45 lines
1.5 KiB
Python
45 lines
1.5 KiB
Python
"""Sample JWT authentication module for testing purposes.
|
|
|
|
NOT SUITABLE FOR PRODUCTION USE.
|
|
"""
|
|
|
|
import logging
|
|
|
|
import jwt
|
|
from flask import Response, make_response, request
|
|
from werkzeug.datastructures import Authorization
|
|
|
|
BEARER_PREFIX = "bearer "
|
|
|
|
_logger = logging.getLogger(__name__)
|
|
|
|
|
|
def authenticate_request() -> Authorization | Response:
|
|
_logger.debug("Getting token")
|
|
error_response = make_response()
|
|
error_response.status_code = 401
|
|
error_response.set_data(
|
|
"You are not authenticated. Please provide a valid JWT Bearer token with the request."
|
|
)
|
|
error_response.headers["WWW-Authenticate"] = 'Bearer error="invalid_token"'
|
|
|
|
token = request.headers.get("Authorization")
|
|
if token is not None and token.lower().startswith(BEARER_PREFIX):
|
|
token = token[len(BEARER_PREFIX) :] # Remove prefix
|
|
try:
|
|
# NOTE:
|
|
# - This is a sample implementation for testing purposes only.
|
|
# - Here we're using a hardcoded key, which is not secure.
|
|
# - We also aren't validating that the user exists.
|
|
token_info = jwt.decode(token, "secret", algorithms=["HS256"])
|
|
if not token_info: # pragma: no cover
|
|
_logger.warning("No token_info returned")
|
|
return error_response
|
|
|
|
return Authorization(auth_type="jwt", data=token_info)
|
|
except jwt.exceptions.InvalidTokenError:
|
|
pass
|
|
|
|
_logger.warning("Missing or invalid authorization token")
|
|
return error_response
|