validate bearer tokens against authnid

2018-06-12 13:09:04 -04:00
parent 7e689dd120
commit 234bbcea0f
5 changed files with 63 additions and 14 deletions
--- a/atst/api_client.py
+++ b/atst/api_client.py
@@ -33,7 +33,7 @@ class ApiClient(object):
            kwargs['body'] = dumps(kwargs['json'])
            del kwargs['json']
            headers = kwargs.get('headers', {})
-            headers['Content-Type'] = 'application-json'
+            headers['Content-Type'] = 'application/json'
            kwargs['headers'] = headers

        response = yield self.client.fetch(url, method=method, **kwargs)
--- a/atst/app.py
+++ b/atst/app.py
@@ -17,6 +17,7 @@ ENV = os.getenv("TORNADO_ENV", "dev")
 def make_app(config):

    authz_client = ApiClient(config["default"]["AUTHZ_BASE_URL"])
+    authnid_client = ApiClient(config["default"]["AUTHNID_BASE_URL"])

    routes = [
        url(r"/", Login, {"page": "login"}, name="main"),
@@ -52,6 +53,7 @@ def make_app(config):
        cookie_secret=config["default"]["COOKIE_SECRET"],
        debug=config['default'].getboolean('DEBUG')
    )
+    app.authnid_client = authnid_client
    return app


--- a/atst/handler.py
+++ b/atst/handler.py
@@ -22,11 +22,13 @@ helpers = {

 def authenticated(method):
    @functools.wraps(method)
+    @tornado.gen.coroutine
    def wrapper(self, *args, **kwargs):
        if not self.current_user:
            if self.get_cookie('bearer-token'):
                bearer_token = self.get_cookie('bearer-token')
-                if validate_login_token(bearer_token):
+                valid = yield validate_login_token(self.application.authnid_client, bearer_token)
+                if valid:
                    self._start_session()
                else:
                    raise NotImplementedError
@@ -39,9 +41,16 @@ def authenticated(method):
        return method(self, *args, **kwargs)
    return wrapper

-def validate_login_token(token):
-    # check against authnid
-    pass
+@tornado.gen.coroutine
+def validate_login_token(client, token):
+    try:
+        response = yield client.post('/api/v1/validate', raise_error=False, json={"token": token})
+        return response.code == 200
+    except tornado.httpclient.HTTPError as error:
+        if error.response.code == 401:
+            return False
+        else:
+            raise error

 class BaseHandler(tornado.web.RequestHandler):