msg = "SciToken authentication failed: {!r}"\
.format(exc)
current_app.logger.info('View request error:'
'{}'.format(msg))
content = {"Error, {}.".format(msg): ""}
return content, 403
# Else, check for X.509 certificate info in header
elif 'SSL_CLIENT_S_DN' and 'SSL_CLIENT_I_DN' \
in request.headers:
current_app.logger.info("View request with X.509 proxy "
"certificate.")
try:
_validate_x509(request)
except RuntimeError as exc:
msg = "X.509 authentication failed: {!r}".format(exc)
current_app.logger.info('View request error:'
'{}'.format(msg))
content = {"Error, {}.".format(msg): ""}
return content, 403
else:
raise RuntimeError("No Authentication Header or X.509 "
"cert info in header")
return f(*args, **kwargs)
except RuntimeError as exc:
msg = "Authentication failed: {!r}".format(exc)
current_app.logger.info('View request error:'
'{}'.format(msg))
content = {"Error, {}.".format(msg): ""}
return content, 403
return validator
return decorator
@wraps(f)
def validator(*args, **kwargs):
try:
# Check for SciToken in header
if 'Authorization' in request.headers:
current_app.logger.info('View request with SciToken.')
try:
_validate_scitoken(request, audience=AUD, scope=SCP)
except NotImplementedError as exc:
msg = "SciToken authentication failed: {!r}"\
.format(exc)
current_app.logger.info('View request error:'
'{}'.format(msg))
content = {"Error, {}.".format(msg): ""}
return content, 403
# Else, check for X.509 certificate info in header
elif 'SSL_CLIENT_S_DN' and 'SSL_CLIENT_I_DN' \
in request.headers:
current_app.logger.info("View request with X.509 proxy "
"certificate.")
try:
_validate_x509(request)
except RuntimeError as exc:
msg = "X.509 authentication failed: {!r}".format(exc)
current_app.logger.info('View request error:'
'{}'.format(msg))
content = {"Error, {}.".format(msg): ""}
return content, 403
else:
raise RuntimeError("No Authentication Header or X.509 "
"cert info in header")
return f(*args, **kwargs)
except RuntimeError as exc:
msg = "Authentication failed: {!r}".format(exc)
current_app.logger.info('View request error:'
'{}'.format(msg))
content = {"Error, {}.".format(msg): ""}
return content, 403
return validator