Fix sending authenticatinon exceptions
My exceptions weren't getting caught and properly handled and instead resulting in 500 errors and stack traces. Now we actually return a response
This commit is contained in:
Eli Ribble
parent
01175ecb21
commit
ca2b5cdabb
|
|
@ -1,3 +1,4 @@
|
||||||
|
import json
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
import flask
|
import flask
|
||||||
|
|
@ -18,29 +19,32 @@ def endpoint():
|
||||||
if flask.request.endpoint and flask.request.method:
|
if flask.request.endpoint and flask.request.method:
|
||||||
return "{}.{}".format(flask.request.endpoint.lower(), flask.request.method.lower())
|
return "{}.{}".format(flask.request.endpoint.lower(), flask.request.method.lower())
|
||||||
|
|
||||||
|
def error(code, title, status_code=403):
|
||||||
|
content = {
|
||||||
|
'errors' : [{
|
||||||
|
'code' : code,
|
||||||
|
'title' : title,
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
return flask.make_response(json.dumps(content), status_code)
|
||||||
|
|
||||||
def require_user():
|
def require_user():
|
||||||
user = None
|
user = None
|
||||||
if flask.request.method == 'OPTIONS' and 'Access-Control-Request-Method' in flask.request.headers:
|
if flask.request.method == 'OPTIONS' and 'Access-Control-Request-Method' in flask.request.headers:
|
||||||
return
|
return
|
||||||
|
|
||||||
if not endpoint():
|
if not endpoint():
|
||||||
return flask.make_response('Resource not found', 404)
|
return error('resource-not-found', 'The resource at URL {} could not be found'.format(flask.request.url), 404)
|
||||||
|
|
||||||
if 'user_uri' not in flask.session:
|
if 'user_uri' not in flask.session:
|
||||||
raise vanth.errors.AuthenticationException(
|
if endpoint() in PUBLIC_ENDPOINTS:
|
||||||
status_code = 403,
|
return
|
||||||
error_code = 'unauthorized',
|
return error('unauthorized', 'You must provide a valid session cookie', 403)
|
||||||
title = 'You must provide a valid session cookie',
|
|
||||||
)
|
|
||||||
|
|
||||||
_, params = sepiida.routing.extract_parameters(flask.current_app, 'GET', flask.session['user_uri'])
|
_, params = sepiida.routing.extract_parameters(flask.current_app, 'GET', flask.session['user_uri'])
|
||||||
user = vanth.platform.user.by_filter({'uuid': [str(params['uuid'])]})
|
user = vanth.platform.user.by_filter({'uuid': [str(params['uuid'])]})
|
||||||
if not user and endpoint() not in PUBLIC_ENDPOINTS:
|
if not user and endpoint() not in PUBLIC_ENDPOINTS:
|
||||||
raise vanth.errors.AuthenticationException(
|
return error('invalid-user', 'The user tied to your session does not exist. Figure that out', 403)
|
||||||
status_code = 403,
|
|
||||||
error_code = 'invalid-user',
|
|
||||||
title = 'The user tied to your session does not exist. Figure that out',
|
|
||||||
)
|
|
||||||
|
|
||||||
flask.g.current_user = user[0]
|
flask.g.current_user = user[0]
|
||||||
flask.g.session = sepiida.routing.uri('session', flask.session['uuid'])
|
flask.g.session = sepiida.routing.uri('session', flask.session['uuid'])
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue