zenon/web-application-engineering
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remodelled client authorization

Browse Source
This commit is contained in:
Martin 2021-04-30 15:42:59 +02:00
parent 7dd3232139
commit ca1d7fdb7a
2 changed files with 34 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
backend/app_be/urls.py
View File

@ -21,7 +21,6 @@ from app_be.views.rest_api import *
urlpatterns = [ urlpatterns = [
path('admin/', admin.site.urls), path('admin/', admin.site.urls),
url(r'^test/', TestApiClass.test_api),
url(r'^api/login', LoginClass.login), url(r'^api/login', LoginClass.login),
] ]

65
backend/app_be/views/rest_api.py
View File

@ -3,48 +3,51 @@ import logging
from django.http import JsonResponse from django.http import JsonResponse
from rest_framework.decorators import api_view from rest_framework.decorators import api_view
from oauthlib import openid
from py_jwt_validator import PyJwtValidator, PyJwtException from py_jwt_validator import PyJwtValidator, PyJwtException
import requests import requests
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
class TestApiClass: def authorize(request: requests.Request):
@staticmethod logger.debug('Validating request: {}'.format(request))
@api_view(['GET'])
def test_api(request): if 'Authorization' not in request.headers:
logger.debug('Test api call: {}'.format(request)) print(f"Authorization header missing")
return JsonResponse({'Result': 'success'}, safe=False) logger.error(f"Authorization header missing")
return None
bearer = request.headers['Authorization']
if len(bearer.split()) < 2:
return None
jwt = bearer.split()[1]
try:
validator = PyJwtValidator(jwt, auto_verify=False)
token = validator.verify(True)
if 'payload' in token:
payload = token['payload']
if 'sub' in payload:
return payload['sub']
except PyJwtException as e:
print(f"Exception caught. Error: {e}")
logger.error(f"Exception caught. Error: {e}")
return None
except UnicodeDecodeError as e2:
print(f"Exception caught. Error: {e2}")
logger.error(f"Exception caught. Error: {e2}")
return None
return None
class LoginClass: class LoginClass:
@staticmethod @staticmethod
@api_view(['GET']) @api_view(['GET'])
def login(request: requests.Request): def login(request: requests.Request):
logger.debug('Validating request: {}'.format(request)) user_sub = authorize(request)
if not user_sub:
if 'Authorization' not in request.headers:
print(f"Authorization header missing")
logger.error(f"Authorization header missing")
return JsonResponse({}, status=401) return JsonResponse({}, status=401)
bearer = request.headers['Authorization'] return JsonResponse({'user': user_sub}, safe=False, status=200)
if len(bearer.split()) < 2:
return JsonResponse({}, status=401)
jwt = bearer.split()[1]
try:
PyJwtValidator(jwt)
except PyJwtException as e:
print(f"Exception caught. Error: {e}")
logger.error(f"Exception caught. Error: {e}")
return JsonResponse({}, status=401)
except UnicodeDecodeError as e2:
print(f"Exception caught. Error: {e2}")
logger.error(f"Exception caught. Error: {e2}")
return JsonResponse({}, status=401)
return JsonResponse({}, safe=False, status=200)