Merge pull request #195 from hoomano/kroussel/authenticate_with_secret_as_decorator

start refacto with decorator to authenticate with secret

Author: xbasset

backend/app/app.py

@@ -1,13 +1,10 @@
 from gevent import monkey
-
-
 monkey.patch_all()
 
 import hashlib
 import random
 import string
 from packaging import version
-
 from flask import Flask
 from flask_socketio import SocketIO, join_room, ConnectionRefusedError, emit
 from flask_restful import Api
@@ -36,7 +33,6 @@
                          cors_allowed_origins="*", )
 
 from flask_restful import request
-from functools import wraps
 import jwt
 
 from datetime import datetime
@@ -60,43 +56,6 @@
 timing_logger = TimingLogger("/data/timing_logs.log")
 
 
-def authenticate_function(token):
-    try:
-        payload = jwt.decode(token, os.environ["JWT_SECRET"], algorithms=os.environ["ENCODING_ALGORITHM"])
-        user_id = payload["sub"].split(os.environ['TOKEN_SECRET_SPLITTER'])[0]
-        return True, user_id
-    except KeyError:
-        return {"error": "Authorization key required"}, 403
-    except jwt.ExpiredSignatureError:
-        return {"error": "Token expired."}, 403
-    except jwt.InvalidTokenError:
-        return {"error": "Invalid token."}, 403
-
-
-def authenticate(methods=["PUT", "POST", "DELETE", "GET"]):
-    methods = [name.lower() for name in methods]
-
-    def authenticate_wrapper(func):
-        @wraps(func)
-        def wrapper(*args, **kwargs):
-
-            if func.__name__ not in methods:
-                return func(*args, **kwargs)
-            try:
-                token = request.headers['Authorization']
-                auth = authenticate_function(token)
-                if auth[0] is not True:
-                    return auth
-                else:
-                    kwargs["user_id"] = auth[1]
-            except Exception as e:
-                return {"error": f"Authentication error : {e}"}, 403
-
-            return func(*args, **kwargs)
-
-        return wrapper
-
-    return authenticate_wrapper
 
 
 def generate_session_id(user_id):

backend/app/routes/associate_free_product.py

@@ -5,7 +5,8 @@
 from jinja2 import Template
 from flask import request
 from flask_restful import Resource
-from app import authenticate, db
+from app import db
+from mojodex_core.authentication import authenticate
 from mojodex_core.logging_handler import log_error
 from mojodex_core.entities.db_base_entities import MdPurchase, MdProduct, MdProductCategory, MdUser, MdEvent
 from models.purchase_manager import PurchaseManager

backend/app/routes/check_expired_purchases.py

@@ -4,6 +4,7 @@
 from flask import request
 from flask_restful import Resource
 from app import db
+from mojodex_core.authentication import authenticate_with_scheduler_secret
 from mojodex_core.logging_handler import log_error
 from mojodex_core.entities.db_base_entities import *
 
@@ -17,22 +18,16 @@
 
 class ExpiredPurchasesChecker(Resource):
 
+    def __init__(self):
+        ExpiredPurchasesChecker.method_decorators = [authenticate_with_scheduler_secret(methods=["POST"])]
+
     # checking for expired purchases
     def post(self):
         error_message = "Error checking for expired purchases"
         if not request.is_json:
             log_error(f"{error_message} : Request must be JSON", notify_admin=True)
             return {"error": "Invalid request"}, 400
 
-        try:
-            secret = request.headers['Authorization']
-            if secret != os.environ["MOJODEX_SCHEDULER_SECRET"]:
-                log_error(f"{error_message} : Authentication error : Wrong secret", notify_admin=True)
-                return {"error": "Authentication error : Wrong secret"}, 403
-        except KeyError:
-            log_error(f"{error_message} : Missing Authorization secret in headers", notify_admin=True)
-            return {"error": f"Missing Authorization secret in headers"}, 403
-
         try:
             timestamp = request.json['datetime']
             n_purchases = min(50, int(request.args["n_purchases"])) if "n_purchases" in request.args else 50

backend/app/routes/company.py

@@ -2,7 +2,8 @@
 import requests
 from flask import request
 from flask_restful import Resource
-from app import db, authenticate
+from app import db
+from mojodex_core.authentication import authenticate
 from mojodex_core.documents.website_parser import WebsiteParser
 from mojodex_core.logging_handler import log_error
 from mojodex_core.entities.db_base_entities import MdCompany, MdUser

backend/app/routes/device.py

@@ -1,4 +1,5 @@
-from app import authenticate, db
+from app import db
+from mojodex_core.authentication import authenticate
 from mojodex_core.logging_handler import log_error
 from mojodex_core.entities.db_base_entities import *
 from flask import request

backend/app/routes/error.py

@@ -1,6 +1,6 @@
 from flask import request
 from flask_restful import Resource
-from app import authenticate
+from mojodex_core.authentication import authenticate
 from mojodex_core.logging_handler import log_error
 
