From ab4605cc13959d658fd548ab66edf1e67100b779 Mon Sep 17 00:00:00 2001 From: Thomas Liebetraut Date: Thu, 30 Apr 2020 15:17:56 +0200 Subject: [PATCH 1/3] create custom authorizer if type is REQUEST and use correct authorizer type in API resource generation --- zappa/core.py | 6 ++++-- zappa/handler.py | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/zappa/core.py b/zappa/core.py index faa8779fb..57af80bf7 100644 --- a/zappa/core.py +++ b/zappa/core.py @@ -1635,7 +1635,7 @@ def create_authorizer(self, restapi, uri, authorizer): if identity_validation_expression: authorizer_resource.IdentityValidationExpression = identity_validation_expression - if authorizer_type == 'TOKEN': + if authorizer_type in ['TOKEN', 'REQUEST']: if not self.credentials_arn: self.get_credentials_arn() authorizer_resource.AuthorizerResultTtlInSeconds = authorizer.get('result_ttl', 300) @@ -2130,7 +2130,9 @@ def create_stack_template( self, elif iam_authorization: auth_type = "AWS_IAM" elif authorizer: - auth_type = authorizer.get("type", "CUSTOM") + auth_type = authorizer.get("type", "TOKEN").upper() + if auth_type in ["TOKEN", "REQUEST"]: + auth_type = "CUSTOM" # build a fresh template self.cf_template = troposphere.Template() diff --git a/zappa/handler.py b/zappa/handler.py index 78a31cfda..6a91bbb88 100644 --- a/zappa/handler.py +++ b/zappa/handler.py @@ -435,7 +435,7 @@ def handler(self, event, context): return result # This is an API Gateway authorizer event - elif event.get('type') == 'TOKEN': + elif event.get('type') in ['TOKEN', 'REQUEST']: whole_function = self.settings.AUTHORIZER_FUNCTION if whole_function: app_function = self.import_module_and_get_function(whole_function) From 73a82fd2a6085d26faac48c58b3dba3d92ba315d Mon Sep 17 00:00:00 2001 From: Thomas Liebetraut Date: Fri, 1 May 2020 00:46:11 +0200 Subject: [PATCH 2/3] add tests for REQUEST authorizer --- tests/tests.py | 26 ++++++++++++++++++++++++++ tests/tests_placebo.py | 3 +++ 2 files changed, 29 insertions(+) diff --git a/tests/tests.py b/tests/tests.py index 5cc6b882a..c3b13b723 100644 --- a/tests/tests.py +++ b/tests/tests.py @@ -331,6 +331,13 @@ def test_create_api_gateway_routes_with_different_auth_methods(self): self.assertEqual(z.credentials_arn, parsable_template["Resources"]["Authorizer"]["Properties"]["AuthorizerCredentials"]) self.assertEqual("xxx", parsable_template["Resources"]["Authorizer"]["Properties"]["IdentityValidationExpression"]) + # explicit TOKEN type authorizer + explicit_authorizer = authorizer.copy() + explicit_authorizer.update({"type": "TOKEN"}) + z.create_stack_template(lambda_arn, 'helloworld', False, False, authorizer) + explicit_authorizer_parsable_template = json.loads(z.cf_template.to_json()) + self.assertDictEqual(parsable_template, explicit_authorizer_parsable_template) + # Authorizer without validation expression authorizer.pop('validation_expression', None) z.create_stack_template(lambda_arn, 'helloworld', False, False, authorizer) @@ -340,6 +347,25 @@ def test_create_api_gateway_routes_with_different_auth_methods(self): self.assertEqual("TOKEN", parsable_template["Resources"]["Authorizer"]["Properties"]["Type"]) with self.assertRaises(KeyError): parsable_template["Resources"]["Authorizer"]["Properties"]["IdentityValidationExpression"] + + # REQUEST authorizer + authorizer = { + "function": "runapi.authorization.gateway_authorizer.evaluate_token", + "result_ttl": 300, + "type": "REQUEST", + "validation_expression": "xxx" + } + invocations_uri = 'arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/' + lambda_arn + '/invocations' + z.create_stack_template(lambda_arn, 'helloworld', False, False, authorizer) + parsable_template = json.loads(z.cf_template.to_json()) + self.assertEqual("CUSTOM", parsable_template["Resources"]["GET0"]["Properties"]["AuthorizationType"]) + self.assertEqual("CUSTOM", parsable_template["Resources"]["GET1"]["Properties"]["AuthorizationType"]) + self.assertEqual("REQUEST", parsable_template["Resources"]["Authorizer"]["Properties"]["Type"]) + self.assertEqual("ZappaAuthorizer", parsable_template["Resources"]["Authorizer"]["Properties"]["Name"]) + self.assertEqual(300, parsable_template["Resources"]["Authorizer"]["Properties"]["AuthorizerResultTtlInSeconds"]) + self.assertEqual(invocations_uri, parsable_template["Resources"]["Authorizer"]["Properties"]["AuthorizerUri"]) + self.assertEqual(z.credentials_arn, parsable_template["Resources"]["Authorizer"]["Properties"]["AuthorizerCredentials"]) + self.assertEqual("xxx", parsable_template["Resources"]["Authorizer"]["Properties"]["IdentityValidationExpression"]) # Authorizer with arn authorizer = { diff --git a/tests/tests_placebo.py b/tests/tests_placebo.py index 47e477173..e2d4146f2 100644 --- a/tests/tests_placebo.py +++ b/tests/tests_placebo.py @@ -403,6 +403,9 @@ def test_handler(self, session): event = {'authorizationToken': 'hubtoken1', 'methodArn': 'arn:aws:execute-api:us-west-2:1234:xxxxx/dev/GET/v1/endpoint/param', 'type': 'TOKEN'} self.assertEqual("AUTHORIZER_EVENT", lh.handler(event, None)) + event = {'methodArn': 'arn:aws:execute-api:us-west-2:1234:xxxxx/dev/GET/v1/endpoint/param', 'type': 'REQUEST'} + self.assertEqual("AUTHORIZER_EVENT", lh.handler(event, None)) + # Ensure Zappa does return 401 if no function was defined. lh.settings.AUTHORIZER_FUNCTION = None with self.assertRaisesRegexp(Exception, 'Unauthorized'): From 3c877d3cc75b7dab3fdac6db1b344ebd3a941068 Mon Sep 17 00:00:00 2001 From: Thomas Liebetraut Date: Fri, 1 May 2020 12:17:29 +0200 Subject: [PATCH 3/3] empty commit to re-trigger travis build that failed due to network issues