Merge pull request #53 from Clariteia/issue-45-call-auth-microservice

#45 - call auth microservice

Author: albamig

minos/api_gateway/rest/exceptions.py

@@ -0,0 +1,6 @@
+class InvalidAuthenticationException(Exception):
+    pass
+
+
+class NoTokenException(Exception):
+    pass

minos/api_gateway/rest/handler.py

@@ -15,6 +15,13 @@
     URL,
 )
 
+from minos.api_gateway.rest.exceptions import (
+    InvalidAuthenticationException,
+    NoTokenException,
+)
+
+ANONYMOUS = "Anonymous"
+
 logger = logging.getLogger(__name__)
 
 
@@ -28,10 +35,27 @@ async def orchestrate(request: web.Request) -> web.Response:
 
     discovery_data = await discover(discovery_host, int(discovery_port), "/microservices", verb, url)
 
-    microservice_response = await call(**discovery_data, original_req=request)
+    user = await get_user(request)
+
+    microservice_response = await call(**discovery_data, original_req=request, user=user)
     return microservice_response
 
 
+async def get_user(request) -> str:
+    try:
+        await get_token(request)
+    except NoTokenException:
+        return ANONYMOUS
+    else:
+        try:
+            original_headers = dict(request.headers.copy())
+            user_uuid = await authenticate("localhost", "8082", "POST", "token", original_headers)
+        except InvalidAuthenticationException:
+            return ANONYMOUS
+        else:
+            return user_uuid
+
+
 async def discover(host: str, port: int, path: str, verb: str, endpoint: str) -> dict[str, Any]:
     """Call discovery service and get microservice connection data.
 
@@ -59,25 +83,19 @@ async def discover(host: str, port: int, path: str, verb: str, endpoint: str) ->
 
 
 # noinspection PyUnusedLocal
-async def call(address: str, port: int, original_req: web.Request, **kwargs) -> web.Response:
+async def call(address: str, port: int, original_req: web.Request, user: str, **kwargs) -> web.Response:
     """Call microservice (redirect the original call)
 
     :param address: The ip of the microservices.
     :param port: The port of the microservice.
     :param original_req: The original request.
     :param kwargs: Additional named arguments.
+    :param user: User that makes the request
     :return: The web response to be retrieved to the client.
     """
 
     headers = original_req.headers.copy()
-    if "Authorization" in headers and "Bearer" in headers["Authorization"]:
-        parts = headers["Authorization"].split()
-        if len(parts) == 2:
-            headers["User"] = parts[1]
-        else:
-            headers["User"] = "None"
-    else:
-        headers["User"] = "None"
+    headers["User"] = user
 
     url = original_req.url.with_scheme("http").with_host(address).with_port(port)
     method = original_req.method
@@ -86,8 +104,8 @@ async def call(address: str, port: int, original_req: web.Request, **kwargs) ->
     logger.info(f"Redirecting {method!r} request to {url!r}...")
 
     try:
-        async with ClientSession(headers=headers) as session:
-            async with session.request(method=method, url=url, data=content) as response:
+        async with ClientSession() as session:
+            async with session.request(headers=headers, method=method, url=url, data=content) as response:
                 return await _clone_response(response)
     except ClientConnectorError:
         raise web.HTTPServiceUnavailable(text="The requested endpoint is not available.")
@@ -98,3 +116,30 @@ async def _clone_response(response: ClientResponse) -> web.Response:
     return web.Response(
         body=await response.read(), status=response.status, reason=response.reason, headers=response.headers,
     )
+
+
+async def authenticate(address: str, port: str, method: str, path: str, authorization_headers: dict[str, str]) -> str:
+    authentication_url = URL(f"http://{address}:{port}/{path}")
+    authentication_method = method
+    logger.info("Authenticating request...")
+
+    try:
+        async with ClientSession(headers=authorization_headers) as session:
+            async with session.request(method=authentication_method, url=authentication_url) as response:
+                if response.ok:
+                    jwt_payload = await response.json()
+                    return jwt_payload["sub"]
+                else:
+                    raise InvalidAuthenticationException
+    except (ClientConnectorError, web.HTTPError):
+        raise InvalidAuthenticationException
+
+
+async def get_token(request: web.Request) -> str:
+    headers = request.headers
+    if "Authorization" in headers and "Bearer" in headers["Authorization"]:
+        parts = headers["Authorization"].split()
+        if len(parts) == 2:
+            return parts[1]
+
+    raise NoTokenException

