def check_user_authentication()

in dialogflow-cx/vpc-sc-demo/components/reverse_proxy_server/proxy-server-src/app.py [0:0]

• 27 lines of code
• 11 McCabe index (conditional complexity)

def check_user_authentication():  # pylint: disable=R1710
    """Validates that caller is in the allowslist authorized_emails."""
    # pylint: disable=logging-fstring-interpolation
    app.logger.info("[0] Begin check_user_authentication")

    verified_email = None

    auth = request.headers.get("Authorization", None)

    if auth is None:
        return abort(403)

    if not auth.startswith("Bearer "):
        return abort(403)

    token = auth[7:]  # Remove "Bearer: " prefix

    # Extract the email address from the token. Since there may be
    # two types of token provided (Firebase or Google OAuth2) and
    # failed verification raises an exception, need multiple
    # try/except blocks.

    info = None
    try:
        info = id_token.verify_firebase_token(token, reqs.Request())
    except ValueError:
        pass

    try:
        if info is None:
            info = id_token.verify_oauth2_token(token, reqs.Request())
    except ValueError:
        pass

    if info is None:
        return abort(403)

    if "email" not in info:
        return abort(403)

    verified_email = info["email"]
    app.logger.info(f"[0]   User: {verified_email}")
    if verified_email not in authorized_emails:
        return abort(403)