zcash-grant-system/backend/grant/utils/auth.py

import ast
import json
from functools import wraps

import requests
from flask_security.core import current_user
from flask import request, g, jsonify
import sentry_sdk

from grant.settings import SECRET_KEY
from ..proposal.models import Proposal
from ..user.models import User


def requires_auth(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        if not current_user.is_authenticated:
            return jsonify(message="Authentication is required to access this resource"), 401
        g.current_user = current_user
        with sentry_sdk.configure_scope() as scope:
            scope.user = {
                "id": current_user.id,
            }
        return f(*args, **kwargs)
    return decorated


def requires_same_user_auth(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        user_id = kwargs["user_id"]
        if not user_id:
            return jsonify(message="Decorator requires_same_user_auth requires path variable <user_id>"), 500

        user = User.get_by_id(user_id=user_id)
        if not user:
            return jsonify(message="Could not find user with id {}".format(user_id)), 403

        if user.id != g.current_user.id:
            return jsonify(message="You are not authorized to modify this user"), 403

        return f(*args, **kwargs)

    return requires_auth(decorated)


def requires_team_member_auth(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        proposal_id = kwargs["proposal_id"]
        if not proposal_id:
            return jsonify(message="Decorator requires_team_member_auth requires path variable <proposal_id>"), 500

        proposal = Proposal.query.filter_by(id=proposal_id).first()
        if not proposal:
            return jsonify(message="No proposal exists with id {}".format(proposal_id)), 404

        if not g.current_user in proposal.team:
            return jsonify(message="You are not authorized to modify this proposal"), 403

        g.current_proposal = proposal
        return f(*args, **kwargs)

    return requires_auth(decorated)
EIP-712 User Authorization (#138) * example auth service * prep for merge * MVP signed transaction based auth * update auth service endpoint and delete checked-in auth service * add readme explanation for AUTH_URL * rename eip-712 headers * fix test errors 2018-10-19 22:18:27 -07:00			`import ast`
			`import json`
initial commit 2018-09-10 09:55:26 -07:00			`from functools import wraps`

EIP-712 User Authorization (#138) * example auth service * prep for merge * MVP signed transaction based auth * update auth service endpoint and delete checked-in auth service * add readme explanation for AUTH_URL * rename eip-712 headers * fix test errors 2018-10-19 22:18:27 -07:00			`import requests`
User Auth Conversion (#19) 2018-12-14 11:36:22 -08:00			`from flask_security.core import current_user`
initial commit 2018-09-10 09:55:26 -07:00			`from flask import request, g, jsonify`
Sentry Integration (#221) * BE sentry setup w/ user scope * FE sentry integration + user scope * FE env adjustments * FE: use NODE_ENV for Sentry * BE: use FLASK_ENV for Sentry * BE: remove email, acct & ip from Sentry user scope * comment .env.example SENTRY* for CI * fix merge artifact 2018-11-21 21:45:29 -08:00			`import sentry_sdk`
initial commit 2018-09-10 09:55:26 -07:00
User Auth Conversion (#19) 2018-12-14 11:36:22 -08:00			`from grant.settings import SECRET_KEY`
Add auth to endpoints. 2018-11-07 11:19:12 -08:00			`from ..proposal.models import Proposal`
Auth Endpoints Tests (#203) Auth Endpoints Tests 2018-11-13 05:58:02 -08:00			`from ..user.models import User`
initial commit 2018-09-10 09:55:26 -07:00