tests/config.yml

@@ -4,7 +4,7 @@ rest:
     endpoints: []
 discovery:
     host: localhost
-    port: 55656
+    port: 5567
     path: ""
     endpoints: []
     db:

tests/test_api_gateway/test_rest/test_authentication.py

@@ -2,6 +2,9 @@
 from unittest import (
     mock,
 )
+from uuid import (
+    uuid4,
+)
 
 from aiohttp.test_utils import (
     AioHTTPTestCase,
@@ -22,7 +25,7 @@
 )
 
 
-class TestApiGatewayAuth(AioHTTPTestCase):
+class TestApiGatewayAuthentication(AioHTTPTestCase):
     CONFIG_FILE_PATH = BASE_PATH / "config.yml"
 
     @mock.patch.dict(os.environ, {"API_GATEWAY_CORS_ENABLED": "true"})
@@ -42,13 +45,18 @@ def setUp(self) -> None:
         )
         self.microservice.add_json_response("/order", "Microservice call correct!!!", methods=("POST",))
 
+        self.authentication_service = MockServer(host="localhost", port=8082)
+        self.authentication_service.add_json_response("/token", {"sub": uuid4()}, methods=("POST",))
+
         self.discovery.start()
         self.microservice.start()
+        self.authentication_service.start()
         super().setUp()
 
     def tearDown(self) -> None:
         self.discovery.shutdown_server()
         self.microservice.shutdown_server()
+        self.authentication_service.shutdown_server()
         super().tearDown()
 
     async def get_application(self):
@@ -65,6 +73,7 @@ async def get_application(self):
     async def test_auth_headers(self):
         url = "/order"
         headers = {"Authorization": "Bearer test_token"}
+
         response = await self.client.request("POST", url, headers=headers)
 
         self.assertEqual(200, response.status)
@@ -73,7 +82,64 @@ async def test_auth_headers(self):
     @unittest_run_loop
     async def test_wrong_auth_headers(self):
         url = "/order"
-        headers = {"Authorization": "Bearer"}
+        headers = {"Authorization": "Bearer"}  # Missing token
+        response = await self.client.request("POST", url, headers=headers)
+
+        self.assertEqual(200, response.status)
+        self.assertIn("Microservice call correct!!!", await response.text())
+
+    @unittest_run_loop
+    async def test_request_has_token(self):
+        url = "/order"
+        headers = {"Authorization": "Bearer"}  # Missing token
+        response = await self.client.request("POST", url, headers=headers)
+
+        self.assertEqual(200, response.status)
+        self.assertIn("Microservice call correct!!!", await response.text())
+
+
+class TestAuthUnreachable(AioHTTPTestCase):
+    CONFIG_FILE_PATH = BASE_PATH / "config.yml"
+
+    def setUp(self) -> None:
+        self.config = MinosConfig(self.CONFIG_FILE_PATH)
+
+        self.discovery = MockServer(
+            host=self.config.discovery.connection.host, port=self.config.discovery.connection.port,
+        )
+        self.discovery.add_json_response(
+            "/microservices", {"address": "localhost", "port": "5568", "status": True},
+        )
+
+        self.microservice = MockServer(host="localhost", port=5568)
+        self.microservice.add_json_response(
+            "/order/5", "Microservice call correct!!!", methods=("GET", "PUT", "PATCH", "DELETE",)
+        )
+        self.microservice.add_json_response("/order", "Microservice call correct!!!", methods=("POST",))
+
+        self.discovery.start()
+        self.microservice.start()
+        super().setUp()
+
+    def tearDown(self) -> None:
+        self.discovery.shutdown_server()
+        self.microservice.shutdown_server()
+        super().tearDown()
+
+    async def get_application(self):
+        """
+        Override the get_app method to return your application.
+        """
+        rest_service = ApiGatewayRestService(
+            address=self.config.rest.connection.host, port=self.config.rest.connection.port, config=self.config
+        )
+
+        return await rest_service.create_application()
+
+    @unittest_run_loop
+    async def test_auth_unreachable(self):
+        url = "/order"
+        headers = {"Authorization": "Bearer test_token"}
         response = await self.client.request("POST", url, headers=headers)
 
         self.assertEqual(200, response.status)