Python check authorization
25 Python code examples are found related to "
check authorization".
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
Example 1
| Source File: github.py From aegea with Apache License 2.0 | 6 votes |
|
def check_authorization(self, access_token): """OAuth applications can use this method to check token validity without hitting normal rate limits because of failed login attempts. If the token is valid, it will return True, otherwise it will return False. :returns: bool """ p = self._session.params auth = (p.get('client_id'), p.get('client_secret')) if access_token and auth: url = self._build_url('applications', str(auth[0]), 'tokens', str(access_token)) resp = self._get(url, auth=auth, params={ 'client_id': None, 'client_secret': None }) return self._boolean(resp, 200, 404) return False
Example 2
| Source File: server.py From king-phisher with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def check_authorization(self): # don't require authentication for non-RPC requests cmd = self.command if cmd == 'GET': # check if the GET request is to open a web socket if 'upgrade' not in self.headers: return True elif cmd != 'RPC': return True if not ipaddress.ip_address(self.client_address[0]).is_loopback: return False # the only two RPC methods that do not require authentication if self.path in ('/login', '/version'): return True self.rpc_session = self.server.session_manager.get(self.rpc_session_id) if not isinstance(self.rpc_session, aaa.AuthenticatedSession): self.logger.warning("request authorization failed (RPC session id is {0})".format('None' if self.rpc_session_id is None else 'invalid')) return False return True
Example 3
| Source File: generic_views.py From kqueen with MIT License | 6 votes |
|
def check_authorization(self): # get user data if current_identity: user = current_identity.get_dict() else: return False policy_value = self.get_policy_value() if not policy_value: return False if isinstance(self.obj, list): allowed = [] for obj in self.obj: if is_authorized(user, policy_value, resource=obj): allowed.append(obj) self.obj = allowed # if there is single object raise if user doesn't have access to it else: if not is_authorized(user, policy_value, resource=self.obj): raise JWTError('Insufficient permissions', 'Your user account is lacking the necessary ' 'permissions to perform this operation')
Example 4
| Source File: ibflask.py From InfraBox with Apache License 2.0 | 6 votes |
|
def check_request_authorization(): try: # Assemble Input Data for Open Policy Agent opa_input = { "input": { "method": request.method, "path": get_path_array(request.path), "token": g.token, } } original_method = dict(request.headers).get('X-Original-Method', None) if original_method is not None: opa_input["input"]["original_method"] = original_method from pyinfraboxutils.ibopa import opa_do_auth is_authorized = opa_do_auth(opa_input) if not is_authorized: logger.info("Rejected unauthorized request") abort(401, 'Unauthorized') except requests.exceptions.RequestException as e: logger.error(e) abort(500, 'Authorization failed')
Example 5
| Source File: handlers.py From go-links with Apache License 2.0 | 6 votes |
|
def check_authorization(self): if not self.user_email: request_data = { 'origin': self.request.headers.get('Origin'), 'method': self.request.method, 'path': self.request.path, 'body': self.request.body } if 'slack' in self.request.path_url: self.abort(400) # Guard against leaking Slack token or other sensitive data in response self.redirect_to = '%s/play_queued_request?r=%s' % (self.request.path_url.rstrip('/'), base64.urlsafe_b64encode(json.dumps(request_data))) if (not env.current_env_is_local() and self.request.method not in ['GET', 'OPTIONS'] and self.request.headers.get('X-CSRF') != self.session.get('csrf_token')): self.abort(401)
Example 6
| Source File: user.py From hydrus with MIT License | 5 votes |
|
def check_authorization(request: LocalProxy, session: Session) -> bool: """Check if the request object has the correct authorization.""" auth = request.authorization if check_nonce(request, session): return authenticate_user(auth.username, auth.password, session) return False
Example 7
| Source File: manager.py From manager with GNU General Public License v3.0 | 5 votes |
|
