diff options
| author | Fabian Mastenbroek <mail.fabianm@gmail.com> | 2021-05-14 15:17:49 +0200 |
|---|---|---|
| committer | Fabian Mastenbroek <mail.fabianm@gmail.com> | 2021-05-17 17:06:50 +0200 |
| commit | 0c6ccca5fac44ab40671627fd3181e9b138672fa (patch) | |
| tree | 0c0cc4aa53921feeddfd0d1c9111eee9a9c84c54 /opendc-web/opendc-web-api/opendc/util/rest.py | |
| parent | 17327a642738e0500f9a007b32a46bb4f426f881 (diff) | |
api: Migrate to Auth0 for API authorization
This change updates the OpenDC API to use Auth0 for API authorization.
This removes the hard dependency on Google for logging into OpenDC and
simplifies implementation as we do not have to store user information
anymore, other than the user identifier.
Diffstat (limited to 'opendc-web/opendc-web-api/opendc/util/rest.py')
| -rw-r--r-- | opendc-web/opendc-web-api/opendc/util/rest.py | 36 |
1 files changed, 2 insertions, 34 deletions
diff --git a/opendc-web/opendc-web-api/opendc/util/rest.py b/opendc-web/opendc-web-api/opendc/util/rest.py index c9e98295..63d063b3 100644 --- a/opendc-web/opendc-web-api/opendc/util/rest.py +++ b/opendc-web/opendc-web-api/opendc/util/rest.py @@ -1,11 +1,9 @@ import importlib import json -import os - -from oauth2client import client, crypt from opendc.util import exceptions, parameter_checker from opendc.util.exceptions import ClientError +from opendc.util.auth import current_user class Request: @@ -57,16 +55,7 @@ class Request: raise exceptions.UnsupportedMethodError('Unimplemented method at endpoint {}: {}'.format( self.path, self.method)) - # Verify the user - - if "OPENDC_FLASK_TESTING" in os.environ: - self.google_id = 'test' - return - - try: - self.google_id = self._verify_token(self.token) - except crypt.AppIdentityError as e: - raise exceptions.AuthorizationTokenError(e) + self.current_user = current_user def check_required_parameters(self, **kwargs): """Raise an error if a parameter is missing or of the wrong type.""" @@ -99,27 +88,6 @@ class Request: return json.dumps(self.message) - @staticmethod - def _verify_token(token): - """Return the ID of the signed-in user. - - Or throw an Exception if the token is invalid. - """ - - try: - id_info = client.verify_id_token(token, os.environ['OPENDC_OAUTH_CLIENT_ID']) - except Exception as e: - print(e) - raise crypt.AppIdentityError('Exception caught trying to verify ID token: {}'.format(e)) - - if id_info['aud'] != os.environ['OPENDC_OAUTH_CLIENT_ID']: - raise crypt.AppIdentityError('Unrecognized client.') - - if id_info['iss'] not in ['accounts.google.com', 'https://accounts.google.com']: - raise crypt.AppIdentityError('Wrong issuer.') - - return id_info['sub'] - class Response: """Response to websocket mapping""" |