Redirect to login beta (#4355)

* add developer_token to session for /login-beta * redirect user to login-beta when accessing model routes
canonical · Jul 27, 2023 · e40ce54 · e40ce54
1 parent dd0e1f5
commit e40ce54
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 2 deletions.
diff --git a/webapp/admin/views.py b/webapp/admin/views.py
@@ -11,7 +11,7 @@
 from flask.json import jsonify
 
 # Local
-from webapp.decorators import login_required
+from webapp.decorators import candid_login_required, login_required
 from webapp.helpers import api_publisher_session
 
 admin_api = SnapStoreAdmin(api_publisher_session)
@@ -234,6 +234,7 @@ def update_invite_status(store_id):
 
 # ---------------------- MODELS SERVICES ----------------------
 @admin.route("/admin/store/<store_id>/models")
+@candid_login_required
 @login_required
 def get_models(store_id):
     """
@@ -269,6 +270,7 @@ def get_models(store_id):
 
 
 @admin.route("/admin/store/<store_id>/models", methods=["POST"])
+@candid_login_required
 @login_required
 def create_models(store_id: str):
     """
@@ -320,6 +322,7 @@ def create_models(store_id: str):
 
 
 @admin.route("/admin/store/<store_id>/models/<model_name>", methods=["PATCH"])
+@candid_login_required
 @login_required
 def update_model(store_id: str, model_name: str):
     """
@@ -360,6 +363,7 @@ def update_model(store_id: str, model_name: str):
 
 
 @admin.route("/admin/store/<store_id>/models/<model_name>/policies")
+@candid_login_required
 @login_required
 def get_policies(store_id: str, model_name: str):
     """
@@ -400,6 +404,7 @@ def get_policies(store_id: str, model_name: str):
 @admin.route(
     "/admin/store/<store_id>/models/<model_name>/policies", methods=["POST"]
 )
+@candid_login_required
 @login_required
 def create_policy(store_id: str, model_name: str):
     """
@@ -441,6 +446,7 @@ def create_policy(store_id: str, model_name: str):
 
 
 @admin.route("/admin/store/<store_id>/signing-keys")
+@candid_login_required
 @login_required
 def get_signing_keys(store_id: str):
     res = {}
@@ -469,6 +475,7 @@ def get_signing_keys(store_id: str):
 
 
 @admin.route("/admin/store/<store_id>/signing-keys", methods=["POST"])
+@candid_login_required
 @login_required
 def create_signing_key(store_id: str):
     name = flask.request.form.get("name")
@@ -492,6 +499,7 @@ def create_signing_key(store_id: str):
     "/admin/store/<store_id>/signing-keys/<signing_key_sha3_384>",
     methods=["DELETE"],
 )
+@candid_login_required
 @login_required
 def delete_signing_key(store_id: str, signing_key_sha3_384: str):
     """

diff --git a/webapp/decorators.py b/webapp/decorators.py
@@ -24,3 +24,18 @@ def is_user_logged_in(*args, **kwargs):
         return func(*args, **kwargs)
 
     return is_user_logged_in
+
+
+def candid_login_required(func):
+    """
+    Decorator that checks if a user is authenticated in via candid(login-beta),
+    and redirects to /login-beta page if not.
+    """
+
+    @functools.wraps(func)
+    def is_candid_authneticated(*args, **kwargs):
+        if "developer_token" not in flask.session:
+            return flask.redirect(f"/login-beta?next={flask.request.path}")
+        return func(*args, **kwargs)
+
+    return is_candid_authneticated
diff --git a/webapp/login/views.py b/webapp/login/views.py
@@ -126,7 +126,10 @@ def after_login(resp):
 @login.route("/login-beta", methods=["GET"])
 @csrf.exempt
 def login_candid():
-    if authentication.is_authenticated(flask.session):
+    if (
+        authentication.is_authenticated(flask.session)
+        and "developer_token" in flask.session
+    ):
         return flask.redirect(
             flask.url_for("publisher_snaps.get_account_snaps")
         )