Skip to content

Commit

Permalink
fix pep8 and re wrap using black formatter
Browse files Browse the repository at this point in the history
  • Loading branch information
@andrewkrug
andrewkrug committed Jan 30, 2019
1 parent 3198c91 commit acdd622
Show file tree
Hide file tree
Showing 13 changed files with 611 additions and 587 deletions.
35 changes: 14 additions & 21 deletions dashboard/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,20 +13,11 @@
"""Mozilla Single Signon Dashboard."""

__author__ = """Andrew Krug"""
__email__ = '[email protected]'
__version__ = '0.0.1'
__email__ = "[email protected]"
__version__ = "0.0.1"


__all__ = [
'app',
'auth',
'config',
'models',
'person',
's3',
'utils',
'vanity'
]
__all__ = ["app", "auth", "config", "models", "person", "s3", "utils", "vanity"]


class CredstashEnv(object):
Expand All @@ -37,9 +28,9 @@ def get(self, key, namespace=None):
try:
if len(namespace) > 0:
secret = getSecret(
name='{}.{}'.format(namespace[0], key),
context={'app': 'sso-dashboard'},
region="us-east-1"
name="{}.{}".format(namespace[0], key),
context={"app": "sso-dashboard"},
region="us-east-1",
)
else:
secret = None
Expand All @@ -55,11 +46,13 @@ def get(self, key, namespace=None):
def get_config():
return ConfigManager(
[
ConfigIniEnv([
os.environ.get('DASHBOARD_CONFIG_INI'),
'~/.sso-dashboard.ini',
'/etc/sso-dashboard.ini'
]),
CredstashEnv()
ConfigIniEnv(
[
os.environ.get("DASHBOARD_CONFIG_INI"),
"~/.sso-dashboard.ini",
"/etc/sso-dashboard.ini",
]
),
CredstashEnv(),
]
)
99 changes: 64 additions & 35 deletions dashboard/api/idp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,41 +13,54 @@
class AuthorizeAPI(object):
def __init__(self, app, oidc_config):
self.app = app
self.algorithms = 'RS256'
self.algorithms = "RS256"
self.auth0_domain = oidc_config.OIDC_DOMAIN # auth.mozilla.auth0.com
self.audience = self._get_audience(self.app.config)

def _get_audience(self, app_config):
if app_config['SERVER_NAME'] == 'localhost:5000':
return 'https://sso.allizom.org'
if app_config["SERVER_NAME"] == "localhost:5000":
return "https://sso.allizom.org"
else:
return 'https://' + self.app.config.get('SERVER_NAME', 'sso.mozilla.com') # sso.mozilla.com
return "https://" + self.app.config.get(
"SERVER_NAME", "sso.mozilla.com"
) # sso.mozilla.com

# Format error response and append status code
def get_token_auth_header(self):
"""Obtains the Access Token from the Authorization Header
"""
auth = request.headers.get("Authorization", None)
if not auth:
raise AuthError({"code": "authorization_header_missing",
"description":
"Authorization header is expected"}, 401)
raise AuthError(
{
"code": "authorization_header_missing",
"description": "Authorization header is expected",
},
401,
)

parts = auth.split()

if parts[0].lower() != "bearer":
raise AuthError({"code": "invalid_header",
"description":
"Authorization header must start with"
" Bearer"}, 401)
raise AuthError(
{
"code": "invalid_header",
"description": "Authorization header must start with" " Bearer",
},
401,
)
elif len(parts) == 1:
raise AuthError({"code": "invalid_header",
"description": "Token not found"}, 401)
raise AuthError(
{"code": "invalid_header", "description": "Token not found"}, 401
)
elif len(parts) > 2:
raise AuthError({"code": "invalid_header",
"description":
"Authorization header must be"
" Bearer token"}, 401)
raise AuthError(
{
"code": "invalid_header",
"description": "Authorization header must be" " Bearer token",
},
401,
)

token = parts[1]
return token
Expand All @@ -60,6 +73,7 @@ def get_jwks(self):
def requires_api_auth(self, f):
"""Determines if the Access Token is valid
"""

@wraps(f)
def decorated(*args, **kwargs):
token = self.get_token_auth_header()
Expand All @@ -73,7 +87,7 @@ def decorated(*args, **kwargs):
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"]
"e": key["e"],
}
if rsa_key:
try:
Expand All @@ -83,29 +97,44 @@ def decorated(*args, **kwargs):
rsa_key,
algorithms=self.algorithms,
audience=self.audience,
issuer="https://" + self.auth0_domain + "/"
issuer="https://" + self.auth0_domain + "/",
)
except jwt.ExpiredSignatureError as e:
logger.error(e)
raise AuthError({"code": "token_expired",
"description": "token is expired"}, 401)
raise AuthError(
{"code": "token_expired", "description": "token is expired"},
401,
)
except jwt.JWTClaimsError as e:
logger.error(e)
raise AuthError({"code": "invalid_claims",
"description":
"incorrect claims,"
"please check the audience and issuer"}, 401)
raise AuthError(
{
"code": "invalid_claims",
"description": "incorrect claims,"
"please check the audience and issuer",
},
401,
)
except Exception as e:
logger.error(e)
raise AuthError({"code": "invalid_header",
"description":
"Unable to parse authentication"
" token."}, 401)
raise AuthError(
{
"code": "invalid_header",
"description": "Unable to parse authentication" " token.",
},
401,
)

_request_ctx_stack.top.current_user = payload
return f(*args, **kwargs)
raise AuthError({"code": "invalid_header",
"description": "Unable to find appropriate key"}, 401)
raise AuthError(
{
"code": "invalid_header",
"description": "Unable to find appropriate key",
},
401,
)

return decorated

def requires_scope(self, required_scope):
Expand All @@ -116,8 +145,8 @@ def requires_scope(self, required_scope):
token = self.get_token_auth_header()
unverified_claims = jwt.get_unverified_claims(token)
if unverified_claims.get("scope"):
token_scopes = unverified_claims["scope"].split()
for token_scope in token_scopes:
if token_scope == required_scope:
return True
token_scopes = unverified_claims["scope"].split()
for token_scope in token_scopes:
if token_scope == required_scope:
return True
return False
Loading

0 comments on commit acdd622

Please sign in to comment.