function authorization_decoder add parameters "config", implement JWT decoding.

shenwenpo · shenwenpo · commit cab0596eba10 · 2021-03-07T12:57:47.000+08:00
diff --git a/flask_authz/casbin_enforcer.py b/flask_authz/casbin_enforcer.py
@@ -87,7 +87,7 @@ def wrapper(*args, **kwargs):
                     if header == "authorization":
                         # Get Auth Value then decode and parse for owner
                         try:
-                            owner = authorization_decoder(request.headers.get(header))
+                            owner = authorization_decoder(self.app.config, request.headers.get(header))
                         except UnSupportedAuthType:
                             # Continue if catch unsupported type in the event of
                             # Other headers needing to be checked
@@ -96,6 +96,9 @@ def wrapper(*args, **kwargs):
                                 "decoding is unsupported by flask-casbin at this time"
                             )
                             continue
+                        except Exception as e:
+                            self.app.logger.info(e)
+                            continue
 
                         if self.user_name_headers and header in map(str.lower, self.user_name_headers):
                             owner_audit = owner
diff --git a/flask_authz/utils/auth_decoder.py b/flask_authz/utils/auth_decoder.py
@@ -1,5 +1,7 @@
 from base64 import b64decode
 
+import jwt
+
 
 class UnSupportedAuthType(Exception):
     status_code = 501
@@ -20,11 +22,12 @@ def to_dict(self):
         return rv
 
 
-def authorization_decoder(auth_str: str):
+def authorization_decoder(config, auth_str: str):
     """
     Authorization token decoder based on type. This will decode the token and
     only return the owner
     Args:
+        config: app.config
         auth_str: Authorization string should be in "<type> <token>" format
     Returns:
         decoded owner from token
@@ -35,6 +38,8 @@ def authorization_decoder(auth_str: str):
         """Basic format <user>:<password> return only the user"""
         return b64decode(token).decode().split(":")[0]
     elif type == "Bearer":
-        raise UnSupportedAuthType("Bearer is not implemented yet")
+        decoded_jwt = jwt.decode(token, config.get("JWT_SECRET_KEY"),
+                                 algorithms=config.get('JWT_HASH'))
+        return decoded_jwt.get("identity", '')
     else:
         raise UnSupportedAuthType("%s Authorization is not supported" % type)
diff --git a/requirements.txt b/requirements.txt
@@ -4,5 +4,6 @@ flask>=0.12.2,~=1.1.2
 itsdangerous==1.1.0
 jinja2==2.11.2
 markupsafe==1.1.1
+pyjwt==2.0.1
 simpleeval==0.9.10
 werkzeug==1.0.1
