addded security for platform kpi
@Siarhei_Khaletski GCP platform API Endpoints authentication/authorization using the ACCESS token has been completed as discussed. If there are any further questions, we can discuss them offline
Merge request reports
Activity
requested review from @niteshselkari and @Siarhei_Khaletski
23 24 if 'Authorization' in request.headers: 25 token = request.headers['Authorization'] 26 # return 401 if token is not passed 27 27 if not token: 28 28 return jsonify({'message' : 'Token is missing'}), 401 29 30 29 try: 31 # decoding the payload to fetch the stored details 32 data = jwt.decode(token, Auth['secretekey']) 30 tokenfetchurl=f"https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={token}" 31 header = {'Content-Type':'application/json'} 32 33 res= requests.get(tokenfetchurl,headers=header,verify=False) 34 35 if(not(res.ok)): changed this line in version 2 of the diff
25 token = request.headers['Authorization'] 26 # return 401 if token is not passed 27 27 if not token: 28 28 return jsonify({'message' : 'Token is missing'}), 401 29 30 29 try: 31 # decoding the payload to fetch the stored details 32 data = jwt.decode(token, Auth['secretekey']) 30 tokenfetchurl=f"https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={token}" 31 header = {'Content-Type':'application/json'} 32 33 res= requests.get(tokenfetchurl,headers=header,verify=False) 34 35 if(not(res.ok)): 36 return jsonify({ 37 'message' : 'Token expired.' The token can be not only expired.
What if you reuse and return a message from
google-api
with its status code.Edited by Yan Sushchynski (EPAM)changed this line in version 2 of the diff
31 header = {'Content-Type':'application/json'} 32 33 res= requests.get(tokenfetchurl,headers=header,verify=False) 34 35 if(not(res.ok)): 36 return jsonify({ 37 'message' : 'Token expired.' 38 }), 401 33 39 34 except jwt.exceptions.ExpiredSignatureError: 35 # print("Token expired. Get new one") 36 return jsonify({ 37 'message' : 'Token expired.' 38 }), 401 39 40 40 except: I'm not sure that this
except
block will be executed at all, because you don't raise any exceptions intry
block.Edited by Yan Sushchynski (EPAM)changed this line in version 2 of the diff
23 # jwt is passed in the request header 24 if 'x-access-token' in request.headers: 25 token = request.headers['x-access-token'] 26 # return 401 if token is not passed 23 24 if 'Authorization' in request.headers: 25 token = request.headers['Authorization'] 26 # return 401 if token is not passed 27 27 if not token: 28 28 return jsonify({'message' : 'Token is missing'}), 401 29 30 29 try: 31 # decoding the payload to fetch the stored details 32 data = jwt.decode(token, Auth['secretekey']) 30 tokenfetchurl=f"https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={token}" 31 header = {'Content-Type':'application/json'} changed this line in version 2 of the diff
23 24 if 'Authorization' in request.headers: 25 token = request.headers['Authorization'] 26 # return 401 if token is not passed 27 27 if not token: 28 28 return jsonify({'message' : 'Token is missing'}), 401 29 30 29 try: 31 # decoding the payload to fetch the stored details 32 data = jwt.decode(token, Auth['secretekey']) 30 tokenfetchurl=f"https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={token}" 31 header = {'Content-Type':'application/json'} 32 33 res= requests.get(tokenfetchurl,headers=header,verify=False) 34 35 if(not(res.ok)): changed this line in version 2 of the diff
22 22 token = None 23 # jwt is passed in the request header 24 if 'x-access-token' in request.headers: 25 token = request.headers['x-access-token'] 26 # return 401 if token is not passed 23 24 if 'Authorization' in request.headers: 25 token = request.headers['Authorization'] 26 # return 401 if token is not passed 27 27 if not token: 28 28 return jsonify({'message' : 'Token is missing'}), 401 29 30 29 try: 31 # decoding the payload to fetch the stored details 32 data = jwt.decode(token, Auth['secretekey']) 30 tokenfetchurl=f"https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={token}" changed this line in version 2 of the diff
@Yan_Sushchynski have done all changes as discussed over call
mentioned in commit 56c6eedb