Skip to content
Snippets Groups Projects

addded security for platform kpi

Merged Mohd Asad Shaikh requested to merge gcptokenverrification into master
6 unresolved threads

@Siarhei_Khaletski GCP platform API Endpoints authentication/authorization using the ACCESS token has been completed as discussed. If there are any further questions, we can discuss them offline

Merge request reports

Merge request pipeline #107990 failed

Merge request pipeline failed for df90016b

Merged by Mohd Asad ShaikhMohd Asad Shaikh 2 years ago (May 16, 2022 6:30am UTC)

Loading

Pipeline #119691 passed with warnings

Pipeline passed with warnings for 56c6eedb on master

Deployed to AZURE‎_GLAB‎ 1 year ago

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
23
24 if 'Authorization' in request.headers:
25 token = request.headers['Authorization']
26 # return 401 if token is not passed
27 27 if not token:
28 28 return jsonify({'message' : 'Token is missing'}), 401
29
30 29 try:
31 # decoding the payload to fetch the stored details
32 data = jwt.decode(token, Auth['secretekey'])
30 tokenfetchurl=f"https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={token}"
31 header = {'Content-Type':'application/json'}
32
33 res= requests.get(tokenfetchurl,headers=header,verify=False)
34
35 if(not(res.ok)):
  • 25 token = request.headers['Authorization']
    26 # return 401 if token is not passed
    27 27 if not token:
    28 28 return jsonify({'message' : 'Token is missing'}), 401
    29
    30 29 try:
    31 # decoding the payload to fetch the stored details
    32 data = jwt.decode(token, Auth['secretekey'])
    30 tokenfetchurl=f"https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={token}"
    31 header = {'Content-Type':'application/json'}
    32
    33 res= requests.get(tokenfetchurl,headers=header,verify=False)
    34
    35 if(not(res.ok)):
    36 return jsonify({
    37 'message' : 'Token expired.'
  • 31 header = {'Content-Type':'application/json'}
    32
    33 res= requests.get(tokenfetchurl,headers=header,verify=False)
    34
    35 if(not(res.ok)):
    36 return jsonify({
    37 'message' : 'Token expired.'
    38 }), 401
    33 39
    34 except jwt.exceptions.ExpiredSignatureError:
    35 # print("Token expired. Get new one")
    36 return jsonify({
    37 'message' : 'Token expired.'
    38 }), 401
    39
    40 40 except:
  • 23 # jwt is passed in the request header
    24 if 'x-access-token' in request.headers:
    25 token = request.headers['x-access-token']
    26 # return 401 if token is not passed
    23
    24 if 'Authorization' in request.headers:
    25 token = request.headers['Authorization']
    26 # return 401 if token is not passed
    27 27 if not token:
    28 28 return jsonify({'message' : 'Token is missing'}), 401
    29
    30 29 try:
    31 # decoding the payload to fetch the stored details
    32 data = jwt.decode(token, Auth['secretekey'])
    30 tokenfetchurl=f"https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={token}"
    31 header = {'Content-Type':'application/json'}
  • 23
    24 if 'Authorization' in request.headers:
    25 token = request.headers['Authorization']
    26 # return 401 if token is not passed
    27 27 if not token:
    28 28 return jsonify({'message' : 'Token is missing'}), 401
    29
    30 29 try:
    31 # decoding the payload to fetch the stored details
    32 data = jwt.decode(token, Auth['secretekey'])
    30 tokenfetchurl=f"https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={token}"
    31 header = {'Content-Type':'application/json'}
    32
    33 res= requests.get(tokenfetchurl,headers=header,verify=False)
    34
    35 if(not(res.ok)):
  • 22 22 token = None
    23 # jwt is passed in the request header
    24 if 'x-access-token' in request.headers:
    25 token = request.headers['x-access-token']
    26 # return 401 if token is not passed
    23
    24 if 'Authorization' in request.headers:
    25 token = request.headers['Authorization']
    26 # return 401 if token is not passed
    27 27 if not token:
    28 28 return jsonify({'message' : 'Token is missing'}), 401
    29
    30 29 try:
    31 # decoding the payload to fetch the stored details
    32 data = jwt.decode(token, Auth['secretekey'])
    30 tokenfetchurl=f"https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={token}"
  • added 1 commit

    Compare with previous version

  • added 1 commit

    • df90016b - resolve pr comments for code quality

    Compare with previous version

  • Author Maintainer

    @Yan_Sushchynski have done all changes as discussed over call

  • Siarhei Khaletski (EPAM) approved this merge request

    approved this merge request

  • Yan Sushchynski (EPAM) approved this merge request

    approved this merge request

  • mentioned in commit 56c6eedb

  • Please register or sign in to reply
    Loading