def check_authorization_wrapper(permission_needed=None, permission_object_type=None): def callable_function(func): @wraps(func) def wrapped(*args, **kwargs): result = jsonify({"access_allowed": False}), 403 if permission_object_type == "pruning": if check_authorized(permission_needed={"pruning": permission_needed}, permission_object_type=permission_object_type) is True: result = func(*args, **kwargs) elif permission_object_type == "apps": if check_authorized(permission_needed={kwargs['app_name']: permission_needed}, permission_object_type=permission_object_type) is True: result = func(*args, **kwargs) elif permission_object_type == "device_groups": if check_authorized(permission_needed={kwargs['device_group']: permission_needed}, permission_object_type=permission_object_type) is True: result = func(*args, **kwargs) elif permission_object_type == "cron_jobs": if check_authorized(permission_needed={kwargs['cron_job']: permission_needed}, permission_object_type=permission_object_type) is True: result = func(*args, **kwargs) elif permission_object_type == "admin": if check_authorized(permission_needed={"admin": permission_needed}, permission_object_type=permission_object_type) is True: result = func(*args, **kwargs) return result return wrapped return callable_function # read config file at startup
Example 8
| Source File: actor.py From calvin-base with Apache License 2.0 | 5 votes |
|
def check_authorization_decision(self): """Check if authorization decision is still valid""" if self.authorization_checks: if any(isinstance(elem, list) for elem in self.authorization_checks): # If list of lists, True must be found in each list. for plugin_list in self.authorization_checks: if not check_authorization_plugin_list(plugin_list): return False return True else: return check_authorization_plugin_list(self.authorization_checks) return True
Example 9
| Source File: __init__.py From calvin-base with Apache License 2.0 | 5 votes |
|
def check_authorization_plugin_list(plugin_list): authorization_results = [] for plugin in plugin_list: try: authorization_results.append(authz_plugins[plugin["id"]].authorization_check(**plugin["attributes"])) except Exception: return False # At least one of the authorization checks for the plugins must return True. return True in authorization_results
Example 10
| Source File: __init__.py From mautrix-telegram with GNU Affero General Public License v3.0 | 5 votes |
|
def check_authorization(self, request: web.Request) -> Optional[web.Response]: auth = request.headers.get("Authorization", "") if auth != f"Bearer {self.secret}": return self.get_error_response(error="Shared secret is not valid.", errcode="shared_secret_invalid", status=401) return None
Example 11
| Source File: transaction.py From pypaystack with MIT License | 5 votes |
|
def check_authorization(self, **kwargs): """ :data:{ authorization_code, email, amount }""" path = "/transaction/check_authorization" json_data = { 'authorization_code': kwargs['authorization_code'], 'email': kwargs['email'], 'amount': kwargs['amount'] * 100 } response = self.make_request('POST', path, json=json_data) return self.result_format(response)
Example 12
| Source File: utils.py From project-black with GNU General Public License v2.0 | 5 votes |
|
def check_authorization(request): """ Check if authed """ if request.token: encoded = request.token.split(' ')[1] authentication = base64.b64decode(encoded).decode('utf-8') login = authentication.split(':')[0] password = authentication.split(':')[1] if login == CONFIG['application']['username'] and password == CONFIG['application']['password']: return True return False
Example 13
| Source File: userauth.py From confidant with Apache License 2.0 | 5 votes |
|
def check_authorization(self): email = self.current_email() if not self.passes_email_suffix(email): msg = 'User {!r} does not have email suffix {!r}'.format( email, self.allowed_email_suffix) raise errors.NotAuthorized(msg) if not self.passes_email_whitelist(email): msg = 'User not in whitelist: {!r}'.format( email, self.allowed_email_whitelist) raise errors.NotAuthorized(msg) return True
Example 14
| Source File: flask_bouncer.py From flask-bouncer with MIT License | 5 votes |
|
def check_authorization(self, response): """checks that an authorization call has been made during the request""" if not hasattr(request, '_authorized'): raise Forbidden elif not request._authorized: raise Forbidden return response
Example 15
| Source File: scheduler.py From ccs-calendarserver with Apache License 2.0 | 5 votes |
|
def checkAuthorization(self): # Must have an authenticated user if not self.internal_request and self.originator_uid == None: log.error( "Unauthenticated originators not allowed: {o}", o=self.originator, ) raise HTTPError(self.errorResponse( responsecode.FORBIDDEN, self.errorElements["originator-denied"], "Invalid originator", ))
Example 16
| Source File: indexd.py From fence with Apache License 2.0 | 5 votes |
|
def check_authorization(self, action): # if we have a data file upload without corresponding metadata, the record can # have just the `uploader` field and no ACLs. in this just check that the # current user's username matches the uploader field if self.index_document.get("uploader"): logger.info("Checking access using `uploader` value") username = None if flask.g.token: username = flask.g.token["context"]["user"]["name"] else: username = flask.g.user.username return self.index_document.get("uploader") == username try: action_to_method = {"upload": "write-storage", "download": "read-storage"} method = action_to_method[action] # action should be upload or download # return bool for authorization return self.check_authz(method) except ValueError: # this is ok; we'll default to ACL field (previous behavior) # may want to deprecate in future logger.info( "Couldn't find `authz` field on indexd record, falling back to `acl`." ) given_acls = set(filter_auth_ids(action, flask.g.user.project_access)) return len(self.set_acls & given_acls) > 0
