@@ -39,7 +39,7 @@ def get_secret_key(self):
3939
4040 def verify_user (self , username ):
4141 """
42- Check if the provided username belong to the current user by
42+ Check if the provided username belongs to the current user by
4343 querying the Usermodel with the current user
4444 :param username:
4545 :param logger
@@ -60,13 +60,13 @@ def get_auth_token(self, logger):
6060 logger .warning ("Missing expected Authorization header" )
6161 abort (
6262 403 ,
63- message = "Please add 'Authorization' token as Authorization: Bearer <JWT_Auth_token >" ,
63+ message = "Please add 'Authorization' token as Authorization: Bearer <session_token >" ,
6464 )
6565
6666 try :
6767 auth_schema , auth_token = auth_header .split ()
6868 except ValueError :
69- logger .warning ("Malformed Auth header during logout " )
69+ logger .warning ("Malformed Auth header" )
7070 abort (
7171 401 ,
7272 message = "Malformed Authorization header, please add request header as Authorization: Bearer <session_token>" ,
@@ -79,51 +79,46 @@ def get_auth_token(self, logger):
7979 )
8080 abort (
8181 401 ,
82- message = "Malformed Authorization header, please add request header as Authorization : Bearer <session_token>" ,
82+ message = "Malformed Authorization header, request auth needs bearer token : Bearer <session_token>" ,
8383 )
8484 return auth_token
8585
86- def verify_auth (self ):
87- @Auth .token_auth .verify_token
88- def verify_token (auth_token ):
89- """
90- Validates the auth token
91- :param auth_token:
92- :param app:
93- :return: integer|string
94- """
86+ @staticmethod
87+ @token_auth .verify_token
88+ def verify_auth (auth_token ):
89+ """
90+ Validates the auth token
91+ :param auth_token:
92+ :return: integer|string
93+ """
94+ try :
95+ payload = jwt .decode (
96+ auth_token , os .getenv ("SECRET_KEY" , "my_precious" ), algorithms = "HS256" ,
97+ )
98+ user_id = payload ["sub" ]
99+ if ActiveTokens .valid (auth_token ):
100+ user = User .query (id = user_id )
101+ return user
102+ return None
103+ except jwt .ExpiredSignatureError :
95104 try :
96- payload = jwt .decode (
97- auth_token ,
98- os .getenv ("SECRET_KEY" , "my_precious" ),
99- algorithms = "HS256" ,
100- )
101- user_id = payload ["sub" ]
102- if ActiveTokens .valid (auth_token ):
103- user = User .query (id = user_id )
104- return user
105- return False
106- except jwt .ExpiredSignatureError :
107- try :
108- ActiveTokens .delete (auth_token )
109- except Exception :
110- Auth .logger .error (
111- "User attempted Pbench expired token but we could not delete the expired auth token from the database. token: '{}'" ,
112- auth_token ,
113- )
114- return False
115- Auth .logger .warning (
116- "User attempted Pbench expired token '{}', Token deleted from the database and no longer tracked" ,
117- auth_token ,
118- )
119- return False
120- except jwt .InvalidTokenError :
121- Auth .logger .warning (
122- "User attempted invalid Pbench token '{}'" , auth_token
123- )
124- return False
105+ ActiveTokens .delete (auth_token )
125106 except Exception :
126- Auth .logger .exception (
127- "Exception occurred while verifying the auth token '{}'" , auth_token
107+ Auth .logger .error (
108+ "User attempted Pbench expired token but we could not delete the expired auth token from the database. token: '{}'" ,
109+ auth_token ,
128110 )
129- return False
111+ return None
112+ Auth .logger .warning (
113+ "User attempted Pbench expired token '{}', Token deleted from the database and no longer tracked" ,
114+ auth_token ,
115+ )
116+ return None
117+ except jwt .InvalidTokenError :
118+ Auth .logger .warning ("User attempted invalid Pbench token '{}'" , auth_token )
119+ return None
120+ except Exception :
121+ Auth .logger .exception (
122+ "Exception occurred while verifying the auth token '{}'" , auth_token
123+ )
124+ return None
0 commit comments