From ca1d7fdb7ade21dc5305c76383897615c4fdc42e Mon Sep 17 00:00:00 2001
From: Martin <e1633073@student.tuwien.ac.at>
Date: Fri, 30 Apr 2021 15:42:59 +0200
Subject: [PATCH] Remodelled client authorization

---
 backend/app_be/urls.py           |  1 -
 backend/app_be/views/rest_api.py | 65 +++++++++++++++++---------------
 2 files changed, 34 insertions(+), 32 deletions(-)

diff --git a/backend/app_be/urls.py b/backend/app_be/urls.py
index 38134e7..bdae79d 100644
--- a/backend/app_be/urls.py
+++ b/backend/app_be/urls.py
@@ -21,7 +21,6 @@ from app_be.views.rest_api import *
 
 urlpatterns = [
     path('admin/', admin.site.urls),
-    url(r'^test/', TestApiClass.test_api),
     url(r'^api/login', LoginClass.login),
 ]
 
diff --git a/backend/app_be/views/rest_api.py b/backend/app_be/views/rest_api.py
index d466f88..df04107 100644
--- a/backend/app_be/views/rest_api.py
+++ b/backend/app_be/views/rest_api.py
@@ -3,48 +3,51 @@ import logging
 from django.http import JsonResponse
 
 from rest_framework.decorators import api_view
-from oauthlib import openid
 from py_jwt_validator import PyJwtValidator, PyJwtException
 import requests
 
 logger = logging.getLogger(__name__)
 
 
-class TestApiClass:
-    @staticmethod
-    @api_view(['GET'])
-    def test_api(request):
-        logger.debug('Test api call: {}'.format(request))
-        return JsonResponse({'Result': 'success'}, safe=False)
+def authorize(request: requests.Request):
+    logger.debug('Validating request: {}'.format(request))
+
+    if 'Authorization' not in request.headers:
+        print(f"Authorization header missing")
+        logger.error(f"Authorization header missing")
+        return None
+
+    bearer = request.headers['Authorization']
+
+    if len(bearer.split()) < 2:
+        return None
+
+    jwt = bearer.split()[1]
+
+    try:
+        validator = PyJwtValidator(jwt, auto_verify=False)
+        token = validator.verify(True)
+        if 'payload' in token:
+            payload = token['payload']
+            if 'sub' in payload:
+                return payload['sub']
+    except PyJwtException as e:
+        print(f"Exception caught. Error: {e}")
+        logger.error(f"Exception caught. Error: {e}")
+        return None
+    except UnicodeDecodeError as e2:
+        print(f"Exception caught. Error: {e2}")
+        logger.error(f"Exception caught. Error: {e2}")
+        return None
+    return None
 
 
 class LoginClass:
     @staticmethod
     @api_view(['GET'])
     def login(request: requests.Request):
-        logger.debug('Validating request: {}'.format(request))
-
-        if 'Authorization' not in request.headers:
-            print(f"Authorization header missing")
-            logger.error(f"Authorization header missing")
+        user_sub = authorize(request)
+        if not user_sub:
             return JsonResponse({}, status=401)
 
-        bearer = request.headers['Authorization']
-
-        if len(bearer.split()) < 2:
-            return JsonResponse({}, status=401)
-
-        jwt = bearer.split()[1]
-
-        try:
-            PyJwtValidator(jwt)
-        except PyJwtException as e:
-            print(f"Exception caught. Error: {e}")
-            logger.error(f"Exception caught. Error: {e}")
-            return JsonResponse({}, status=401)
-        except UnicodeDecodeError as e2:
-            print(f"Exception caught. Error: {e2}")
-            logger.error(f"Exception caught. Error: {e2}")
-            return JsonResponse({}, status=401)
-
-        return JsonResponse({}, safe=False, status=200)
+        return JsonResponse({'user': user_sub}, safe=False, status=200)