Example 17
| Source File: cluster_monitor.py From KubeOperator with Apache License 2.0 | 5 votes |
|
def check_authorization(self, retry_count): if retry_count == 0: raise Exception('init k8s client failed! retry_count=' + str(retry_count)) self.retry_count = retry_count - 1 try: self.api_instance.list_node() except ApiException as e: if e.status == 401: self.push_token_to_redis() else: logger.error(msg='init k8s client failed ' + e.reason, exc_info=True)
Example 18
| Source File: auth_svc.py From caldera with Apache License 2.0 | 5 votes |
|
def check_authorization(func): """ Authorization Decorator This requires that the calling class have `self.auth_svc` set to the authentication service. """ async def process(func, *args, **params): return await func(*args, **params) async def helper(*args, **params): await args[0].auth_svc.check_permissions('app', args[1]) result = await process(func, *args, **params) return result return helper
Example 19
| Source File: auth.py From open-synthesis with GNU General Public License v3.0 | 5 votes |
|
def check_edit_authorization(request, board, has_creator=None): """Raise a PermissionDenied exception if the user does not have edit rights for the resource. :param request: a Django request object :param board: the Board context :param has_creator: a model that has a creator member, or None """ if not has_edit_authorization(request, board, has_creator=has_creator): raise PermissionDenied()
Example 20
| Source File: users.py From jumpserver-python-sdk with GNU General Public License v2.0 | 5 votes |
|
def check_user_with_authorization(self, authorization): try: headers = {"Authorization": authorization} resp = self.http.get('user-profile', headers=headers, use_auth=False) except (ResponseError, ResponseError): return None return User.from_json(resp.json())
Example 21
| Source File: checkdmarc.py From checkdmarc with Apache License 2.0 | 4 votes |
|
def check_wildcard_dmarc_report_authorization(domain, nameservers=None, timeout=2.0): """ Checks for a wildcard DMARC report authorization record, e.g.: :: *._report.example.com IN TXT "v=DMARC1" Args: domain (str): The domain to check nameservers (list): A list of nameservers to query (Cloudflare's by default) timeout(float): number of seconds to wait for an answer from DNS Returns: bool: An indicator of the existence of a valid wildcard DMARC report authorization record """ wildcard_target = "*._report._dmarc.{0}".format(domain) dmarc_record_count = 0 unrelated_records = [] try: records = _query_dns(wildcard_target, "TXT", nameservers=nameservers, timeout=timeout) for record in records: if record.startswith("v=DMARC1"): dmarc_record_count += 1 else: unrelated_records.append(record) if len(unrelated_records) > 0: raise UnrelatedTXTRecordFoundAtDMARC( "Unrelated TXT records were discovered. " "These should be removed, as some " "receivers may not expect to find unrelated TXT records " "at {0}\n\n{1}".format(wildcard_target, "\n\n".join(unrelated_records))) if dmarc_record_count < 1: return False except Exception: return False return True
Example 22
| Source File: util.py From bot with GNU General Public License v3.0 | 4 votes |
|
def check_authorization(browser, username, method, logger, notify=True): """ Check if user is NOW logged in """ if notify is True: logger.info("Checking if '{}' is logged in...".format(username)) # different methods can be added in future if method == "activity counts": # navigate to owner's profile page only if it is on an unusual page current_url = get_current_url(browser) if ( not current_url or "https://www.instagram.com" not in current_url or "https://www.instagram.com/graphql/" in current_url ): profile_link = "https://www.instagram.com/{}/".format(username) web_address_navigator(browser, profile_link) # if user is not logged in, `activity_counts` will be `None`- JS `null` try: activity_counts = browser.execute_script( "return window._sharedData.activity_counts" ) except WebDriverException: try: browser.execute_script("location.reload()") update_activity(browser, state=None) activity_counts = browser.execute_script( "return window._sharedData.activity_counts" ) except WebDriverException: activity_counts = None # if user is not logged in, `activity_counts_new` will be `None`- JS # `null` try: activity_counts_new = browser.execute_script( "return window._sharedData.config.viewer" ) except WebDriverException: try: browser.execute_script("location.reload()") activity_counts_new = browser.execute_script( "return window._sharedData.config.viewer" ) except WebDriverException: activity_counts_new = None if activity_counts is None and activity_counts_new is None: if notify is True: logger.critical("--> '{}' is not logged in!\n".format(username)) return False return True
