diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-10-27 10:34:43 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-10-27 10:34:43 +0300 |
commit | 7ed16628456d3c9946e4288bacda7a4195b61730 (patch) | |
tree | f488db33fa94112d0dc8ea469679997f123f8a06 /muck/authz.py | |
parent | b5a7ec15b05567f727309619e27709b0595d07f4 (diff) | |
download | muck-poc-7ed16628456d3c9946e4288bacda7a4195b61730.tar.gz |
Change: check for required scopes
Diffstat (limited to 'muck/authz.py')
-rw-r--r-- | muck/authz.py | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/muck/authz.py b/muck/authz.py index e9336b8..c48294c 100644 --- a/muck/authz.py +++ b/muck/authz.py @@ -13,10 +13,27 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. -# import muck +import muck class AuthorizationChecker: - def request_is_allowed(self, r): - return False and r + def __init__(self, signing_key_text): + self._tc = muck.TokenChecker(signing_key_text.strip().encode('ascii')) + + def request_is_allowed(self, r, required_scopes): + token = self._get_token(r) + if token is None: + return False + + scope = token.get('scope', '') + scopes = set(scope.split()) + required_scopes = set(required_scopes) + return scopes.intersection(required_scopes) == required_scopes + + def _get_token(self, r): + authz = r.get_authorization() + try: + return self._tc.parse_header(authz) + except muck.Error: + return None |