The application i'm working on initially had a python WSGI based REST backend. Now we have moved to cloud endpoints and authentication is now done with endpoints.get_current_user(). This works properly for the new code. We are still however using the old services (datastore fetches etc) and these services rely on users.get_current_user() for authentication method.
Now whenever Users api is called from the old services after they are called from an endpoints method, the users.get_current_user() method returns some internal user ID used by endpoints, and not the ID of the current user.
Is this a known feature (issue) or am i doing something wrong?
# This method is called from endpoints api
def GetUser():
"""Authorize and return the user object."""
user = endpoints.get_current_user()
if not user:
raise endpoints.UnauthorizedException()
# Below is the call to old user service. This works because
# user ldap is supplied
return user_service.User(user.email().split('@')[0])
If user_service.User is instantiated with an ldap, it works fine for both old and new services. But within another old module call to the following function is made to authenticate the user:
def CheckUserRole(roles):
# below call returns a user object with endpoints internal user ID
# since User constructor is not being called with an ldap and so
# it falls back on users.get_current_user()
user = user_service.User()
if user.GetUserRole() not in roles:
raise UnauthorizedException()
# The user_service.User class snippet:
class User(object):
def __init__(self, ldap=None):
if not ldap:
ldap = utils.UserLdap() # returns incorrect user object
self.login = ldap # ldap is some internal ID
....
This can be fixed by passing in the ldap returned by the endpoints.get_current_user() to every User call but that would mean changing a whole bunch of method parameters and constructor calls. I wasn't able to find anything about this anywhere else. Is there a way around it?