 

backend/app/routes/free_users_engagement.py

@@ -5,6 +5,7 @@
 from flask import request
 from flask_restful import Resource
 from app import db
+from mojodex_core.authentication import authenticate_with_scheduler_secret
 from mojodex_core.logging_handler import log_error
 from mojodex_core.entities.db_base_entities import *
 from sqlalchemy import func, text, and_
@@ -19,6 +20,10 @@
 class FreeUsersEngagementChecker(Resource):
     logger_prefix = "FreeUsersEngagementChecker::"
 
+    def __init__(self):
+        FreeUsersEngagementChecker.method_decorators = [authenticate_with_scheduler_secret(methods=["POST"])]
+
+
 
     def __init__(self):
         self.logger = MojodexBackendLogger(FreeUsersEngagementChecker.logger_prefix)
@@ -44,15 +49,6 @@ def post(self):
             log_error(f"{error_message} : Request must be JSON")
             return {"error": "Request must be JSON"}, 400
 
-        try:
-           secret = request.headers['Authorization']
-           if secret != os.environ["MOJODEX_SCHEDULER_SECRET"]:
-               log_error(f"{error_message} : Authentication error : Wrong secret", notify_admin=True)
-               return {"error": "Authentication error : Wrong secret"}, 403
-        except KeyError:
-           log_error(f"{error_message} : Missing Authorization secret in headers", notify_admin=True)
-           return {"error": f"Missing Authorization secret in headers"}, 403
-
         try:
             timestamp = request.json['datetime']
             n_disengaged_users = min(50, int(request.json["n_disengaged_users"])) if "n_disengaged_users" in request.json else 50

backend/app/routes/goal.py

@@ -1,6 +1,7 @@
 from flask import request
 from flask_restful import Resource
-from app import db, authenticate
+from app import db
+from mojodex_core.authentication import authenticate
 from mojodex_core.logging_handler import log_error
 from mojodex_core.entities.db_base_entities import *
 

backend/app/routes/home_chat.py

@@ -3,8 +3,8 @@
 from mojodex_core.tag_manager import TagManager
 from flask import request
 from flask_restful import Resource
-from app import authenticate, db, server_socket
-
+from app import db, server_socket
+from mojodex_core.authentication import authenticate, authenticate_with_scheduler_secret
 from mojodex_core.knowledge_manager import KnowledgeManager
 
 from mojodex_core.entities.message import Message
@@ -28,7 +28,7 @@ class HomeChat(Resource):
     message_body_start_tag, message_body_end_tag = "<message_body>", "</message_body>"
 
     def __init__(self):
-        HomeChat.method_decorators = [authenticate(methods=["GET", "POST"])]
+        HomeChat.method_decorators = [authenticate(methods=["GET", "POST"]), authenticate_with_scheduler_secret(methods=["PUT"])]
         self.session_creator = SessionCreator()
 
     @with_db_session
@@ -191,15 +191,6 @@ def get(self, user_id):
     def put(self):
         error_message = "Error preparing next week first home chat"
 
-        try:
-            secret = request.headers['Authorization']
-            if secret != os.environ["MOJODEX_SCHEDULER_SECRET"]:
-                log_error(f"{error_message} : Authentication error : Wrong secret", notify_admin=True)
-                return {"error": "Authentication error : Wrong secret"}, 403
-        except KeyError:
-            log_error(f"{error_message} : Missing Authorization secret in headers", notify_admin=True)
-            return {"error": f"Missing Authorization secret in headers"}, 403
-
         if not request.is_json:
             log_error(f"{error_message} : Request must be JSON")
             return {"error": "Request must be JSON"}, 400

backend/app/routes/image.py

@@ -3,7 +3,8 @@
 
 from flask import request
 from flask_restful import Resource
-from app import db, authenticate
+from app import db
+from mojodex_core.authentication import authenticate
 from mojodex_core.logging_handler import log_error
 from flask import send_file
 from mojodex_core.user_storage_manager.user_images_file_manager import UserImagesFileManager