Merge pull request #57 from Clariteia/issue-56-parameterize-auth

Sergio García Prado · web-flow · commit 0a08448fcfff · 2021-11-03T12:11:54.000+01:00
#56 - Parameterize `auth` configuration
diff --git a/minos/api_gateway/rest/config.py b/minos/api_gateway/rest/config.py
@@ -19,14 +19,20 @@
     ApiGatewayConfigException,
 )
 
-REST = collections.namedtuple("Rest", "host port cors")
+REST = collections.namedtuple("Rest", "host port cors auth")
 DISCOVERY = collections.namedtuple("Discovery", "host port")
 CORS = collections.namedtuple("Cors", "enabled")
+AUTH = collections.namedtuple("Auth", "enabled host port method path")
 
 _ENVIRONMENT_MAPPER = {
     "rest.host": "API_GATEWAY_REST_HOST",
     "rest.port": "API_GATEWAY_REST_PORT",
     "rest.cors.enabled": "API_GATEWAY_REST_CORS_ENABLED",
+    "rest.auth.enabled": "API_GATEWAY_REST_AUTH_ENABLED",
+    "rest.auth.host": "API_GATEWAY_REST_AUTH_HOST",
+    "rest.auth.port": "API_GATEWAY_REST_AUTH_PORT",
+    "rest.auth.method": "API_GATEWAY_REST_AUTH_METHOD",
+    "rest.auth.path": "API_GATEWAY_REST_AUTH_PATH",
     "discovery.host": "API_GATEWAY_DISCOVERY_HOST",
     "discovery.port": "API_GATEWAY_DISCOVERY_PORT",
 }
@@ -35,6 +41,11 @@
     "rest.host": "api_gateway_rest_host",
     "rest.port": "api_gateway_rest_port",
     "rest.cors.enabled": "api_gateway_rest_cors_enabled",
+    "rest.auth.enabled": "api_gateway_rest_auth_enabled",
+    "rest.auth.host": "api_gateway_rest_auth_host",
+    "rest.auth.port": "api_gateway_rest_auth_port",
+    "rest.auth.method": "api_gateway_rest_auth_method",
+    "rest.auth.path": "api_gateway_rest_auth_path",
     "discovery.host": "api_gateway_discovery_host",
     "discovery.port": "api_gateway_discovery_port",
 }
@@ -93,7 +104,7 @@ def rest(self) -> REST:
 
         :return: A ``REST`` NamedTuple instance.
         """
-        return REST(host=self._get("rest.host"), port=int(self._get("rest.port")), cors=self._cors)
+        return REST(host=self._get("rest.host"), port=int(self._get("rest.port")), cors=self._cors, auth=self._auth)
 
     @property
     def _cors(self) -> CORS:
@@ -103,6 +114,19 @@ def _cors(self) -> CORS:
         """
         return CORS(enabled=self._get("rest.cors.enabled"))
 
+    @property
+    def _auth(self) -> t.Optional[AUTH]:
+        try:
+            return AUTH(
+                enabled=self._get("rest.auth.enabled"),
+                host=self._get("rest.auth.host"),
+                port=int(self._get("rest.auth.port")),
+                method=self._get("rest.auth.method"),
+                path=self._get("rest.auth.path"),
+            )
+        except KeyError:
+            return None
+
     @property
     def discovery(self) -> DISCOVERY:
         """Get the rest config.
diff --git a/minos/api_gateway/rest/exceptions.py b/minos/api_gateway/rest/exceptions.py
@@ -1,13 +1,13 @@
 class ApiGatewayException(Exception):
-    """TODO"""
+    """Base Api Gateway Exception."""
 
 
 class InvalidAuthenticationException(ApiGatewayException):
-    """TODO"""
+    """Exception to be raised when authentication is not valid."""
 
 
 class NoTokenException(ApiGatewayException):
-    """TODO"""
+    """Exception to be raised when token is not available."""
 
 
 class ApiGatewayConfigException(ApiGatewayException):
diff --git a/minos/api_gateway/rest/handler.py b/minos/api_gateway/rest/handler.py
@@ -1,6 +1,7 @@
 import logging
 from typing import (
     Any,
+    Optional,
 )
 
 from aiohttp import (
@@ -18,8 +19,6 @@
     NoTokenException,
 )
 
-ANONYMOUS = "Anonymous"
-
 logger = logging.getLogger(__name__)
 
 
@@ -39,19 +38,26 @@ async def orchestrate(request: web.Request) -> web.Response:
     return microservice_response
 
 
-async def get_user(request) -> str:
+async def get_user(request: web.Request) -> Optional[str]:
+    """Get The user identifier if it is available.
+
+    :param request: The external request.
+    :return: An string value containing the user identifier or ``None`` if no user information is available.
+    """
+    auth = request.app["config"].rest.auth
+    if auth is None or not auth.enabled:
+        return None
+
     try:
         await get_token(request)
     except NoTokenException:
-        return ANONYMOUS
-    else:
-        try:
-            original_headers = dict(request.headers.copy())
-            user_uuid = await authenticate("localhost", "8082", "POST", "token", original_headers)
-        except InvalidAuthenticationException:
-            return ANONYMOUS
-        else:
-            return user_uuid
+        return None
+
+    try:
+        original_headers = dict(request.headers.copy())
+        return await authenticate(auth.host, auth.port, auth.method, auth.path, original_headers)
+    except InvalidAuthenticationException:
+        return None
 
 
 async def discover(host: str, port: int, path: str, verb: str, endpoint: str) -> dict[str, Any]:
@@ -81,7 +87,7 @@ async def discover(host: str, port: int, path: str, verb: str, endpoint: str) ->
 
