59ed679f-3107-4b38-9655-3ebaf2e9eba2

Committed 05 Dec 2023 05:26PM UTC coverage: 77.321% (-0.1%) from 77.419%

Build # 59ed679f-3107-4b38-9655-3ebaf2e9eba2

Build Type

push

circleci

Committed by

web-flow

Commit Message

Merge pull request #445 from DemocracyClub/enable-authenticator-dont-enforce

Enable but don't enforce auth

Run Details

4 of 6 new or added lines in 1 file covered. (66.67%)

866 of 1120 relevant lines covered (77.32%)

0.77 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

89.47

/api/api_auth/handler.py

import os
import sys

sys.path.append("api")

from common.auth_models import User, UserDoesNotExist  # noqa
from common.sentry_helper import init_sentry  # noqa

init_sentry()

USE_DYNAMODB_AUTH = os.environ.get("USE_DYNAMODB_AUTH", False) in [
    True,
    "true",
    "True",
    "TRUE",
]
ENFORCE_AUTH = False


def dynamodb_auth(api_key: str, region_name="eu-west-2"):
    ret = {
        "authenticated": False,
        "error": None,
        "warnings": [],
        "data": {},
    }
    try:
        user = User.from_dynamodb(api_key)
    except UserDoesNotExist:
        ret["error"] = "API key not found"
        return ret
    ret.update({"data": user.as_dict()})
    if user.is_active:
        ret["authenticated"] = True
    else:
        ret["error"] = "API key not active"
    if user.rate_limit_warn:
        ret["warnings"].append("Rate limit exceeded")

    return ret


def lambda_handler(event, context):
    if "auth_token" not in event["queryStringParameters"]:
        raise Exception("Unauthorized")
    api_key = event["queryStringParameters"].get("auth_token", None)

    if not api_key:
        print("No API key provided")
        raise Exception("Unauthorized")

    if USE_DYNAMODB_AUTH:
        authentication = dynamodb_auth(api_key)
        if not authentication["authenticated"]:
            if ENFORCE_AUTH:
                raise Exception("Unauthorized")
            print(
                f"AUTH_ERROR: Would have raised 'Unauthorized' for key {api_key} but the Authorizer isn't enforced at the moment. Authorizing anyway"
            )
            authentication = {
                "data": {"user_id": api_key},
                "authenticated": True,
                "error": None,
                "warnings": [],
            }

    else:
        authentication = {
            "data": {"user_id": api_key},
            "authenticated": True,
            "error": None,
            "warnings": [],
        }

    return {
        "principalId": authentication["data"]["user_id"],
        "policyDocument": {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Action": "execute-api:Invoke",
                    "Effect": "Allow",
                    "Resource": "*",
                }
            ],
        },
        "context": authentication["data"],
    }

1	import os	1✔
2	import sys	1✔
3
4	sys.path.append("api")	1✔
5
6	from common.auth_models import User, UserDoesNotExist # noqa	1✔
7	from common.sentry_helper import init_sentry # noqa	1✔
8
9	init_sentry()	1✔
10
11	USE_DYNAMODB_AUTH = os.environ.get("USE_DYNAMODB_AUTH", False) in [	1✔
12	True,
13	"true",
14	"True",
15	"TRUE",
16	]
17	ENFORCE_AUTH = False	1✔
18
19
20	def dynamodb_auth(api_key: str, region_name="eu-west-2"):	1✔
21	ret = {	1✔
22	"authenticated": False,
23	"error": None,
24	"warnings": [],
25	"data": {},
26	}
27	try:	1✔
28	user = User.from_dynamodb(api_key)	1✔
29	except UserDoesNotExist:	1✔
30	ret["error"] = "API key not found"	1✔
31	return ret	1✔
32	ret.update({"data": user.as_dict()})	1✔
33	if user.is_active:	1✔
34	ret["authenticated"] = True	1✔
35	else:
36	ret["error"] = "API key not active"	1✔
37	if user.rate_limit_warn:	1✔
38	ret["warnings"].append("Rate limit exceeded")	1✔
39
40	return ret	1✔
41
42
43	def lambda_handler(event, context):	1✔
44	if "auth_token" not in event["queryStringParameters"]:	1✔
45	raise Exception("Unauthorized")	1✔
46	api_key = event["queryStringParameters"].get("auth_token", None)	1✔
47
48	if not api_key:	1✔
49	print("No API key provided")	1✔
50	raise Exception("Unauthorized")	1✔
51
52	if USE_DYNAMODB_AUTH:	1✔
53	authentication = dynamodb_auth(api_key)	1✔
54	if not authentication["authenticated"]:	1✔
55	if ENFORCE_AUTH:	1✔
56	raise Exception("Unauthorized")	1✔
NEW 57	print(	×
58	f"AUTH_ERROR: Would have raised 'Unauthorized' for key {api_key} but the Authorizer isn't enforced at the moment. Authorizing anyway"
59	)
NEW 60	authentication = {	×
61	"data": {"user_id": api_key},
62	"authenticated": True,
63	"error": None,
64	"warnings": [],
65	}
66
67	else:
68	authentication = {	×
69	"data": {"user_id": api_key},
70	"authenticated": True,
71	"error": None,
72	"warnings": [],
73	}
74
75	return {	×
76	"principalId": authentication["data"]["user_id"],
77	"policyDocument": {
78	"Version": "2012-10-17",
79	"Statement": [
80	{
81	"Action": "execute-api:Invoke",
82	"Effect": "Allow",
83	"Resource": "*",
84	}
85	],
86	},
87	"context": authentication["data"],
88	}

DemocracyClub / aggregator-api / 59ed679f-3107-4b38-9655-3ebaf2e9eba2

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous