OAuth2 support

[pti/o2.git] / o2common / authmw / authmiddleware.py
diff --git a/o2common/authmw/authmiddleware.py b/o2common/authmw/authmiddleware.py

index cd9df4b..a5193fc 100644 (file)
--- a/o2common/authmw/authmiddleware.py
+++ b/o2common/authmw/authmiddleware.py
@@ -12,24 +12,18 @@
  #  See the License for the specific language governing permissions and
  #  limitations under the License.
  
+import json
+from flask_restx._http import HTTPStatus
  from werkzeug.wrappers import Request, Response
-from o2common.helper import o2logging
+
  from o2common.authmw.authprov import auth_definer
-from flask_restx._http import HTTPStatus
-import json
+from o2common.authmw.exceptions import AuthRequiredExp
+from o2common.authmw.exceptions import AuthFailureExp
+from o2common.helper import o2logging
  
  logger = o2logging.get_logger(__name__)
  
  
-class AuthRequiredExp(Exception):
-    def __init__(self, value):
-        self.value = value
-
-    def dictize(self):
-        return {
-            'WWW-Authenticate': '{}'.format(self.value)}
-
-
  class AuthProblemDetails():
      def __init__(self, code: int, detail: str, path: str,
                   title=None, instance=None
@@ -54,15 +48,6 @@ class AuthProblemDetails():
          return json.dumps(details, indent=True)
  
  
-class AuthFailureExp(Exception):
-    def __init__(self, value):
-        self.value = value
-
-    def dictize(self):
-        return {
-            'WWW-Authenticate': '{}'.format(self.value)}
-
-
  def _response_wrapper(environ, start_response, header, detail):
      res = Response(headers=header,
                     mimetype='application/json', status=401, response=detail)
@@ -75,7 +60,6 @@ def _internal_err_response_wrapper(environ, start_response, detail):
  
  
  class authmiddleware():
-
      '''
      Auth WSGI middleware
      '''
@@ -84,8 +68,9 @@ class authmiddleware():
          self.app = app
  
      def __call__(self, environ, start_response):
-        logger.info(__name__ + 'authentication middleware')
+        logger.debug(__name__ + 'authentication middleware')
          req = Request(environ, populate_request=True, shallow=True)
+        auth_token = None
          try:
              auth_header = req.headers.get('Authorization', None)
              if auth_header:
@@ -95,7 +80,7 @@ class authmiddleware():
                  # invoke underlying auth mdw to make k8s/keystone api
                  ret = ad.authenticate(auth_token)
                  if ret is True:
-                    logger.info(
+                    logger.debug(
                          "auth success with oauth token: " + auth_token)
                      try:
                          return self.app(environ, start_response)
@@ -123,9 +108,16 @@ class authmiddleware():
              return _response_wrapper(environ, start_response,
                                       ex.dictize(), prb.serialize())
          except Exception as ex:
-            logger.error('Internal exception happended {}'.format(
-                str(ex)), exc_info=True)
-            prb = AuthProblemDetails(500, 'Internal error.', req.path)
-            return \
-                _internal_err_response_wrapper(environ,
-                                               start_response, prb.serialize())
+            if auth_token:
+                logger.error('Internal exception happended {}'.format(
+                    str(ex)), exc_info=True)
+                prb = AuthProblemDetails(500, 'Internal error.', req.path)
+                return \
+                    _internal_err_response_wrapper(
+                        environ, start_response, prb.serialize())
+            else:
+                logger.debug('Auth token missing or not obtained.')
+                ex = AuthRequiredExp('Bearer realm="Authentication Required"')
+                prb = AuthProblemDetails(401, ex.value, req.path)
+                return _response_wrapper(environ, start_response,
+                                         ex.dictize(), prb.serialize())