Example 23
| Source File: checkdmarc.py From Scrummage with GNU General Public License v3.0 | 4 votes |
|
def check_wildcard_dmarc_report_authorization(domain, nameservers=None, timeout=2.0): """ Checks for a wildcard DMARC report authorization record, e.g.: :: *._report.example.com IN TXT "v=DMARC1" Args: domain (str): The domain to check nameservers (list): A list of nameservers to query (Cloudflare's by default) timeout(float): number of seconds to wait for an answer from DNS Returns: bool: An indicator of the existence of a valid wildcard DMARC report authorization record """ wildcard_target = "*._report._dmarc.{0}".format(domain) dmarc_record_count = 0 unrelated_records = [] try: records = _query_dns(wildcard_target, "TXT", nameservers=nameservers) for record in records: if record.startswith("v=DMARC1"): dmarc_record_count += 1 else: unrelated_records.append(record) if len(unrelated_records) > 0: raise UnrelatedTXTRecordFoundAtDMARC( "Unrelated TXT records were discovered. " "These should be removed, as some " "receivers may not expect to find unrelated TXT records " "at {0}\n\n{1}".format(wildcard_target, "\n\n".join(unrelated_records))) if dmarc_record_count < 1: return False except Exception: return False return True
Example 24
| Source File: advancedhttpserver.py From AdvancedHTTPServer with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def check_authorization(self): """ Check for the presence of a basic auth Authorization header and if the credentials contained within in are valid. :return: Whether or not the credentials are valid. :rtype: bool """ try: store = self.__config.get('basic_auth') if store is None: return True auth_info = self.headers.get('Authorization') if not auth_info: return False auth_info = auth_info.split() if len(auth_info) != 2 or auth_info[0] != 'Basic': return False auth_info = base64.b64decode(auth_info[1]).decode(sys.getdefaultencoding()) username = auth_info.split(':')[0] password = ':'.join(auth_info.split(':')[1:]) password_bytes = password.encode(sys.getdefaultencoding()) if hasattr(self, 'custom_authentication'): if self.custom_authentication(username, password): self.basic_auth_user = username return True return False if not username in store: self.server.logger.warning('received invalid username: ' + username) return False password_data = store[username] if password_data['type'] == 'plain': if password == password_data['value']: self.basic_auth_user = username return True elif hashlib.new(password_data['type'], password_bytes).digest() == password_data['value']: self.basic_auth_user = username return True self.server.logger.warning('received invalid password from user: ' + username) except Exception: pass return False
Example 25
| Source File: client.py From sewer with MIT License | 4 votes |
|
def check_authorization_status(self, authorization_url, desired_status=None): """ https://tools.ietf.org/html/draft-ietf-acme-acme#section-7.5.1 To check on the status of an authorization, the client sends a GET(polling) request to the authorization URL, and the server responds with the current authorization object. https://tools.ietf.org/html/draft-ietf-acme-acme#section-8.2 Clients SHOULD NOT respond to challenges until they believe that the server's queries will succeed. If a server's initial validation query fails, the server SHOULD retry[intended to address things like propagation delays in HTTP/DNS provisioning] the query after some time. The server MUST provide information about its retry state to the client via the "errors" field in the challenge and the Retry-After """ self.logger.info("check_authorization_status") desired_status = desired_status or ["pending", "valid"] number_of_checks = 0 while True: time.sleep(self.ACME_AUTH_STATUS_WAIT_PERIOD) check_authorization_status_response = self.make_signed_acme_request( authorization_url, payload="" ) authorization_status = check_authorization_status_response.json()["status"] number_of_checks = number_of_checks + 1 self.logger.debug( "check_authorization_status_response. status_code={0}. response={1}".format( check_authorization_status_response.status_code, log_response(check_authorization_status_response), ) ) if authorization_status in desired_status: break if number_of_checks == self.ACME_AUTH_STATUS_MAX_CHECKS: raise StopIteration( "Checks done={0}. Max checks allowed={1}. Interval between checks={2}seconds.".format( number_of_checks, self.ACME_AUTH_STATUS_MAX_CHECKS, self.ACME_AUTH_STATUS_WAIT_PERIOD, ) ) self.logger.info("check_authorization_status_success") return check_authorization_status_response
