Added authentication on external feedback endpoint

Author: chris-adam

setup.py

@@ -55,7 +55,7 @@
         "collective.compoundcriterion",
         "collective.eeafaceted.z3ctable",
         "eea.facetednavigation",
-        "imio.helpers>1.3.8",
+        "imio.helpers>1.3.10",
         "imio.prettylink",
         "imio.pyutils",
         # 'z3c.jbot',

src/imio/esign/services/external_session_feedback.py

@@ -2,6 +2,7 @@
 from datetime import datetime
 from imio.esign import logger
 from imio.esign.utils import get_session_annotation
+from imio.helpers.ws import verify_auth_token
 from plone.restapi.deserializer import json_body
 from plone.restapi.services import Service
 
@@ -95,4 +96,20 @@ def reply(self):  # noqa C901
 
     def authorized(self):
         """Check if the user is authorized to access this service."""
-        return True
+        auth_header = self.request._auth
+        if not auth_header or not auth_header.startswith("Bearer "):
+            return False
+        try:
+            token = auth_header.split(" ")[1]
+        except IndexError:
+            return False
+        return verify_auth_token(token, groups=["access_imio-apps-docs"])
+
+
+"""
+State:
+to_create_session
+to_sign
+to_upload
+refused
+"""