|
|
|
|
@ -77,23 +77,14 @@ class PassportResource(Resource):
|
|
|
|
|
api.add_resource(PassportResource, "/passport")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def decode_enterprise_webapp_user_id(auth_header: str | None):
|
|
|
|
|
def decode_enterprise_webapp_user_id(jwt_token: str | None):
|
|
|
|
|
"""
|
|
|
|
|
Decode the enterprise user session from the Authorization header.
|
|
|
|
|
"""
|
|
|
|
|
if not auth_header:
|
|
|
|
|
if not jwt_token:
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
|
if " " not in auth_header:
|
|
|
|
|
raise Unauthorized("Invalid Authorization header format. Expected 'Bearer <api-key>' format.")
|
|
|
|
|
|
|
|
|
|
auth_scheme, tk = auth_header.split(None, 1)
|
|
|
|
|
auth_scheme = auth_scheme.lower()
|
|
|
|
|
|
|
|
|
|
if auth_scheme != "bearer":
|
|
|
|
|
raise Unauthorized("Invalid Authorization header format. Expected 'Bearer <api-key>' format.")
|
|
|
|
|
|
|
|
|
|
decoded = PassportService().verify(tk)
|
|
|
|
|
decoded = PassportService().verify(jwt_token)
|
|
|
|
|
source = decoded.get("token_source")
|
|
|
|
|
if not source or source != "enterprise_login":
|
|
|
|
|
raise Unauthorized("Invalid token source. Expected 'enterprise_login'.")
|
|
|
|
|
|
GareArc
12 months ago