User Auth Conversion (#19) 2018-12-14 11:36:22 -08:00			`def requires_auth(f):`
EIP-712 User Authorization (#138) * example auth service * prep for merge * MVP signed transaction based auth * update auth service endpoint and delete checked-in auth service * add readme explanation for AUTH_URL * rename eip-712 headers * fix test errors 2018-10-19 22:18:27 -07:00			`@wraps(f)`
			`def decorated(args, *kwargs):`
User Auth Conversion (#19) 2018-12-14 11:36:22 -08:00			`if not current_user.is_authenticated:`
			`return jsonify(message="Authentication is required to access this resource"), 401`
			`g.current_user = current_user`
			`with sentry_sdk.configure_scope() as scope:`
			`scope.user = {`
			`"id": current_user.id,`
			`}`
			`return f(args, *kwargs)`
EIP-712 User Authorization (#138) * example auth service * prep for merge * MVP signed transaction based auth * update auth service endpoint and delete checked-in auth service * add readme explanation for AUTH_URL * rename eip-712 headers * fix test errors 2018-10-19 22:18:27 -07:00			`return decorated`
Add auth to endpoints. 2018-11-07 11:19:12 -08:00
User Auth Conversion (#19) 2018-12-14 11:36:22 -08:00
Add auth to endpoints. 2018-11-07 11:19:12 -08:00			`def requires_same_user_auth(f):`
			`@wraps(f)`
			`def decorated(args, *kwargs):`
User Auth Conversion (#19) 2018-12-14 11:36:22 -08:00			`user_id = kwargs["user_id"]`
			`if not user_id:`
			`return jsonify(message="Decorator requires_same_user_auth requires path variable <user_id>"), 500`
Add auth to endpoints. 2018-11-07 11:19:12 -08:00
User Auth Conversion (#19) 2018-12-14 11:36:22 -08:00			`user = User.get_by_id(user_id=user_id)`
Tests around invites, and a few fixes along the way. 2018-11-28 13:56:19 -08:00			`if not user:`
User Auth Conversion (#19) 2018-12-14 11:36:22 -08:00			`return jsonify(message="Could not find user with id {}".format(user_id)), 403`
Tests around invites, and a few fixes along the way. 2018-11-28 13:56:19 -08:00
Auth Endpoints Tests (#203) Auth Endpoints Tests 2018-11-13 05:58:02 -08:00			`if user.id != g.current_user.id:`
Add auth to endpoints. 2018-11-07 11:19:12 -08:00			`return jsonify(message="You are not authorized to modify this user"), 403`
Auth Endpoints Tests (#203) Auth Endpoints Tests 2018-11-13 05:58:02 -08:00
Add auth to endpoints. 2018-11-07 11:19:12 -08:00			`return f(args, *kwargs)`
Auth Endpoints Tests (#203) Auth Endpoints Tests 2018-11-13 05:58:02 -08:00
User Auth Conversion (#19) 2018-12-14 11:36:22 -08:00			`return requires_auth(decorated)`
Add auth to endpoints. 2018-11-07 11:19:12 -08:00
Auth Endpoints Tests (#203) Auth Endpoints Tests 2018-11-13 05:58:02 -08:00
Add auth to endpoints. 2018-11-07 11:19:12 -08:00			`def requires_team_member_auth(f):`
			`@wraps(f)`
			`def decorated(args, *kwargs):`
			`proposal_id = kwargs["proposal_id"]`
			`if not proposal_id:`
			`return jsonify(message="Decorator requires_team_member_auth requires path variable <proposal_id>"), 500`

			`proposal = Proposal.query.filter_by(id=proposal_id).first()`
			`if not proposal:`
Tests around invites, and a few fixes along the way. 2018-11-28 13:56:19 -08:00			`return jsonify(message="No proposal exists with id {}".format(proposal_id)), 404`
Add auth to endpoints. 2018-11-07 11:19:12 -08:00
			`if not g.current_user in proposal.team:`
			`return jsonify(message="You are not authorized to modify this proposal"), 403`

			`g.current_proposal = proposal`
			`return f(args, *kwargs)`
Auth Endpoints Tests (#203) Auth Endpoints Tests 2018-11-13 05:58:02 -08:00
User Auth Conversion (#19) 2018-12-14 11:36:22 -08:00			`return requires_auth(decorated)`