Merge pull request #631 from TeskaLabs/fix/auth-example

Fix auth example app
TeskaLabs · Oct 30, 2024 · ed96314 · ed96314
2 parents 1022e22 + 22501dc
commit ed96314
Showing 1 changed file with 29 additions and 8 deletions.
diff --git a/examples/web-auth.py b/examples/web-auth.py
@@ -1,9 +1,11 @@
 #!/usr/bin/env python3
+import logging
 import typing
 import secrets
 import asab.web.rest
 import asab.web.auth
 import asab.contextvars
+import asab.exceptions
 
 if "web" not in asab.Config:
 	asab.Config["web"] = {
@@ -105,7 +107,11 @@ async def list_notes(self, request):
 
 		Authentication required.
 		"""
-		tenant = asab.contextvars.Tenant.get()
+		try:
+			tenant = asab.contextvars.Tenant.get()
+		except LookupError:
+			L.error("No 'X-Tenant' header in request.")
+			raise asab.exceptions.ValidationError()
 		authz = asab.contextvars.Authz.get()
 
 		notes = self.Notes.get(tenant, {})
@@ -126,7 +132,11 @@ async def read_note(self, request):
 
 		Authentication and authorization of "note:read" required.
 		"""
-		tenant = asab.contextvars.Tenant.get()
+		try:
+			tenant = asab.contextvars.Tenant.get()
+		except LookupError:
+			L.error("No 'X-Tenant' header in request.")
+			raise asab.exceptions.ValidationError()
 
 		note_id = request.match_info["note_id"]
 		if tenant in self.Notes and note_id in self.Notes[tenant]:
@@ -145,10 +155,14 @@ async def create_note(self, request, *, json_data):
 
 		Authentication and authorization of "note:edit" required.
 		"""
-		tenant = asab.contextvars.Tenant.get()
+		try:
+			tenant = asab.contextvars.Tenant.get()
+		except LookupError:
+			L.error("No 'X-Tenant' header in request.")
+			raise asab.exceptions.ValidationError()
 		authz = asab.contextvars.Authz.get()
 
-		if not tenant in self.Notes:
+		if tenant not in self.Notes:
 			self.Notes[tenant] = {}
 		note_id = secrets.token_urlsafe(8)
 		self.Notes[tenant][note_id] = {
@@ -169,9 +183,13 @@ async def edit_note(self, request, *, json_data):
 
 		Authentication and authorization of "note:edit" required.
 		"""
-		tenant = asab.contextvars.Tenant.get()
-		authz = asab.contextvars.Authz.get()
+		try:
+			tenant = asab.contextvars.Tenant.get()
+		except LookupError:
+			L.error("No 'X-Tenant' header in request.")
+			raise asab.exceptions.ValidationError()
 
+		note_id = request.match_info["note_id"]
 		if tenant in self.Notes and note_id in self.Notes[tenant]:
 			self.Notes[tenant][note_id]["content"] = json_data
 			return asab.web.rest.json_response(request, {"result": "OK"})
@@ -186,8 +204,11 @@ async def delete_note(self, request):
 
 		Authentication and authorization of "note:delete" required.
 		"""
-		tenant = asab.contextvars.Tenant.get()
-		authz = asab.contextvars.Authz.get()
+		try:
+			tenant = asab.contextvars.Tenant.get()
+		except LookupError:
+			L.error("No 'X-Tenant' header in request.")
+			raise asab.exceptions.ValidationError()
 
 		note_id = request.match_info["note_id"]
 		if tenant in self.Notes and note_id in self.Notes[tenant]: