# Copyright 2018 Google LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """ This module includes decorators for authenticating requests. """ from functools import wraps from flask import redirect, request, url_for from firebase_admin import auth def verify_firebase_id_token(token): """ A helper function for verifying ID tokens issued by Firebase. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for more information. Parameters: token (str): A token issued by Firebase. Output: auth_context (dict): Authentication context. """ try: full_auth_context = auth.verify_id_token(token) except ValueError: return {} auth_context = { 'username': full_auth_context.get('name'), 'uid': full_auth_context.get('uid'), 'email': full_auth_context.get('email') } return auth_context def auth_required(f): """ A decorator for view functions that require authentication. If signed in, pass the request to the decorated view function with authentication context; otherwise redirect the request. Parameters: f (func): The view function to decorate. Output: decorated (func): The decorated function. """ @wraps(f) def decorated(*args, **kwargs): firebase_id_token = request.cookies.get('firebase_id_token') if not firebase_id_token: return redirect(url_for('product_catalog_page.display')) auth_context = verify_firebase_id_token(firebase_id_token) if not auth_context: return redirect(url_for('product_catalog_page.display')) return f(auth_context=auth_context, *args, **kwargs) return decorated def auth_optional(f): """ A decorator for view functions where authentication is optional. If signed in, pass the request to the decorated view function with authentication context. Parameters: f (func): The view function to decorate. Output: decorated (func): The decorated function. """ @wraps(f) def decorated(*args, **kwargs): firebase_id_token = request.cookies.get('firebase_id_token') if not firebase_id_token: return f(auth_context=None, *args, **kwargs) auth_context = verify_firebase_id_token(firebase_id_token) if not auth_context: return f(auth_context=None, *args, **kwargs) return f(auth_context=auth_context, *args, **kwargs) return decorated