2424
2525# Format error response and append status code.
2626class AuthError (Exception ):
27+ """
28+ An AuthError is raised whenever the authentication failed.
29+ """
2730 def __init__ (self , error : Dict [str , str ], status_code : int ):
31+ def __init__ (self , error , status_code ):
32+ super ().__init__ ()
2833 self .error = error
2934 self .status_code = status_code
3035
3136
3237@APP .errorhandler (AuthError )
3338def handle_auth_error (ex : AuthError ) -> Response :
39+ """
40+ serializes the given AuthError as json and sets the response status code accordingly.
41+ :param ex: an auth error
42+ :return: json serialized ex response
43+ """
3444 response = jsonify (ex .error )
3545 response .status_code = ex .status_code
3646 return response
@@ -49,13 +59,13 @@ def get_token_auth_header() -> str:
4959
5060 if parts [0 ].lower () != "bearer" :
5161 raise AuthError ({"code" : "invalid_header" ,
52- "description" :
53- "Authorization header must start with"
54- " Bearer" }, 401 )
55- elif len (parts ) == 1 :
62+ "description" :
63+ "Authorization header must start with"
64+ " Bearer" }, 401 )
65+ if len (parts ) == 1 :
5666 raise AuthError ({"code" : "invalid_header" ,
57- "description" : "Token not found" }, 401 )
58- elif len (parts ) > 2 :
67+ "description" : "Token not found" }, 401 )
68+ if len (parts ) > 2 :
5969 raise AuthError ({"code" : "invalid_header" ,
6070 "description" :
6171 "Authorization header must be"
@@ -80,22 +90,22 @@ def requires_scope(required_scope: str) -> bool:
8090 return False
8191
8292
83- def requires_auth (f ):
93+ def requires_auth (func ):
8494 """Determines if the access token is valid
8595 """
86-
87- @wraps (f )
96+
97+ @wraps (func )
8898 def decorated (* args , ** kwargs ):
8999 token = get_token_auth_header ()
90100 jsonurl = urlopen ("https://" + AUTH0_DOMAIN + "/.well-known/jwks.json" )
91101 jwks = json .loads (jsonurl .read ())
92102 try :
93103 unverified_header = jwt .get_unverified_header (token )
94- except jwt .JWTError :
104+ except jwt .JWTError as jwt_error :
95105 raise AuthError ({"code" : "invalid_header" ,
96- "description" :
97- "Invalid header. "
98- "Use an RS256 signed JWT Access Token" }, 401 )
106+ "description" :
107+ "Invalid header. "
108+ "Use an RS256 signed JWT Access Token" }, 401 ) from jwt_error
99109 if unverified_header ["alg" ] == "HS256" :
100110 raise AuthError ({"code" : "invalid_header" ,
101111 "description" :
@@ -120,22 +130,22 @@ def decorated(*args, **kwargs):
120130 audience = API_IDENTIFIER ,
121131 issuer = "https://" + AUTH0_DOMAIN + "/"
122132 )
123- except jwt .ExpiredSignatureError :
133+ except jwt .ExpiredSignatureError as expired_sign_error :
124134 raise AuthError ({"code" : "token_expired" ,
125- "description" : "token is expired" }, 401 )
126- except jwt .JWTClaimsError :
135+ "description" : "token is expired" }, 401 ) from expired_sign_error
136+ except jwt .JWTClaimsError as jwt_claims_error :
127137 raise AuthError ({"code" : "invalid_claims" ,
128- "description" :
129- "incorrect claims,"
130- " please check the audience and issuer" }, 401 )
131- except Exception :
138+ "description" :
139+ "incorrect claims,"
140+ " please check the audience and issuer" }, 401 ) from jwt_claims_error
141+ except Exception as exc :
132142 raise AuthError ({"code" : "invalid_header" ,
133- "description" :
134- "Unable to parse authentication"
135- " token." }, 401 )
143+ "description" :
144+ "Unable to parse authentication"
145+ " token." }, 401 ) from exc
136146
137147 _request_ctx_stack .top .current_user = payload
138- return f (* args , ** kwargs )
148+ return func (* args , ** kwargs )
139149 raise AuthError ({"code" : "invalid_header" ,
140150 "description" : "Unable to find appropriate key" }, 401 )
141151
0 commit comments