X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=o2common%2Fauthmw%2Fauthmiddleware.py;h=a5193fcf954647aca9a07008a96db0a7a5ae8e47;hb=d7c14ad6506b2f1a85246c9e1d08d0d64e9df7f2;hp=cd9df4b3ca80e10bc3717de158f47b18d615e9ca;hpb=0136f6abeeee654e1dfb8eee1e562f1c295b3d91;p=pti%2Fo2.git diff --git a/o2common/authmw/authmiddleware.py b/o2common/authmw/authmiddleware.py index cd9df4b..a5193fc 100644 --- a/o2common/authmw/authmiddleware.py +++ b/o2common/authmw/authmiddleware.py @@ -12,24 +12,18 @@ # See the License for the specific language governing permissions and # limitations under the License. +import json +from flask_restx._http import HTTPStatus from werkzeug.wrappers import Request, Response -from o2common.helper import o2logging + from o2common.authmw.authprov import auth_definer -from flask_restx._http import HTTPStatus -import json +from o2common.authmw.exceptions import AuthRequiredExp +from o2common.authmw.exceptions import AuthFailureExp +from o2common.helper import o2logging logger = o2logging.get_logger(__name__) -class AuthRequiredExp(Exception): - def __init__(self, value): - self.value = value - - def dictize(self): - return { - 'WWW-Authenticate': '{}'.format(self.value)} - - class AuthProblemDetails(): def __init__(self, code: int, detail: str, path: str, title=None, instance=None @@ -54,15 +48,6 @@ class AuthProblemDetails(): return json.dumps(details, indent=True) -class AuthFailureExp(Exception): - def __init__(self, value): - self.value = value - - def dictize(self): - return { - 'WWW-Authenticate': '{}'.format(self.value)} - - def _response_wrapper(environ, start_response, header, detail): res = Response(headers=header, mimetype='application/json', status=401, response=detail) @@ -75,7 +60,6 @@ def _internal_err_response_wrapper(environ, start_response, detail): class authmiddleware(): - ''' Auth WSGI middleware ''' @@ -84,8 +68,9 @@ class authmiddleware(): self.app = app def __call__(self, environ, start_response): - logger.info(__name__ + 'authentication middleware') + logger.debug(__name__ + 'authentication middleware') req = Request(environ, populate_request=True, shallow=True) + auth_token = None try: auth_header = req.headers.get('Authorization', None) if auth_header: @@ -95,7 +80,7 @@ class authmiddleware(): # invoke underlying auth mdw to make k8s/keystone api ret = ad.authenticate(auth_token) if ret is True: - logger.info( + logger.debug( "auth success with oauth token: " + auth_token) try: return self.app(environ, start_response) @@ -123,9 +108,16 @@ class authmiddleware(): return _response_wrapper(environ, start_response, ex.dictize(), prb.serialize()) except Exception as ex: - logger.error('Internal exception happended {}'.format( - str(ex)), exc_info=True) - prb = AuthProblemDetails(500, 'Internal error.', req.path) - return \ - _internal_err_response_wrapper(environ, - start_response, prb.serialize()) + if auth_token: + logger.error('Internal exception happended {}'.format( + str(ex)), exc_info=True) + prb = AuthProblemDetails(500, 'Internal error.', req.path) + return \ + _internal_err_response_wrapper( + environ, start_response, prb.serialize()) + else: + logger.debug('Auth token missing or not obtained.') + ex = AuthRequiredExp('Bearer realm="Authentication Required"') + prb = AuthProblemDetails(401, ex.value, req.path) + return _response_wrapper(environ, start_response, + ex.dictize(), prb.serialize())