Merge pull request #27 from scrum-gang/feature/add-authentication

Add authentication
scrum-gang · Feb 24, 2019 · 4332899 · 4332899
2 parents bf06644 + 45bcb7c
commit 4332899
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 2 deletions.
diff --git a/app.py b/app.py
@@ -4,8 +4,9 @@
 from external import apply_external, update_status_external, get_applications_external
 from internal import apply_internal, update_status_internal, get_applications_internal
 from applications import get_application_by_id
-from utils import app
+from utils import app, validate_authentication
 
+auth_error = "You must be authenticated to perform this call."
 
 @app.route('/')
 def index():
@@ -25,8 +26,12 @@ def apply_external_endpoint():
   - `date_posted`: When the application was posted
   - `deadline`: Deadline to apply for the job
   - `user_id`: ID of the user applying
+  - `auth`: Authentication token
   """
   content = request.json
+  if not validate_authentication(content):
+    return jsonify({"status": auth_error})
+
   url, position, company = content.get("url", ""), content.get('position', ""), content.get('company', "")
   date_posted, deadline = content.get('date_posted', ""), content.get('deadline', "")
   user_id, resume, status = content['user_id'], content.get('resume', ""), content.get("status", "Applied")
@@ -43,7 +48,10 @@ def apply_internal_endpoint():
   - `user_id`: ID of the user applying
   - `job_id`: ID of the job the user is applying to
   - `resume`: Handy tool for applying to jobs
+  - `auth`: Authentication token
   """
+  if not validate_authentication(content):
+    return jsonify({"status": auth_error})
   content = request.json
   job_id = content['job_id']
   user_id, resume = content['user_id'], content['resume']
@@ -58,7 +66,11 @@ def update_status_external_endpoint():
   Request body:
   - `id`: Job application ID
   - `new_status`: New status of the job application
+  - `auth`: Authentication token
   """
+  if not validate_authentication(content):
+    return jsonify({"status": auth_error})
+
   content = request.json
   application_id = content['id']
   new_status = content['new_status']
@@ -73,7 +85,11 @@ def update_status_internal_endpoint():
   Request body:
   - `id`: Job application ID
   - `new_status`: New status of the job application
+  - `auth`: Authentication token
   """
+  if not validate_authentication(content, admin=True):
+    return jsonify({"status": auth_error})
+
   content = request.json
   application_id = content['id']
   new_status = content['new_status']
@@ -85,7 +101,11 @@ def update_status_internal_endpoint():
 def get_application_by_user_endpoint(user_id, application_type=None):
   """
   Gets job postings for a specific user.
+  - `auth`: Authentication token
   """
+  if not validate_authentication(content, user=user_id):
+    return jsonify({"status": auth_error})
+
   applications_external, applications_internal = [], []
   if application_type == "external" or not application_type:
     applications_external = get_applications_external(user_id)
@@ -99,6 +119,9 @@ def get_application_by_job_endpoint(job_id):
   """
   Gets all job postings to an internal job
   """
+  if not validate_authentication(content, admin=True):
+    return jsonify({"status": auth_error})
+
   return jsonify(get_applications_internal(job_id, 'job'))
 
 
@@ -107,6 +130,9 @@ def get_application(application_id):
   """
   Gets a single application by its unique ID
   """
+  if not validate_authentication(content, admin=True):
+    return jsonify({"status": auth_error})
+
   return jsonify(get_application_by_id(application_id))
 
 

diff --git a/requirements.txt b/requirements.txt
@@ -5,3 +5,5 @@ flask-heroku==0.1.9
 gunicorn==19.9.0
 pytest==4.2.0
 psycopg2==2.7.7
+requests==2.21.0
+
diff --git a/utils.py b/utils.py
@@ -2,8 +2,9 @@
 from flask_heroku import Heroku
 from flask_sqlalchemy import SQLAlchemy
 import os
+import requests
 
-
+auth_base_url = "https://jobhub-authentication-staging.herokuapp.com"
 # app initialization
 app = Flask(__name__)
 app.debug = True
@@ -20,3 +21,20 @@
 heroku = Heroku(app)
 
 db = SQLAlchemy(app)
+
+
+def validate_authentication(content, user=None, admin=False):
+    if 'auth' not in content:
+        return False
+    headers = {'content-type': 'application/json', 'Authorization': f"Bearer {content['auth']}"}
+    response = requests.get(f"{auth_base_url}/users/self", headers=headers)
+    if 'verified' not in response:
+        return False
+
+    if admin and response['type'] != 'recruiter':
+        return False
+
+    if user:
+        return response['_id'] == user
+    else:
+        return response['verified']