From b0e575c54b2d120edd67558d032a2c3a9996e435 Mon Sep 17 00:00:00 2001
From: James Neyer <jamesneyer@gmail.com>
Date: Tue, 23 Jun 2020 14:16:36 -0400
Subject: [PATCH 1/3] Add optional parameter  to  check

---
 src/shipchain_common/authentication.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/shipchain_common/authentication.py b/src/shipchain_common/authentication.py
index a6e8bd3..80f6200 100644
--- a/src/shipchain_common/authentication.py
+++ b/src/shipchain_common/authentication.py
@@ -43,19 +43,20 @@ def get_jwt_from_request(request):
     return None
 
 
-def is_internal_call(request):
-    return ('X_NGINX_SOURCE' in request.META and request.META['X_NGINX_SOURCE'] == 'internal'
-            and request.META['X_SSL_CLIENT_VERIFY'] == 'SUCCESS')
+def is_internal_call(request, service_name=None):
+    is_internal = ('X_NGINX_SOURCE' in request.META and request.META['X_NGINX_SOURCE'] == 'internal'
+                   and request.META['X_SSL_CLIENT_VERIFY'] == 'SUCCESS')
+    if service_name and is_internal:
+        certificate_cn = parse_dn(request.META['X_SSL_CLIENT_DN'])['CN']
+        is_internal = is_internal and certificate_cn == f'{service_name}.{settings.ENVIRONMENT.lower()}-internal'
+    return is_internal
 
 
 class InternalRequest(BasePermission):
     def has_permission(self, request, view):
         if settings.ENVIRONMENT in ('LOCAL', 'INT'):
             return True
-        if is_internal_call(request):
-            certificate_cn = parse_dn(request.META['X_SSL_CLIENT_DN'])['CN']
-            return certificate_cn == f'{self.SERVICE_NAME}.{settings.ENVIRONMENT.lower()}-internal'
-        return False
+        return is_internal_call(request, self.SERVICE_NAME)
 
 
 class EngineRequest(InternalRequest):

From 0d5269230f8413530cdbc0f519362b3ea8abb342 Mon Sep 17 00:00:00 2001
From: James Neyer <jamesneyer@gmail.com>
Date: Tue, 23 Jun 2020 14:29:14 -0400
Subject: [PATCH 2/3] Update pyproject version

---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 5d018e9..0c047eb 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "shipchain-common"
-version = "1.0.24"
+version = "1.0.25"
 description = "A PyPI package containing shared code for ShipChain's Python/Django projects."
 
 license = "Apache-2.0"

From 48e1adaff645c07c9ad9af5ec88b0c297d986a98 Mon Sep 17 00:00:00 2001
From: James Neyer <jamesneyer@gmail.com>
Date: Tue, 23 Jun 2020 16:50:37 -0400
Subject: [PATCH 3/3] Remove redundant is_internal check

---
 src/shipchain_common/authentication.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shipchain_common/authentication.py b/src/shipchain_common/authentication.py
index 80f6200..6edd7e6 100644
--- a/src/shipchain_common/authentication.py
+++ b/src/shipchain_common/authentication.py
@@ -48,7 +48,7 @@ def is_internal_call(request, service_name=None):
                    and request.META['X_SSL_CLIENT_VERIFY'] == 'SUCCESS')
     if service_name and is_internal:
         certificate_cn = parse_dn(request.META['X_SSL_CLIENT_DN'])['CN']
-        is_internal = is_internal and certificate_cn == f'{service_name}.{settings.ENVIRONMENT.lower()}-internal'
+        is_internal = certificate_cn == f'{service_name}.{settings.ENVIRONMENT.lower()}-internal'
     return is_internal