diff --git a/app/__init__.py b/app/__init__.py index 7e3b1be5ea..06954c26bd 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -2,6 +2,7 @@ import logging import os.path from envparse import env + import sys from flask import Flask, json, make_response from app.settings import get_settings, get_setts @@ -13,7 +14,7 @@ from flask_cors import CORS from flask_rest_jsonapi.errors import jsonapi_errors from flask_rest_jsonapi.exceptions import JsonApiException -from healthcheck import HealthCheck, EnvironmentDump +from healthcheck import HealthCheck from apscheduler.schedulers.background import BackgroundScheduler from elasticsearch_dsl.connections import connections from pytz import utc @@ -46,7 +47,6 @@ static_dir = os.path.dirname(os.path.dirname(__file__)) + "/static" template_dir = os.path.dirname(__file__) + "/templates" app = Flask(__name__, static_folder=static_dir, template_folder=template_dir) - env.read_envfile() @@ -127,7 +127,7 @@ def create_app(): from app.api.users import user_misc_routes from app.api.orders import order_misc_routes from app.api.role_invites import role_invites_misc_routes - from app.api.auth import ticket_blueprint + from app.api.auth import ticket_blueprint, authorised_blueprint from app.api.admin_translations import admin_blueprint app.register_blueprint(api_v1) @@ -143,6 +143,7 @@ def create_app(): app.register_blueprint(order_misc_routes) app.register_blueprint(role_invites_misc_routes) app.register_blueprint(ticket_blueprint) + app.register_blueprint(authorised_blueprint) app.register_blueprint(admin_blueprint) sa.orm.configure_mappers() @@ -205,7 +206,6 @@ def __call__(self, *args, **kwargs): # Health-check health = HealthCheck(current_app, "/health-check") -envdump = EnvironmentDump(current_app, "/environment", include_config=False) health.add_check(health_check_celery) health.add_check(health_check_db) with current_app.app_context(): diff --git a/app/api/auth.py b/app/api/auth.py index aa08042b88..e8083e08de 100644 --- a/app/api/auth.py +++ b/app/api/auth.py @@ -4,6 +4,8 @@ import string import requests +from healthcheck import EnvironmentDump +from functools import wraps from flask import request, jsonify, make_response, Blueprint, send_file, url_for, redirect from flask_jwt import current_identity as current_user, jwt_required from sqlalchemy.orm.exc import NoResultFound @@ -28,6 +30,7 @@ from app.api.helpers.storage import UPLOAD_PATHS +authorised_blueprint = Blueprint('authorised_blueprint', __name__, url_prefix='/') ticket_blueprint = Blueprint('ticket_blueprint', __name__, url_prefix='/v1') auth_routes = Blueprint('auth', __name__, url_prefix='/v1/auth') @@ -328,3 +331,36 @@ def order_invoices(order_identifier): return ForbiddenError({'source': ''}, 'Unauthorized Access').respond() else: return ForbiddenError({'source': ''}, 'Authentication Required to access Invoice').respond() + + +# Access for Environment details & Basic Auth Support +def check_auth_admin(username, password): + """ + This function is called to check for proper authentication & admin rights + """ + if username and password: + user = User.query.filter_by(_email=username).first() + if user: + if user.is_correct_password(password): + if user.is_admin: + return True + return False + + +def requires_basic_auth(f): + @wraps(f) + def decorated(*args, **kwargs): + auth = request.authorization + if not auth or not check_auth_admin(auth.username, auth.password): + return make_response('Could not verify your access level for that URL.\n' + 'You have to login with proper credentials', 401, + {'WWW-Authenticate': 'Basic realm="Login Required"'}) + return f(*args, **kwargs) + return decorated + + +@authorised_blueprint.route('/environment') +@requires_basic_auth +def environment_details(): + envdump = EnvironmentDump(include_config=False) + return envdump.dump_environment()