authentik.outposts.channels

Channels base classes

View Source

 1"""Channels base classes"""
 2
 3from channels.db import database_sync_to_async
 4from channels.exceptions import DenyConnection
 5from rest_framework.exceptions import AuthenticationFailed
 6from structlog.stdlib import get_logger
 7
 8from authentik.api.authentication import TokenAuthentication
 9
10LOGGER = get_logger()
11
12
13class TokenOutpostMiddleware:
14    """Authorize a client with a token"""
15
16    def __init__(self, inner):
17        self.inner = inner
18
19    async def __call__(self, scope, receive, send):
20        scope = dict(scope)
21        await self.auth(scope)
22        return await self.inner(scope, receive, send)
23
24    @database_sync_to_async
25    def auth(self, scope):
26        """Authenticate request from header"""
27        headers = dict(scope["headers"])
28        if b"authorization" not in headers:
29            LOGGER.warning("WS Request without authorization header")
30            raise DenyConnection()
31
32        raw_header = headers[b"authorization"]
33
34        try:
35            user_ctx = TokenAuthentication().bearer_auth(raw_header)
36            # user is only None when no header was given, in which case we deny too
37            if not user_ctx:
38                raise DenyConnection()
39            user, _ = user_ctx
40            scope["user"] = user
41        except AuthenticationFailed as exc:
42            LOGGER.warning("Failed to authenticate", exc=exc)
43            raise DenyConnection() from None

LOGGER = <BoundLoggerLazyProxy(logger=None, wrapper_class=None, processors=None, context_class=None, initial_values={}, logger_factory_args=())>

class TokenOutpostMiddleware: View Source

14class TokenOutpostMiddleware:
15    """Authorize a client with a token"""
16
17    def __init__(self, inner):
18        self.inner = inner
19
20    async def __call__(self, scope, receive, send):
21        scope = dict(scope)
22        await self.auth(scope)
23        return await self.inner(scope, receive, send)
24
25    @database_sync_to_async
26    def auth(self, scope):
27        """Authenticate request from header"""
28        headers = dict(scope["headers"])
29        if b"authorization" not in headers:
30            LOGGER.warning("WS Request without authorization header")
31            raise DenyConnection()
32
33        raw_header = headers[b"authorization"]
34
35        try:
36            user_ctx = TokenAuthentication().bearer_auth(raw_header)
37            # user is only None when no header was given, in which case we deny too
38            if not user_ctx:
39                raise DenyConnection()
40            user, _ = user_ctx
41            scope["user"] = user
42        except AuthenticationFailed as exc:
43            LOGGER.warning("Failed to authenticate", exc=exc)
44            raise DenyConnection() from None

Authorize a client with a token

TokenOutpostMiddleware(inner) View Source

17    def __init__(self, inner):
18        self.inner = inner

inner

@database_sync_to_async

def auth(self, scope): View Source

25    @database_sync_to_async
26    def auth(self, scope):
27        """Authenticate request from header"""
28        headers = dict(scope["headers"])
29        if b"authorization" not in headers:
30            LOGGER.warning("WS Request without authorization header")
31            raise DenyConnection()
32
33        raw_header = headers[b"authorization"]
34
35        try:
36            user_ctx = TokenAuthentication().bearer_auth(raw_header)
37            # user is only None when no header was given, in which case we deny too
38            if not user_ctx:
39                raise DenyConnection()
40            user, _ = user_ctx
41            scope["user"] = user
42        except AuthenticationFailed as exc:
43            LOGGER.warning("Failed to authenticate", exc=exc)
44            raise DenyConnection() from None

Authenticate request from header