Strona główna Odkrywaj Pomoc
Zaloguj się
wangb
/
flexmeasures-main
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Drzewo: 9658719b43
Gałęzie Tagi
flexmeasures...
/
flexmeasures
/
auth
/
error_handling.py

error_handling.py 4.2 KB
Historia Czysty

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 
  1. """
    2. 

  2. Auth error handling.
    3. 

  3. 

  4. Beware: There is a historical confusion of naming between authentication and authorization.
    5. 

  5.         Names of Responses have to be kept as they were called in original W3 protocols.
    6. 

  6.         See explanation below.
    7. 

  7. """
    8. 

  8. 

  9. from __future__ import annotations
    10. 

  10. 

  11. from typing import Callable
    12. 

  12. 

  13. from flask import request, jsonify, current_app
    14. 

  14. 

  15. from flexmeasures.utils.error_utils import log_error
    16. 

  16. 

  17. 

  18. # "Unauthorized"
    19. 

  19. # "The request requires user authentication. The response MUST include a WWW-Authenticate header field."
    20. 

  20. # So this essentially means the user needs to authenticate!
    21. 

  21. # For the historical confusion between "authorize" and "authenticate" in this status' name,
    22. 

  22. # see https://robertlathanh.com/2012/06/http-status-codes-401-unauthorized-and-403-forbidden-for-authentication-and-authorization-and-oauth/
    23. 

  23. UNAUTH_STATUS_CODE = 401
    24. 

  24. UNAUTH_ERROR_CLASS = "Unauthorized"
    25. 

  25. UNAUTH_ERROR_STATUS = (
    26. 

  26.     "UNAUTHORIZED"  # keeping the historical name intact for protocol consistency.
    27. 

  27. )
    28. 

  28. UNAUTH_MSG = (
    29. 

  29.     "You could not be properly authenticated for this content or functionality."
    30. 

  30. )
    31. 

  31. 

  32. # "Forbidden"
    33. 

  33. # "The server understood the request, but is refusing to fulfil it. Authorization will not help and the request SHOULD NOT be repeated."
    34. 

  34. # So this is the real authorization status!
    35. 

  35. # Preferably to be used when the user is logged in but is not authorized for the resource.
    36. 

  36. # Advice: a not logged-in user should preferably see a 404 NotFound.
    37. 

  37. FORBIDDEN_STATUS_CODE = 403
    38. 

  38. FORBIDDEN_ERROR_CLASS = "InvalidSender"
    39. 

  39. FORBIDDEN_ERROR_STATUS = "INVALID_SENDER"
    40. 

  40. FORBIDDEN_MSG = "You cannot be authorized for this content or functionality."
    41. 

  41. 

  42. 

  43. def unauthorized_handler_e(e):
    44. 

  44.     """Swallow error. Useful for classical Flask error handler registration."""
    45. 

  45.     log_error(e, str(e))
    46. 

  46.     return unauthorized_handler()
    47. 

  47. 

  48. 

  49. def unauthorized_handler(func: Callable | None = None, params: list | None = None):
    50. 

  50.     """
    51. 

  51.     Handler for authorization problems.
    52. 

  52.     :param func: the Flask-Security-Too decorator, if relevant, and params are its parameters.
    53. 

  53. 

  54.     We respond with json if the request doesn't say otherwise.
    55. 

  55.     Also, other FlexMeasures packages can define that they want to wrap JSON responses
    56. 

  56.     and/or render HTML error pages (for non-JSON requests) in custom ways ―
    57. 

  57.     by registering unauthorized_handler_api & unauthorized_handler_html, respectively.
    58. 

  58.     """
    59. 

  59.     if request.is_json or request.content_type is None:
    60. 

  60.         if hasattr(current_app, "unauthorized_handler_api"):
    61. 

  61.             return current_app.unauthorized_handler_api(params)
    62. 

  62.         response = jsonify(dict(message=FORBIDDEN_MSG, status=FORBIDDEN_ERROR_STATUS))
    63. 

  63.         response.status_code = FORBIDDEN_STATUS_CODE
    64. 

  64.         return response
    65. 

  65.     if hasattr(current_app, "unauthorized_handler_html"):
    66. 

  66.         return current_app.unauthorized_handler_html()
    67. 

  67.     return "%s:%s" % (FORBIDDEN_ERROR_CLASS, FORBIDDEN_MSG), FORBIDDEN_STATUS_CODE
    68. 

  68. 

  69. 

  70. def unauthenticated_handler_e(e):
    71. 

  71.     """Swallow error. Useful for classical Flask error handler registration."""
    72. 

  72.     log_error(e, str(e))
    73. 

  73.     return unauthenticated_handler()
    74. 

  74. 

  75. 

  76. def unauthenticated_handler(
    77. 

  77.     mechanisms: list | None = None, headers: dict | None = None
    78. 

  78. ):
    79. 

  79.     """
    80. 

  80.     Handler for authentication problems.
    81. 

  81.     :param mechanisms: a list of which authentication mechanisms were tried.
    82. 

  82.     :param headers: a dict of headers to return.
    83. 

  83.     We respond with json if the request doesn't say otherwise.
    84. 

  84.     Also, other FlexMeasures packages can define that they want to wrap JSON responses
    85. 

  85.     and/or render HTML error pages (for non-JSON requests) in custom ways ―
    86. 

  86.     by registering unauthenticated_handler_api & unauthenticated_handler_html, respectively.
    87. 

  87.     """
    88. 

  88.     if request.is_json or request.content_type is None:
    89. 

  89.         if hasattr(current_app, "unauthenticated_handler_api"):
    90. 

  90.             return current_app.unauthenticated_handler_api(None, [])
    91. 

  91.         response = jsonify(dict(message=UNAUTH_MSG, status=UNAUTH_ERROR_STATUS))
    92. 

  92.         response.status_code = UNAUTH_STATUS_CODE
    93. 

  93.         if headers is not None:
    94. 

  94.             response.headers.update(headers)
    95. 

  95.         return response
    96. 

  96.     if hasattr(current_app, "unauthenticated_handler_html"):
    97. 

  97.         return current_app.unauthenticated_handler_html()
    98. 

  98.     return "%s:%s" % (UNAUTH_ERROR_CLASS, UNAUTH_MSG), UNAUTH_STATUS_CODE
    99.