adding some decorator's decorators in preparation for distant auth pr…

…otocol

example.env.global

@@ -12,7 +12,7 @@ DOMAIN_ROOT=localhost
 DOMAIN_PORT=4000
 SERVER_NAME_TEST=True
 
-SECRET_KEY=a-very-secret-key
+SECRET_KEY=a-top-secret-key
 
 HTTPS_MODE=false
 
@@ -24,7 +24,9 @@ MONGODB_MODE=local
 
 ### AUTH SPECS ENV VARS
 
+# choose between : interrnal | local | distant_prod | distant_preprod
 AUTH_MODE=local
+
 AUTH_URL_ROOT_LOCAL=http://localhost:4100/
 AUTH_URL_ROOT_DISTANT_PROD=https://toktok-auth.com/
 AUTH_URL_ROOT_DISTANT_PREPOD=https://preprod.toktok-auth.com/
@@ -34,9 +36,9 @@ ANOJWT_MODE=yes
 ANTISPAM_MODE=no
 ANTISPAM_VAL=my-string-to-check
 
-SECURITY_PASSWORD_SALT=a-secret-security-pwd-salt
+SECURITY_PASSWORD_SALT=a-very-secret-security-pwd-salt
 
-JWT_SECRET_KEY=a-secret-jwt-key
+JWT_SECRET_KEY=a-very-secret-jwt-key
 JWT_ACCESS_TOKEN_EXPIRES=720
 JWT_REFRESH_TOKEN_EXPIRES=10
 JWT_ANONYMOUS_REFRESH_TOKEN_EXPIRES=15

solidata_api/_auth/auth_decorators.py

@@ -19,6 +19,9 @@
     get_jwt_claims, get_raw_jwt
 )
 
+### import ext JWT check 
+from .auth_distant import distant_auth # checkJWT
+
 
 ### + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ###
 ### AUTH DECORATORS
@@ -66,6 +69,9 @@ def add_claims_to_access_token(user):
   log.debug("-@- claims loader")
   log.debug("user : \n %s", pformat(user))
 
+  computed = distant_auth(func_name="add_claims_to_access_token", as_decorator=False)
+  log.debug("computed : %s", computed)
+
   sent_token = get_raw_jwt()
   log.debug("sent_token : \n %s", pformat(sent_token))
 
@@ -114,6 +120,9 @@ def user_identity_lookup(user):
   log.debug("-@- identity loader")
   log.debug("user : \n %s", pformat(user))
 
+  computed = distant_auth(func_name="user_identity_lookup", as_decorator=False)
+  log.debug("computed : %s", computed)
+
   try : 
     ### load email as identity in the jwt
     # identity = user["infos"]["email"]
@@ -146,9 +155,9 @@ def my_expired_token_callback():
   ### otherwise return a link to refresh refresh_token
 
   return jsonify({
-      'msg'		: 'The token has expired',
-      'status'	: 401,
-      'sub_status': 42,
+    'msg'       : 'The token has expired',
+    'status'    : 401,
+    'sub_status': 42,
   }), 401
 
 
@@ -163,6 +172,7 @@ def anonymous_required(func):
   Check if user is not logged yet in access_token 
   and has a 'anonymous' role
   """
+  @distant_auth(func_name="anonymous_required")
   @wraps(func)
   def wrapper(*args, **kwargs):
 
@@ -192,6 +202,7 @@ def anonymous_or_guest_required(func):
   Check if user is not logged yet in access_token 
   and has a 'guest' or 'anonymous' role
   """
+  @distant_auth(func_name="anonymous_or_guest_required")
   @wraps(func)
   def wrapper(*args, **kwargs):
 
@@ -216,6 +227,7 @@ def guest_required(func):
   Check if user is not logged yet in access_token 
   and has a 'guest' or 'anonymous' role
   """
+  @distant_auth(func_name="guest_required")
   @wraps(func)
   def wrapper(*args, **kwargs):
 
@@ -239,6 +251,7 @@ def admin_required(func):
   """
   Check if user has admin level in access_token
   """
+  @distant_auth(func_name="admin_required")
   @wraps(func)
   def wrapper(*args, **kwargs):
 
@@ -262,6 +275,7 @@ def staff_required(func):
   """
   Check if user has admin or staff level in access_token
   """
+  @distant_auth(func_name="staff_required")
   @wraps(func)
   def wrapper(*args, **kwargs):
 
@@ -285,6 +299,7 @@ def renew_pwd_required(func):
   """
   Check if access_token has a claim 'renew_pwd' == True
   """
+  @distant_auth(func_name="renew_pwd_required")
   @wraps(func)
   def wrapper(*args, **kwargs):
 
@@ -309,6 +324,7 @@ def reset_pwd_required(func):
   """
   Check if access_token has a claim 'reset_pwd' == True
   """
+  @distant_auth(func_name="reset_pwd_required")
   @wraps(func)
   def wrapper(*args, **kwargs):
 
@@ -358,6 +374,7 @@ def current_user_required(func):
   - if he has admin level 
   """
 
+  @distant_auth(func_name="current_user_required")
   @wraps(func)
   def wrapper(*args, **kwargs):
 

solidata_api/_auth/auth_distant.py

@@ -6,8 +6,27 @@
 from log_config import log, pprint, pformat
 log.debug (">>> _auth ... loading auth_distant ...")
 
+import requests
+
+from functools import wraps, partial, update_wrapper
 from flask import request, current_app as app, jsonify
 
+def getDistantAuthUrl():
+  auth_mode = app.config["AUTH_MODE"]
+  log.debug("getDistantAuthUrl / auth_mode : %s", auth_mode )
+
+  auth_url_root_modes = {
+    "local" : app.config["AUTH_URL_ROOT_LOCAL"],
+    "distant_prod" : app.config["AUTH_URL_ROOT_DISTANT_PROD"],
+    "distant_preprod" : app.config["AUTH_URL_ROOT_DISTANT_PREPOD"],
+  }
+
+  auth_url_root = auth_url_root_modes[auth_mode]
+  log.debug("getDistantAuthUrl / auth_url_root : %s", auth_url_root )
+
+  return auth_url_root
+
+
 def checkJWT(token, token_type, return_resp=False):
   """ 
   authenticate a token 
@@ -18,5 +37,41 @@ def checkJWT(token, token_type, return_resp=False):
 
   print (". "*50)
 
-  auth_mode = app.config["AUTH_MODE"]
-  log.debug("checkJWT / auth_mode : %s", auth_mode )
+  auth_url_root = getDistantAuthUrl()
+  log.debug("checkJWT / auth_url_root : %s", auth_url_root )
+
+
+
+
+
+
+def distant_auth (func_name=None, as_decorator=True) : 
+  """
+  """
+  log.debug("-@- distant_auth ...")
+  log.debug("-@- distant_auth ... func_name : %s", func_name)
+  computed = "test distannt_auth not as decorator"
+
+  def _distant_auth(func):
+    """
+    """
+    @wraps(func)
+    def wrapper(*args, **kwargs):
+
+      print(".......")
+      log.debug("-@- distant_auth ... inside")
+      log.debug("-@- distant_auth ... inside ... func_name : %s", func_name)
+      print(".......")
+
+      ### DO STUFF 
+
+      return func(*args, **kwargs)
+
+    return wrapper
+
+  if as_decorator : 
+    return _distant_auth
+
+  else : 
+    return computed
+