 
 # noinspection PyUnusedLocal
-async def call(address: str, port: int, original_req: web.Request, user: str, **kwargs) -> web.Response:
+async def call(address: str, port: int, original_req: web.Request, user: Optional[str], **kwargs) -> web.Response:
     """Call microservice (redirect the original call)
 
     :param address: The ip of the microservices.
@@ -93,7 +99,11 @@ async def call(address: str, port: int, original_req: web.Request, user: str, **
     """
 
     headers = original_req.headers.copy()
-    headers["User"] = user
+    if user is not None:
+        headers["User"] = user
+    else:  # Enforce that the 'User' entry is only generated by the auth system.
+        # noinspection PyTypeChecker
+        headers.pop("User", None)
 
     url = original_req.url.with_scheme("http").with_host(address).with_port(port)
     method = original_req.method
@@ -116,8 +126,8 @@ async def _clone_response(response: ClientResponse) -> web.Response:
     )
 
 
-async def authenticate(address: str, port: str, method: str, path: str, authorization_headers: dict[str, str]) -> str:
-    authentication_url = URL(f"http://{address}:{port}/{path}")
+async def authenticate(host: str, port: str, method: str, path: str, authorization_headers: dict[str, str]) -> str:
+    authentication_url = URL(f"http://{host}:{port}{path}")
     authentication_method = method
     logger.info("Authenticating request...")
 
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -35,6 +35,7 @@ typer = "^0.3.2"
 cached-property = "^1.5.2"
 aiohttp-middlewares = "^1.1.0"
 aiomisc = "^15.2.16"
+PyYAML = "^6.0"
 
 [tool.poetry.dev-dependencies]
 black = "^19.10b"
diff --git a/tests/config.yml b/tests/config.yml
@@ -2,7 +2,13 @@ rest:
     host: localhost
     port: 55909
     cors:
-      enabled: false
+      enabled: true
+    auth:
+        enabled: true
+        host: localhost
+        port: 8082
+        method: POST
+        path: /token
 discovery:
     host: localhost
     port: 5567
diff --git a/tests/config_without_auth.yml b/tests/config_without_auth.yml
@@ -0,0 +1,9 @@
+rest:
+    host: localhost
+    port: 55909
+    cors:
+      enabled: false
+discovery:
+    host: localhost
+    port: 5567
+
diff --git a/tests/test_api_gateway/test_rest/test_authentication.py b/tests/test_api_gateway/test_rest/test_authentication.py
@@ -94,6 +94,52 @@ async def test_request_has_token(self):
         self.assertIn("Microservice call correct!!!", await response.text())
 
 
+class TestAuthDisabled(AioHTTPTestCase):
+    CONFIG_FILE_PATH = BASE_PATH / "config_without_auth.yml"
+
+    def setUp(self) -> None:
+        self.config = ApiGatewayConfig(self.CONFIG_FILE_PATH)
+
+        self.discovery = MockServer(host=self.config.discovery.host, port=self.config.discovery.port,)
+        self.discovery.add_json_response(
+            "/microservices", {"address": "localhost", "port": "5568", "status": True},
+        )
+
+        self.microservice = MockServer(host="localhost", port=5568)
+        self.microservice.add_json_response(
+            "/order/5", "Microservice call correct!!!", methods=("GET", "PUT", "PATCH", "DELETE",)
+        )
+        self.microservice.add_json_response("/order", "Microservice call correct!!!", methods=("POST",))
+
+        self.discovery.start()
+        self.microservice.start()
+        super().setUp()
+
+    def tearDown(self) -> None:
+        self.discovery.shutdown_server()
+        self.microservice.shutdown_server()
+        super().tearDown()
+
+    async def get_application(self):
+        """
+        Override the get_app method to return your application.
+        """
+        rest_service = ApiGatewayRestService(
+            address=self.config.rest.host, port=self.config.rest.port, config=self.config
+        )
+
+        return await rest_service.create_application()
+
+    @unittest_run_loop
+    async def test_auth_unreachable(self):
+        url = "/order"
+        headers = {"Authorization": "Bearer test_token"}
+        response = await self.client.request("POST", url, headers=headers)
+
+        self.assertEqual(200, response.status)
+        self.assertIn("Microservice call correct!!!", await response.text())
+
+
 class TestAuthUnreachable(AioHTTPTestCase):
     CONFIG_FILE_PATH = BASE_PATH / "config.yml"
 
diff --git a/tests/test_api_gateway/test_rest/test_config.py b/tests/test_api_gateway/test_rest/test_config.py
